PRIVACY POLICY

EFFECTIVE DATE OF THE PERSONAL DATA PROCESSING NOTICE

This Privacy Notice enters into force on November 1, 2025. 11. 2025. yesrs.

This is the latest version of the Notice and it is subject to change. If this Notice is amended or supplemented, the date of the latest version will be updated accordingly. You will be duly informed of any changes.

PURPOSE OF THE PERSONAL DATA PROCESSING NOTICE

This Personal Data Processing Notice (hereinafter: the “Notice”) informs users of the starakuca.rs service, available at https://www.starakuca.rs/ (hereinafter: the “Service”), about all relevant information regarding the processing of their personal data.

This Notice explains how the Service collects, uses, stores, and protects users’ personal data when using our website and services related to the sale of alcoholic beverages.

In accordance with applicable personal data protection regulations, primarily the Law on Personal Data Protection of the Republic of Serbia (Official Gazette RS No. 87/2018) (hereinafter: the “LPDP”), we ensure full protection of your personal data and fully respect your rights as a data subject.

For questions, complaints, requests, or additional information regarding privacy protection and the exercise of your rights, you may contact us at: kontakt@prijic.rs

PURPOSE OF DATA PROCESSING

Most data processing activities are performed internally for the purpose of Service functionality and are not shared with third parties.

Personal data is primarily processed during the product purchase process. The most commonly processed data includes: first name, last name, personal ID number (when required), email address, postal address, postal code, region, city, country, phone number, and IP address of access to the Service.

The primary purposes of data collection and processing are: providing information society services, improving and securing the Service, protecting users, enabling uninterrupted Service use, providing customer support, enabling lawful sale of alcoholic beverages, enabling functionalities that facilitate product sales.

TYPES OF COLLECTED DATA AND PROCESSING ACTIVITIES

When using our website, we may collect the following data:

  • Data you provide during purchase (name, email address, phone number, address, and other submitted information)
  • Technical data about your device and browser (IP address, device type, cookies, log data)
  • Information about your activity on the website (visited pages, interactions with ads and banners)

Your data may also be processed in the following situations:

Account Creation: To create an account, the Service processes data entered during registration. This data is stored until the account is deleted. Identification data may include email, password, phone number, or social media login (Facebook or Gmail). By registering, you enter into a contractual relationship with the Company.

Assistance with Alcoholic Beverage Purchases: For easier purchasing, the Service processes data such as browsing history, location, search terms, and preferences. This may include address, city, country, browsing history, and pricing information.

Refund Processing: When processing refunds for natural persons, submission of a personal ID number may be required. The legal basis for this processing is compliance with legal obligations.

Notifications: Certain data may be used to send notifications related to Service functionality, Company news, promotions, and offers.

METHOD OF DATA USE

Collected personal data is used for:

  • Improving website performance and user experience
  • Preventing misuse and increasing website security

DATA RETENTION PERIOD

Personal data is stored until the account is deleted or consent is withdrawn. In cases of violation of Terms of Use, the Service reserves the right to suspend or delete user accounts. Certain system records may remain anonymized and non-attributable for technical or legal reasons.

In exceptional cases, data may be retained after consent withdrawal if required to comply with legal obligations (e.g. accounting regulations) or for legal claims.

Personal data is not sold or shared with third parties, except:

With user consent

  • When necessary for service provision (e.g. technical support, hosting providers)
  • When required by law or competent authorities

DATA SECURITY

We apply appropriate technical, organizational, and personnel measures to protect personal data in accordance with applicable regulations.
These measures include physical access control, information security procedures, and other safeguards appropriate to the nature of processed data.

Third parties processing data on our behalf are also obligated to apply adequate protection measures.

TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES

Some data processors may be located in foreign countries, primarily within EU member states or countries that are parties to the Council of Europe Convention 108. Data transfers to such countries are conducted based on an adequate level of personal data protection in accordance with applicable law.

Transfers to countries outside this group are conducted exclusively in compliance with Article 65 of the LPDP and with appropriate safeguards.

YOUR RIGHTS REGARDING PERSONAL DATA

  • Transparency: to be informed about data processing purposes and methods
  • Right of access: to know whether your data is processed and to request access
  • Right to rectification: to correct or update inaccurate or incomplete data
  • Right to erasure: to request deletion of personal data, subject to legal limitations
  • Right to data portability: to receive data in a structured, machine-readable format or request transfer to another controller
  • Right to restriction of processing: in certain circumstances
  • Right to object: to processing based on legitimate interest
  • Right to lodge a complaint: with the Commissioner for Information of Public Importance and Personal Data Protection – Bulevar kralja Aleksandra 15, 11120 Belgrade, phone: +38111 3408 900, e-mail: office@poverenik.rs.
  • All rights may be exercised by submitting a request to: kontakt@prijic.rs

Regarding the fulfillment of the aforementioned requests, the Company will provide you with all necessary additional information and assistance, in accordance with the terms and in the manner prescribed by the applicable Personal Data Protection Act (ZZPL).

You can exercise your rights by sending a request to the following email address: kontakt@prijic.rs

We will respond to your request as soon as possible, and no later than within 30 days from the date of receipt of the request. In the event of complexity or a large number of requests, we may require an additional period to respond. This extended period shall not exceed 90 days in total, and we will notify you separately in such cases.

If your request is manifestly unfounded or excessively repetitive, we may refuse it or charge a fee for processing it.
A request is considered excessively repetitive if you submit a request to exercise any of your rights more than once in a single year. If you contact us two or more times within one year regarding the same right, we will respond to your request only if you provide a justified reason.

WHO HAS ACCESS TO YOUR DATA

Depending on purpose, access to personal data may be granted to:

  • The Company and its affiliated entities
  • Legal successors in case of merger, acquisition, or restructuring
  • Business partners and processors (e.g. hosting, IT support, software providers)
  • Competent state authorities when legally required
  • Other recipients when necessary to protect vital interests

All recipients are required to implement appropriate data protection measures.

CONSENT AND WITHDRAWAL OF CONSENT

If you have given consent for data processing, you may withdraw it at any time. Upon withdrawal, further processing will cease and data will be deleted within 90 days, unless legal obligations require retention. Withdrawal of consent is free of charge and can be submitted to: kontakt@prijic.rs

WEBSITE POLICY AND COOKIES

Our website uses various technologies, including cookies and scripts. Some are controlled by us (first-party), while others are controlled by third parties.

The technologies we use include (but are not limited to) cookies and scripts. Some of them are necessary for the functioning of this website and for our understanding of how you use the website. We also use these technologies for marketing and other purposes, as described below.

Cookies are used for proper website functionality, traffic analysis, advertising display, and improved user experience. Disabling cookies may affect website functionality.

We use third-party tools such as Google Ads, Google Analytics, Google Tag Manager, Facebook API, AdOcean, Gemius, Google Firebase, Microsoft Clarity, and Crisp Chat.

You can learn more about the cookies used by our Service at the following link:

Additionally, our website may contain third-party cookies, i.e., external scripts. You can read more about this at the following link: