Our Privacy Policy is here to help us all to better understand each other, our goals are reasons why do we need some of your private information. It is your decision whether you will share them with us, but without them we cannot sell you our products since we do not know who paid requested amount, and where and to whom to send paid products. Also, we need your phone or email, so we can contact you if something goes wrong. We need to be clear – those are your data, not ours, we just have info about them and we can use them, but we cannot and we will not share them with unauthorized persons. 

In this policy, we clarify: 

• what data we collect and why; 
• how your data is handled; and 
• your rights to your data. 

This policy applies to all products made and maintained under the brand RasKonop in company Jovanjica New and THC Quality Group.

What we collect and why

Our guiding principle is to collect only what we need. Here’s what that means in practice:

Identity & access

When you sign up for a RasKonop products, we ask for identifying information such as: your name, delivery address, email address, and a phone number. That’s just so you can personalize your new account, and we can send you products, invoices, updates, or other essential information. We need to know at the very beginning, before you open an account on our application, whether you are adult because our products are intended only to adults. 

We will never sell collected personal information to any party, and we won’t use your name or company in marketing statements without your permission either.

Billing information

When you pay for a RasKonop products, your credit card is passed directly to our payment processor and never goes through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number and as-of billing address, for account history, invoicing, and billing support. We store your billing address to calculate VAT for each country, and to print on your invoices. We try to detect fraudulent credit card transactions, for our both secure.

Web analytics data are saved temporarily for 90 days, so we can recognize some unexpected logins during that period. After that period all web analytic data are deleted permanently.

We register all accesses to all accounts by full IP address so that we can always verify no unauthorized access has happened. We keep problematic login data for as long as your product account is active.

We also register full IP addresses used to sign up a product account. We keep this record permanently while they are used to reduce the number of unauthorized accesses.

Website interactions

When you browse our application, your browser automatically shares certain information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting on our application, page load timing, and which website referred you for statistical purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help inform some design decisions. These web analytics data are tied to your IP address and user account (if applicable and you are signed into our Services). We delete all of these individual identifiers after 90 days.

We do use third-party web analytics software: Google Analytics.

Anti-bot assessments

We use CAPTCHA services as a means of spam protection. We have a legitimate interest in protecting our app and the broader Internet community from spam. When you fill specific forms, the CAPTCHA service evaluates various information (e.g. IP address, how long the visitor has been on the app, mouse movements) to check whether the data is possibly filled out by an automated program instead of a human.

Cookies and Do Not Track

Cookies help us to improve our services, according to information we receive from your browser, supported with some analytics. If you want to know more about cookies, for example how to view which cookies have been set and how to manage and delete them, we recommend you to visit: https://www.allaboutcookies.org.

Voluntary correspondence

When you write to RasKonop Support team, with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.

Information we do not collect

We don’t collect any characteristics of protected classifications including precise age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities, or any other sensitive information. We also do not collect any biometric data. 

When we access or share your information

We access to your information only in accordance with your instructions, order or specific request. There are several situations when we are forced to do that. Hereinafter is the list of situations when we have to approach to your information:

• To provide products you've requested. We do use some third-party services to run our applications and to deliver ordered products. Our processors are IT support team, and delivery services (companies) which primary business activity is delivering various products to third parties. These companies have to know you name, address and contact to be able to deliver you ordered products. We share only necessary minimum of your personal information with these third parties. Having processors or sub-processors means both of us (you and THC Quality Group/Jovanjica New) are using various technology applications and services to access your data. No man & woman from THC Quality Group/Jovanjica New will have approach to your data collected by those services if it is not necessary. 

We also use some other processors for other business functions, such as Odoo S.A. Belgium. Odoo S.A. Belgium has its own privacy policy that implements on all of us, and you may approach to it through link: https://www.odoo.com/privacy . 

• To help you troubleshoot with your password and changing your personal data, with your prior approval. If during our cooperation arises our need to access to your account under your request, we will ask for your prior consent. We will not start any proceeding in that manner without your prior permission.
• To investigate, prevent, or take any action under official request, regulated by law. We are obliged to investigate potential abuse of any step/info/data or product according to official request. We also have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. If we, under any of those requests, discover that you, or any other person, are using our application, products or any info/data for a restricted purpose, we will report the incident to the appropriate authorities.
• Required under applicable law.
• THC QUALITY GROUP DOO KAMNIK is a Slovenian company and all infrastructure is located in the EU, JOVANJICA NOVA DOO BEOGRAD is a Serbian company. Serbia ratified and signed Convention 108. 
• If we get an informal request from any person, organization, or entity, we do take any measures under such request. 
• If you are an account owner who wants to delete data from your account on our application, you can do it directly by contacting our Support team.

You may contact our Support team at any time, writing to following email address: info@jovanjica.com .

If THC Quality Group or Jovanjica New decide to edit Privacy Policy, we will place new version on this same location. We will inform you about our new partners through this page if any info about you is transferred and becomes subject to a different privacy policy as a result of our cooperation with new business partners.

According to EU law, we follow all your data rights. 

Here is a list of most important rules and what does each of those formulations means to both of us: 

1. Right to be informed You have the right to know what personal information is collected, used or shared. We do not sell any information. Your information, that you voluntary gave us through application during your registration process on our application, will be stored until you delete your account, or send us an official request to do the same on your behalf. We receive your data only and solely from you. We specified other categories and specific bits of data we collect during your access to our application, as well as how they are used and for which period of time. 
2. Right of Access (called “SAR”) This includes your right to access the personal information we saved about you, and your right to obtain information about the sharing, storage, security and processing of that information. You should send us an official request and we will respond as soon as possible. 
3. Right to rectify You have the right to request correction of your personal information. Again, we need your official request to make any modification. Moreover, our application is designed that you may at any moment correct any data you previously placed in your account. However, we are always at your disposal for help. 
4. Right to Erasure / so-called “Right To be Forgotten” This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Some erasures may prevent you from using our application and ordering our products, because we will not have enough information to deliver you ordered products, or our applications may after deletion no longer work. In such cases, a data deletion request may result in closing your account. Nevertheless, if regulations oblige us to keep some information, we will inform you that we are not permitted to follow your request and which data will not be deleted. We may delete only data that are under our control, and on our servers.
5. Right to Complain You have the right to make a complaint to the appropriate supervisory authority regarding our handling of your personal information. To identify your specific authority or find out more about this right, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.
6. Right to Restrict Processing This is your right to request restriction of how and why your personal information is used or processed. We request and use only data which are necessary to deliver you our products, so any restriction regarding your data may prevent you from enjoying our products. 
7. Right to Data Portability You have right to request from our Support service to deliver you all data we have collected from the date when you opened your account. We do not have capacity to forward your data to another person under your request, save officials according the specified article of related legal act for each situation. 
8. Right to Object You have the right, in certain situations, to object to how or why your personal information is processed for, for example in situations when you directly receive advertisement on your name from our company. You may object to our Support service or to officials in your country. 
9. Rights in relation to automated decision making and profiling You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes, for example using algorithm for choosing employee, or determining creditworthiness. We do not have any of these or any similar option. 

Many of these rights can be exercised by signing in and directly updating your account information.

If you have questions about exercising these rights or need assistance, please contact our Support team, we will answer or forward you to relevant institution. For requests to delete personal information or know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of information already collected, including your user email address. If an authorized agent is corresponding on your behalf, we will first need written consent with a signature from the account holder before proceeding.

If you are in the EU, you can identify authority for your country to file a complaint or find out more about GDPR, at https://edpb.europa.eu/about-edpb/board/members_en.

How we secure your data

We take the security of your personal data very seriously and implement a variety of measures to ensure it is protected. Here are the key practices we follow:

 1 Encryption: We use industry-standard encryption protocols to protect your data both in transit and at rest. This ensures that your information is secure from unauthorized access.

 2 Access Controls: Access to your data is restricted to authorized personnel only. We employ strict access controls and regularly review permissions to ensure that only those who need access to your data have it.

 3 Regular Security Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities in our systems. This helps us stay ahead of potential threats and maintain a robust security posture.

 4 Multi-Factor Authentication (MFA): We require multi-factor authentication for accessing sensitive systems and data. This adds an extra layer of security by requiring more than just a password to gain access1 (https://www.techrepublic.com/article/how-to-protect-and-secure-data/). (https://www.techrepublic.com/article/how-to-protect-and-secure-data/)

 5 Data Anonymization and Pseudonymization: Where possible, we anonymize or pseudonymize your data to protect your privacy. This means that your data is processed in such a way that it cannot be linked back to you without additional information.

 6 Employee Training: Our employees undergo regular training on data protection and security best practices. This ensures that everyone in our organization understands the importance of data security and how to maintain it.

 7 Incident Response Plan: We have a comprehensive incident response plan in place to address any potential data breaches or security incidents. This plan includes steps for containment, investigation, and notification to affected parties.

 8 Compliance with Regulations: We comply with all relevant data protection regulations, including the General Data Protection Regulation (GDPR) and other applicable law. 

The database backups are also encrypted.

You have right to delete data in your account on our application

In our application we give you the option to delete data or to cancel your account completely. Anything you delete, or after your cancelation, your data will no longer be accessible via our application. We do have backups of our application databases, which are kept for up to another 90 days, so if you change your mind you will need to do so before your data are deleted, or your account is canceled permanently.

Our Data protection officer and person responsible for GDPR implementation is: 

Mr. Goran Šević, official email: goran.sevic@jovanjica.com

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices at any time. Every modification will have the publication date.

If you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information, please do not hesitate to write us on email info@jovanjica.com, and we will do our best to help you!

Belgrade, 14th September 2024