Privacy Policy

Last updated: June 20, 2025

1. General Provisions

The Operator processes personal data in accordance with the legislation of Montenegro, including the Law on Personal Data Protection (“Zakon o zaštiti podataka o ličnosti”, Official Gazette of Montenegro No. 79/08 and 70/09), and taking into account the provisions of the EU General Data Protection Regulation (GDPR), as Montenegro is an EU candidate country and has implemented key GDPR principles into national regulation.
This Personal Data Processing Policy is drawn up in accordance with the EU General Data Protection Regulation (GDPR) and defines the procedure for processing personal data and the measures taken to ensure the security of personal data by SYNERGY CAPITAL DEVELOPMENT D.O.O. Žabljak (hereinafter — the Operator).
The Operator seeks to ensure the confidentiality, integrity, and availability of the processed personal data.

2. Definitions

  • Personal data — any information relating to an identified or identifiable natural person.
  • Processing of personal data — any operation performed on personal data (collection, storage, use, transfer, etc.).
  • Data subject — a natural person whose personal data is being processed.
  • Data controller — a person who determines the purposes and means of processing personal data.

3. Purposes of Personal Data Processing

  • Sending newsletters and notifications
  • Responding to inquiries via contact forms
  • Processing applications, orders, and reservations
  • Content personalization
  • Retargeting and advertising
  • Analytics and statistics
  • User support

4. Categories of Data Processed

  • Name
  • Email
  • Phone number
  • IP address
  • Geolocation data
  • Website behavior (via analytics tools)
  • Data from contact forms
  • Cookies

5. Legal Grounds for Processing

  • Consent of the data subject (Art. 6(1)(a) GDPR)
  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)

6. Data Retention Periods

  • Form submissions — 12 months
  • Email subscriptions — until unsubscribed or consent is withdrawn
  • Orders — 7 years
  • Cookies — up to 26 months
  • IP addresses — up to 180 days, unless a longer period is required for system security or legal compliance
After the specified periods expire, data is deleted, anonymized, or archived in accordance with applicable law.

7. Transfer of Personal Data to Third Parties

The Operator may transfer personal data to third parties if necessary to achieve the stated processing purposes, such as service provision, analytics, advertising, or website security.
Data may be transferred to the following third-party providers:
  • Google Analytics — web analytics
  • Yandex Metrica — behavioral analysis
  • Meta (Facebook) Pixel — marketing and retargeting
  • Google Maps — map display
  • YouTube — embedded video
  • CRM systems — inquiry management
  • reCAPTCHA — protection against automated actions
Data may be transferred to countries outside the European Economic Area, including the United States. In such cases, the Operator ensures appropriate legal safeguards in accordance with Montenegrin law and GDPR requirements, which may include:
  • Data Processing Agreements (DPA) with recipients
  • Standard Contractual Clauses (SCC) approved by the European Commission
  • Other legal mechanisms ensuring adequate data protection
All third parties undertake to use the received personal data solely on the Operator’s instructions and in compliance with data protection legislation.

8. Rights of Data Subjects

In accordance with Montenegrin law and the GDPR, data subjects have the right to:
  • Access their data
  • Rectify or delete data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority
In Montenegro, the competent supervisory authority is the Agency for Personal Data Protection and Free Access to Information (AZLP).
Users have the right to file a complaint with this authority if they believe their personal data rights have been violated. Official website: https://www.azlp.me

9. Data Protection Measures

The Operator applies technical and organizational measures, including:

  • SSL encryption
  • Access restrictions
  • Security audits
  • Pseudonymization

10. Use of Automation and AI

The Operator uses AI and automated processing for analytics and personalization purposes; however, no decisions producing legal effects are made without human involvement.

11. Contacts and Complaints
For all matters related to personal data processing, please contact: dv.mne1@gmail.com

12. Updates

This policy may be updated. We will notify you of significant changes via email or through the website.
Made on
Tilda