Privacy Policy

Who we are

Selador Group d.o.o. (a limited liability company, drustvo sa ogranicenom odgovornoscu) is the data controller responsible for the personal data described in this policy. Where this policy refers to "we", "us", or "Selador", it refers to Selador Group d.o.o.

Registered seat: Lepenička 7, Voždovac, 11000 Belgrade, Republic of Serbia. Registered with the Serbian Business Registers Agency (Agencija za privredne registre, APR). Company registration number (matični broj): 22094041. Tax ID (PIB): 114942337.

You can reach us about any privacy matter, including requests to exercise your rights, at [email protected]. This policy applies to our website, our forms, and the personal data we handle while delivering services to clients.

We process personal data under the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti, "ZZPL", Official Gazette of RS no. 87/2018) and, for personal data from the EU/EEA, the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing (GDPR Article 22). Any research finding is reviewed by a person before it informs a decision.

Data we collect

Information you provide: your name, company, email address, phone number, website address, and the details you share through our contact, brief, and audit forms or by email.

Information collected automatically: limited technical data such as IP address, browser type, device information, and pages visited. The site uses an essential-only approach and does not run advertising or cross-site tracking cookies.

Client engagement data: material you give us to deliver a project, which may include brand assets, account access you choose to grant, and business information relevant to the work.

Business contact details for outreach: where we approach organisations that may have a professional interest in our services, we may process business contact details, such as a professional or role-based email address and company information, obtained from the organisation itself or from public and professional sources.

Information about third parties in research engagements: where a client engages us to prepare open-source research, we process limited personal data about identifiable third parties, such as a counterparty and its owners, officers, or representatives, drawn only from publicly available and lawful sources, and limited to what the agreed purpose needs.

Why we process data and our legal bases

To respond to enquiries and prepare proposals: on the basis of taking steps at your request before entering a contract, and our legitimate interest in answering you.

To deliver and manage services: on the basis of performing our contract with you or your organisation.

To run and secure our website and keep records: on the basis of our legitimate interests in operating, improving, and protecting our business, balanced against your rights.

To meet legal, tax, and accounting duties: on the basis of compliance with our legal obligations. Where we rely on consent, such as for optional analytics, you may withdraw it at any time.

To introduce our services to businesses that may be interested: on the basis of our legitimate interest in offering relevant business-to-business services. We contact professional rather than personal addresses, we identify ourselves clearly in every message, and we always offer a simple way to opt out. If you opt out we record this so you are not contacted again, and we do not send such messages where local law requires prior consent.

To prepare open-source research that a client has requested: on the basis of the legitimate interests of the client, and of us, in carrying out a lawful and proportionate business assessment from publicly available sources. We weigh those interests against the rights, freedoms, and reasonable expectations of the people concerned, collect only what the agreed purpose needs, and do not proceed where those rights override our interest. We do not seek special categories of personal data for this purpose unless their use is clearly lawful and necessary, we do not use this data for marketing, and we do not sell it. You can object to this processing at any time, as explained in your rights below. Because we gather this information from public sources rather than from the person directly, we provide the transparency information that data protection law requires through this policy and through our Sourcing and Responsible Use policy. Where giving notice directly to a person would be impossible or would involve disproportionate effort, we rely on this public information and take appropriate measures to protect that person's rights.

How long we keep data

We keep personal data only as long as needed for the purpose it was collected for, or as required by the ZZPL and applicable accounting and tax rules. Enquiry data that does not lead to an engagement is kept for a limited period and then deleted.

Records tied to a contract, including invoices and correspondence, are retained for the periods required by applicable accounting and tax rules, after which they are deleted or anonymised.

Research materials we prepare for a client engagement, and our working copies of them, are kept only for as long as the engagement needs and to meet our legal obligations, after which we delete or anonymise them. We do not maintain a standing database of research subjects.

Our research materials draw on public records and open sources about companies and organisations, not about private individuals. Public sources can be incomplete, out of date, or contested, so findings are provided as-is and must not be the sole basis for a decision with legal effect.

Sharing and processors

We do not sell personal data. We share it only with service providers who process data on our behalf under written agreements, such as hosting, email, and analytics providers, and only as needed to run our work.

We may also disclose data where required by law, to enforce our agreements, or to protect the rights, safety, and property of Selador, our clients, or others. A current list of categories of processors is available on request.

International transfers

Some of our providers operate outside Serbia or the European Economic Area. Serbia is not on the EU list of countries with an adequacy decision. Where personal data is transferred to or from the EU/EEA, an appropriate safeguard is used, in particular the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914).

You may ask us for more information about the safeguards we apply to a specific transfer by contacting [email protected].

Your rights

Subject to applicable law, you have the right to access your data, correct it, erase it, restrict or object to its processing, withdraw consent, and request portability of data you provided to us.

To exercise any right, contact us at [email protected]. We respond within 30 days of a clear request, extendable once for complex requests as the law allows, and we may ask you to confirm your identity.

You may lodge a complaint with the Serbian supervisory authority: the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti), Bulevar kralja Aleksandra 15, 11120 Belgrade, www.poverenik.rs. Where the GDPR applies, you may also complain to the supervisory authority of your EU/EEA habitual residence.

If you are not a client or enquirer but believe information in research we have prepared relates to you, the same rights apply, including the right to object to processing based on our legitimate interests. Our Sourcing and Responsible Use policy explains how to raise this and how we respond.

Security, children, and changes

We apply appropriate technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Our services are intended for businesses and are not directed at children. We do not knowingly collect data from children. We may update this policy from time to time and will change the date below when we do.