Privacy Policy

Data Controller: AdriaPulse D.O.O. — Budva, Montenegro — PIB: 03736733 — adriapulse@outlook.com

This Privacy Policy explains how AdriaPulse D.O.O. (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit or make a purchase from www.adriapulse.org. This policy is prepared in accordance with Montenegro’s Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti) and the EU General Data Protection Regulation (GDPR — Regulation 2016/679).

1. What Data We Collect

When you use our store, we may collect the following categories of personal data:

  • Identity data: name, surname
  • Contact data: email address, phone number
  • Delivery data: shipping address, country
  • Transaction data: order details, purchase history, payment method type (we do not store full card details)
  • Technical data: IP address, browser type, device information, cookies
  • Communication data: messages you send us via email or contact forms

2. How We Use Your Data

We use your personal data for the following purposes:

  • To process and fulfill your orders (legal basis: performance of a contract)
  • To send order confirmations and shipping updates (legal basis: performance of a contract)
  • To respond to your inquiries and provide customer support (legal basis: legitimate interest)
  • To comply with legal obligations, including tax and accounting requirements (legal basis: legal obligation)
  • To improve our website and services through analytics (legal basis: legitimate interest)
  • To send marketing communications, only with your explicit consent (legal basis: consent)

3. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with trusted third parties only where necessary:

  • Shopify Inc. — our e-commerce platform provider (data processed under Shopify’s Data Processing Agreement)
  • Shipping & logistics partners — to deliver your orders (name and address shared as required)
  • Payment processors — to securely process payments (we do not store payment card data)
  • Email service providers — for transactional and marketing emails
  • Legal authorities — where required by law or court order

All third-party processors are required to handle your data in accordance with applicable data protection laws.

4. International Data Transfers

As an international e-commerce business, your data may be transferred to and processed in countries outside Montenegro and the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or adequacy decisions).

5. Data Retention

We retain your personal data only for as long as necessary:

  • Order and transaction data: retained for a minimum of 5 years to comply with Montenegrin accounting and tax law
  • Marketing consent data: retained until you withdraw your consent
  • Customer account data: retained for the duration of your account and up to 2 years after last activity

6. Your Rights

Under Montenegro’s Law on Personal Data Protection and GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure (“right to be forgotten”) — request deletion of your data where no legal obligation requires us to retain it
  • Right to restriction of processing — request that we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent — withdraw marketing consent at any time without affecting prior processing

To exercise any of these rights, please contact us at adriapulse@outlook.com. We will respond within 30 days.

7. Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze site traffic, and support marketing activities. You may control cookie preferences through your browser settings. For more details, please refer to our Cookie Policy (if applicable).

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. Our store is hosted on Shopify, which maintains industry-standard security certifications (PCI DSS compliant).

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:

  • Montenegro: Agency for Personal Data Protection and Free Access to Information (Agencija za zaštitu podataka i slobodan pristup informacijama) — www.azlp.me
  • EU residents may also contact their local Data Protection Authority.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated effective date. We encourage you to review this policy periodically.

Last updated: May 2026

11. GDPR Compliance Statement

AdriaPulse D.O.O. is committed to full compliance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679). Although AdriaPulse D.O.O. is incorporated in Montenegro, GDPR applies to our operations because we offer goods and services to individuals located in the European Union and European Economic Area (EEA).

Why GDPR Applies to Us

Under Article 3 of the GDPR, the regulation applies to any organization — regardless of its location — that processes personal data of EU/EEA residents in connection with offering goods or services to those individuals. As AdriaPulse D.O.O. actively sells to customers in EU member states, we are subject to GDPR obligations.

Our GDPR Commitments

  • Lawful basis for processing: We process personal data only where a valid legal basis exists (contract, legal obligation, legitimate interest, or consent).
  • Data minimization: We collect only the data that is strictly necessary for the stated purpose.
  • Purpose limitation: Data collected for one purpose is not used for unrelated purposes without your knowledge.
  • Transparency: We clearly inform you about what data we collect, why, and how it is used — as set out in this Privacy Policy.
  • Consent management: Where processing is based on consent (e.g., marketing emails), we obtain explicit opt-in consent and provide an easy way to withdraw it at any time.
  • Data subject rights: We honor all GDPR rights (access, rectification, erasure, portability, objection, restriction) within the legally required timeframe of 30 days.
  • Data breach notification: In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, where required.
  • Processor agreements: All third-party service providers who process data on our behalf are bound by Data Processing Agreements (DPAs) ensuring GDPR-compliant handling.
  • Cookie consent: We obtain prior consent from EU/EEA visitors before placing non-essential cookies, in line with the ePrivacy Directive.

Data Protection Officer (DPO)

AdriaPulse D.O.O. does not currently meet the threshold requiring a mandatory Data Protection Officer under Article 37 GDPR. However, all data protection inquiries are handled directly by the company management and can be directed to: adriapulse@outlook.com.

For any privacy-related questions, contact us at adriapulse@outlook.com or via our Contact Page.