Legal document
Privacy Policy
Effective from 1 July 2026.
1. Introduction
This Privacy Policy explains what personal data the East Serbia Tourist Card platform collects when you use our website, request information, or purchase a package, and how that data is used, shared, and protected.
2. Data Controller
The East Serbia Tourist Card platform is the controller of the personal data described in this Policy. You can reach us using the contact details published on our Contact page for any question about how your data is handled.
3. Personal Data We Collect
Depending on how you use the Service, we may collect: contact details you submit through the contact form (full name, email, and your message); and buyer details collected during checkout (full name, email, and, where applicable, phone number, city, and country). Card usage information, such as which included services have been used, is linked to the card and not to a public account.
4. Why We Process Your Data
We use your data to respond to enquiries submitted through the contact form; to process orders, issue digital cards, and send purchase confirmations and fiscal receipts; to provide customer support related to an order or card; and to meet legal, tax, and fiscal obligations.
5. Legal Basis for Processing
We process your data to perform the contract formed when you place an order or submit an enquiry, to comply with legal obligations such as fiscal record-keeping, and, where you have given it, on the basis of your consent, such as the privacy acknowledgement given when submitting the contact form.
6. Sharing Your Data
We share the minimum data necessary with our payment provider to process payment, and with the relevant authority where fiscal reporting is required by law. A partner whose service you purchase can see the usage status of its own service on your card, but does not receive your contact details or the amounts paid for other partners' services.
7. Data Retention
We keep your personal data only for as long as necessary for the purposes described in this Policy, including any period required to meet our legal, tax, and fiscal record-keeping obligations, after which it is deleted or anonymized.
8. Cookies
We use cookies and similar technologies that are necessary to operate the website, such as remembering your language and the contents of your cart. Where we introduce cookies used for analytics or marketing, we will update this Policy and request consent as required by law.
9. Your Rights
Subject to applicable data protection law, you may request access to, correction of, or deletion of your personal data, object to certain processing, or ask us to restrict how your data is used. To exercise any of these rights, contact us using the details on our Contact page.
10. Data Security
We apply appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, but we work to keep your data protected at every stage of processing.
11. Children's Privacy
The Service is not directed at children acting without a parent or guardian, and checkout is intended to be completed by an adult on behalf of all travellers included in an order.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes to the Service or applicable law. Material changes will be reflected in an updated effective date shown at the top of this page.
13. Contact
For any question about this Privacy Policy or how your personal data is handled, please contact us through the details published on our Contact page.