Newsletter and ADS

Pursuant to Article 23 of the Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018, hereinafter: “Law”) and in accordance with the General Data Protection Regulation No. 2016/679, hereinafter: (“GDPR”), the Controller, A BOTANICAL PHILOSOPHY d.o.o. Beograd, Stanoja Glavaša 26/43, registration number: 21646920, whose legal representative is Ela Knežević, director (hereinafter: “Controller”), issues the following:


The purpose of this Notification is for the Controller to ensure the realization and protection of the right to privacy of those who visit the website, as well as to inform them about their rights in connection with the processing of personal data.

Personal data that are processed

Name, surname, e-mail address, phone number, date of birth.

Purpose of intended data processing and legal basis for data processing

The purpose of the processing is: delivery of Newsletters and other advertising material and placement of advertising material/retargeting.

The legal basis of the processing

The data subject has consented to the processing of his/her personal data.

Transfer of personal data to another country or international organization

Data is not transferred outside the RS.

Data retention period and criteria for its determination

Data is stored until the user/customer deletes his/her user account.

Rights of data subjects

The data subject has the right of access, the right to rectification, erasure, restriction and portability of data, as well as the right to object and automated individual decision-making.

The data subject has the right to revoke the consent at any time, whereby the revocation does not affect the admissibility of the processing prior to it.

In the event that the data subject revokes the consent, the Controller shall not process his/her data, unless the Controller has legal authorization for processing.

Data subjects can submit the above requests by sending an e-mail to [email protected].

The Controller shall respond to each request as soon as possible, no later than within 30 days of receiving the request in accordance with Article 21 of the Law and Article 12 of the GDPR.

The user/customer can file a complaint regarding the processing of his/her personal data before the Commissioner for Information of Public Importance and Personal Data Protection.

Measures to protect personal data

Technical measures:

The collection of data stored in the computer system is secured by a password system for authorization and identification of program and data users. Paper data carriers, which are used to enter data into the computer-controlled data collection, and all other carriers are locked outside of working hours. All rooms are locked. The processor undertakes all other measures in accordance with the Law on Personal Data Protection that are necessary in the given situation.

Organizational measures:

A general act regulating the field of personal data protection was adopted and a person in charge of the protection of personal data was appointed.

Personnel measures:

An employee who is authorized to process personal data, that is, who has access to personal data, is obliged to maintain the confidentiality of the data, which is defined in the
Employment Agreement.