Politika Privatnosti | Privacy Policy
1. Uvod | Introduction
Ova politika privatnosti opisuje kako SnowIT d.o.o. («mi», «naša kompanija») obrađuje lične podatke u vezi sa našom web stranicom i digitalnim uslugama. Izjava je pripremljena u skladu sa:
- EU GDPR (General Data Protection Regulation) — Uredba (EU) 2016/679
- Zakon o zaštiti ličnih podataka BiH (Službeni glasnik BiH, br. 49/06, 76/11, 89/11)
SnowIT nudi dizajn i implementaciju digitalnih prisutstava za male i srednje biznise u Bosni i Hercegovini — od web stranica do mobilnih aplikacija.
This privacy policy describes how SnowIT d.o.o. ("we", "our company") processes personal data in connection with our website and digital services. This statement is prepared in accordance with:
- EU GDPR (General Data Protection Regulation) — Regulation (EU) 2016/679
- Bosnia and Herzegovina Law on Personal Data Protection (Official Gazette BiH, no. 49/06, 76/11, 89/11)
SnowIT offers design and implementation of digital presences for small and medium businesses in Bosnia and Herzegovina — from websites to mobile applications.
2. Rukovalac podacima | Data Controller
SnowIT d.o.o.
Osnovan / Founded: 2022
Kontakt (GDPR / Privacy rights) / Contact: enis@snowit.ba
Opšti upiti / General inquiries: info@snowit.ba
Adresa / Address: Hamze Čelenke 11, 71210 Ilidža, Bosna i Hercegovina
3. Lice za zaštitu podataka | Data Protection Officer
U skladu sa GDPR članom 37, imenovali smo lice za zaštitu podataka (DPO).
Ime: Alem Bašić
Kompanija: ALAI Holding AS (Norveška)
E-mail: alem@alai.no
Telefon: +47 40 47 42 51
Imenovano: 14. maj 2026
In accordance with GDPR Article 37, we have appointed a Data Protection Officer (DPO).
Name: Alem Bašić
Company: ALAI Holding AS (Norway)
Email: alem@alai.no
Phone: +47 40 47 42 51
Appointed: May 14, 2026
4. Kategorije ličnih podataka | Categories of Personal Data
4.1 Kontakt forma | Contact Form
Podaci koje prikupljamo preko kontakt forme:
| Polje / Field | Svrha / Purpose |
|---|---|
| Ime i prezime / Full name | Identifikacija i komunikacija |
| Naziv kompanije / Company name | Biznis kontekst |
| Grad / City | Geografski doseg, regionalna podrška |
| Email adresa / Email | Odgovor na upit |
| WhatsApp broj / WhatsApp number | Direktna komunikacija (opciono) |
4.2 Google Analytics 4 | Google Analytics 4
Koristimo Google Analytics 4 (GA4) za analizu ponašanja korisnika na web stranici samo uz vaš pristanak.
Podaci koje GA4 prikuplja:
- Anonimizirana IP adresa (posljednji oktet maskiran)
- User-agent (tip browsera i operativnog sistema)
- Stranice koje ste posjetili i redoslijed navigacije
- Vrijeme provedeno na svakoj stranici
- Klik događaji (klikovi na dugmad, linkove)
- Veličina ekrana i rezolucija (za responsive analizu)
Pravni osnov: Pristanak (GDPR čl. 6(1)(a))
Retention: 26 mjeseci (podešeno kraće od GA4 default 14 mjeseci)
Server lokacija: EU serveri (preference postavka u GA4)
Opt-out: U bilo kojem trenutku možete povući pristanak putem Cookie Settings dugmeta ili instalirati Google Analytics Opt-out Browser Add-on.
We use Google Analytics 4 (GA4) to analyze user behavior on the website only with your consent.
Data collected by GA4:
- Anonymized IP address (last octet masked)
- User-agent (browser type and operating system)
- Pages visited and navigation sequence
- Time spent on each page
- Click events (clicks on buttons, links)
- Screen size and resolution (for responsive analysis)
Legal basis: Consent (GDPR art. 6(1)(a))
Retention: 26 months (configured shorter than GA4 default 14 months)
Server location: EU servers (preference setting in GA4)
Opt-out: You can withdraw consent at any time via the Cookie Settings button or install the Google Analytics Opt-out Browser Add-on.
4.3 Meta Pixel | Meta Pixel
Koristimo Meta Pixel (Facebook Pixel ID: 955529297347341)
za praćenje konverzija i optimizaciju oglasa
samo uz vaš pristanak.
Podaci koje Meta Pixel prikuplja:
- Anonimiziran browser fingerprint (ne direktno ime)
- Stranica koju ste posjetili (URL)
- Akcije: klik na "Zatražite ponudu" dugme, submit forme
- Referrer (odakle ste došli na stranicu)
Pravni osnov: Pristanak (GDPR čl. 6(1)(a))
Retention: 13 mjeseci (Meta default za marketing cookies)
Transfer: USA (Meta Platforms Ireland Ltd → USA parent entity), zaštićeno EU Standard Contractual Clauses (SCCs) i EU-US Data Privacy Framework
Opt-out: Povucite pristanak putem Cookie Settings dugmeta ili Facebook Ad Preferences.
We use Meta Pixel (Facebook Pixel ID: 955529297347341) to
track conversions and optimize ads
only with your consent.
Data collected by Meta Pixel:
- Anonymized browser fingerprint (not directly name)
- Page visited (URL)
- Actions: click on "Request Quote" button, form submission
- Referrer (where you came from)
Legal basis: Consent (GDPR art. 6(1)(a))
Retention: 13 months (Meta default for marketing cookies)
Transfer: USA (Meta Platforms Ireland Ltd → USA parent entity), protected by EU Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework
Opt-out: Withdraw consent via Cookie Settings button or Facebook Ad Preferences.
4.4 Google Business Profile i Google Maps | Google Business Profile and Google Maps
Naša kompanija ima Google Business Profile (GBP) listing, i embedujemo Google Maps na nekim stranicama.
Podaci koje Google obrađuje:
- Google Business Profile: Kada gledate naš GBP profil (u Google pretraživanju ili Google Maps-u), Google prikuplja vaš upit, lokaciju (približnu), i interakciju (klik na "Pozovi", "Upute", itd.). Ove podatke obrađuje Google Ireland Limited u skladu sa Google Privacy Policy.
- Google Maps Embed: Kada učitate stranicu sa embedovanom mapom, Google prikuplja IP adresu, zoom level, i klikthroughs. Ovi podaci se šalju ka Google serverima (EU i USA).
- Review Requests: Kada vas kontaktiramo sa review request emailom nakon usluge, vaša email adresa i odgovor (ako ostavite review) se čuvaju kod Googlea.
Pravni osnov:
- GBP profil: Legitimni interes (GDPR čl. 6(1)(f)) — javni business listing
- Maps embed: Legitimni interes (GDPR čl. 6(1)(f)) — olakšavanje navigacije do naše lokacije
- Review request: Legitimni interes (GDPR čl. 6(1)(f)) — post-service follow-up sa postojećim klijentom
Data Controller za GBP i Maps: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)
Opt-out: Za Google Maps embed, možete blokirati učitavanje putem browser extension-a (npr. uBlock Origin). Za review requests, možete unsubscribe putem linka u emailu.
Our company has a Google Business Profile (GBP) listing, and we embed Google Maps on some pages.
Data processed by Google:
- Google Business Profile: When you view our GBP profile (in Google Search or Google Maps), Google collects your query, location (approximate), and interactions (click on "Call", "Directions", etc.). This data is processed by Google Ireland Limited in accordance with Google Privacy Policy.
- Google Maps Embed: When you load a page with an embedded map, Google collects IP address, zoom level, and clickthroughs. This data is sent to Google servers (EU and USA).
- Review Requests: When we contact you with a review request email after service, your email address and response (if you leave a review) are stored by Google.
Legal basis:
- GBP profile: Legitimate interest (GDPR art. 6(1)(f)) — public business listing
- Maps embed: Legitimate interest (GDPR art. 6(1)(f)) — facilitating navigation to our location
- Review request: Legitimate interest (GDPR art. 6(1)(f)) — post-service follow-up with existing client
Data Controller for GBP and Maps: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)
Opt-out: For Google Maps embed, you can block loading via browser extension (e.g., uBlock Origin). For review requests, you can unsubscribe via the link in the email.
4.5 Ostali kolačići | Other Cookies
Prikupljamo putem drugih alata:
- IP adresa (anonimizovana nakon 3 mjeseca)
- Vercel Analytics: metrike performansi (nema PII)
- Session tokens: tehnički neophodne sesije
5. Pravni osnov za obradu | Legal Basis for Processing
| Svrha | Pravni osnov | Vrijeme čuvanja |
|---|---|---|
| Odgovor na upit putem forme | Legitimni interes (GDPR čl. 6(1)(f)) — B2B komunikacija | 24 mjeseca |
| Analitički kolačići (GA4, Pixel) | Pristanak (GDPR čl. 6(1)(a)) | 13 mjeseci (Meta default) |
| Tehnički kolačići (Vercel) | Neophodnost (GDPR čl. 6(1)(f)) | Dužina sesije |
| Marketing kampanje | Pristanak | Do opoziva pristanka |
| Komercijalna ponuda/ugovor | Ugovor (GDPR čl. 6(1)(b)) | 5 godina (računovodstvo) |
| Purpose | Legal basis | Retention period |
|---|---|---|
| Response to contact form | Legitimate interest (GDPR art. 6(1)(f)) — B2B communication | 24 months |
| Analytics cookies (GA4, Pixel) | Consent (GDPR art. 6(1)(a)) | 13 months (Meta default) |
| Technical cookies (Vercel) | Necessity (GDPR art. 6(1)(f)) | Session duration |
| Marketing campaigns | Consent | Until consent withdrawal |
| Commercial offer/contract | Contract (GDPR art. 6(1)(b)) | 5 years (accounting) |
6. Dijeljenje ličnih podataka | Sharing of Personal Data
6.1 Kategorije primalaca / Categories of Recipients
Tehnički pružaoci usluga / Technical service providers:
- Vercel (hosting) — USA, EU SCCs
- Migadu (email) — Švajcarska, adequacy decision
- Cloudflare (CDN) — global, EU DPA
Analitički alati / Analytics tools:
- Google Analytics 4 (samo sa pristankom) — EU servers
- Meta Pixel (samo sa pristankom) — USA, EU SCCs
Poslovni partneri / Business partners:
- ALAI Holding AS (Norveška) — tehničke konsultacije i DPO usluge
6.2 Ugovori o obradi podataka | Data Processing Agreements
Svi obrađivači podataka imaju potpisane Data Processing Agreements (DPA) u skladu sa GDPR članom 28.
7. Međunarodni transferi | International Data Transfers
Neki podaci se prenose van EEA (Evropskog ekonomskog prostora):
| Primatelj | Lokacija | Osnov prenosa |
|---|---|---|
| Vercel (hosting) | USA | EU Standard Contractual Clauses (SCCs) |
| Meta Platforms (Pixel) | USA | EU SCCs + DPF (Data Privacy Framework) |
| Google (GA4) | USA/EU | EU servers (preference), SCCs za backup |
Transfer Impact Assessment (TIA) je proveden za sve transfere van EEA, u skladu sa Schrems II presudom (C-311/18).
Some data is transferred outside EEA (European Economic Area):
| Recipient | Location | Transfer basis |
|---|---|---|
| Vercel (hosting) | USA | EU Standard Contractual Clauses (SCCs) |
| Meta Platforms (Pixel) | USA | EU SCCs + DPF (Data Privacy Framework) |
| Google (GA4) | USA/EU | EU servers (preference), SCCs for backup |
Transfer Impact Assessment (TIA) has been conducted for all non-EEA transfers, in accordance with Schrems II ruling (C-311/18).
8. Vrijeme čuvanja podataka | Data Retention Period
| Kategorija | Vrijeme čuvanja | Osnov |
|---|---|---|
| Upiti putem kontakt forme | 24 mjeseca | Legitimni interes |
| Komercijalni ugovori | 5 godina nakon završetka | Računovodstveni zakon BiH |
| Analitički kolačići | 13 mjeseci | Meta/Google default |
| Tehnički logovi | 3 mjeseca | Sigurnost i debugging |
| Marketing pristanci | Do opoziva + 1 godina dokumentacija | GDPR čl. 7(1) |
| Category | Retention period | Basis |
|---|---|---|
| Contact form inquiries | 24 months | Legitimate interest |
| Commercial contracts | 5 years after completion | BiH Accounting Law |
| Analytics cookies | 13 months | Meta/Google default |
| Technical logs | 3 months | Security and debugging |
| Marketing consents | Until withdrawal + 1 year documentation | GDPR art. 7(1) |
9. Vaša prava | Your Rights
U skladu sa GDPR Poglavlje III, imate sljedeća prava:
- Pravo na pristup (čl. 15) — potvrditi koja lična podataka obrađujemo i dobiti kopiju
- Pravo na ispravku (čl. 16) — ispraviti netačne podatke
- Pravo na brisanje (čl. 17) — zatražiti brisanje podataka ("pravo da se bude zaboravljen")
- Pravo na ograničenje obrade (čl. 18) — privremeno blokirati obradu u određenim slučajevima
- Pravo na prenosivost podataka (čl. 20) — dobiti podatke u strukturiranom, mašinski čitljivom formatu (JSON/CSV)
- Pravo na prigovor (čl. 21) — uložiti prigovor na obradu zasnovanu na legitimnom interesu
- Pravo na opoziv pristanka (čl. 7(3)) — povući pristanak za kolačiće u bilo kojem trenutku
In accordance with GDPR Chapter III, you have the following rights:
- Right of access (art. 15) — confirm what personal data we process and receive a copy
- Right to rectification (art. 16) — correct inaccurate data
- Right to erasure (art. 17) — request deletion of data ("right to be forgotten")
- Right to restriction of processing (art. 18) — temporarily block processing in certain cases
- Right to data portability (art. 20) — receive data in structured, machine-readable format (JSON/CSV)
- Right to object (art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (art. 7(3)) — withdraw consent for cookies at any time
10. Kako ostvariti svoja prava | How to Exercise Your Rights
Zahtjeve možete poslati na:
- Email: enis@snowit.ba
- Lice za zaštitu podataka: alem@alai.no
Rok odgovora: 30 dana (može se produžiti za dodatnih 60 dana za složene zahtjeve, uz obavještenje).
Requests can be sent to:
- Email: enis@snowit.ba
- Data Protection Officer: alem@alai.no
Response time: 30 days (may be extended by additional 60 days for complex requests, with notification).
11. Sigurnost podataka | Data Security
Implementirali smo sljedeće mjere bezbjednosti:
- TLS 1.3 enkripcija — sav saobraćaj između vas i servera
- Cloudflare CDN — DDoS zaštita i edge caching
- Vercel Secure Compute — izolovano okruženje za backend API-je
- Pristupna kontrola — samo ovlašteno osoblje
- Redovno skeniranje ranjivosti — mjesečni auditi
12. Kolačići | Cookies
Detaljne informacije o kolačićima i kako ih kontrolisati potražite u našoj Cookie Policy.
13. Izmjene politike | Policy Changes
O značajnim izmjenama ćemo vas obavijestiti putem:
- Email obavještenja (za postojeće klijente)
- Banner na web stranici (14 dana)
We will notify you of significant changes via:
- Email notification (for existing clients)
- Website banner (14 days)
14. Pravo na pritužbu | Right to Complain
Ako smatrate da kršimo zakone o zaštiti podataka, možete podnijeti pritužbu:
Agencija za zaštitu ličnih podataka BiH
Trg BiH 1
71000 Sarajevo
Telefon: +387 33 763 140
Email: azlp@azlp.ba
Web: https://www.azlp.ba
Takođe možete podnijeti pritužbu nadzornom tijelu u EU/EEA zemlji u kojoj živite ili radite.
If you believe we are violating data protection laws, you can lodge a complaint:
Agency for Personal Data Protection of BiH
Trg BiH 1
71000 Sarajevo
Phone: +387 33 763 140
Email: azlp@azlp.ba
Web: https://www.azlp.ba
You can also lodge a complaint with a supervisory authority in the EU/EEA country where you live or work.
15. Kontakt | Contact
SnowIT d.o.o.
Email (opšti upiti / general): info@snowit.ba
Email (privatnost / privacy & GDPR): enis@snowit.ba
WhatsApp: +387 62 329 076
Web: https://snowit.ba
Lice za zaštitu podataka / Data Protection Officer:
Alem Bašić — alem@alai.no — +47 40 47 42 51
Ova politika privatnosti je posljednji put ažurirana 17. maja
2026.
This privacy policy was last updated on May 17, 2026.