This Privacy Policy explains how NOTA BENE ("NB Atelier d.o.o.", "we", "us", or "our") collects, uses, stores, and protects personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and other applicable European and national data protection laws. 
1. Data Controller
Company legal name: NB Atelier d.o.o.
Company brand name: NOTA BENE
Registered seat: Bosnia and Herzegovina
Business activity: Architectural design, planning, energy efficiency, consulting, video production, marketing, and related professional services
Contact email: moc.reileta-bn%40ofni
NOTA BENE acts as the data controller for personal data processed through its website, business communications, and professional engagements.
2. Scope of This Policy
This Privacy Policy applies to:
• Visitors to our website• Clients and prospective clients• Business partners and collaborators• Individuals who contact us via email or other communication channels
This Policy does not apply to third-party websites linked from our website.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identification and Contact Data
• Name and surname• Company name and role• Email address• Phone number• Postal address (if required for contractual purposes)
3.2 Professional and Business Data
• Project-related correspondence• Contractual and invoicing information• Technical or professional information provided in the course of cooperation
3.3 Technical Data
• IP address• Browser type and version• Device and operating system information• Website usage data (via cookies or similar technologies)
4. Legal Bases for Processing
We process personal data only when there is a lawful basis under Article 6 GDPR, including:
• Consent – where you have given explicit consent for specific purposes,• Contractual necessity – where processing is necessary for the performance of a• contract or pre-contractual measures,• Legal obligation – where processing is required to comply with legal obligations,• Legitimate interest – where processing is necessary for our legitimate business interests, provided such interests do not override your rights and freedoms.
5. Purposes of Processing
Personal data is processed for the following purposes:
• Responding to inquiries and communication requests• Providing architectural and consulting services• Preparing offers, contracts, and project documentation• Managing professional and business relationships• Fulfilling legal, accounting, and tax obligations• Ensuring website security and functionality• Improving our services and professional operations
6. Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes for which it wascollected, including:
• Duration of contractual relationships• Statutory retention periods under applicable laws• Legitimate business needs
After expiration of retention periods, data is securely deleted or anonymised.
7. Data Sharing and Recipients
We do not sell personal data. Personal data may be shared only with:
• Trusted external consultants and professional partners involved in project delivery (e.g. engineers, technical consultants)• Legal, accounting, and tax advisors• IT service providers and hosting providers• Public authorities where legally required
All recipients are contractually bound to confidentiality and data protection obligations.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), suchtransfers are carried out only:
To countries with an adequacy decision by the European Commission, orUsing appropriate safeguards such as Standard Contractual Clauses (SCCs)
9. Data Security
We implement appropriate technical and organisational measures to protect personal data,including:
• Access control and role-based permissions• Secure communication channels• Data minimisation and confidentiality practices• Regular review of security measures
Despite these measures, no system can be guaranteed to be completely secure.
10. Cookies and Website Technologies
Our website may use cookies and similar technologies to:
Ensure proper website functionalityAnalyse website traffic and performanceWhere required by law, cookies are used only with your consent. You may manage cookiepreferences through your browser settings.
11. Data Subject Rights
Under the GDPR, you have the following rights:
• Right of access to your personal data• Right to rectification of inaccurate or incomplete data• Right to erasure ("right to be forgotten")• Right to restriction of processing• Right to data portability• Right to object to processing based on legitimate interests• Right to withdraw consent at any time
Requests may be submitted via email to .moc.reileta-bn%40ofni We will respond within the time limits prescribed by law.
12. Right to Lodge a Complaint
If you believe your personal data has been processed unlawfully, you have the right to lodgea complaint with a competent data protection authority in the EU or in your country ofresidence.
13. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect legal or operational changes. The latest version will always be available on our website.
14. Contact
For all questions regarding this Privacy Policy or personal data processing, please contact us:
Email: moc.reileta-bn%40ofni