Home / Privacy Policy

Privacy Policy.

How S.ERENDER DOO collects, uses and protects personal information when you visit this website, contact us, or engage us as a client.

EFFECTIVE  15 May 2026 VERSION  1.0 JURISDICTION  Montenegro · GDPR aligned

01Who we are

S.ERENDER DOO (“S.ERENDER”, “we”, “us”) is a private company organised under the laws of Montenegro, with its registered office at Trg Sunca broj 2, Budva 85310, Montenegro. For matters relating to this policy we act as the data controller of any personal data we collect about you.

This policy applies to our website, our email and other direct communication channels, and to the services we provide to our clients. It does not apply to the apps and products we build for our clients — those are governed by the privacy notices of the respective publishers.

02What information we collect

2.1 Information you give us

When you contact us by email or through any channel listed on this site, we receive whatever information you choose to share — typically your name, email address, the company you represent, and the contents of your message.

When we sign an engagement with you, we may additionally process billing information (company name, VAT/tax ID, address) and signatory contact details, as needed to issue invoices and execute the contract.

2.2 Information collected automatically

Our website is served behind a content delivery network and standard web server logs are kept for security and operational diagnostics. These logs contain IP address, user agent, requested URL and timestamp. We do not run third‑party analytics that profile visitors, and we do not place advertising cookies.

2.3 Information we receive during projects

During an engagement we may process personal data your organisation provides — for example test user accounts, sample data sets, screenshots, or production data necessary to reproduce an issue. In that case we act as a processor on your behalf, subject to a separate written agreement (a Data Processing Agreement, or DPA).

03How we use personal data

  • To respond to inquiries and provide the services you request.
  • To negotiate and perform contracts, including invoicing and accounting.
  • To operate, secure and improve our website and internal tooling.
  • To comply with legal obligations — for example tax retention rules under Montenegrin law.
  • To defend or pursue legal claims where strictly necessary.

We do not sell personal data. We do not use it to train machine‑learning models.

04Legal basis (GDPR)

Where the EU General Data Protection Regulation applies, we rely on the following bases under Article 6:

  • Performance of a contract (Art. 6(1)(b)) — to answer your inquiry, prepare a proposal, or deliver agreed services.
  • Legitimate interests (Art. 6(1)(f)) — to keep the website secure, prevent abuse, and maintain reasonable business records. We balance these interests against your rights.
  • Legal obligation (Art. 6(1)(c)) — to keep accounting records and respond to lawful requests from public authorities.
  • Consent (Art. 6(1)(a)) — only where required and clearly requested, e.g. for any future newsletter. Consent can be withdrawn at any time.

05Sharing & sub‑processors

We share personal data only with vetted service providers strictly necessary to operate our business:

  • Email and productivity infrastructure (e.g. Google Workspace, Gmail).
  • Hosting and DNS providers (e.g. Hetzner, Cloudflare).
  • Accounting and tax services contracted in Montenegro.
  • Payment processors where applicable to a specific engagement.

For client engagements, sub‑processors used to deliver the services are listed in the relevant DPA. We do not disclose personal data to third parties for their own marketing purposes.

06International transfers

Some of our service providers are located outside Montenegro and the EEA (most notably in the United States). Where data is transferred internationally, we rely on the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms, and we apply additional technical safeguards (transport encryption, access controls) where appropriate.

07Retention

We keep personal data only as long as needed for the purposes it was collected, and then we delete or anonymise it. Indicative periods:

  • Inquiry correspondence — up to 24 months after last contact, unless a contract is signed.
  • Contractual records and invoices — for the period required by Montenegrin tax and accounting law (currently up to 10 years).
  • Server logs — up to 30 days, except where retained longer to investigate a specific incident.

08Your rights

Subject to the applicable law (including the GDPR where it applies), you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request erasure (the “right to be forgotten”);
  • Restrict or object to certain processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with a competent supervisory authority — in Montenegro, the Agency for Personal Data Protection and Free Access to Information (AZLP).

To exercise any of these rights, write to us at the contact details in Section 13. We will respond within one month.

09Cookies and tracking

This website uses only the cookies strictly necessary for it to function and to remain secure behind our CDN. We do not use advertising cookies, cross‑site tracking, or third‑party analytics that profile you. If we ever add optional analytics or marketing cookies, we will request your consent first through a clear banner.

10Security

We apply commercially reasonable technical and organisational measures to protect personal data — including transport encryption (TLS), access controls, regular software updates, and the principle of least privilege. No method of transmission or storage on the internet is perfectly secure; if a breach affecting your data occurs, we will act in line with applicable law and notify you and the supervisory authority where required.

11Children

Our website and services are directed to businesses and adult professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact us and we will delete it.

12Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected here with an updated effective date. Continued use of our website or services after a change becomes effective constitutes acceptance of the revised policy.

13Contact

For any question about this policy or to exercise your rights, write to us:

S.ERENDER DOO
Trg Sunca broj 2, Budva 85310, Montenegro
Email: [ email ]