Your privacy is very important to us. The company GRADIENT D.O.O. respects your privacy and understands the concerns that may arise regarding your privacy and the protection of personal data that you send to us when you visit our websites, i.e. via our websites, internet portals or via our mobile applications (hereinafter: services; internet services) . Therefore, please read how the company GRADIENT D.O.O. MONTENEGRO, d.o.o. (hereinafter: the company GRADIENT D.O.O.) processes your personal data.

The purpose of the Privacy Policy is to present you in a simple way the personal data we collect about you, on what basis and for what purposes we process it, the possibility of reviewing the management of your privacy settings and your rights in relation to personal data.

Privacy policy of GRADIENT D.O.O. is in accordance with the Law on Personal Data Protection (“Official Gazette of Montenegro”, No. 79/08 dated 23.12.2008, 70/09 dated 21.10.2009, 44/12 dated 09.08.2012) adopted on 17.08.2008 . (hereinafter the General Regulation on the Protection of Personal Data) and the legislation of the Republic of Montenegro includes the following information:

contact information of GRADIENT D.O.O. and the contact of the authorized person for data protection,
legal bases and purposes of personal data processing,
the types of personal data we collect,
the use of cookies and related technologies,
managing user account settings,
enabling personal data,
terms of storage of personal data,
protection of personal data,
the rights of individuals in relation to personal data, including the right to appeal,
privacy policy changes.

1. MANAGER and CONTACT

The manager of personal data is the company GRADIENT D.O.O. MONTENEGRO d.o.o. Podgorica, Cetinjski put bb, Podgorica, owner of the GRADIENT.ME website (hereinafter: the company GRADIENT D.O.O.).

Your questions regarding this Privacy Policy, the confidentiality of your personal data, the way of processing or your requests regarding the exercise of rights related to personal data will be answered by the responsible person and/or authorized person for data protection in the company GRADIENT D.O.O.. Contact with the authorized person for data protection can be established through the above address of the company GRADIENT D.O.O. or via email to info@gradient.co.me.

2. LEGAL BASIS AND PURPOSES OF PROCESSING

The company GRADIENT D.O.O. collects, records, stores, sends and in other ways processes the personal data it has about you on the basis of various legal bases and for the purposes specified below.

2.1. Processing on the basis of a contract – purpose

The company GRADIENT D.O.O. processes personal data for the exercise of rights and obligations from concluded contracts, namely:

i) product sales/purchase agreements – enabled personal data of visitors in the internet portal at www.gradient.co.me (regardless of registration);
ii) contracts for the use of internet or mobile services – personal data of the service orderer (eg user account registration in the internet portal, portal users, etc.).

2.2. Processing based on legal obligations – purpose

The company GRADIENT D.O.O. personal data is processed on the basis of legal obligations that apply to the company GRADIENT D.O.O. (e.g. certain tax regulations, keeping accounts, keeping data of winners of prize games, etc.).

2.3. Processing based on legal interests – purpose

The company GRADIENT D.O.O. may process personal data on the basis of the legal interests pursued by the company GRADIENT D.O.O., except when such interests prevail over the interests or fundamental rights and freedoms of the individual to whom the personal data refer that require the protection of personal data. When it comes to further processing of data collected about an individual, the company GRADIENT D.O.O. performs the assessment in accordance with the General Regulation on the Protection of Personal Data. This further use of data in a pseudonymized or aggregated (joined) form represents the legal use of data for marketing and other business, i.e. technical analyzes of the company GRADIENT D.O.O.. As an additional measure in some forms of further processing of traffic data, deletion of certain data can be used.

Based on the legal interest, the company GRADIENT D.O.O. can process data in the strictly necessary and acceptable range for ensuring the operation of internet services, especially with the purpose of preventing unauthorized access to your user account, spreading malicious codes, preventing fraud, or. other misuse of websites or mobile applications as well as the protection of their intellectual property rights in connection with internet services.

On the basis of legal interests, the company GRADIENT D.O.O. may process your personal data for the purposes of direct marketing (in the case of customers), prevention of abuse, realization of claims or defense against claims in administrative and judicial proceedings.

2.4. Processing based on consent (permission) – purpose

The company GRADIENT D.O.O. processes personal data on the basis of consent to the processing of personal data provided by an individual to the company for the following purposes:

i) for direct marketing purposes – receiving notifications. Notifications contain current offers, benefits and/or invitations to events of the manager and its business partners, invitations to participate in prize games and competitions and useful tips, news and reminders from the world of sports and healthy lifestyle;
ii) for conducting marketing analyzes and customer segmentation as well as for sending customized offers of products and services;
iii) for the purposes of participating in prize games.

Given the enabled personal data, you can receive notifications and customized offers via SMS, MMS to the sent phone number, by e-mail to the sent e-mail address, or in printed form to the address sent.

You can revoke your consent at any time, or modify in the same way as consent was permitted; by clicking the ‘unsubscribe’ button located at the bottom of the electronic message; in the user account settings or by sending a request to withdraw consent for certain purposes to office@gradient.co.me

Since the consent includes direct marketing based on the profile of the individual, the company GRADIENT D.O.O. may classify individuals into segments based on the use of the GRADIENT D.O.O. website. for the purposes of customized service and product offers.

3. PERSONAL DATA WE COLLECT

The company GRADIENT D.O.O. collects various data, including personal data with which it is possible to determine (identify) you directly or indirectly, if you or others decide to share this personal data with the company GRADIENT D.O.O.. We receive data in several ways, including by purchasing on the internet portal, logging in to e – by notifications (direct marketing), by registering a user account in the internet portal, by visiting the website of GRADIENT D.O.O. or using a mobile application. The company GRADIENT D.O.O. collects information about your use of the services we provide.

Personal data we collect:

i) basic personal data such as name and surname, date of birth, electronic address, residential address (street, house number, postal code, city, country), delivery address (street, house number, postal code, city, country) , phone number and password to ensure protection and use of our services;
ii) data about the user account of the internet portal and the use of the GRADIENT D.O.O. service. application, when you choose to send your data through the mobile application, in addition to the basic personal data that you send to us during registration, we also collect personal data such as content and data (information) that you transfer to the user account or post, send, enable or to other the way you share using the mobile application (eg events, pictures, comments, etc.);
iii) purchase data and payment method, whereby in the case of payment to the internet portal using a credit card or Super card, the content of the card data is not stored in the data collections of the company GRADIENT D.O.O.;
iv) the company GRADIENT D.O.O. allows you to register in the application GRADIENT D.O.O. using user accounts you create with third parties such as Facebook or Google. With this registration, you send data about your e-mail address, i.e. your Facebook account (if you register through a Facebook account, we only collect data specified in the public profile, such as first and last name, e-mail, ID number of your user account and profile picture of your user account ), whereby at your request (“checkbox”) we import your contacts with permission to access third-party services (eg from your e-mail account or your Facebook account); The manager of this data and information is third parties, who send it to us based on their privacy policy. In principle, we can manage the data and information we receive from third parties (eg social networks) by using the privacy settings in the user account settings with third parties.
v) The data we collect through the mobile application can also be (1) location data using GPS (but we do not store location data), whereby you can opt out of data collection through geolocation, which may disable certain functionalities of the application that use this data (e.g. sharing location data); (2) information about your device through which you access the mobile application (device type, operating system, (3) IP address and (4) information about the use of the mobile application;
vi) we collect technical information of your browser, computer or mobile device when you access GRADIENT D.O.O. services.

4. COOKIES AND RELATED TECHNOLOGIES

When you use our internet services, cookies are installed on your computer. In general, cookies and related technologies work by assigning a unique number to the browser or device that has no meaning outside of GRADIENT D.O.O..

The company GRADIENT D.O.O. uses these technologies to customize the experience and to help provide content that is specific to your use.

You can use the settings in your browser or mobile device to manage information collected through cookies or similar technologies. The company GRADIENT D.O.O. is committed to providing you with privacy and sharing management, but is not responsible for erroneous Do Not Track signals from Internet browsers. Rejecting cookies may cause some functions of the offered services to be unavailable to you.

5. MANAGEMENT OF USER ACCOUNT SETTINGS

5.1. User Account Updates

The individual is obliged to send accurate and complete data. The registered user can update, adapt, or. change in user account settings.

5.2. Closing the user account

If you want to close your user account of the internet portal or mobile application, you can do so at any time in the settings tab of your user account (in accordance with the instructions on the website, which are updated from time to time) by sending a request to close the user account to the contact address. Proof of identity and address must be attached to the written request. The account will be closed within 10 working days after receiving the individual’s written request and proof of its correctness.

Closing the user account of the internet portal does not mean revocation of consent (subscription) from receiving notifications and direct marketing.

Take into account the fact that some personal data about you that we process on the basis of the contract may not be deleted in accordance with the regulations in the area of tax law and we store them for 10 years from the receipt of the order, that is, the resolution of the complaint or the return of the product.

At the same time, you must be aware that your posts from the time of the active user account remain visible even after the user account is closed (eg conversations in the mobile application with other users are visible from your device and the device of another user).

6. ENABLING PERSONAL DATA

6.1. Contract processors

The company GRADIENT D.O.O. may provide your personal data to third parties with whom it has concluded contracts for the processing of personal data (hereinafter: contract processors) for the purposes of support, analysis and continuous improvement of our services, payment processing or delivery of orders. Contract processors have access only to those personal data that they absolutely need to provide the services they perform for us and only for the purposes of performing these tasks on our behalf and may not use them for any other purposes. Contract processors are obliged to protect your personal data.

The company GRADIENT D.O.O. may cooperate with contractual processors who process statistical data for us about how you use our services for the purpose of advertising services, or to display information that may be of interest to you. Such processors have only anonymous data at their disposal.

6.2. Publicly available information

Some information about you may be publicly available, for example the data you send or share through the mobile application (eg events, pictures, comments, …) or the publication of comments in an internet portal, or social networks, etc.

6.3. Third-party websites and applications

We may share your personal data with third-party applications with your permission if you choose to access our services through such an application (eg Facebook, Google account). GRADIENT D.O.O. is not responsible for what third parties do with your data, so you must make sure that you trust the application and that it has accepted appropriate guidelines for the protection of personal data.

On the websites of GRADIENT D.O.O. there are links to internet sites that are not under the control of GRADIENT D.O.O.. By visiting these pages, you can send your information to third parties with whom GRADIENT D.O.O. does not have a contract on the processing of personal data. These websites have their own privacy policy according to which they process your personal data. Please read their privacy policy to familiarize yourself with how your personal data is processed on the third-party websites you visit.

6.4. Joint managers

We may share your personal data with contractual partners with whom we act in the role of a joint administrator, who may process your personal data in accordance with this privacy policy (eg, an example of a prize draw in cooperation with suppliers).

6.5. Universal legal inheritance

In case of association or if the company GRADIENT D.O.O. include in a business association, division or there is a transfer of activity to a third party, we may transfer your personal data to a third party that is connected with the takeover of the company GRADIENT D.O.O..

6.6. Public bodies

Regardless of the provisions related to the period of storage of personal data according to the Privacy Policy, we may store your personal data for longer periods and send them to third parties such as the police, prosecutor’s office, court and other competent state bodies within Montenegro or abroad if we judge that such facilitation is necessary and based on the law, exclusively for the purposes of prevention, investigation, detection or prosecution of criminal offenses. We can provide your personal data to state authorities when it is necessary to fulfill or defend legal claims in court proceedings or in administrative or out-of-court proceedings.

6.7. Sending data to non-EU or EEA countries

In the case of using internet services outside the EU member states in order to provide internet services, the data sent may be transferred, stored or processed in third countries where the legislation in the area of personal data protection prescribes different standards than in the EU member states, or. EGP. By using services in countries outside the EU, you agree that personal data can be transferred, or sent to entities located in third countries. The company GRADIENT D.O.O. otherwise, it will not independently transfer your personal data to countries outside the EU or EEA.

7. PERSONAL DATA STORAGE PERIOD

We store personal data for as long as it is necessary to provide our services, i.e. longer, if there are legal obligations.

Personal data associated with your user account is stored until the account is closed, while the data related to the purchase made by the user in the internet portal is stored. You can close your account yourself in your account settings or ask us to delete it. Closing the user account and deleting your personal data may take up to 10 working days from the submission of the request. Please note that we may retain some data from closed accounts in accordance with the law to prevent fraud, collect debts, resolve disputes, resolve difficulties, assist with investigations by competent authorities, implement terms of service and adopt other measures permitted by law. The data we retain will be processed in accordance with this privacy policy.

Data related to the payment of purchases in the Internet portal and related contact data about individuals can be stored for the purpose of fulfilling contractual obligations until full payment of the services, or. until the eventual expiration of the statute of limitations in connection with an individual claim, which by law can be up to five years. In accordance with tax regulations, issued invoices are kept for another 10 years after the end of the year in which the invoice was issued.

We keep personal data obtained on the basis of consent until the consent is revoked, but for a maximum of 5 years.

Data about you that are no longer needed for the purposes for which they were collected or otherwise processed may be anonymized and combined with other data that does not allow the determination of an individual to obtain insight into statistical information that is commercially useful for GRADIENT D.O.O. such as, for example, statistics on the use of the services we provide. This personal data is anonymous and does not allow linking to an identifiable individual.

8. PROTECTION OF PERSONAL DATA

We implement a number of technical and organizational measures to ensure the protection of personal data during collection, transmission and storage. The company GRADIENT D.O.O. strives to adequately protect your personal data but does not guarantee the complete security of the personal data you send to us and we are not responsible for the theft, destruction, loss, intentional or unintentional disclosure of your personal data or information about you. The company GRADIENT D.O.O. complies with generally accepted standards for the protection of received information during transmission as well as after receipt, but no method of electronic transmission or storage is 100% secure, so we cannot guarantee complete security. The company GRADIENT D.O.O. uses SSL technology (Secure Sockets Layer) which ensures encryption of personal and credit card data. The company GRADIENT D.O.O. cooperates with a company that ensures the security of our services and your personal data. Users of GRADIENT D.O.O. they are additionally protected by changing the firewall and other technologies to ensure data protection.

The user is responsible for the protection of data by ensuring the appropriate protection of his mobile device or computer, as well as with the protection of the user name, password and appropriate software (antivirus) protection of your electronic device. To ensure the effectiveness of these measures in preventing unauthorized access to your personal data, you must be aware of the security features available to you through your browser. Use a browser that allows security feature settings before submitting your personal or credit card information over the Internet. Take into account the fact that if you use a browser that does not support the use of SSL technology, such transmission of personal data may be risky.

Most browsers provide a notification if you are on a website that does not provide a secure connection or if you are sending data through an unsecured connection. The company GRADIENT D.O.O. recommends that you enable these features of your browser to help protect your personal data. You can also track the address you are on (URL). Secure web addresses start with https:// instead of http://, along with the secure connection symbol used by your browser (usually the lock symbol at the beginning of the web address). This symbol indicates the use of secure communication with the browser. Please check the details (correctness) of the security certificate of the internet site where you are at the same time.

Limitation of liability. The company GRADIENT D.O.O. undertakes to protect personal data and information about you, but no connection via the Internet can be 100% secure and cannot guarantee complete protection of the data you provide us. You provide us with your personal data at your own risk.

9. RIGHTS OF INDIVIDUALS

The company GRADIENT D.O.O. ensures the realization of the rights of individuals to whom personal data refer. Individual requests regarding the exercise of rights can be sent to the email address office@gradient.co.me or by mail to the address GRADIENT D.O.O. Montenegro d.o.o. Podgorica, Bul. 1. Maja 89/2, 81000 Podgorica. The individual is obliged to attach proof of identity and/or address to the request that was not sent from the e-mail address of the registered user. The company GRADIENT D.O.O. will respond to your request in accordance with applicable regulations.

An individual has the following rights in relation to personal data:

9.1. Right of access to data

An individual can request at any time that the company GRADIENT D.O.O. confirm whether data related to him is being processed, if it is being processed to enable access to personal data as well as to provide him with information related to the processing of his personal data (e.g. on the purpose of processing, type of personal data, users, to whom they were or personal data will be sent to them, the intended period of data storage, about technical and organizational measures for data protection, etc.).

9.2. Right to rectification

An individual can request at any time that the company GRADIENT D.O.O. enable the correction of incorrect personal data related to him and the completion of incomplete personal data.

Registered users can do this through their user account settings in the internet portal or user account settings in the GRADIENT D.O.O. mobile application.

9.3. Right to erasure

In accordance with the conditions as specified in more detail by the applicable regulations, an individual may at any time request that the company GRADIENT D.O.O. enable the right to delete personal data (the so-called right to delete).

9.4. Right to restriction of processing

In accordance with the conditions as specified in more detail by the applicable regulations, an individual may at any time request that the company GRADIENT D.O.O. enable the right to limit the processing of your personal data. Registered users of internet services can do this in the settings of their user accounts.

It should be taken into account that in the case of restrictions on the processing of certain personal data, it may not be possible to provide a complete service.

9.5. Right to data portability

An individual can request at any time that the company GRADIENT D.O.O. enable personal data in a structured, commonly used and readable form to be sent to an individual or transferred to a manager of the individual’s choice (if technically feasible) under the conditions specified in more detail by applicable regulations.

9.6. The right to object

In case the company GRADIENT D.O.O. processes personal data based on the legal interests of the company GRADIENT D.O.O., as shown above, an individual may object to such processing in certain cases. The company GRADIENT D.O.O. will stop processing this personal data, unless it assesses that it has well-founded and legitimate reasons for continuing the processing or if the processing is required for legal reasons.

An objection against the processing of personal data for the purposes of direct marketing can also be made with the revocation of consent to receive notifications by clicking on the ‘unsubscribe’ button located at the bottom of the electronic message, or to follow the instructions in the notification sent.

9.7. Withdrawal of consent

An individual can revoke consent at any time, in cases where he has given consent for a specific purpose of processing your personal data.

Registered users can revoke their consent in their account settings.

The revocation of consent does not affect the legality of the processing of personal data that was carried out until its revocation.

9.8. The right to appeal to a supervisory authority

An individual has the right to file a complaint with the Commissioner for Information of Public Importance of the Republic of Montenegro if he believes that his personal data is being processed in violation of the current regulations governing the protection of personal data. The procedure for submitting a complaint to the supervisory body is published on the website of the supervisory body.

10. PRIVACY POLICY CHANGES

The company GRADIENT D.O.O. reserves the right to change the privacy policy and legislation in the area of personal data protection. Please review it periodically.

We will notify you in advance of any changes regarding the processing of your personal data and/or changes (updates) of the privacy policy. Also, changes to the privacy policy will be published on our website and mobile application pages in a timely manner.

If you do not agree with the privacy policy, please stop using our internet services and close your user account, or revoke the given consents.