Politika Privatnosti | Privacy Policy

Posljednje ažuriranje / Last updated: 12. juni 2026

Rukovalac podacima / Data Controller: SnowIT d.o.o., Hamze Čelenke 11, 71210 Ilidža, Bosna i Hercegovina

Kontakt / Contact: enis@snowit.ba

Web stranica / Website: https://snowit.ba

1. Uvod | Introduction

Ova politika privatnosti opisuje kako SnowIT d.o.o. («mi», «naša kompanija») obrađuje lične podatke u vezi sa našom web stranicom i digitalnim uslugama. Izjava je pripremljena u skladu sa:

EU GDPR (General Data Protection Regulation) — Uredba (EU) 2016/679
Zakon o zaštiti ličnih podataka BiH (Službeni glasnik BiH, br. 49/06, 76/11, 89/11)

SnowIT nudi dizajn i implementaciju digitalnih prisutstava za male i srednje biznise u Bosni i Hercegovini — od web stranica do mobilnih aplikacija.

This privacy policy describes how SnowIT d.o.o. ("we", "our company") processes personal data in connection with our website and digital services. This statement is prepared in accordance with:

EU GDPR (General Data Protection Regulation) — Regulation (EU) 2016/679
Bosnia and Herzegovina Law on Personal Data Protection (Official Gazette BiH, no. 49/06, 76/11, 89/11)

SnowIT offers design and implementation of digital presences for small and medium businesses in Bosnia and Herzegovina — from websites to mobile applications.

2. Rukovalac podacima | Data Controller

SnowIT d.o.o.

Osnovan / Founded: 2022

Kontakt (GDPR / Privacy rights) / Contact: enis@snowit.ba

Opšti upiti / General inquiries: info@snowit.ba

Adresa / Address: Hamze Čelenke 11, 71210 Ilidža, Bosna i Hercegovina

3. Lice za zaštitu podataka | Data Protection Officer

U skladu sa GDPR članom 37, imenovali smo lice za zaštitu podataka (DPO).

Ime: Alem Bašić
Kompanija: ALAI Holding AS (Norveška)
E-mail: alem@alai.no
Telefon: +47 40 47 42 51
Imenovano: 14. maj 2026

In accordance with GDPR Article 37, we have appointed a Data Protection Officer (DPO).

Name: Alem Bašić
Company: ALAI Holding AS (Norway)
Email: alem@alai.no
Phone: +47 40 47 42 51
Appointed: May 14, 2026

4. Kategorije ličnih podataka | Categories of Personal Data

4.1 Kontakt forma | Contact Form

Podaci koje prikupljamo preko kontakt forme:

Polje / Field	Svrha / Purpose
Ime i prezime / Full name	Identifikacija i komunikacija
Naziv kompanije / Company name	Biznis kontekst
Grad / City	Geografski doseg, regionalna podrška
Email adresa / Email	Odgovor na upit
WhatsApp broj / WhatsApp number	Direktna komunikacija (opciono)

4.2 Google Analytics 4 | Google Analytics 4

Koristimo Google Analytics 4 (GA4) za analizu ponašanja korisnika na web stranici samo uz vaš pristanak.

Podaci koje GA4 prikuplja:

Anonimizirana IP adresa (posljednji oktet maskiran)
User-agent (tip browsera i operativnog sistema)
Stranice koje ste posjetili i redoslijed navigacije
Vrijeme provedeno na svakoj stranici
Klik događaji (klikovi na dugmad, linkove)
Veličina ekrana i rezolucija (za responsive analizu)

Pravni osnov: Pristanak (GDPR čl. 6(1)(a))

Retention: 26 mjeseci (podešeno kraće od GA4 default 14 mjeseci)

Server lokacija: EU serveri (preference postavka u GA4)

Opt-out: U bilo kojem trenutku možete povući pristanak putem Cookie Settings dugmeta ili instalirati Google Analytics Opt-out Browser Add-on.

We use Google Analytics 4 (GA4) to analyze user behavior on the website only with your consent.

Data collected by GA4:

Anonymized IP address (last octet masked)
User-agent (browser type and operating system)
Pages visited and navigation sequence
Time spent on each page
Click events (clicks on buttons, links)
Screen size and resolution (for responsive analysis)

Legal basis: Consent (GDPR art. 6(1)(a))

Retention: 26 months (configured shorter than GA4 default 14 months)

Server location: EU servers (preference setting in GA4)

Opt-out: You can withdraw consent at any time via the Cookie Settings button or install the Google Analytics Opt-out Browser Add-on.

4.3 Meta Pixel | Meta Pixel

Koristimo Meta Pixel (Facebook Pixel ID: 955529297347341) za praćenje konverzija i optimizaciju oglasa samo uz vaš pristanak.

Podaci koje Meta Pixel prikuplja:

Anonimiziran browser fingerprint (ne direktno ime)
Stranica koju ste posjetili (URL)
Akcije: klik na "Zatražite ponudu" dugme, submit forme
Referrer (odakle ste došli na stranicu)

Pravni osnov: Pristanak (GDPR čl. 6(1)(a))

Retention: 13 mjeseci (Meta default za marketing cookies)

Transfer: USA (Meta Platforms Ireland Ltd → USA parent entity), zaštićeno EU Standard Contractual Clauses (SCCs) i EU-US Data Privacy Framework

Opt-out: Povucite pristanak putem Cookie Settings dugmeta ili Facebook Ad Preferences.

We use Meta Pixel (Facebook Pixel ID: 955529297347341) to track conversions and optimize ads only with your consent.

Data collected by Meta Pixel:

Anonymized browser fingerprint (not directly name)
Page visited (URL)
Actions: click on "Request Quote" button, form submission
Referrer (where you came from)

Legal basis: Consent (GDPR art. 6(1)(a))

Retention: 13 months (Meta default for marketing cookies)

Transfer: USA (Meta Platforms Ireland Ltd → USA parent entity), protected by EU Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework

Opt-out: Withdraw consent via Cookie Settings button or Facebook Ad Preferences.

4.4 Google Business Profile i Google Maps | Google Business Profile and Google Maps

Naša kompanija ima Google Business Profile (GBP) listing, i embedujemo Google Maps na nekim stranicama.

Podaci koje Google obrađuje:

Google Business Profile: Kada gledate naš GBP profil (u Google pretraživanju ili Google Maps-u), Google prikuplja vaš upit, lokaciju (približnu), i interakciju (klik na "Pozovi", "Upute", itd.). Ove podatke obrađuje Google Ireland Limited u skladu sa Google Privacy Policy.
Google Maps Embed: Kada učitate stranicu sa embedovanom mapom, Google prikuplja IP adresu, zoom level, i klikthroughs. Ovi podaci se šalju ka Google serverima (EU i USA).
Review Requests: Kada vas kontaktiramo sa review request emailom nakon usluge, vaša email adresa i odgovor (ako ostavite review) se čuvaju kod Googlea.

Pravni osnov:

GBP profil: Legitimni interes (GDPR čl. 6(1)(f)) — javni business listing
Maps embed: Legitimni interes (GDPR čl. 6(1)(f)) — olakšavanje navigacije do naše lokacije
Review request: Legitimni interes (GDPR čl. 6(1)(f)) — post-service follow-up sa postojećim klijentom

Data Controller za GBP i Maps: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)

Opt-out: Za Google Maps embed, možete blokirati učitavanje putem browser extension-a (npr. uBlock Origin). Za review requests, možete unsubscribe putem linka u emailu.

Our company has a Google Business Profile (GBP) listing, and we embed Google Maps on some pages.

Data processed by Google:

Google Business Profile: When you view our GBP profile (in Google Search or Google Maps), Google collects your query, location (approximate), and interactions (click on "Call", "Directions", etc.). This data is processed by Google Ireland Limited in accordance with Google Privacy Policy.
Google Maps Embed: When you load a page with an embedded map, Google collects IP address, zoom level, and clickthroughs. This data is sent to Google servers (EU and USA).
Review Requests: When we contact you with a review request email after service, your email address and response (if you leave a review) are stored by Google.

Legal basis:

GBP profile: Legitimate interest (GDPR art. 6(1)(f)) — public business listing
Maps embed: Legitimate interest (GDPR art. 6(1)(f)) — facilitating navigation to our location
Review request: Legitimate interest (GDPR art. 6(1)(f)) — post-service follow-up with existing client

Data Controller for GBP and Maps: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)

Opt-out: For Google Maps embed, you can block loading via browser extension (e.g., uBlock Origin). For review requests, you can unsubscribe via the link in the email.

4.6 Google API usluge — Politika ograničene upotrebe | Google API Services — Limited Use

SnowIT koristi Google API-je (Google Search Console i Google Analytics) isključivo u okviru naše usluge SEO revizije, i to samo uz vaš eksplicitni OAuth pristanak. Korištenje informacija dobivenih putem Google API-ja usklađeno je sa Politikom korištenja korisničkih podataka Google API usluga (Google API Services User Data Policy), uključujući zahtjeve o ograničenoj upotrebi (Limited Use).

U skladu s tim:

Podaci dobiveni putem Google API-ja koriste se isključivo za pružanje i unapređenje funkcija SEO revizije dostupnih korisniku koji je odobrio pristup.
Podaci se ne prenose niti prodaju trećim stranama, osim u mjeri neophodnoj za pružanje same usluge ili kako to zahtijeva zakon.
Podaci se ne koriste za prikazivanje oglasa niti u svrhe koje nisu u direktnoj vezi s temeljnom uslugom SEO revizije.
Zaposleni i saradnici SnowIT-a ne čitaju vaše podatke iz Google-a, osim: (a) uz vaš izričiti pristanak, (b) u svrhu sigurnosti i istraživanja zloupotrebe, ili (c) radi ispunjavanja zakonskih obaveza.

SnowIT accesses Google APIs (Google Search Console and Google Analytics) solely as part of our SEO audit service, and only upon your explicit OAuth consent. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

Data obtained from Google APIs is used only to provide and improve the SEO audit features visible to the user who authorized access.
Data is not transferred or sold to third parties, except as necessary to provide the service or as required by law.
Data is not used for serving advertising or for any purpose unrelated to the core SEO audit service.
SnowIT staff and collaborators do not read your Google data, except: (a) with your explicit consent, (b) for security and abuse investigation purposes, or (c) to comply with applicable law.

4.6.1 Opoziv Google pristupa | Revoking Google Access

Da opozovete pristup portala vašim Google podacima u bilo kom trenutku:

Prijavite se na Google nalog koji ste koristili pri davanju pristanka.
Idite na: https://myaccount.google.com/permissions
Pronađite "SnowIT SEO Readiness Portal" i kliknite "Ukloni pristup."

Nakon opoziva, portal više neće dohvatati vaše Google podatke. Pohranjeni OAuth tokeni bit će izbrisani s ALAI servera u roku 30 dana, ili odmah na pisani zahtjev na privacy@alai.no.

To revoke the portal's access to your Google data at any time:

Sign in to the Google Account you used when granting access.
Go to: https://myaccount.google.com/permissions
Find "SnowIT SEO Readiness Portal" and click "Remove access."

After revocation, your Google data will no longer be retrieved by the portal. Any stored OAuth tokens will be deleted from ALAI servers within 30 days, or immediately upon written request to privacy@alai.no.

4.5 Ostali kolačići | Other Cookies

Prikupljamo putem drugih alata:

IP adresa (anonimizovana nakon 3 mjeseca)
Vercel Analytics: metrike performansi (nema PII)
Session tokens: tehnički neophodne sesije

5. Pravni osnov za obradu | Legal Basis for Processing

Svrha	Pravni osnov	Vrijeme čuvanja
Odgovor na upit putem forme	Legitimni interes (GDPR čl. 6(1)(f)) — B2B komunikacija	24 mjeseca
Analitički kolačići (GA4, Pixel)	Pristanak (GDPR čl. 6(1)(a))	13 mjeseci (Meta default)
Tehnički kolačići (Vercel)	Neophodnost (GDPR čl. 6(1)(f))	Dužina sesije
Marketing kampanje	Pristanak	Do opoziva pristanka
Komercijalna ponuda/ugovor	Ugovor (GDPR čl. 6(1)(b))	5 godina (računovodstvo)

Purpose	Legal basis	Retention period
Response to contact form	Legitimate interest (GDPR art. 6(1)(f)) — B2B communication	24 months
Analytics cookies (GA4, Pixel)	Consent (GDPR art. 6(1)(a))	13 months (Meta default)
Technical cookies (Vercel)	Necessity (GDPR art. 6(1)(f))	Session duration
Marketing campaigns	Consent	Until consent withdrawal
Commercial offer/contract	Contract (GDPR art. 6(1)(b))	5 years (accounting)

6. Dijeljenje ličnih podataka | Sharing of Personal Data

6.1 Kategorije primalaca / Categories of Recipients

Tehnički pružaoci usluga / Technical service providers:

Vercel (hosting) — USA, EU SCCs
Migadu (email) — Švajcarska, adequacy decision
Cloudflare (CDN) — global, EU DPA

Analitički alati / Analytics tools:

Google Analytics 4 (samo sa pristankom) — EU servers
Meta Pixel (samo sa pristankom) — USA, EU SCCs

Poslovni partneri / Business partners:

ALAI Holding AS (Norveška) — tehničke konsultacije i DPO usluge

6.2 Ugovori o obradi podataka | Data Processing Agreements

Svi obrađivači podataka imaju potpisane Data Processing Agreements (DPA) u skladu sa GDPR članom 28.

7. Međunarodni transferi | International Data Transfers

Neki podaci se prenose van EEA (Evropskog ekonomskog prostora):

Primatelj	Lokacija	Osnov prenosa
Vercel (hosting)	USA	EU Standard Contractual Clauses (SCCs)
Meta Platforms (Pixel)	USA	EU SCCs + DPF (Data Privacy Framework)
Google (GA4)	USA/EU	EU servers (preference), SCCs za backup

Transfer Impact Assessment (TIA) je proveden za sve transfere van EEA, u skladu sa Schrems II presudom (C-311/18).

Some data is transferred outside EEA (European Economic Area):

Recipient	Location	Transfer basis
Vercel (hosting)	USA	EU Standard Contractual Clauses (SCCs)
Meta Platforms (Pixel)	USA	EU SCCs + DPF (Data Privacy Framework)
Google (GA4)	USA/EU	EU servers (preference), SCCs for backup

Transfer Impact Assessment (TIA) has been conducted for all non-EEA transfers, in accordance with Schrems II ruling (C-311/18).

8. Vrijeme čuvanja podataka | Data Retention Period

Kategorija	Vrijeme čuvanja	Osnov
Upiti putem kontakt forme	24 mjeseca	Legitimni interes
Komercijalni ugovori	5 godina nakon završetka	Računovodstveni zakon BiH
Analitički kolačići	13 mjeseci	Meta/Google default
Tehnički logovi	3 mjeseca	Sigurnost i debugging
Marketing pristanci	Do opoziva + 1 godina dokumentacija	GDPR čl. 7(1)
Google OAuth access tokeni	Do opoziva ili završetka angažmana; izbrisani u roku 30 dana od opoziva ili pisanog zahtjeva	GDPR čl. 6(1)(a) — pristanak
SEO audit podaci (GSC/GA4 izvedeni)	2 godine nakon završetka angažmana, ili do zahtjeva za brisanje	GDPR čl. 6(1)(b) — ugovor

Category	Retention period	Basis
Contact form inquiries	24 months	Legitimate interest
Commercial contracts	5 years after completion	BiH Accounting Law
Analytics cookies	13 months	Meta/Google default
Technical logs	3 months	Security and debugging
Marketing consents	Until withdrawal + 1 year documentation	GDPR art. 7(1)
Google OAuth access tokens	Until revocation or engagement end; deleted within 30 days of revocation or written request	GDPR art. 6(1)(a) — consent
SEO audit data (GSC/GA4 derived)	2 years after engagement close, or until deletion request	GDPR art. 6(1)(b) — contract

9. Vaša prava | Your Rights

U skladu sa GDPR Poglavlje III, imate sljedeća prava:

Pravo na pristup (čl. 15) — potvrditi koja lična podataka obrađujemo i dobiti kopiju
Pravo na ispravku (čl. 16) — ispraviti netačne podatke
Pravo na brisanje (čl. 17) — zatražiti brisanje podataka ("pravo da se bude zaboravljen")
Pravo na ograničenje obrade (čl. 18) — privremeno blokirati obradu u određenim slučajevima
Pravo na prenosivost podataka (čl. 20) — dobiti podatke u strukturiranom, mašinski čitljivom formatu (JSON/CSV)
Pravo na prigovor (čl. 21) — uložiti prigovor na obradu zasnovanu na legitimnom interesu
Pravo na opoziv pristanka (čl. 7(3)) — povući pristanak za kolačiće u bilo kojem trenutku

In accordance with GDPR Chapter III, you have the following rights:

Right of access (art. 15) — confirm what personal data we process and receive a copy
Right to rectification (art. 16) — correct inaccurate data
Right to erasure (art. 17) — request deletion of data ("right to be forgotten")
Right to restriction of processing (art. 18) — temporarily block processing in certain cases
Right to data portability (art. 20) — receive data in structured, machine-readable format (JSON/CSV)
Right to object (art. 21) — object to processing based on legitimate interest
Right to withdraw consent (art. 7(3)) — withdraw consent for cookies at any time

10. Kako ostvariti svoja prava | How to Exercise Your Rights

Zahtjeve možete poslati na:

Email: enis@snowit.ba
Lice za zaštitu podataka: alem@alai.no

Rok odgovora: 30 dana (može se produžiti za dodatnih 60 dana za složene zahtjeve, uz obavještenje).

Requests can be sent to:

Email: enis@snowit.ba
Data Protection Officer: alem@alai.no

Response time: 30 days (may be extended by additional 60 days for complex requests, with notification).

11. Sigurnost podataka | Data Security

Implementirali smo sljedeće mjere bezbjednosti:

TLS 1.3 enkripcija — sav saobraćaj između vas i servera
Cloudflare CDN — DDoS zaštita i edge caching
Vercel Secure Compute — izolovano okruženje za backend API-je
Pristupna kontrola — samo ovlašteno osoblje
Redovno skeniranje ranjivosti — mjesečni auditi

12. Kolačići | Cookies

Detaljne informacije o kolačićima i kako ih kontrolisati potražite u našoj Cookie Policy.

13. Izmjene politike | Policy Changes

O značajnim izmjenama ćemo vas obavijestiti putem:

Email obavještenja (za postojeće klijente)
Banner na web stranici (14 dana)

We will notify you of significant changes via:

Email notification (for existing clients)
Website banner (14 days)

14. Pravo na pritužbu | Right to Complain

Ako smatrate da kršimo zakone o zaštiti podataka, možete podnijeti pritužbu:

Agencija za zaštitu ličnih podataka BiH
Trg BiH 1
71000 Sarajevo
Telefon: +387 33 763 140
Email: azlp@azlp.ba
Web: https://www.azlp.ba

Takođe možete podnijeti pritužbu nadzornom tijelu u EU/EEA zemlji u kojoj živite ili radite.

If you believe we are violating data protection laws, you can lodge a complaint:

Agency for Personal Data Protection of BiH
Trg BiH 1
71000 Sarajevo
Phone: +387 33 763 140
Email: azlp@azlp.ba
Web: https://www.azlp.ba

You can also lodge a complaint with a supervisory authority in the EU/EEA country where you live or work.

15. Kontakt | Contact

SnowIT d.o.o.
Email (opšti upiti / general): info@snowit.ba
Email (privatnost / privacy & GDPR): enis@snowit.ba
WhatsApp: +387 62 329 076
Web: https://snowit.ba

Lice za zaštitu podataka / Data Protection Officer:
Alem Bašić — alem@alai.no — +47 40 47 42 51

Ova politika privatnosti je posljednji put ažurirana 12. juna 2026.
This privacy policy was last updated on June 12, 2026.