Privacy Policy


BrightMarbles respects the privacy of its customers, suppliers, and partners. Therefore, we have formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s), and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request. If you require any additional information about the protection of personal data, please visit one of the following websites:


  1. Party responsible for processing personal data: BrightMarbles Doo Novi Sad, with its registered address at Đorđa Rajkovića 2 Novi Sad, Serbia, and Company Registration Number 21199931, represented by Naq Cyber B.V. for its European data processing activities (hereinafter: “the controller”). 
  2. Data Protection Authority: Autoriteit Persoonsgegevens Netherlands; Poverenik Serbia; Information Commissioner UK.
  3. Data Protection laws: 
    1. The EU GDPR 2018;
    2. The EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation);
    3. The Serbian Law on Protection of Personal Data 2019; Rulebook on the Manner of Prior Review of Personal Data Processing; Decree on the Form for and Manner of Keeping Records of Personal Data Processing; Rulebook on the Form and Manner of Keeping Record of the Data Protection Officer; Rulebook on the Form of Notification on Personal Data Breach and Manner of Notifying the Commissioner for Information of Public Importance and Protection of Personal Data on Personal Data Breach; Rulebook on the Complaint Form; Decision on the List of Types of Personal Data Processing Operations for Which an Assessment of the Impact on the Personal Data Protection Must be Performed and the Opinion of the Commissioner for Information of Public Importance and Personal Data Protection Must be Sought.

 Collection of data

  1. Your personal data will be collected by BrightMarbles and its data processors. 
  2. Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
  3. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
TypeLegal BasisPurpose
Customer Identification InformationConsentCustomer management, work planning, direct marketing, administration
Employee Identification InformationConsentEmployee management, work planning, administration
Supplier or partner Identification InformationConsentSupplier management, Work planning, administration
Customer Financial InformationConsentCustomer management, administration
Employee Financial InformationConsentEmployee management, administration
Supplier or partner Financial InformationConsentSupplier management, administration
Employee employment or educational historyLegitimate interest/ consentEmployee management
Contracts with employees, customers, and suppliersLegitimate interest/consentEmployee, customer or supplier management, administration
Copies of IDLegitimate interest/consentEmployee management, administration

How we collect, store, or otherwise process your data

Description of processingTypeThird-party recipients
Website: cookies; contact form; subscription to the newsletterCustomer identification information SBB d.o.o. Beograd (hosting)
Email: Corresponding with customers, suppliers, and partners Customer Identification Information, Supplier or partner Identification Information, Customer Financial Information, Supplier or partner Financial Information, Contracts, Copies of IDGoogle
Administrative activities: Invoicing and collecting payments, keeping business administrationCustomer Identification Information, Supplier or partner Identification Information, Customer Financial Information, Supplier or partner Financial Information, Contracts, Accountancy firm: “AKTIVA SISTEM” doo, Novi Sad
Using cloud services for storing and exchanging documents and work planningCustomer Identification Information, Supplier or partner Identification Information, Customer Financial Information, Supplier or partner Financial Information, ContractsGoogle; Slack; Skype; JIRA

Storage and protection of data

Your data is protected by BrightMarbles and its processors in pursuance of all legal requirements set by the relevant data processing laws. BrightMarbles has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. BrightMarbles has signed processing agreements with its processors to ensure an adequate level of data protection.

Your rights regarding information

  1. Pursuant to Article 13 paragraph 2 sub b GDPR each data subject has the right to information on and access to, and rectification, erasure, and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability.
  2. You can exercise these rights by contacting us at one of the following email addresses:
    1. For European and British data subjects:
    2. For Serbian data subjects: 
  3. Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. Ensure that you write “GDPR request” in the subject line of your email.
  4. Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
  5. Depending on the complexity and the number of requests, this period may be extended to two months.


  1. You may receive commercial offers from BrightMarbles. If you do not wish to receive them (anymore), please send us an email to the following address:, and ensure that you write “GDPR opt-out” in the subject line of your email.
  2. Your personal data will not be used by our partners for commercial purposes.
  3. If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use, or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.

Data retention

The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any BrightMarbles account, system, or other data processing medium in accordance with the process described above.

Applicable law

These conditions are governed by Serbian, British and European law. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies. 


For questions about this privacy policy, product information, or information about the website itself, please contact