Privacy Policy
Last updated: 3 June 2026
This Privacy Policy explains how DANIL KARIMOV PR NOVI SAD ("we", "us", "our", the "Company") collects, uses, stores and protects personal data of visitors to the website karimov.tech (the "Website") and of persons who contact us through it.
We process personal data in accordance with the Law on Personal Data Protection of the Republic of Serbia ("Official Gazette of RS", No. 87/2018) (the "ZZPL") and, where applicable to visitors located in the European Economic Area, Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR").
1. Who we are (Data Controller)
The controller of your personal data is:
- Business name: DANIL KARIMOV PR NOVI SAD
- Legal form: Entrepreneur (preduzetnik), Republic of Serbia
- Registered seat: Železnička 20, 21101 Novi Sad, Serbia
- Registration number (matični broj): 68136547
- Tax identification number (PIB): 115148704
- Contact e-mail for privacy matters: project-advisory@tuta.com
You may contact us at the e-mail address above for any question relating to this Privacy Policy or to the processing of your personal data.
2. What personal data we collect
We only collect personal data that you voluntarily provide to us, and a limited amount of technical data necessary to operate the Website securely.
a) Data you provide through the contact form
When you submit the "Contact us" form, we collect:
- your name;
- your e-mail address;
- the content of your message and any personal data you choose to include in it.
b) Data you provide by contacting us directly
If you contact us by e-mail (for example at project-advisory@tuta.com) or via the messaging channels listed on the Website, we receive the data contained in your communication (e.g. name, e-mail address, message content).
c) Technical data
When you visit the Website, our hosting provider may automatically process limited technical data required to deliver the Website and keep it secure, such as your IP address, browser type, and the date and time of access (server log data). This data is processed only for security and stability purposes and is not used to identify you or to build a profile.
We use privacy-friendly, self-hosted website analytics (Umami) to understand aggregate traffic to the Website. This analytics is cookieless and collects only aggregated, non-identifying information — such as pages viewed, the referring website, the approximate country derived from your IP address (without storing your full IP address), and the type of device and browser. It does not set cookies, does not track you across other websites, and does not build an individual profile. The analytics runs on our own infrastructure, so this data is not shared with any third-party analytics provider. We do not use advertising trackers or marketing cookies. See Section 8 (Cookies).
We do not knowingly collect special categories of personal data (e.g. data revealing health, political opinions, religious beliefs) and ask that you do not include such data in your messages.
3. Why we process your data and the legal basis
| Purpose | Categories of data | Legal basis |
|---|---|---|
| To respond to your enquiry and communicate with you | Name, e-mail, message content | Your consent (Art. 12(1)(1) ZZPL / Art. 6(1)(a) GDPR) and/or taking steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR) |
| To discuss and, where relevant, provide our advisory services | Name, e-mail, message content, business contact details | Performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR) |
| To operate, secure and maintain the Website | Technical/server log data | Our legitimate interest in the security and proper functioning of the Website (Art. 6(1)(f) GDPR) |
| To comply with legal obligations (e.g. accounting, tax) | Contact and transaction data | Compliance with a legal obligation (Art. 6(1)(c) GDPR) |
Providing your data through the contact form is voluntary, but without your name, e-mail and message we will not be able to respond to your enquiry.
4. How long we keep your data
- Contact enquiries that do not lead to a business relationship: we retain them for up to 12 months from the last communication, after which they are deleted, unless a longer period is required to establish, exercise or defend legal claims.
- Data related to a client relationship: retained for the duration of the relationship and thereafter for the period required by applicable law (including Serbian accounting and tax retention periods, generally up to 10 years).
- Server log data: retained for a short period for security purposes and then deleted or anonymised.
When the retention period expires, we delete or irreversibly anonymise the data.
5. Who has access to your data (recipients)
We do not sell your personal data. We may share it only with:
- Service providers acting as processors on our behalf, namely our e-mail service provider (Tuta, operated by Tutao GmbH, Germany) and our website hosting provider (see the Legal Notice for details), who process data only on our instructions and under a data processing agreement;
- Professional advisers (e.g. accountants, lawyers) where necessary and bound by confidentiality;
- Public authorities, where we are required to disclose data by law.
6. International transfers
Our e-mail provider is located in the European Union (Germany), which ensures an adequate level of data protection. Where any processor is located outside the Republic of Serbia or the European Economic Area, we ensure that the transfer is covered by an appropriate safeguard recognised under the ZZPL and the GDPR (such as an adequacy decision or Standard Contractual Clauses). You may request information about these safeguards using the contact details in Section 1.
7. Your rights
Subject to the conditions set out in the ZZPL and, where applicable, the GDPR, you have the right to:
- access your personal data and obtain a copy;
- request rectification of inaccurate or incomplete data;
- request erasure ("right to be forgotten");
- request restriction of processing;
- object to processing based on our legitimate interests;
- data portability (receive your data in a structured, machine-readable format);
- withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, contact us at project-advisory@tuta.com. We will respond within the time limits required by law (generally 30 days).
You also have the right to lodge a complaint with the supervisory authority:
Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti) Bulevar kralja Aleksandra 15, 11120 Belgrade, Serbia Website: www.poverenik.rs
If you are located in the EEA, you may also lodge a complaint with your local data protection authority.
8. Cookies
The Website currently uses only strictly necessary technical cookies (if any) required for the Website to function and to keep it secure. We do not use analytics, statistics, advertising or profiling cookies, and we do not store cookies that require your consent.
Strictly necessary cookies do not require consent under the ZZPL and the ePrivacy framework. Our website analytics (see Section 2(c)) is cookieless — it stores nothing on your device — and therefore does not require a consent banner. If we introduce analytics or other non-essential cookies in the future, we will update this Policy and request your prior consent through a cookie banner.
9. Data security
We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure, including encrypted communication channels, access controls and the principle of data minimisation. However, no transmission over the internet can be guaranteed to be completely secure.
10. Children
The Website and our services are directed at businesses and professionals. We do not knowingly collect personal data from persons under the age of 15 (the age of consent under the ZZPL). If you believe a child has provided us with personal data, please contact us so we can delete it.
11. Changes to this Policy
We may update this Privacy Policy from time to time. The current version, with its "Last updated" date, is always available on the Website. Material changes will be brought to your attention where required by law.
12. Contact
For any question regarding this Privacy Policy or the processing of your personal data, contact:
DANIL KARIMOV PR NOVI SAD Železnička 20, 21101 Novi Sad, Serbia E-mail: project-advisory@tuta.com