Privacy Policy

1. Introductory Provisions

1.1. This act (Privacy Policy) informs Service users and Website visitors about:

• Which personal data is collected by Aklamator's platform
• Purpose and basis of data processing
• Length of data storage
• Instructions on user rights regarding personal data
• Procedures in case of incidents
• User's consent for data collection and processing

1.2. This Privacy Policy also informs Visitors about personal data collected and processed by Aklamator as a Processor or Joint Controller.

1.3. The Platform commits to:

• Protect user privacy
• Collect only necessary basic personal data
• Collect data necessary for platform operation
• Fulfill contractual obligations
• Provide quality service

1.4. By using the Website/Platform, the user declares:

• Reading and understanding this Privacy Policy
• Agreeing to data collection, processing, and storage as described herein

1.5. The user declares reading and accepting the Terms of Use available at www.aklamator.com.

1.6. The platform is owned and controlled by Aklamator as a Controller.

1.7. This Privacy Policy is made in accordance with:

• Personal Data Protection Law of the Republic of Serbia
• General Data Protection Regulation (GDPR) of the European Union (EU 2016/679)

1.8. This Privacy Policy is harmonized with Aklamator's Terms and Conditions.

2. Meaning of Terms

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

• Controller: Aklamator, the entity that processes and collects the Service User's personal data and determines the purposes and means of processing personal data.
• Processor: A natural or legal person who processes personal data on behalf of the Controller.
• Joint Controller: Where two or more controllers jointly determine the purposes and means of processing.
• Platform/Website: The Aklamator software system and website available at www.aklamator.com used for creating and managing content recommendation widgets.
• Widget: A software component that displays content recommendations and native advertisements on publisher websites, integrated through the Aklamator platform.
• Service User: Any publisher, advertiser, or individual who registers an account and uses the Aklamator service through the Platform.
• Visitor: Any natural person who accesses the Aklamator website or visits websites that have Aklamator widgets implemented.
• Personal Data: Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Data Subject: An identified or identifiable natural person whose personal data is processed.
• Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Data Controller / Processor

3.1. Aklamator, as the operator of the Platform and owner of the Website, is responsible for the collection and processing of Service Users' personal data.

3.2. Aklamator undertakes to apply appropriate technical and organizational measures to protect the personal data of Service Users and Visitors.

3.3. Depending on the specific circumstances and the nature of data processing activities, Aklamator may act as:

• Data Controller: When Aklamator determines the purposes and means of processing personal data
• Data Processor: When Aklamator processes personal data on behalf of third parties (publishers/advertisers)
• Joint Controller: When Aklamator jointly with publishers/advertisers determines the purposes and means of processing

3.4. Aklamator commits to process personal data in accordance with applicable data protection laws and regulations.

4. Collected Data

We collect the following types of personal data:

4.1 Information You Provide

• Email address: For account creation and communication
• Name and surname: For account identification
• Website URL: For publishers integrating our widgets
• Company information: For business accounts
• Payment information: For billing purposes (processed securely through third-party payment processors)

4.2 Automatically Collected Data

• IP address: For security and analytics
• Browser type and version: For compatibility and optimization
• Device information: Type of device, operating system
• Location data: Approximate geographic location based on IP address
• Usage data: Pages visited, time spent, click behavior
• Cookies: For functionality and analytics (see our Cookie Policy)

4.3 Data We Do NOT Collect

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data unless explicitly required by law or with your explicit consent.

5. Purpose and Lawfulness of Processing

We process your personal data based on the following legal grounds:

5.1 Contract Performance

Processing is necessary for the performance of a contract to which you are a party. This includes:

• Creating and managing your account
• Providing our services (widget delivery, analytics, reporting)
• Processing payments and managing billing
• Providing customer support

5.2 Legal Obligations

Processing is necessary to comply with legal obligations, such as:

• Tax and accounting requirements
• Responding to legal requests from authorities
• Fraud prevention and security

5.3 Legitimate Interests

Processing is based on our legitimate interests, including:

• Platform improvement and optimization
• Statistical analysis and reporting
• Security monitoring and threat detection
• Business development and research

5.4 User Consent

With your explicit consent, we may process data for:

• Marketing communications (newsletters, promotional offers)
• Personalized content recommendations
• Third-party integrations

You can withdraw your consent at any time by contacting us or using the unsubscribe link in our communications.

6. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

6.1 Right to Be Informed

You have the right to be informed about the collection and use of your personal data (which this Privacy Policy provides).

6.2 Right to Access

You have the right to request access to your personal data. You can request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.

6.3 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

6.4 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes it was collected
• You withdraw your consent
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with legal obligations

6.5 Right to Restrict Processing

You have the right to request restriction of processing when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification

6.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6.7 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

6.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

6.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at: https://aklamator.com/contact or email us at [email protected]

7. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it:

• Encryption: Data is encrypted in transit using SSL/TLS protocols
• Access Control: Limited access to personal data on a need-to-know basis
• Secure Servers: Data is stored on secure servers with regular security updates
• Authentication: Strong password requirements and secure authentication methods
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Employee Training: Regular training on data protection and security best practices
• Third-Party Security: We work only with trusted partners who meet our security standards

Important: We do not sell, rent, or share your personal data with third parties for their marketing purposes.

8. Data Breach Procedure

In the unlikely event of a personal data breach, we will:

• Assess the breach: Immediately investigate the nature, scope, and impact of the breach
• Notify authorities: Report the breach to the relevant supervisory authority within 72 hours if required by law
• Inform affected users: Notify you without undue delay if the breach poses a high risk to your rights and freedoms
• Provide details: Explain the nature of the breach, the likely consequences, and the measures taken or proposed
• Implement protective measures: Take immediate action to contain the breach and prevent further unauthorized access
• Document the breach: Maintain records of all data breaches for compliance and future prevention

9. Data Storage and Retention

9.1 Where We Store Your Data

Your personal data is stored on secure servers provided by Hetzner Online GmbH, a trusted cloud hosting provider based in Germany. These servers are located within the European Union and comply with strict EU data protection standards.

9.2 How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account data: While your account is active and for 12 months after account closure
• Transaction records: For 7 years to comply with tax and accounting regulations
• Marketing data: Until you withdraw consent or request deletion
• Analytics data: Aggregated and anonymized data may be retained indefinitely for statistical purposes
• Legal claims: Data may be retained longer if necessary for legal proceedings

9.3 Data Deletion

You may request deletion of your personal data at any time by contacting us. Upon receiving your request, we will:

• Verify your identity to protect your privacy
• Delete your data within 30 days, except where retention is required by law
• Confirm deletion in writing

9.4 Processing Activity Records

We maintain detailed records of all processing activities, including:

• Categories of data processed
• Purposes of processing
• Categories of recipients
• Data retention periods
• Security measures implemented

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve user experience and analyze platform usage. For detailed information about our use of cookies, please refer to our separate Cookie Policy.

• Essential cookies: Required for platform functionality
• Analytics cookies: Help us understand how users interact with our platform
• Marketing cookies: Used with your consent for personalized advertising

You can manage cookie preferences through your browser settings.

11. Third-Party Services

We may share your data with trusted third-party service providers who assist us in operating our platform:

• Hosting providers: Hetzner Online GmbH (server infrastructure)
• Payment processors: For secure payment processing
• Email service providers: For sending transactional and marketing emails
• Analytics providers: For usage statistics and platform optimization

All third-party providers are contractually obligated to protect your data and use it only for specified purposes. We ensure they comply with GDPR and other applicable data protection regulations.

12. International Data Transfers

Your data is primarily stored within the European Union. If we need to transfer data outside the EU, we will:

• Ensure the receiving country has adequate data protection laws, or
• Use Standard Contractual Clauses approved by the European Commission, or
• Obtain your explicit consent for the transfer

13. Children's Privacy

Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if you have an account with us
• Display a prominent notice on our website

Your continued use of our platform after changes become effective constitutes acceptance of the revised Privacy Policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

For Serbia:

For EU Countries:

You may contact your local data protection authority. A list of EU data protection authorities is available at: https://edpb.europa.eu