Privacy Policy

This Privacy Policy informs you about how Inter IT Solutions (hereinafter 'we', 'us', 'our') collects, uses, and protects your personal data when you visit our website https://interit.rs. We are committed to protecting your privacy in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

We process personal data of our users principally only to the extent necessary for providing a functional website as well as our content and services. The processing of personal data of our users is carried out regularly only if the user has given consent or if the processing is permitted by statutory regulations.

A. Website Operation, Database, and Backend (Self-Hosted Supabase Instance)

Data collected: When you use our website, interact with forms (contact, live chat), or subscribe to our newsletter, we process the data you provide (e.g., name, email address, message content). Additionally, our web server automatically records standard log files for operational and security purposes, which may include your IP address, browser type, operating system, referrer URL, and time of access. All this data is processed and stored on our self-hosted Supabase instance.

Purpose: This data is processed to operate and maintain the website, provide requested services (like responding to inquiries, sending newsletters, enabling live chat), ensure the security and stability of our systems, and for internal analysis to improve our services.

Legal basis: If you have given consent for specific processing (e.g., newsletter, Art. 6(1)(a) GDPR), that is our legal basis. For processing necessary to fulfill a contract or pre-contractual measures (e.g., responding to a service inquiry, Art. 6(1)(b) GDPR), that is the basis. Otherwise, processing, especially of server log files and for security purposes, is based on our legitimate interests in providing a functional, secure website and efficient communication channels (Art. 6(1)(f) GDPR).

Infrastructure Provider: The technical infrastructure for our website, database, and backend services, including our self-hosted Supabase instance, is managed and operated by our affiliated company, Inter IT Solutions d.o.o..

Server Location: These servers are physically located in Serbia.

We have implemented robust technical and organizational security measures to protect your data on these servers, adhering to high security standards comparable to industry best practices, including data encryption in transit (HTTPS) and at rest, firewalls, access controls, and regular security monitoring.

B. Contact and Live Chat Data

Data collected: As part of our website operation (see section 3.A), when you use our contact forms or live chat, we process the name and email address you provide, along with your message.

Purpose: To respond to your inquiries and provide support.

Legal basis: Art. 6(1)(b) GDPR (contractual or pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in effective communication), or Art. 6(1)(a) GDPR (consent, if specifically requested for certain data uses).

C. Newsletter Data

Data collected: If you subscribe to our newsletter, we process your email address.

Purpose: To send you news, updates, and information about our services.

Legal basis: Your consent (Art. 6(1)(a) GDPR).

We use a double opt-in procedure for newsletter subscriptions to verify your consent.

You can revoke your consent and unsubscribe from the newsletter at any time via the link provided in each newsletter or by contacting us directly.

Newsletter data management and sending are handled through our self-hosted infrastructure.

D. Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ('Google').

Purpose: To analyze website traffic and user behavior to improve our website and services.

Legal basis: Based on your consent (Art. 6(1)(a) GDPR and, if applicable for cookie access, § 25 (1) TTDSG).

We have activated IP anonymization; your IP address is truncated by Google within the EU/EEA before possible transmission to the USA.

You can prevent data collection by Google Analytics by installing the browser add-on: https://tools.google.com/dlpage/gaoptout. Google's privacy policy: https://policies.google.com/privacy.

We have a Data Processing Agreement (DPA) with Google. Google LLC (parent company) is certified under the EU-US Data Privacy Framework (DPF).

E. Cloudflare

Provider: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Purpose: For Content Delivery Network (CDN) services, security (e.g., DDoS protection), and website performance optimization.

Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR) in providing a secure, fast, and reliable website.

Cloudflare is certified under the EU-US Data Privacy Framework (DPF).

Our website uses cookies and similar technologies. Cookies are small text files stored on your device. Some are essential for the site's functionality, while others help us analyze website usage or are used for marketing purposes, subject to your consent.

For detailed information on the cookies we use and how you can manage your preferences, please see our Cookie Policy.

Your personal data will generally not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if:

Our main data processors or service providers include:

The primary processing of your data (website operation, contact forms, live chat, newsletter if self-hosted) occurs on our self-hosted infrastructure.

We may also disclose data if required by law or to public authorities to protect our rights or the rights of third parties.

If personal data is transferred to countries outside the European Union (EU) or European Economic Area (EEA) ('third countries'), we ensure that an adequate level of data protection is guaranteed.

Our primary website infrastructure, including our self-hosted Supabase instance, is operated by Inter IT Solutions d.o.o. on servers located in Serbia. Serbia is currently not recognized by the EU Commission as a country with an adequate level of data protection. We have therefore implemented appropriate safeguards for this data transfer and processing, primarily through robust contractual agreements between Inter IT Solutions and Inter IT Solutions d.o.o. that incorporate principles equivalent to the EU Standard Contractual Clauses (SCCs), alongside strong technical and organizational security measures to protect your data to a standard comparable with GDPR requirements.

For services such as Google Analytics and Cloudflare, data may be transferred to the USA. These transfers are safeguarded by the EU-US Data Privacy Framework (DPF) certification of these providers, ensuring an adequate level of data protection for transfers to certified US companies. Where DPF is not applicable, other appropriate safeguards such as SCCs are used.

We store your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as long as required by statutory retention periods (e.g., under German commercial or tax law). Once the purpose of storage no longer applies or the retention period expires, your personal data will be routinely blocked or deleted in accordance with legal provisions.

We take comprehensive technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. This includes, for example, the use of SSL/TLS encryption for the transmission of data on our website.

Our self-hosted infrastructure in Serbia, managed by Inter IT Solutions d.o.o., is protected by industry-standard security measures including firewalls, access control systems, regular security updates, and data encryption (e.g., HTTPS for data in transit, and encryption for data at rest where implemented by the Supabase platform).

As a data subject under the GDPR, you have the following rights concerning your personal data:

• Right of access (Art. 15 GDPR): You can request information about your personal data processed by us.
• Right to rectification (Art. 16 GDPR): You can request the immediate correction of incorrect or completion of your personal data stored by us.
• Right to erasure ('right to be forgotten') (Art. 17 GDPR): You can request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
• Right to restriction of processing (Art. 18 GDPR): You can request the restriction of the processing of your personal data under certain conditions.
• Right to data portability (Art. 20 GDPR): You can request to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or request its transmission to another controller.
• Right to object (Art. 21 GDPR): You can object to the processing of your personal data if it is based on legitimate interests (Art. 6(1)(f) GDPR), for reasons arising from your particular situation. If your personal data is processed for direct marketing purposes, you have the right to object at any time.
• Right to withdraw consent (Art. 7(3) GDPR): You can withdraw your consent given to us at any time with future effect. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to complain to a supervisory authority if you believe that the processing of your personal data infringes data protection regulations.

To exercise these rights, please contact us using the contact details provided in this Privacy Policy.

If you wish for your data to be deleted, or to exercise any of your other rights, please contact us at [email protected]. We will process your request in accordance with applicable legal requirements.

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, e.g., when introducing new services. The new Privacy Policy will then apply to your revisit. Please check this Privacy Policy periodically for changes. The date of the last update is indicated at the beginning of this policy.

The competent supervisory authority for data protection matters is usually the state data protection commissioner of the federal state in which our company has its registered office. A list of data protection officers and their contact details can be found at the following link (in German):

List of supervisory authorities