GDPR Compliance

Data protection and who controls your data

Selador Group d.o.o. is committed to protecting the personal data of our clients, website visitors, and business partners. We process personal data in accordance with the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti, "ZZPL", Official Gazette of RS no. 87/2018) and, for personal data from the EU/EEA, the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

The data controller is Selador Group d.o.o. (limited liability company), with its registered seat at Lepenička 7, Voždovac, 11000 Belgrade, Republic of Serbia. You can reach us at [email protected].

We apply appropriate technical and organisational measures to ensure the security, integrity, and confidentiality of all personal data we process.

Legal basis for processing

We process personal data only when we have a lawful basis under Article 6 of the GDPR. The bases we rely on are: performance of a contract and taking steps at your request before entering into a contract; our legitimate interests; compliance with a legal obligation; and your consent.

Our legitimate interests include running and securing our business, communicating with clients and partners, and carrying out the firm-level "before you sign" public-record check. That check looks at companies and organisations from public records, not at private individuals.

For non-essential analytics we rely on your consent, which you give through our cookie controls and can withdraw at any time.

Your rights

Under the GDPR you have the right to: access your personal data, rectify inaccurate data, erase your data (“right to be forgotten”), restrict processing, object to processing, data portability, and withdraw consent at any time without affecting processing carried out before withdrawal.

To exercise any of these rights, contact us at the address below. We will respond within the time limits set by law.

Data collection

We collect data through: our website contact and audit forms, email communications, analytics tools (anonymised), and third-party integrations used during client engagements.

We do not sell personal data to third parties. Data is retained only as long as necessary for the purposes for which it was collected or as required by law.

No solely automated decisions

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing (Article 22 of the GDPR). Any research finding is reviewed by a person before it informs a decision.

International transfers

Serbia is not on the EU list of countries with an adequacy decision. Where personal data is transferred to or from the EU/EEA, an appropriate safeguard is used, in particular the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914).

Supervisory authority and data breaches

You may lodge a complaint with the Serbian supervisory authority: the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti), Bulevar kralja Aleksandra 15, 11120 Belgrade, www.poverenik.rs. Where the GDPR applies, you may also complain to the supervisory authority of your EU/EEA habitual residence.

If a personal data breach is likely to result in a risk to people’s rights and freedoms, we report it to the Commissioner without undue delay and, where required, inform those affected.

More detail and the research check

For full detail on what we collect, why, and how long we keep it, please see our Privacy Policy and our Data Processing page.

The "before you sign" check is informational decision support drawn from public records and open sources about companies and organisations, not about private individuals. Public sources can be incomplete, out of date, or contested, so findings are provided as-is, without warranty of completeness, and must not be the sole basis for a decision with legal effect.