Home

Privacy Policy of ARSIS TECH d.o.o.

(Last Updated: 11 February 2026)

1. General Provisions

1.1. This Privacy Policy defines the procedures for the processing and protection of personal data of users of the website arsistech.com (hereinafter referred to as the "Website"), carried out by ARSIS TECH d.o.o. (hereinafter referred to as the "Company").

1.2. This Privacy Policy has been developed in accordance with the applicable personal data protection legislation, including but not limited to:

  • the Law on Personal Data Protection of the Republic of Serbia (Zakon o zaštiti podataka o ličnosti);
  • the General Data Protection Regulation of the European Union (GDPR);
  • the national legislation of the Kingdom of Spain implementing the GDPR;
  • Law No. 25.326 on the Protection of Personal Data of the Argentine Republic and applicable MERCOSUR regulations.

1.3. This Privacy Policy applies exclusively to the processing of personal data carried out in connection with the operation of the Website, including:

  • the processing of inquiries submitted via contact forms;
  • business communications with prospective and existing partners;
  • the use of cookies and similar technologies;
  • analysis and improvement of the Website's performance.

1.4. This Privacy Policy does not govern the processing of personal data carried out within the framework of contractual relationships between the Company and its clients or partners in connection with specific projects, products, or services, which are regulated by the relevant agreements and separate data protection documentation.

1.5. By using the Website, the user confirms that they have read this Privacy Policy and understand the conditions governing the processing of their personal data. Where required by applicable law, the processing of personal data shall be carried out on the basis of the user's consent.

1.6. The Company reserves the right to amend this Privacy Policy. The current version of the Policy is always available on the Website and shall enter into force upon its publication, unless otherwise expressly stated therein.

2. Data Controller

2.1. The controller of personal data processed in connection with the use of the Website is:

ARSIS TECH d.o.o.
Registered address: Milutina Milankovića 9Ž, 11070 Belgrade (Novi Beograd), Republic of Serbia
Registration number (MB): 22062425
Tax identification number (PIB): 114733441
Email: info@arsistech.com

2.2. The Company processes personal data independently or engages authorized data processors acting on the basis of contractual agreements and strictly in accordance with the Company's instructions.

2.3. Contact details provided on the Website for other countries, including the office in the Kingdom of Spain, are intended solely for business communication purposes and do not affect the Company's status as the data controller.

2.4. For any questions related to the processing and protection of personal data, as well as for the exercise of data subject rights, users may contact the Company at: info@arsistech.com.

2.5. The Company does not appoint a separate Data Protection Officer (DPO), unless such appointment is required under applicable law, and ensures that requests from data subjects are handled within the time limits established by applicable legislation.

3. Categories of Personal Data Processed

3.1. In connection with the use of the Website, the Company processes only those personal data that the user voluntarily provides, as well as the minimum amount of technical data necessary for the proper operation of the Website.

3.2. The categories of personal data processed by the Company include:

3.2.1. Data Provided Directly by the User:

  • first name and/or last name;
  • email address;
  • telephone number (if provided by the user);
  • company name and job title (if provided);
  • the content of messages or inquiries submitted via contact forms on the Website.

3.2.2. Technical and Automatically Collected Data:

  • IP address;
  • browser type and version;
  • device type and operating system;
  • cookies and similar technologies data;
  • information about the user's interaction with the Website (such as pages visited, time spent on the Website, and traffic sources).

3.3. The Company does not collect or process through the Website the following categories of data:

  • payment data, including bank card details or other payment instrument information;
  • data constituting banking secrecy;
  • information regarding financial operations or transactions;
  • special categories of personal data (including data relating to health, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs).

3.4. The Company does not engage in automated decision-making or profiling based on personal data processed in connection with the use of the Website.

3.5. If a user voluntarily includes excessive or additional personal data in a message, the Company shall process such data solely to the extent necessary to review the inquiry and provide a response.

4. Purposes of Processing

4.1. The Company processes users' personal data solely for specific, explicit, and legitimate purposes, including but not limited to:

4.1.1. Processing inquiries and requests submitted by users through contact forms on the Website, including the preparation and provision of responses.

4.1.2. Conducting business communications with prospective and existing partners, clients, and counterparties of the Company.

4.1.3. Providing information about the Company's activities, services, and expertise at the user's request.

4.1.4. Ensuring the proper functioning, functionality, security, and stability of the Website.

4.1.5. Analyzing the use of the Website and improving its performance, including optimization of its structure, content, and user experience, through the use of cookies and similar technologies to the extent permitted by applicable law and in accordance with the user's selected preferences.

4.2. Personal data shall not be used by the Company for purposes incompatible with those set out above without prior notice to the user and, where required by applicable law, without obtaining the user's consent.

4.3. The Company does not use personal data processed in connection with the use of the Website for:

  • automated decision-making that produces legal or similarly significant effects concerning the user;
  • profiling of users;
  • sending marketing or advertising communications on behalf of third parties.

5. Legal Basis for Processing Personal Data

5.1. The Company processes users' personal data on the following legal bases provided for under applicable personal data protection legislation, including the GDPR and the Law on Personal Data Protection of the Republic of Serbia:

5.1.1. Consent of the User — where obtaining such consent is required under applicable law, including in connection with the use of cookies and similar technologies that are not strictly necessary, as well as when the user submits inquiries through contact forms on the Website.

5.1.2. Legitimate Interests of the Company, including:

  • processing and responding to users' inquiries;
  • conducting business communications with prospective and existing partners and clients;
  • ensuring the security and stable operation of the Website;
  • analyzing and improving the functionality of the Website.

In such cases, the Company carefully considers and balances its legitimate interests against the rights and freedoms of users and does not carry out such processing where the interests or fundamental rights and freedoms of the user override those legitimate interests.

5.1.3. Compliance with Legal Obligations to which the Company is subject under applicable law, where the processing of personal data is necessary to fulfill such obligations.

5.2. Where the processing of personal data is based on the user's consent, the user has the right to withdraw such consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to its withdrawal.

5.3. The Company does not process users' personal data on any legal basis other than those specified in this Privacy Policy and does not use such data for purposes beyond those set out in Section 4 of this Policy.

6. Use of Cookies and Similar Technologies

6.1. The Website uses cookies and similar technologies (including pixels and browser identifiers) to ensure the proper functioning of the Website, enhance user experience, analyze traffic, and improve the quality of the information provided.

6.2. Cookies are small text files stored on a user's device when visiting the Website. They allow the Website to recognize the user's browser, remember preferences and settings, and collect anonymized statistical information.

6.3. Depending on their purpose, the following categories of cookies may be used on the Website:

6.3.1. Strictly Necessary Cookies

These cookies are essential for the operation of the Website and for ensuring its core functionality and security. The use of strictly necessary cookies does not require the user's consent.

6.3.2. Functional Cookies

Functional cookies enable the Website to remember user-selected preferences and ensure the proper operation of certain features. The use of such cookies is based on the user's consent where required under applicable law.

6.3.3. Analytical and Statistical Cookies

These cookies are used to analyze how the Website is used, collect statistical data on website traffic, and improve its performance. Such data is processed in aggregated and anonymized form.

Analytics may be carried out using the Company's own tools as well as through third-party analytics service providers acting as data processors.

The use of analytical cookies is based on the user's consent.

6.3.4. Other Cookies

In certain cases, other cookies that do not fall within the above categories may be used on the Website. Such cookies are used only with the user's consent and after appropriate classification.

6.4. The management of cookie preferences is carried out through the consent management mechanism available on the Website. Users may modify or withdraw their consent to the use of cookies at any time, except for strictly necessary cookies.

6.5. Users may also manage cookies through their browser settings. Disabling or restricting certain cookies may affect the functionality of the Website.

6.6. Detailed information about the cookies used on the Website, their retention periods, and their purposes is available in the relevant cookie notice and/or a separate Cookie Policy published on the Website.

7. Disclosure of Personal Data to Third Parties

7.1. The Company may disclose users' personal data to third parties only to the extent necessary to achieve the purposes of processing specified in this Privacy Policy and subject to compliance with applicable personal data protection legislation.

7.2. Personal data may be disclosed to the following categories of recipients:

7.2.1. Service Providers and Contractors of the Company (Data Processors), including:

  • hosting and infrastructure service providers;
  • web analytics service providers;
  • electronic communication and email service providers;
  • other technical and service providers supporting the operation of the Website.

Such entities process personal data solely on the basis of contractual agreements with the Company, in accordance with its instructions, and subject to appropriate confidentiality and data security obligations.

7.2.2. Public Authorities and Other Authorized Bodies

Personal data may be disclosed where required under applicable law or pursuant to a lawful and binding request from competent authorities.

7.3. The Company does not disclose users' personal data to third parties for their independent marketing or advertising purposes.

7.4. The Company does not sell, trade, or otherwise commercially transfer users' personal data.

7.5. Where personal data is disclosed to data processors, the Company takes reasonable and appropriate measures to ensure that such processors provide a level of protection of personal data that is no less than that required by applicable law and this Privacy Policy.

8. Cross-Border Transfers of Personal Data

8.1. In the course of the Company's activities, users' personal data may be processed and stored both within the Republic of Serbia and outside its territory, including in Member States of the European Union and other countries.

8.2. The Company carries out cross-border transfers of personal data only where an adequate level of protection of personal data is ensured in accordance with applicable data protection legislation.

8.3. Transfers of personal data to Member States of the European Union are carried out under the framework of the General Data Protection Regulation (GDPR) and do not require additional authorization.

8.4. Transfers of personal data to the Argentine Republic are permitted on the basis that the European Commission has recognized Argentina as providing an adequate level of protection for personal data.

8.5. Where personal data is transferred to countries that do not ensure an adequate level of protection, the Company implements appropriate legal mechanisms and safeguards as required under applicable law, including Standard Contractual Clauses or other lawful protective measures.

8.6. The Company takes reasonable technical and organizational measures to ensure the security of personal data during cross-border transfers.

9. Data Retention

9.1. The Company retains users' personal data in a form that permits identification of data subjects for no longer than is necessary to achieve the purposes of processing set out in this Privacy Policy, unless a longer retention period is required or permitted under applicable law.

9.2. Personal data processed on the basis of the user's consent shall be retained until such consent is withdrawn, unless otherwise provided by applicable law.

9.3. Personal data processed for the purposes of business communication and handling user inquiries shall be retained for the period necessary to process the relevant request and any subsequent communication, after which it shall be deleted or anonymized, unless retention is required to comply with the Company's legal obligations.

9.4. Technical and analytical data, including cookie-related data, shall be retained for the periods specified for the relevant cookies or until the user withdraws consent to their use, except where such data must be retained for a longer period in accordance with applicable law.

9.5. Upon expiration of the applicable retention period, personal data shall be deleted or anonymized using reasonable technical and organizational measures.

10. Data Subject Rights

10.1. Users, as data subjects, have the rights provided under applicable personal data protection legislation, including but not limited to the following:

10.1.1. Right to Be Informed — the right to receive information regarding the fact, purposes, and methods of processing of their personal data.

10.1.2. Right of Access — the right to request confirmation as to whether personal data concerning them is being processed and to obtain access to such data.

10.1.3. Right to Rectification — the right to request the correction, updating, or completion of inaccurate or incomplete personal data.

10.1.4. Right to Erasure ("Right to Be Forgotten") — the right to request deletion of personal data in cases provided for under applicable law.

10.1.5. Right to Restriction of Processing — the right to request restriction of the processing of personal data in cases provided for under applicable law.

10.1.6. Right to Data Portability — the right to receive personal data in a structured, commonly used, and machine-readable format and, where applicable, to transmit such data to another controller.

10.1.7. Right to Object — the right to object to the processing of personal data based on the Company's legitimate interests on grounds relating to the user's particular situation.

10.1.8. Right to Withdraw Consent — the right to withdraw consent at any time where processing is based on consent. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

10.2. To exercise their rights, users may submit a request to the Company at: info@arsistech.com.

10.3. The Company shall respond to data subject requests without undue delay and, as a rule, within thirty (30) calendar days from receipt of the request, unless a different period is required under applicable personal data protection legislation.

Where an extension of the response period is necessary in accordance with applicable law, the user shall be informed accordingly.

10.4. If a user believes that their personal data protection rights have been violated, they have the right to lodge a complaint with the competent supervisory authority in accordance with applicable law.

11. Personal Data Security

11.1. The Company implements necessary and reasonable technical, organizational, and administrative measures to protect personal data against unauthorized or unlawful access, destruction, alteration, blocking, copying, disclosure, dissemination, or other unlawful actions.

11.2. Security measures are designed and implemented taking into account:

  • the nature, scope, and purposes of the processing of personal data;
  • the potential risks to the rights and freedoms of data subjects;
  • the state of the art and reasonable implementation costs of such measures.

11.3. For the purpose of protecting personal data, the Company may, where applicable, implement the following measures:

  • restricting access to personal data to authorized personnel only;
  • using authentication and access control mechanisms;
  • implementing safeguards for information systems and network infrastructure;
  • regularly updating software and security tools;
  • maintaining data backup procedures and measures to restore data availability;
  • adopting internal organizational measures to ensure the confidentiality of personal data.

11.4. Personal data is processed in a manner that ensures an appropriate level of security, including protection against accidental loss, destruction, or damage.

11.5. In the event of a personal data breach, the Company acts in accordance with applicable legal requirements, including assessing the risks to the rights and freedoms of data subjects and, where required, notifying the competent supervisory authority and/or the affected data subjects.

12. Data Not Processed by the Company

12.1. In connection with the use of the Website, the Company does not collect or process the following categories of data:

  • bank card data or other payment information;
  • data constituting banking secrecy;
  • information relating to financial operations or transactions;
  • special categories of personal data, including data concerning health, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs;
  • personal data of minors, except where expressly permitted under applicable law.

12.2. The Website is not intended for use by minors. The Company does not knowingly collect personal data from minors.

12.3. If a user voluntarily provides personal data falling within the categories listed in Section 12.1 of this Policy, such data shall be processed solely to the extent necessary to review the relevant inquiry and shall be deleted at the earliest reasonable opportunity, unless retention is required under applicable law.

13. Contact Information and Final Provisions

13.1. For any questions related to the processing and protection of personal data, as well as for the exercise of data subject rights, users may contact the Company at: info@arsistech.com.

13.2. Users have the right to lodge a complaint with the competent data protection supervisory authority in accordance with applicable law, including:

  • in the Republic of Serbia — the Commissioner for Information of Public Importance and Personal Data Protection;
  • in the country of their habitual residence or place of work — the relevant data protection supervisory authority.

13.3. This Privacy Policy shall remain in effect until replaced by a new version.

13.4. The current version of the Privacy Policy is published on the Website and is available for review at any time.