Effective Date: December 17, 2025
Website: https://bronsunpro.com
1.1 About This Privacy Policy
This Privacy Policy ("Policy") describes how LEPOTIK DOO (LLC) (hereinafter "we," "us," "our," "Company," or "Data Controller") collects, uses, discloses, and otherwise processes personal data through its website at https://bronsunpro.com (the "Website"). The Company is committed to protecting your privacy and ensuring you have a positive experience on our Website in compliance with the Personal Data Protection Law of the Republic of Serbia ("Official Gazette of the Republic of Serbia" No. 87/2018, as amended), as well as the General Data Protection Regulation (EU) 2016/679 (GDPR) where applicable to EU/EEA residents.
1.2 Data Controller Information
| Legal Entity Name | LEPOTIK DOO (LLC) |
| Legal Address: | Rakovac, Beocinski put,2, 21299, Republic of Serbia. |
| Physical address: | Rakovac, Beocinski put,2, 21299, Republic of Serbia. |
| Email Address | info@lepotik.com |
| Reg number | 22022300 |
| VAT | 114426263 |
| Website | https://bronsunpro.com |
2.1 Data Collection Methods
The Company collects personal data in the following ways:
Direct Collection: Information you voluntarily provide through website forms, contact requests, product inquiries, newsletter subscriptions, user accounts, and customer support communications
Automatic Collection: Data collected through website analytics, cookies, log files, pixel tags, and similar tracking technologies
Third-Party Sources: Information from third-party service providers, payment processors, and platforms integrated with our Website
2.2 Categories of Personal Data
When you interact with our Website, we may collect the following categories of personal data:
Category |
Examples |
|---|---|
| Identification Information | Full name, given names, email address, phone number, postal address, country of residence |
| Account Information | Username, password (encrypted and hashed), account preferences, user profile information, account settings |
| Communication Data | Messages, inquiries, feedback, comments, support requests, correspondence, testimonials |
| Transaction Data | Product preferences, purchase history, order information, payment method (partially masked for security), delivery address, refund information |
| Technical Data | IP address, browser type, device type, operating system, pages visited, time spent on pages, referring URL, click-stream data, device identifiers |
| Analytics and Usage Data | Website usage patterns, user behavior on the Website, click-through rates, conversion data, heatmaps |
| Marketing Data | Communication preferences, subscription status, marketing campaign engagement, email open rates, link clicks |
| Voluntary Data | Social media handles, images, videos, photos, or other content voluntarily submitted (participation in contests, reviews, testimonials) |
| Payment and Financial Data | Payment history, transaction amounts, billing information (partially masked) |
2.3 Children's Data
Our Website is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18 years of age. If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data and notify relevant authorities as required by law. Parents or guardians who believe their child has provided personal data to us are encouraged to contact us immediately at the email address provided in Section 1.2.
3.1 Lawful Basis Under Serbian Law, and GDPR
We process your personal data on one or more of the following legal bases:
Legal Basis |
Description and Examples |
|---|---|
| Consent (Serbian Law, GDPR) | You have given explicit, informed, and voluntary consent to the processing of your personal data for one or more specific purposes (e.g., newsletter subscriptions, marketing communications, participation in promotions) |
| Contract Performance (Serbian Law, GDPR) | Processing is necessary to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (e.g., processing orders, providing customer support, account management) |
| Legal Obligation (Serbian Law, GDPR) | Processing is necessary to comply with legal obligations under Serbian law, EU law, or international law (e.g., tax compliance, accounting records, regulatory reporting, response to government requests) |
| Legitimate Interests (Serbian Law, GDPR) | Processing is necessary for the legitimate interests pursued by the Company or a third party, except where such interests are overridden by your rights and freedoms (e.g., improving website functionality, fraud prevention, security, business analytics) |
| Vital Interests (GDPR) | Processing is necessary to protect vital interests of you or another natural person (e.g., emergency situations, health protection) |
| Protection of Rights and Freedoms (Serbian Law) | Processing is necessary for the establishment, exercise, or defense of legal claims and protection of rights and freedoms of the Company or third parties |
| Public Task (GDPR) | Processing is necessary for the performance of a public task or official authority vested in the Company |
4.1 Primary Purposes
We process your personal data for the following purposes:
Provision of Services: Delivering products, services, information, and support requested through the Website
Order Processing and Fulfillment: Processing, confirming, fulfilling, and managing purchases and transactions
Customer Support and Service: Responding to inquiries, resolving complaints, providing technical assistance, and customer service
Account Management: Creating, maintaining, and managing user accounts, authentication, password management, and account security
Communication: Sending transactional emails, order confirmations, delivery notifications, account updates, and service-related communications
Marketing and Advertising: Sending promotional materials, newsletters, product updates, special offers, and marketing communications (only with your consent where required by law)
Website Optimization and Improvement: Analyzing website usage, user experience, troubleshooting technical issues, maintaining and improving Website functionality
Analytics and Statistics: Collecting aggregate, de-identified data for business analytics, reporting, and statistical analysis
Legal Compliance: Complying with applicable laws, regulations, court orders, government requests, and regulatory requirements
Fraud Detection and Prevention: Detecting, investigating, and preventing fraudulent activity, unauthorized access, abuse, and security threats
Security and Data Protection: Protecting the security and integrity of the Website, your data, our systems, and preventing unauthorized access or misuse
Business Operations: Managing business processes, conducting internal audits, quality assurance, maintaining records, and archiving
4.2 Secondary and Additional Uses
Where we have obtained your explicit consent or where it is in our legitimate interests, we may also use your personal data for:
Market Research and Customer Feedback: Conducting surveys, gathering feedback, and collecting customer insights to improve our products and services
Personalization: Tailoring website content, product recommendations, and user experience to your preferences and interests
Event Invitations: Inviting you to webinars, workshops, training sessions, product launches, or promotional events
Third-Party Marketing: Sharing information about products and services from selected partners (only with your explicit consent)
Retargeting and Remarketing: Displaying targeted advertisements based on your browsing behavior and interests
Profiling and Segmentation: Creating customer profiles and segmenting users for marketing purposes
5.1 Categories of Recipients
We may share your personal data with the following categories of recipients:
Recipient Category |
Purpose |
Types of Data |
|---|---|---|
| Service Providers and Data Processors | Payment processing, email delivery, hosting, analytics, CRM systems, customer support platforms | Account, transaction, contact data |
| Payment Systems and Financial Institutions | Payment processing, fraud prevention, chargeback handling | Transaction and financial data |
| Third-Party Business Partners | Distribution, resale, affiliate marketing, co-marketing initiatives | Contact, account, marketing data |
| Regulatory and Legal Authorities | Law enforcement, tax authorities, courts, regulatory bodies (as required by law or legal process) | All data as required by law |
| Professional Advisors | Legal counsel, accountants, auditors, consultants | Data necessary for professional services |
| Successor Organizations | In case of merger, acquisition, bankruptcy, or similar corporate transaction | All personal data |
| Website Hosting and IT Infrastructure | Cloud service providers, data center operators, CDN providers | Technical and usage data |
| Marketing and Advertising Partners | Targeted advertising, retargeting, analytics | Marketing, technical, behavioral data |
5.2 Data Processors and Contractual Obligations
The Company uses third-party data processors to assist in providing services. All processors are contractually bound to:
Process personal data only on Company instructions and for specified purposes
Maintain strict confidentiality and security of personal data
Implement appropriate technical and organizational security measures
Not transfer data to unauthorized third parties without explicit authorization
Cooperate with data subject rights requests and regulatory authorities
Delete or return data upon termination of services
Notify the Company of any data breaches or security incidents
Current categories of processors include:
Payment gateways and processors
Email marketing service providers
Web hosting and cloud infrastructure providers
Analytics and tracking services
Customer relationship management (CRM) platforms
Content delivery networks (CDN)
Customer support and ticketing systems
5.3 International Data Transfers
Personal data is primarily processed and stored on servers located in the European Union. In the event of international transfers outside the EEA/EU to countries without an adequacy decision by the European Commission, the Company will ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (where applicable)
Adequacy decisions recognized by European authorities
Reliance on derogations under Article 49 GDPR for limited situations (where applicable)
Compliance with Serbian data protection law requirements for data transfers
You may request information about the specific mechanisms and safeguards used for international transfers by contacting us at the email address provided in Section 1.2.
6.1 Types of Cookies We Use
Cookie Type |
Purpose |
Duration |
|---|---|---|
| Essential/Necessary Cookies | Required for the basic functioning of the Website (authentication, security, session management, user preferences) | Session or 1-2 years |
| Analytical Cookies | Understanding how visitors use the Website, monitoring performance, identifying errors (Google Analytics) | 6 months to 2 years |
| Functional Cookies | Remembering your preferences, language selection, user settings to enhance user experience | 1-2 years |
| Marketing/Targeting Cookies | Delivering targeted advertisements, tracking marketing campaign effectiveness, retargeting, behavioral advertising | 6 months to 2 years |
| Third-Party Cookies | Set by external service providers for analytics, advertising networks, social media integration (Facebook, Google, Yandex) | Varies by third party |
| Performance Cookies | Monitoring website performance, identifying technical issues, measuring site speed and reliability | 6 months to 1 year |
6.2 Cookie Consent and Management
When you first visit the Website, you will be presented with a cookie consent banner or notice. By accepting cookies, continuing to use the Website, or clicking "Accept," you consent to the use of cookies as described in this Policy. You may withdraw your consent or manage your cookie preferences at any time through:
Your browser's cookie settings and preferences
The cookie preferences panel or settings link on the Website
Opting out of third-party cookies through industry opt-out mechanisms (e.g., Your Online Choices)
Clearing your browser cookies and cache
6.3 Third-Party Cookies and Services
Third-party service providers, including but not limited to analytics platforms (Google Analytics), and social media platforms, may place cookies on your device and collect data about your browsing behavior. These third parties have their own privacy policies and data processing practices governing their use of cookies and data. The Company is not responsible for third-party cookie practices or data collection. We encourage you to review third-party privacy policies to understand their data practices:
Google Analytics: https://policies.google.com/privacy
6.4 Additional Tracking Technologies
In addition to cookies, we may use other tracking technologies such as:
Web Beacons/Pixels: Transparent pixel files or tracking codes embedded in emails and web pages to track user engagement, email opens, and link clicks
Log Files: Server log files containing IP addresses, browser type, pages visited, timestamps, and other server-side tracking data
Device Identifiers: Unique identifiers assigned to your device, browser, or user profile for identification and tracking purposes
Local Storage: Data stored locally on your device through browser storage mechanisms (localStorage, sessionStorage) that persists beyond cookie deletion
Fingerprinting: Collection of information about your device, browser, and system configurations to create a unique identifier
7.1 Data Retention Principles
The Company retains personal data only for as long as necessary to achieve the purposes for which it was collected, to fulfill contractual obligations, to comply with legal requirements, or as otherwise permitted by applicable law (Serbian Personal Data Protection Law, and GDPR where applicable). Retention periods vary depending on the purpose and legal basis for processing.
7.2 Specific Retention Periods by Data Category
Data Category |
Retention Period |
Legal Basis |
|---|---|---|
| Account and User Profile Information | Until account deletion or 3 years after last login activity; longer if required for legal/tax purposes or outstanding claims | Contract, legal obligation, legitimate interest |
| Transaction and Order Data | Minimum 3-5 years for accounting, tax, and tax authority compliance; up to 7 years as required by Serbian law | Legal obligation |
| Customer Support and Communication Records | 2 years from the date of the last interaction or resolution; longer if related to disputes or claims | Legal obligation, legitimate interest |
| Marketing and Newsletter Subscription Records | Until consent is withdrawn; minimum 3 years for compliance documentation and proving consent | Consent, legal obligation |
| Transactional Emails and Communications | 1-3 years depending on content and regulatory requirements | Legal obligation, legitimate interest |
| Website Analytics Data and Cookies | Typically aggregated and anonymized after 12-24 months; raw log data retained 3-12 months | Legitimate interest |
| Technical and Server Log Data | 3-12 months, unless required for security investigations or legal proceedings | Legitimate interest, security |
| Payment and Financial Data | 5-7 years as required by Serbian tax and accounting regulations | Legal obligation |
| Deleted Account Data | 30 days backup retention; fully deleted after 90 days unless required by law | Contract termination, user request |
| Legal and Compliance Records | As required by applicable law, typically 3-7 years or longer for regulatory compliance | Legal obligation |
| Cookie and Tracking Data | Duration specified at the time of placement; typically 6 months to 2 years | Consent, legitimate interest |
| Backup and Archive Data | Retained according to standard backup and archival practices; may extend retention periods | Legal obligation, legitimate interest |
8.1 Your Rights Under Serbian Law, and GDPR
You have the following rights regarding your personal data:
8.1.1 Right to Be Informed
You have the right to receive clear, transparent, and easily understandable information about how we collect, process, and use your personal data. This Privacy Policy provides this information. You have the right to receive information about data processing practices in a clear and accessible manner.
8.1.2 Right of Access
You have the right to request and obtain confirmation of whether we are processing your personal data and to receive a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format (if technically feasible), free of charge.
How to Request: Contact us at info@lepotik.com with your request, including proof of identity.
Response Time: We will respond within 14 days (or 30 days if the request is complex or voluminous).
8.1.3 Right to Rectification and Supplementation
You have the right to request that we correct inaccurate, incomplete, or outdated personal data and to supplement incomplete data. We will correct such data without unreasonable delay and notify third parties who have received the data, where applicable.
How to Request: Contact us with details of the inaccurate or incomplete data that requires correction.
Response Time: We will correct data within 7-14 days of your verified request.
8.1.4 Right to Erasure ("Right to Be Forgotten")
You have the right to request the deletion of your personal data in the following circumstances:
The data is no longer necessary for the purposes for which it was collected or processed
You withdraw your consent for processing based on consent, and no other legal basis exists for continued processing
You object to processing on grounds of legitimate interests or marketing, and no overriding legitimate interests exist
The data was collected or processed unlawfully
Deletion is required to comply with a legal obligation
You exercise your right to erasure under applicable data protection law
Exceptions and Limitations: We may not delete data if retention is necessary for:
Compliance with legal obligations
Establishment, exercise, or defense of legal claims
Accounting and tax compliance (typically 3-7 years)
Fulfillment of contractual obligations
Other compelling legitimate interests
How to Request: Contact us at info@lepotik.com with your erasure request and proof of identity.
Response Time: We will respond within 14-30 days. Erasure will be completed within 30-90 days where legally permitted.
8.2 How to Exercise Your Rights
To exercise any of your privacy rights, please contact us with the following information:
Required Information:
Your full name and contact information (email, phone, address)
Clear description of the right you wish to exercise
Specific details about the personal data in question
Supporting documents or evidence, if applicable
Copy of a valid ID or passport (for verification purposes)
Contact Method:
Email: info@lepotik.com
Mailing Address: RAKOVAC, Beocinski put,2, 21299, Republic of Serbia.
Response Times:
Standard response: 14-30 days from receipt of verified request
Complex requests: May be extended to 45-90 days with notice
Marketing objections: 10 business days
Costs:
All requests are provided free of charge (first and subsequent requests)
We will not charge fees for responding to reasonable requests
Only in cases of manifestly unfounded or excessive requests may we charge a reasonable administrative fee or decline to respond
9.1 Security Measures and Safeguards
The Company implements comprehensive technical, organizational, and administrative measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, or other unlawful processing. These measures include:
9.1.1 Technical Measures
Encryption: Data transmitted via SSL/TLS encryption (HTTPS);
Access Controls: Role-based access control (RBAC) limiting employee access to personal data on a need-to-know basis
Firewalls: Firewall protection and intrusion detection/prevention systems (IDS/IPS)
Database Security: Database encryption, secure backup procedures, database activity monitoring
9.1.2 Organizational Measures
Data Minimization: Collecting only personal data necessary for stated purposes
Pseudonymization: De-identifying or using pseudonyms where possible to reduce re-identification risk
Data Protection Policies: Documented data protection policies and procedures
Staff Training: Regular training for all employees on data protection obligations, security best practices, and incident response
Access Restrictions: Limiting access to personal data to authorized personnel only
Supplier Management: Vetting and monitoring service providers for security compliance
9.1.3 Administrative Measures
Documentation: Maintaining comprehensive records of data processing activities (Records of Processing Activities)
Data Breach Response: Documented incident response procedures for detecting, investigating, and responding to data breaches
Regular Audits: Conducting periodic security assessments, vulnerability testing, and penetration testing
Business Continuity: Backup and disaster recovery procedures to ensure data availability and continuity
Incident Logging: Documenting security incidents and access logs for audit and investigation purposes
9.2 Data Breach Notification
In the event of a personal data breach that poses a risk to the rights, freedoms, or security of data subjects, the Company will:
Detect and Document: Promptly detect the breach and document relevant facts, effects, and remedial actions taken
Notify Authorities: Notify relevant regulatory authorities (Serbian authorities for Serbian residents) without unreasonable delay and within legally mandated timeframes
Notify Data Subjects: Notify affected data subjects without unreasonable delay if there is a high risk to their rights and freedoms
Breach Documentation: Provide authorities and data subjects with information about:
Nature of the breach and data affected
Likely consequences and risks to data subjects
Measures taken or proposed to address the breach and mitigate harm
Contact information for inquiries
Response Timelines:
Initial breach notification to authorities: Within legally required timeframes (typically 24-72 hours)
Data subject notification: Without unreasonable delay, typically within 10-30 days
Breach investigation: Completed within 30-90 days
9.3 Limitations and Disclaimers
While the Company implements robust security measures, no security system is 100% secure or impenetrable. The Company cannot guarantee absolute security or freedom from unauthorized access or data loss. You use the Website at your own risk and assume all responsibility for any loss, damage, or harm resulting from:
Unauthorized access to your account
Interception of data during transmission
Breach of security measures by third parties
Your own actions or negligence
To minimize risk, we recommend:
Using strong, unique passwords
Not sharing your account credentials
Logging out after each session
Keeping your device and software updated
Using secure internet connections (avoid public Wi-Fi)
10.1 Third-Party Websites and Services
The Website may contain links, references, or integrations with third-party websites, applications, social media platforms, and services that are not operated by or affiliated with the Company. This Privacy Policy applies only to the Website and does not apply to third-party websites, applications, or services.
10.2 No Responsibility for Third Parties
The Company is not responsible for:
The privacy practices, policies, or procedures of third-party websites or services
The accuracy, completeness, legality, or appropriateness of third-party content
The security measures implemented by third parties
Any transactions, communications, or interactions between you and third parties
Third-party collection, use, disclosure, storage, or processing of personal data
Any damages or losses resulting from third-party services
10.3 Your Responsibility
Before providing personal data to any third party or visiting third-party websites, you should:
Review the third party's privacy policy and terms of service
Understand their data collection and processing practices
Verify the legitimacy and security of the third-party service
Consider the risks of sharing your personal data
Links to third-party services are provided for your convenience only and do not constitute an endorsement or recommendation of those services.
11.1 Opt-In and Consent for Marketing
If you consent to receive marketing communications from us, such as newsletters, product updates, promotional offers, special deals, event invitations, or other marketing messages, we will send these communications to your email address, phone number, or other contact information you provide.
11.2 Withdrawal and Opt-Out of Marketing
You have the right to withdraw consent or opt out of marketing communications at any time, without penalty or adverse consequences.
11.3 Frequency and Preferences
We aim to send marketing communications at a reasonable frequency to avoid overwhelming you. You can manage your communication preferences to receive:
All communications
Only weekly or monthly newsletters
Only major announcements
Only new product releases
Only special promotions
12.1 Changes and Updates to This Policy
The Company may update this Privacy Policy from time to time to:
Reflect changes in our data processing practices
Adapt to new technologies or Website features
Comply with changes in applicable laws and regulations (Serbian LPDP, GDPR)
Improve clarity and transparency
Address new privacy risks or concerns
Respond to regulatory guidance or supervisory authority recommendations
12.2 Notification of Changes
We will notify you of material changes to this Privacy Policy through:
Website Notice: Posting the updated Policy on the Website with a new "Last Updated" date
Prominent Banner: Displaying a prominent notice or banner on the Website
Email Notification: Sending email notification to registered users if you have provided an email address
Pop-Up Notice: Displaying a pop-up or consent dialog on your next Website visit
12.3 Your Acceptance of Updates
Your continued use of the Website after updates are posted or communicated constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Website and may request deletion of your account and personal data.
Important: We will not unilaterally impose material changes that negatively affect your privacy rights without providing advance notice and an opportunity to object or opt out.
12.4 Version Control and History
Current Version: Version 1.0 (English)
Previous Versions: Available upon request at info@lepotik.com
13.1 Sensitive Personal Data (Special Categories)
The Company does not intentionally or routinely collect sensitive categories of personal data, including:
Racial or ethnic origin
Political opinions and affiliations
Religious beliefs and practices
Trade union membership
Genetic data
Biometric data for identification purposes
Health data and medical information
Data concerning sex life or sexual orientation
Exception and Additional Processing:
We may collect such data only if:
You explicitly provide it (e.g., in support communications, surveys)
Processing is necessary for a specific, legal purpose
You have given explicit consent for processing
Processing is required by law (e.g., medical necessity)
Enhanced Protections:
Sensitive data is processed with the highest level of security and protection
Access is restricted to authorized personnel only on a strict need-to-know basis
Specific consent and documentation requirements apply
Enhanced safeguards and technical measures are implemented
Retention periods are minimized
Regular audits and reviews are conducted
14.1 Applicable Laws and Jurisdiction
This Privacy Policy and our data processing practices are governed by and comply with:
Serbian Legislation:
Personal Data Protection Law of the Republic of Serbia (Official Gazette of the Republic of Serbia No. 87/2018, as amended)
Rulebook on Data Security Standards and Measures
Other applicable Serbian laws and regulations
European Union Legislation (where applicable to EU/EEA residents):
General Data Protection Regulation (EU) 2016/679 (GDPR)
Directive 2002/58/EC (ePrivacy Directive) regarding cookies
14.2 Regulatory Authorities
The Company's data processing practices are subject to oversight and regulation by:
Serbian Authorities:
Commissioner for Information of Public Importance and Personal Data Protection - data protection regulator
Serbian tax and business registration authorities
Serbian law enforcement
EU Authorities (if applicable):
Relevant national Data Protection Authorities (DPA) in EU/EEA member states
14.3 Compliance with Law Enforcement and Government Requests
The Company may be required to disclose personal data to government authorities, law enforcement agencies, courts, or regulatory bodies in response to:
Valid legal process (court orders, subpoenas, warrants)
Investigation of illegal activity or fraud
National security requests
Tax and regulatory compliance
Public safety concerns
Other legally mandated disclosures
We will:
Comply with legal requests as required by applicable law
Notify data subjects of legally mandated disclosures where permitted by law
Ensure appropriate legal process is followed
Maintain records of government requests
15.1 Data Protection and Privacy Inquiries
For any questions, requests, concerns, or inquiries regarding this Privacy Policy, our data processing practices, or your privacy rights, please contact:
Primary Contact:
Email: info@lepotik.com
Mailing Address: LEPOTIK DOO (LLC), Legal Address: RAKOVAC, Beocinski put,2, 21299, Republic of Serbia.
Response:
We will acknowledge receipt of your inquiry within 3-5 business days
We will respond with substantive information within 14 days
Complex inquiries may require extended response times (up to 30 days)
15.2 Exercising Data Subject Rights
To exercise your privacy rights (access, rectification, erasure, restriction, portability, objection, complaint), please submit a formal request to:
Email: info@lepotik.com
Required Information in Your Request:
Your full legal name
Current email address and phone number
Type of right you wish to exercise (access, correction, deletion, etc.)
Specific details about the data in question
Description of your request
Proof of your identity (copy of ID/passport)
Any supporting documents
Response Timelines:
Verification of identity: 3-5 business days
Formal response: 14 days (standard), 30 days (complex), up to 90 days (exceptional cases with notice)
Implementation of your request: Within 30-90 days depending on the nature of the request
16.1 Interpretation and Severability
In the event of any conflict or discrepancy between this Privacy Policy and applicable law (Serbian LPDP, or GDPR), the applicable law shall prevail.
If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a competent court or regulatory authority, the remaining provisions shall continue in full force and effect. We will endeavor to replace the invalid provision with a legally valid provision that achieves the original purpose.
16.2 Waiver and Amendment
No waiver of any provision of this Privacy Policy shall be effective unless made in writing and signed by an authorized representative of the Company. The failure of the Company to enforce any provision does not constitute a waiver of that provision or any other provision.
The Company may amend this Privacy Policy at any time in accordance with Section 12 (Policy Updates and Amendments).
16.3 Entire Agreement
This Privacy Policy, together with any applicable Terms of Service or User Agreement, constitutes the entire agreement between you and the Company regarding the collection, processing, use, and protection of your personal data. It supersedes all prior agreements, understandings, negotiations, and discussions, whether written or oral.
16.4 Governing Law and Exclusive Jurisdiction
This Privacy Policy is governed by and construed in accordance with:
Primary Jurisdiction: The laws of the Republic of Serbia where applicable
EU Jurisdiction: GDPR for EU/EEA residents
You agree to submit to the exclusive jurisdiction of:
Serbian Courts: For disputes involving Serbian residents or Serbian law issues
EU Courts: For EU/EEA residents, the courts of your member state or the courts where the Company has an establishment
16.5 Survival of Provisions
The sections relating to data security, limitation of liability, governing law, and dispute resolution shall survive any termination or expiration of your use of the Website.
17.1 Information for EU/EEA Residents (GDPR Compliance)
This section provides additional information for residents of the European Union and European Economic Area (EEA):
GDPR Compliance Statement:
This Privacy Policy incorporates all provisions necessary to ensure compliance with Regulation (EU) 2016/679 (General Data Protection Regulation)
All data subject rights under Articles 12-22 of the GDPR are recognized, respected, and implemented
Articles 13-14 GDPR requirements are addressed in this Policy
Data processing complies with GDPR principles of lawfulness, fairness, and transparency
International Data Transfers:
Personal data may be transferred outside the EEA to countries without an EU adequacy decision
Appropriate safeguards (Standard Contractual Clauses, Binding Corporate Rules) are in place for international transfers
You have the right to information about transfer mechanisms
Data Protection Officer:
While not currently mandatory, a Data Protection Officer may be appointed if required by law or regulatory guidance
Data Protection Impact Assessments (DPIA):
For high-risk processing, Data Protection Impact Assessments are conducted in accordance with Article 35 GDPR
Supervisory Authority:
EU/EEA residents may contact their national Data Protection Authority
17.2 Information for Serbian Residents
This section provides additional information for residents of the Republic of Serbia:
Serbian Data Protection Law:
This Policy complies with the Personal Data Protection Law of the Republic of Serbia (Official Gazette RS No. 87/2018)
Data processing follows Serbian legal requirements and standards
Commissioner for Information:
Data processing is subject to oversight by the Commissioner for Information of Public Importance and Personal Data Protection
You can file complaints with the Commissioner regarding data protection violations
Local Representation:
You may request information about our legal representation or agent in Serbia
18.1 Your Consent and Acceptance
By accessing and using the Website https://bronsunpro.com, you acknowledge that you have:
Read this entire Privacy Policy carefully
Understood the terms and conditions regarding personal data processing
Agreed to be bound by this Privacy Policy
Accepted the data processing practices described herein
Consented to the collection and use of your personal data as described
If you do not agree with any part of this Privacy Policy, please do not use the Website and do not provide your personal data to us.
18.2 Continued Use Constitutes Acceptance
Your continued use of the Website, including creating an account, making purchases, or submitting forms, constitutes your ongoing acceptance of this Privacy Policy. If you do not agree with any changes to this Policy, you should stop using the Website immediately.
18.3 Questions and Support
If you have any questions about this Privacy Policy, our data processing practices, or your privacy rights, please do not hesitate to contact us at:
Email: info@lepotik.com
We are committed to addressing your concerns and protecting your privacy.
Item |
Details |
|---|---|
Document Title |
Privacy Policy |
Document Version |
1.0 (English) |
Effective Date |
December 17, 2025 |
Last Updated |
December 17, 2025 |
Language |
English |
Applicable Jurisdictions |
Republic of Serbia, EU/EEA (where applicable) |
Data Controller |
LEPOTIK DOO (LLC) |
Website |
https://bronsunpro.com |
Contact Email |
info@lepotik.com |
Regulatory Compliance |
LPDP (Serbia), GDPR 2016/679 (EU/EEA) |
By continuing to use the website, you agree to the use of cookies by analytics programs and consent to the processing of your personal data.
