Privacy Policy

AMA GROUP DRUŠTVO SA OGRANIČENOM ODGOVORNOŠĆU BEOGRAD, Company registration number: 21698881, with its registered seat at Svetog Save 14, Belgrade-Vracar (hereinafter referred to as the “Controller” or the “Company”), hereby informs visitors of the website www.amagroup.net, whose personal data is being processed (hereinafter referred to as the “Visitors”), in accordance with the Law on Personal Data Protection (“Official Gazette of the Republic of Serbia”, No. 87/2018, hereinafter referred to as the “Law”), about all relevant aspects of personal data processing carried out in compliance with the applicable regulations.

The Controller retains all copyright rights related to the use of photographs, texts, and other published materials, in accordance with the applicable legal regulations of the Republic of Serbia. Photographs, texts, and other materials may not be published, sold, made available publicly or privately, or otherwise used without our prior consent. Failure to comply with these conditions entails liability and the obligation to compensate the Controller for any material damage resulting from violations of applicable law.

1. Introductory Provision 

• This Privacy Policy governs the collection and processing of data within the Controller’s website amagroup.net.

• The definitions and terms used in this Privacy Policy correspond to those contained in the Law. The Controller is committed to complying with the legislation of the Republic of Serbia governing personal data protection, as well as to respecting the protection of fundamental human rights and freedoms, particularly the right to privacy of individuals whose personal data is processed by the Company.

• Clicking the “Accept Cookies” button, or any other similarly labeled button with an equivalent function, in the pop-up window displayed to new users upon their first visit to the website www.amagroup.net, shall be considered an active and voluntary action aimed at establishing a lawful legal basis for the collection and processing of data in the manner and for the purposes described in this Privacy Policy, without any reservations. The Controller shall be able to demonstrate, through an electronic record (log) or by other means, that the data subject has performed the aforementioned active and voluntary action, thereby confirming that they have been informed of and agree with this Privacy Policy. The said electronic record (log) shall be deemed a legally valid and sufficient proof of consent, in accordance with Article 15, paragraph 1 of the Law.

• This Privacy Policy may be amended at any time, with any changes being displayed on the homepage of www.amagroup.net. In such cases, data subjects will be asked to provide renewed consent for the processing of personal data, in accordance with the amendments made to this Privacy Policy.

• The rules governing the collection of personal data through Cookies shall be specified in a separate Cookie Policy. All provisions related to giving consent to this Privacy Policy via the designated pop-up window, including the retention of proof in the form of an electronic record (log), as well as the procedure for modifying and notifying data subjects of any changes, shall apply equally to the use of Cookies.

• For any additional questions regarding the rules and provisions of this Privacy Policy, you may contact us by sending an inquiry to the following address:dpo@amagroup.net.

2. Data Processed by the Controller 

• The Controller may collect various categories of personal data, which are used for different purposes and based on different legal grounds. Typically, this includes a set of data that enables the identification of the data subject, the establishment of communication with the data subject, or data necessary for providing a specific service upon the request of the data subject, or for fulfilling the Controller’s legal obligations. This includes, but is not limited to:

1. Data that the visitor may voluntarily provide to the Controller by sending an email to the address indicated in the “Contact” section, for the purpose of establishing business communication with the Controller;
2. Data collected through cookies that the user has enabled or consented to, as described in the separate Cookie Policy.

• Personal data is collected only to the extent necessary for the achievement of a specific purpose.
• The Controller’s website contains a links to the Controller’s pages on social networks. All data collected by the said platform during your visit, as well as any data you voluntarily provide on that platform, shall be subject not only to this Privacy Policy but also to the rules established by the platform itself (such as its Terms of Service/Terms of Use, Privacy Policy, Cookie Policy, etc.). The Controller shall not be held liable for any form of unlawful use of personal data committed by the company that owns or controls the said platform. The privacy policy of the here mentioned platforms can be accessed via the following links:

1. https://www.linkedin.com/legal/user-agreement
2. https://www.youtube.com/howyoutubeworks/user-settings/privacy/

 

3. Legal Basis for Data Processing 

3.1.  The legal basis for the processing of personal data is the freely given and informed consent of the data subject, i.e. their agreement for the purposes defined in this Privacy Policy, in accordance with Article 12, paragraph 1 of the Law. 

4. Purpose of Data Processing 

• The Controller uses data for various purposes, which are always directly related to the legal basis for processing. The Controller offers different types of services to other entities, and in order to establish a business relationship, collects and processes certain personal data. This particularly applies to data submitted via the website www.amagroup.net by visitors seeking to establish business contact with the Controller and to receive a non-binding service offer. Data may also be processed for the purpose of contacting individuals in order to negotiate contract terms and fulfill other potential obligations arising from a contractual relationship. If a business relationship is subsequently established, the Controller will provide the business partner with a notice on personal data processing. For any additional processing purposes that may arise, the data subject will be informed of all necessary details prior to the commencement of such processing activities, and the processing will be based on an appropriate legal basis, in accordance with the law. The purpose of processing in relation to cookies is defined in the separate Cookie Policy.

5. Disclosure and Transfer of Personal Data 

• Data may be disclosed to employees of the Controller, professional advisors, service providers, IT technicians, government authorities, and individuals who are contractually engaged with the Controller (Data Processors) and entrusted with specific data processing activities (all in accordance with legally prescribed conditions related to information security, confidentiality obligations, and contractual regulation of rights and responsibilities). Your personal data may also be shared with companies within the AMA Group. All parties are required to handle personal data in accordance with all provisions of the Law regarding the security of personal data processing.

• The Controller regularly does not transfer personal data outside the borders of the Republic of Serbia. However, data may be transferred to another country or international organization without prior approval if it has been determined that such country or organization ensures an adequate level of personal data protection. In this regard, the Decision on the list of countries, parts of their territories, or one or more sectors of specific activities in those countries and international organizations where an adequate level of personal data protection is considered to be ensured (“Official Gazette of RS”, No. 55/2019) defines where such protection is deemed adequate.

 

6. Rights of Data Subjects in Relation to the Processing of Personal Data 

• The data subject whose personal data is processed by the Controller may request the following:1) access to personal data, 2) correction of personal data, and 3) deletion of personal data. In addition, the following rights may also be exercised:1) the right to restrict the processing of personal data, 2) the right to data portability, and 3) the right to lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection. To exercise these rights, a request should be submitted to the following email address: dpo@amagroup.net.
• Certain rights (e.g., the right to erasure) may, in specific situations, be subject to legal limitations, and exercising such rights may lead to various legal consequences in accordance with the law (e.g., inability to continue providing certain services, obligation to compensate for incurred damages, etc.).

 

7. Personal Data Protection

• Within its business organization, the Controller strives to apply the highest possible standards in the field of personal data protection. Accordingly, it implements all necessary organizational measures (such as signing confidentiality statements or incorporating appropriate confidentiality clauses into contracts, signing relevant data processing agreements, and conducting periodic training sessions to remind employees of their data protection obligations), as well as technical measures (such as physical access control using keys, access control systems, mandatory use of passwords, etc.).
• All data processors and/or other recipients of personal data are also required to implement all prescribed protection measures, in accordance with the signed agreement with the Controller and the standards and obligations set forth by law.

8. Personal Data Retention Period 

• The Controller strives to retain data only for the period necessary to fulfill a specific, defined purpose of processing, after which the data is either deleted or rendered unrecognizable (through anonymization measures). The exact retention period, or the criteria by which it can be determined, depends on the purpose for which the personal data is being processed.

• When personal data is processed by the Controller based on consent, the data collected for the purpose of establishing business contact is retained in the Controller’s databases until the consent is withdrawn.

• Personal data of the Company’s clients is processed for as long as the processing is necessary to provide services to the Company’s client.

• Data collected through web browsers and cookies is retained for the duration specified by the cookies accepted by the data subject, as described in the Controller’s Cookie Policy.

• Additional information regarding retention periods and methods of data storage can be found in separate notices.

9. Additional Information 

• Personal data collected through the website www.amagroup.net is not transferred outside the Republic of Serbia, except in cases involving the use of third-party cookies, for which the Controller cannot be held responsible. The servers used for data transfer are located within EEA countries where an adequate level of personal data protection is ensured. In exceptional cases where data transfer occurs via servers outside the EEA, such transfer will be carried out with the application of appropriate protection measures, in accordance with the law.

• In cases where personal data needs to be transferred to another country, i.e., outside the territory of the Republic of Serbia, the transfer will be carried out in accordance with all rules prescribed by the applicable law, including the use of standard contractual clauses issued by the Commissioner for Information of Public Importance and Personal Data Protection, or by applying another appropriate transfer mechanism (for example, a decision confirming that an adequate level of personal data protection is ensured in a specific country).

• Providing personal data by the subject of data is neither a legal nor a contractual obligation when using the functionalities offered by the website. Failure to provide the requested data may result only in the inability to establish the requested contact necessary for further communication via this channel, or the inability to use services available through the website amagroup.net.
• When processing data collected through the website, the Controller does not use any automated decision-making or profiling of the data subject.

 

Belgrade, 21/10/2025