GDPR & Data Protection Statement

1. Our Approach to Data Protection

At DIGITAL CONTROL d.o.o., data protection is treated as an operational responsibility — not as a checkbox.

We operate in environments where process ownership, auditability, and regulatory awareness matter.
Our approach to personal data follows the same principles.

We commit to:

• Lawful and transparent processing
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

2. Role Under GDPR

DIGITAL CONTROL d.o.o. acts as:

• Data Controller for data collected via the Website
• Data Processor only where explicitly agreed in contractual engagements with clients

The scope of responsibility depends on the context of processing.

3. Lawful Basis for Processing

We rely on one or more of the following legal bases:

• Legitimate interest (B2B communication and lead qualification)
• Consent (newsletter subscription)
• Contractual necessity (where formal engagement exists)
• Legal obligation (where applicable)

We do not process personal data without a defined legal basis.

4. Data Minimization

We collect only the data necessary to:

• Respond to business inquiries
• Generate preliminary process documentation
• Evaluate potential collaboration

We do not intentionally collect sensitive personal data through the Website.

5. Infrastructure & Data Location

All primary infrastructure supporting the Website is located within the European Union.

Hosting provider:
Hetzner Online GmbH (Germany)

Automation workflows and CRM systems are hosted within EU-based infrastructure.

Where third-party providers are used (e.g., Google, LinkedIn, Mailchimp), we rely on their GDPR-compliant processing frameworks and contractual safeguards.

6. Security Measures

We implement appropriate technical and organizational measures, including:

• Encrypted communication (HTTPS)
• Controlled system access
• Role-based permissions
• Restricted administrative access
• Secure server infrastructure

Security measures are periodically reviewed and adapted based on operational risk.

7. Data Retention

Website-related personal data is retained for a maximum of 24 months from the last meaningful interaction, unless:

• A contractual relationship is established
• Legal retention obligations apply

Newsletter data is retained until consent is withdrawn.

8. Data Subject Rights

Under applicable data protection law, individuals may have the right to:

• Access personal data
• Request correction
• Request erasure
• Restrict processing
• Object to processing
• Withdraw consent
• Request data portability

Requests may be submitted to:

info@digitalcontrol.me

We respond within applicable statutory deadlines.

9. International Transfers

Where third-party providers process data outside the European Union, we rely on appropriate safeguards such as:

• Standard Contractual Clauses
• Adequacy decisions
• Equivalent legal mechanisms

We do not knowingly transfer data to jurisdictions without legal safeguards.

10. Incident Handling

In the event of a personal data breach, we follow a structured internal process that includes:

• Incident assessment
• Containment
• Documentation
• Notification where legally required

Where applicable, supervisory authorities and affected individuals will be informed in accordance with GDPR requirements.

11. Contact for Data Protection Matters

DIGITAL CONTROL d.o.o.
Knjaza Danila 78A
Podgorica, Montenegro
Email: info@digitalcontrol.me

For GDPR-related inquiries, please use the subject line: “Data Protection Request”.