Home → Privacy Policy

Privacy Policy

How we collect, use and protect your personal data

Last updated: May 10, 2026

This Privacy Policy is prepared in accordance with the Law on Personal Data Protection of the Republic of Serbia ("Official Gazette of the Republic of Serbia", No. 87/2018), which is substantially aligned with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for the processing of your personal data is:

SerbiAssist
Diljska 1, Belgrade, Republic of Serbia
Email: contact@serbiassist.com
Phone: +381 65 31 36 917

2. Personal Data We Collect

Depending on the service you request, we may collect the following categories of personal data:

2.1 Identity and Contact Data

  • Full name (as on your passport)
  • Date of birth
  • Gender
  • Email address
  • Phone number
  • Passport number, country of issuance and expiry date

2.2 Company and Business Data

  • Proposed company names
  • Business activity description
  • Share capital and ownership percentage
  • Tax registration details (PIB, MB)
  • Registered address in Serbia

2.3 Immigration and Residence Data

  • D Visa number and expiry date
  • Date of entry into Serbia
  • Current address in Serbia
  • Basis for residence or work permit
  • Employer details (where applicable)

2.4 Communication Data

  • Messages and inquiries you send us
  • Correspondence related to your service request

3. Legal Basis for Processing

We process your personal data on the following legal bases under the Law on Personal Data Protection:

  • Performance of a contract — processing is necessary to provide the service you have requested (Article 12, paragraph 1, point 2)
  • Legal obligation — processing is necessary to comply with legal obligations applicable to us as a service provider (Article 12, paragraph 1, point 3)
  • Legitimate interests — processing is necessary for our legitimate interests, such as improving our services and preventing fraud (Article 12, paragraph 1, point 6)
  • Consent — where you have given explicit consent, for example for marketing communications (Article 12, paragraph 1, point 1)

4. Purpose of Processing

We use your personal data exclusively for the following purposes:

  • Processing your service request and delivering the requested administrative services
  • Submitting applications to Serbian government authorities on your behalf
  • Communicating with you about the status of your application
  • Issuing invoices and managing payments
  • Complying with legal and regulatory obligations
  • Responding to your inquiries and providing customer support
  • Sending service-related notifications (not marketing unless you have consented)

5. Data Sharing and Third Parties

We do not sell, rent or trade your personal data. We may share your data only in the following circumstances:

  • Serbian government authorities — APR, Ministry of Interior, Tax Administration, Serbian Business Registers Agency and other relevant bodies, for the purpose of submitting your application
  • Banking partners — if you have requested bank account opening services, we will share necessary identification data with our trusted banking partners
  • Certification authorities — if you have requested an electronic certificate, we will share necessary data with the accredited Serbian certification body (PKS)
  • Translation partners — licensed court translators, only where translation services are required
  • IT service providers — Formspree (form processing) which processes data as a data processor on our behalf under appropriate data processing agreements
  • Legal obligation — where required by Serbian law or court order

All third parties with whom we share your data are required to handle it securely and in accordance with applicable data protection laws.

6. International Data Transfers

Some of our IT service providers (such as Formspree) may be located outside the Republic of Serbia. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with Article 65 of the Law on Personal Data Protection, including standard contractual clauses or equivalent protections.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • Service-related data — retained for 5 years after the completion of the service, in accordance with Serbian accounting and legal requirements
  • Communication data — retained for 2 years from the date of last communication
  • Data submitted to government authorities — retained in accordance with the applicable legal retention periods of the relevant authority

After the applicable retention period, your data will be securely deleted or anonymised.

8. Your Rights

Under the Law on Personal Data Protection, you have the following rights regarding your personal data:

  • Right of access — to obtain confirmation of whether we process your data and to receive a copy of it
  • Right to rectification — to have inaccurate data corrected or incomplete data completed
  • Right to erasure — to have your data deleted in certain circumstances ("right to be forgotten")
  • Right to restriction of processing — to restrict how we process your data in certain circumstances
  • Right to data portability — to receive your data in a structured, commonly used format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, to withdraw it at any time without affecting the lawfulness of processing prior to withdrawal

To exercise any of these rights, please contact us at contact@serbiassist.com. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe that your personal data is being processed in violation of the Law on Personal Data Protection, you have the right to lodge a complaint with the supervisory authority:

Commissioner for Information of Public Importance and Personal Data Protection
Bulevar kralja Aleksandra 15, 11000 Belgrade
Website: www.poverenik.rs

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include encrypted data transmission (HTTPS), access controls and regular security assessments.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Commissioner for Personal Data Protection within 72 hours and, where required, notify you directly.

11. Cookies

We use cookies on our website. For detailed information about the cookies we use and how you can control them, please refer to our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date of the latest revision is displayed at the top of this page. We encourage you to review this page periodically. Where changes are significant, we will notify you by email or by a prominent notice on our website.

13. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us:

SerbiAssist
Email: contact@serbiassist.com
Phone: +381 65 31 36 917
Address: Diljska 1, Belgrade, Republic of Serbia