Skip to content
Gric Produkt logo
Legal information

Privacy Policy

Last updated: 23 April 2026

This Privacy Policy explains how Gric Produkt d.o.o. (hereinafter: „the Controller", „we", „our") collects, processes and protects your personal data when you visit the website gric.rs and use the contact form.

Processing is carried out in accordance with the Serbian Personal Data Protection Act (Official Gazette of RS, No. 87/2018) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

The controller of your personal data is:

  • Gric Produkt d.o.o.
  • Address: Bavaništanski put 334, 26000 Pančevo, Republic of Serbia
  • Tax ID (PIB): 104649081 · Company No. (MB): 2027884
  • Legal representative: Borko Jovanovski
  • Privacy email: office@gric.rs
  • Phone: +381 63 638-677

As we have fewer than 250 employees and do not process sensitive data on a large scale, we are not required to appoint a Data Protection Officer (DPO). All privacy-related inquiries can be addressed to the email above.

2. What data we collect

2.1. Contact form data

When you submit the contact form, we process the following data:

  • Full name — required
  • Email address — required
  • Phone number — optional
  • Message text — required
  • IP address and User-Agent — automatically logged to prevent abuse (spam, attacks)
  • Submission date and time
  • Selected site language (SR or EN)

2.2. Analytics data (Google Analytics 4)

With your consent we use Google Analytics 4 (GA4) to measure site traffic. GA4 processes:

  • Anonymized IP address (last octet masked)
  • Device type, operating system and browser
  • Pages you visit and time spent on them
  • Traffic source (direct, search, referral)
  • Approximate geographic location (city / country)

Without your consent, GA4 is not loaded. You can withdraw consent at any time by clicking „Cookie settings" in the site footer.

2.3. Geolocation (automatic language selection)

On your first visit we use the service geojs.io to determine the country you are visiting from so we can pre-select the appropriate site language (Serbian for the region, English for other countries). Your IP address is sent to geojs.io in this process, but we do not store it and it is not used for any other purpose. Only the result (country code) is used to set your preferred language — not stored beyond that.

2.4. localStorage (browser local storage)

In your browser we store only:

  • gric_lang_pref — your language choice (sr/en), so we don't run geo-detection on the next visit
  • gric_consent — your cookie consent state

This data does not leave your device and you can delete it at any time through your browser settings.

3. Purpose and legal basis

PurposeLegal basisRetention period
Responding to inquiries via the contact form Consent and legitimate interest (Art. 6(1)(a) and (f) GDPR) 2 years from submission
Preventing abuse (IP, User-Agent) Legitimate interest (site security) 2 years
Traffic analytics (GA4) Consent (Art. 6(1)(a) GDPR) 14 months (Google default)
Automatic language selection (geojs.io) Legitimate interest (improved user experience) One-time lookup, not stored
Remembering your choices (language, consent) Legitimate interest / consent Until you clear localStorage

4. Who we share data with

Your data is processed by us and the following carefully selected processors:

  • Google LLC (Google Analytics 4) — analytics, with your consent. Google is registered under the EU-US Data Privacy Framework. See policies.google.com/privacy.
  • GeoJS (geojs.io) — one-time geolocation on first visit. geojs.io
  • cPanel / Yubc d.o.o. (mail.gric.rs) — our mail server for receiving and sending messages from the form.

We do not sell, rent or share your data with third parties for marketing purposes.

5. International transfers

Google LLC (USA) is a recipient outside the Republic of Serbia and outside the EU. Transfers are carried out under mechanisms recognized by GDPR (EU-US Data Privacy Framework and Standard Contractual Clauses). Other processors are located in the EU/EEA or in the Republic of Serbia.

6. Your rights

Under the Serbian Personal Data Protection Act and GDPR, you have the following rights:

  • Right of access — to information about the data we process about you
  • Right to rectification — of inaccurate data
  • Right to erasure („right to be forgotten") — deletion of data no longer necessary
  • Right to restriction of processing
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — at any time
  • Right to withdraw consent — e.g. for analytics, via „Cookie settings"
  • Right to lodge a complaint with the Serbian supervisory authority:
Commissioner for Information of Public Importance and Personal Data Protection
Bulevar kralja Aleksandra 15, 11000 Belgrade, Serbia
Phone: +381 11 3408-900 · Email: office@poverenik.rs
Web: www.poverenik.rs

To exercise your rights, contact office@gric.rs. We respond within 30 days of receipt (in exceptional cases this period may be extended by up to 60 days, and we will inform you accordingly).

7. Data security

The site uses HTTPS encryption (TLS 1.2+). Contact form messages are stored on our server in an encrypted database. Only authorized personnel within the company have access. Technical and organizational protection measures are applied in accordance with Arts. 42-45 of the Serbian PDPA.

8. Automated decision-making and profiling

We do not engage in automated decision-making or profiling that would have legal effects concerning you or similarly significantly affect you.

9. Cookies

For a detailed overview of cookies used by the site, please see our Cookie Policy.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes are published on this page with a new „Last updated" date. If the changes are significant, we will notify you on the site (banner or email, if you have provided us with one).

If you have any questions about this Privacy Policy or how we process your data, feel free to write to us at office@gric.rs.