Privacy Policy

Data Privacy Agency  is committed to safeguarding your privacy. This policy sets out our approach to data protection and data privacy, explaining why and how we may process your personal information, where we are the data controller of that information (also referred to here as “personal data”), and your rights in relation to that information.

Except where this policy states otherwise, we are the controller of the personal data processed in accordance with this policy.

Our Data Privacy Office is responsible for responding to questions relating to this policy, including any requests you may make to exercise your legal rights under the relevant privacy regulation. Our Data Privacy Office can be contacted at Our full contact details are set out at the end of this policy.

* This policy was last updated in April 2020.


Information we collect about you

We may process your personal data (which we have either obtained directly from you or from somewhere else) if:

    • you are a prospective client, current client or supplier of ours;
    • you otherwise use our services;
    • you work for a client or a supplier of ours, or for someone who otherwise uses our services;
    • you are someone (or you work for someone) to whom we want to advertise or market our services, our events; or
    • you were previously employed by our company.
  • Personal data which is not collected directly from you may be collected from:
    • your employer in connection with your job and how it relates to us;
    • third parties we work closely with, including but not limited to family members, trustees, business partners, sub-contractors in technical, payment and delivery services, analytics providers, and search information providers;
    • Governmental bodies, regulators, institutions, courts or any other similar establishments; or
    • any websites or applications (“Apps”) operated by us which you use.


  • Personal data collection methods we may use include:
    • communication in person;
    • communication by phone, email, fax, SMS or any other electronic communication method;
    • communication by letters, notices, information sheets or any other paper-based communication methods;
    • using our website, social media channels, Apps or other technologies; or
    • visiting us (for example, if you sign in or are recorded on CCTV while visiting our offices).


  • Personal data relating to you that we may process includes:
    • Identity data including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department;
    • Contact data including billing address, postal address, email address and telephone numbers (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company that you work for);
    • Financial data including bank account and other payment method details;
    • Transaction data including details about payments to and from you and other details of services you have received from us;
    • Profile data including your username and password, your interests, preferences, feedback and survey responses. It also includes information you give us or that we obtain when you use our website, obtain or subscribe to our services, supply us with goods or services, inquire about a service, place a service request, enter a survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for;
    • Client data including information about how you use our services, website, and applications, as well as personal data which can include Identity, Contact, Financial, Transaction and Profile Data of you and/or your family members, beneficiaries, employees or employers, or other third persons about whom we need to collect personal data by law, or under the terms of a contract we have with you;
    • Marketing and communications data including your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organizing and managing those events (for example, your dietary requirements); and
    • Technical data including: The Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
      • Information about your visit to our website/Apps, such as the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call us, and direct dials or social media handles used to connect with our employees or social media accounts; and

        Location data which we may collect through our website/applications and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognize your mobile browser or device when you return to the website/application. Delivery of location services will involve reference to one or more of the following: (a) the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. See our cookie policy for more information on the use of cookies and device identifiers on the website/applications.


How we use your information

The below table sets out the purposes for which we obtain your personal data, alongside the lawful basis for our processing such data:

Purpose/ActivityType of DataLawful basis for processing including basis of legitimate interest 
To register you as a new client, complete our client due diligent and check for any conflicts of interestIdentity
Performance of a contract with you
Legal and regulatory requirement
To process and deliver a service to you including but not limited to:
Entering into contracts; manage payments, fees and charges; collect and recover money owed to us
Personal Data 
Performance of a contract with you

Necessary for our legitimate interests (for example; to recover debts due to us) 
To manage our relationship with you which will include: 

Notifying you about changes to our terms or privacy policy
Asking you to leave a review or take a survey 

Marketing and Communications
Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (for example; to keep our records updated and to study how customers use or products/services)
To enable you to partake in an event or complete a surveyIdentity
Marketing and Communications
Performance of a contract with you
Necessary for our legitimate interests (for example; to keep our records updated and to study how customers use or products/services)
To administer and protect our business and our website and AppsIdentity
Necessary for our legitimate interests (for example; for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or restructuring exercise)
Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to youIdentity
Marketing and Communications
Necessary for our legitimate interests (for example; to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use our data analytics to improve our website, products/services, marketing, customer relationships and experiencesTechnicalNecessary for our legitimate interests (for example; to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To provide you with the information and communications such as newslettersIdentity
Marketing and Communications
Your consent


Cookies and other technologies

Our use of cookies and other similar technologies to process personal data is explained in our
cookie policy.


Our updates and communications 

Where permitted in our legitimate interest or with your prior consent where required, we will use your personal information for marketing analysis and to provide you with newsletters and information about events and our services by email, letter, telephone or using our website. 

You can withdraw your consent and decline to receive any marketing materials at any time by selecting the “unsubscribe” link at the end of our marketing communications to you. 


Who we give your information to 

We may share your personal data with appropriate third parties including:

  • our business partners, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you;
  • our auditors, legal advisors and other professional advisors or service providers;


  • company data providers and similar information providers for the purpose of carrying out our due diligence duties in accordance with our legal and regulatory obligations. 

In relation to information obtained via our website:

  • analytics and search engine providers that assist us in the improvement and optimization of our website, subject to the cookie section of this policy. 


We may disclose your personal information to appropriate third parties:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets, subject to the terms of this privacy policy;

  • if Data Privacy Agency or substantially all of its assets are acquired by a third party, in which case personal data it holds about its clients will be one of the transferred assets;

  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contractual terms or other agreements with you; or

  • to protect the rights, property, or safety of Data Privacy Agency, our clients, or others. 

This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime. 


Where do we store your information?

The data that we process in relation to you may be transferred to, and stored at a destination outside the European Economic Area (“EEA”) that may not be subject to equivalent data protection laws. It may also be processed by staff situated outside the EEA who works for us or for one of our suppliers.


We may transfer your personal information outside the EEA in order to: 

  • store it;
  • enable us to provide products or services to (and fulfill our contract with) you. This includes order fulfillment, processing of payment details, and the provision of support services;
  • facilitate the operation of our business, where it is in our legitimate interests and we have concluded that these are not overridden by your rights; or 
  • meet any legal requirement to transfer such information outside the EEA.

In particular, we may transfer your personal information to the following countries outside the EEA: 

  • Switzerland, Bosnia and Herzegovina, Germany, Canada and United States of America. 


Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on recognized jurisdictions that provides the same level of protection as EEA countries and ensure that your data is treated securely and in accordance with this privacy policy.


How do we protect your information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorized way.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website or application. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites, or for their security measures or lack thereof. 


How long do we keep your information

We will only retain your personal data for as long as necessary to fulfill the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data can be requested from us using our contact details.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without notifying you.


Your rights

You have the right under certain circumstances to:

  • be provided with a copy of your personal data held by us;
  • request the rectification or erasure of your personal data held by us;
  • request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
  • object to the further processing of your personal data, including the right to object to marketing as mentioned in this document; 
  • and request that your personal data, which we have access to, be moved to a third party.



  • You may opt out at any time from allowing us access to your location data by changing the cookie settings on your browser. Please note that the removal of the Google Analytics cookie may affect your use and experience of our website.  To find out more about cookies, including how to manage and delete them, visit

Your right to withdraw consent:

  • Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at the contact details at the end of this policy.

How to exercise your rights: 

  • You can also exercise the rights listed above at any time by contacting us at

What we may need from you: 

  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

Time limit to respond:

  • We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. If your request or concern is not satisfactorily resolved by us, you may approach the supervisory authority relevant for your country. They can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data. 


Changes to this policy 

We may from time to time make changes to this policy. Any changes will be published in our Privacy Policy (and in the case of substantive changes, we will notify you via email) and will be effective as of the date of publication (which will also be noted on our website).


This policy was last updated in April 2020.


Contact information:
Data Privacy Agency
Sime Solaje 1A
Banja Luka 78000
Bosnia and Herzegovina

Data Privacy Office