Search
Image
EN / RS

Privacy Policy

Privacy Policy

 

Last updated on: March 02, 2026

 

Protecting the personal data of users of chat2desk.net and chat2desk.rs is very important to OMNI-2023 DOO Pančevo (the “Company” or “Licensor”). This Privacy Policy governs the collection, processing, and use of personal data related to your visit to our Website and your use of our Product/Service.

 

We collect information from you directly when you provide it to us through the Services. We further automatically collect certain information about you and your smartphone or other devices when you use, access, or interact with our Services.

1. Definitions

In this Privacy Policy, as well as in our Terms of Use the listed terms shall have the following meaning:

When we say…

We mean…
Consent

Your explicit consent on the processing of your Personal Data. Explicit consent means that the data subject must give an express statement of consent. 
Cookies

Small pieces of data stored on your device (computer or mobile device). This information is used to track your use of Website and to compile statistical records on Website activity. For further information about the use of cookies and how you can manage them, please read our Cookie Policy (https://chat2desk.rs/cookie-policy, https://chat2desk.net/cookie-policy).
Data Processors

Any natural or legal person who processes Personal Data on behalf of Chat2Desk Group as data controller. We may use the services of various service providers in order to process your Personal Data more effectively.
Personal Data

Any information relating to an identified or identifiable natural person (Data Subject). Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, etc.


Therefore, data about a company or any legal entity is not considered to be personal data but registering on behalf of a legal entity may include sharing personal data. For example, the information in relation to one-person companies may constitute personal data where it allows the identification of a natural person. These rules also apply to all personal data relating to natural persons in the course of professional activity, such as the employees of the company or organization, business e-mail addresses like “firstname.surname@company.com”. This Privacy Policy does not apply to information from which no individual can reasonably be identified (anonymized information).
Processing

Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Product/Service

a computer program presented in the form of a set of data and commands reproduced on the equipment of the Platform users (client part) and/or used by remote access via the Internet in a separate section of the server part of the Platform created as a result of the Licensee completing the registration procedure in the 

Platform (server part).
GDPR

Regulation (EU) 2016/679 of the European Parliament 

and of the Council (General Data Protection Regulation).
ZZPL

Law on Personal Data Protection of the Republic of Serbia (Službeni glasnik RS, No. 87/2018)

 

2. Personal Data we collect

 

Your Personal Data may be collected and received in several ways:

  • Personal Data you share with us voluntarily, by the use of Product or our Website, or which you provide through getting in touch with us,
  • Personal Data we collect automatically when you use our Website or Product,
  • Personal Data we collect through the use of cookies, in accordance with our Cookie Policy (https://chat2desk.rs/cookie-policy, https://chat2desk.net/cookie-policy),
  • Personal data we collect about you from third parties or Services.

Data we collect about you may be divided into following groups:

Information we collect when you use Products

This is the information and data that you provide to us during the registration process on the service and while using our product. 


Such data includes, but is not limited to: full name, email address, phone number, user ID.

We also process technical data (for example, logins, timestamps of service access, IP addresses and devices used to access the service, information about connected messengers and integrations).

However, we do not process the content of messages, regardless of the message format.

Information we collect when you use Website

We will ask you to leave your name, e-mail address, telephone number, if you:

  • contact us via the Website’s page or at any other e-mail address available on Website, 
  • register in Product.

Additional information

In case you contact us via Website or at any other e-mail address available at our Website, we may receive additional information about you, such as business address, your profession, company on behalf you are getting in touch with us, country in which the company is based and content of the messages or attachments you may send us, or any other information you decide to share with us.


These rules only apply to personal data about individuals, they do not govern data about companies or other legal entities. However, the information in relation to one-person companies may constitute personal data where it allows the identification of a natural person. 


All Personal Data that you provide to us must be true, complete and accurate, and you must notify us on any changes to such Personal Data.

Information and Technical Data we collect automatically when you use this website 

Information we collect automatically may include information like your IP address, device type, unique device identification number, browser type, broad geographic location (e.g., country or city-level location) and other technical information. Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Policy.


We use analytic tools to help us measure traffic and usage trends for our Website. These tools collect information sent by your device or our Website, including the web pages you visit, add-ons, and other information that assists us in improving our Website. We collect and use this analytics information with analytics information from other users so that it cannot reasonably be used to identify any particular individual user.

Your Usage Data

We collect and record data and sessions about how you are accessing and using Website. Such information may include Personal Data.

Mobile Device Data

We collect limited data from your mobile device in order to provide the best performance of our Website and analyze our performance. Such data includes your mobile device type, mobile device ID, and the date and time stamps of Website use. In addition, we deploy tracking technologies within Website to help us gather aggregate, non-personal statistics.

Third-Party Products

Our service integrates and provides access to third-party products, including communication messengers. Please note that while we facilitate your use of these external products, the collection, processing, and storage of data within those third-party services are governed by their respective privacy policies. We encourage you to review the privacy terms of each integrated product to understand how your data is handled.

3. Why Do We Collect and Process Personal Data?

We collect and process personal data only where there is a lawful basis to do so, and strictly for specified, explicit, and legitimate purposes. The processing is conducted transparently and proportionately, in accordance with applicable data protection laws.

Below is a detailed overview of the purposes for which we collect personal data, along with the methods of processing:

1. Service Provision and Customer Relationship Management

Purpose:
To provide you with access to our Products, Services, Platform, or features you have requested, and to manage our contractual relationship.

Processing activities may include:

  • Account creation and user authentication;
  • Managing Licenses, orders, or service requests;
  • Responding to inquiries or customer support; 
  • Sending service-related notifications (e.g., password reset, transaction confirmation)

Data we collect: 

  • last name, first name; 
  • Communication Service ID; 
  • phone number, email.

Legal basis:  Processing is necessary for the performance of a contract (Agreement) to which the Licensee is party (Art. 6(1)(b) GDPR / Art. 12(1)(2) ZZPL) and based on the user's consent where applicable. Terms of Use: https://chat2desk.rs/terms-of-use, https://chat2desk.net/terms-of-use

2. Marketing and Communications

Purpose:
To inform Users about offers, services, events, or updates that may be of interest to you.

Processing activities may include:

  • Sending newsletters or promotional email;
  • Displaying targeted advertisements on our platforms or third-party sites;
  • Conducting customer satisfaction surveys or marketing research.

Data we collect: 

  • last name, first name 
  • phone number, email

Legal basis: Processing is based on the User’s explicit consent (Art. 6(1)(a) GDPR / Art. 12(1)(1) ZZPL).

Withdrawal of Consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may unsubscribe from receiving personalized offers by following the instructions found at the end of each email. We may use your email for this purpose until you unsubscribe.

3. Website Analytics

Purpose:
To understand how users interact with our website, and to improve functionality and user experience.

Processing activities may include:

  • Collecting data on page views, clicks, and time spent;
  • Analyzing aggregated user behavior;
  • Performing A/B testing to optimize user interface.

Data we collect: 

  • last name, first name; 
  • phone number, email;
  • other in accordance with Cookie Policy.

Legal basis: Processing is based on the User’s consent (Art. 6(1)(a) GDPR) regarding non-essential cookies and our legitimate interest (Art. 6(1)(f) GDPR) in maintaining a functional and secure Website.

Control: You may manage your preferences or withdraw consent for monitoring behavior through your browser settings or the instructions provided in our emails.

4. How do we use your Personal Data?

Methods of Personal Data Processing

The Licensee and/or User hereby agrees to the processing of their Personal Data, which includes the following operations (set of operations), whether or not by automated means:

  • Collection and recording;
  • Systematization and accumulation;
  • Storage and structuring;
  • Adaptation or alteration (updating, modification);
  • Retrieval, consultation, and use;
  • Anonymization and blocking;
  • Erasure and destruction.

Processing is carried out both manually and through the use of the Licensor’s automated information systems (Platform) in accordance with the internal rules and technical standards of the Company.

 

Personal Data Protection Methods

In order to achieve the highest level of Personal Data security and ensure compliance with the Zakon o zaštiti podataka o ličnosti (ZZPL) and GDPR, the Licensor implements the following measures:

 

Staff Confidentiality: All our employees and contractors are legally and contractually bound by professional secrecy (Non-Disclosure Agreements). Access to Personal Data is strictly limited to authorized personnel who require such access to perform their professional duties.

 

Organizational Measures: We use information audits to identify, categorize, and record all Personal Data processing activities. We maintain a strict internal policy regarding data access and handling.

 

Technical Measures: We implement appropriate technical safeguards, including but not limited to:

  • Use of secure servers and encrypted connections (SSL/TLS);
  • Firewalls and intrusion detection systems;
  • Regular security audits and vulnerability assessments of the Platform;
  • Anonymization or pseudonymization of data where possible to minimize risks.

Prevention of Unauthorized Access: We use all reasonable legal, technical, and organizational measures to prevent Personal Data from being revealed, altered, or destroyed outside the legal purposes for which it was collected.

5. Who do we share your Personal Data with?

5.1. Engagement of External Processors.

The performance of certain processing activities requires the engagement of external processors. To ensure the highest level of data protection, the Licensor conducts regular information audits to identify, categorize, and record all Personal Data processed outside of the company. This ensures that all processing activities, the identity of the processors, and the legal bases are strictly recorded, reviewed, and compliant with applicable law.

5.2. Categories of External Processors.

Such external processing includes, but is not limited to:

IT Systems and Infrastructure Services (e.g., hosting and data storage providers);

Legal and Professional Services (e.g., consultants and auditors bound by professional secrecy);

Financial and Accounting Services (e.g., payment gateways and billing software);

Marketing and Analytics Services (e.g., tools for analyzing website traffic and sending communications).

5.3. Consent to Data Transfer.

For the purpose of fulfilling obligations under the Agreement (Terms of Use), the Licensor is entitled to transfer the Licensee’s Personal Data to third parties (sub-processors). By accepting this Privacy Policy and the Terms of Use, the Licensee provides explicit, informed, and voluntary consent to such transfers.

5.4. Scope and Annex A.

The specific terms, methods, and scope of data being transferred are set out in Annex A to this Privacy Policy. This list of third-party processors may be amended at any time at the Licensor’s sole discretion to ensure the optimal functioning of the Product.

5.5. Responsibility for Monitoring Updates.

The Licensor reserves the right to update Annex A as new service providers are engaged or existing ones are changed. While the Licensor may send notifications regarding significant changes if an email address is provided, the Licensee is responsible for periodically reviewing this Privacy Policy and its Annexes for updates.

6. Your rights

Right to Be Informed

You have the right to receive clear, transparent, and easily understandable information about how and why your personal data is collected and processed.

Right of Access

You have the right to request access to the personal data we hold about you and to obtain information such as:

  • the purposes of processing,
  • categories of data processed,
  • recipients or categories of recipients, including third countries,
  • the storage period,
  • your rights related to the data,
  • and the source of the data (if not collected directly from you).

Right to Rectification

You have the right to request the correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data in cases where:

  • the data is no longer necessary for the purposes for which it was collected,
  • you withdraw your consent (and there is no other legal basis),
  • the processing is unlawful,
  • or the data must be deleted to comply with a legal obligation.

Right to Withdraw Consent

Where data processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Data Portability

You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your data under certain conditions (e.g., if you contest the accuracy of the data or object to processing).

Right to Object

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data based on legitimate interests.

7. How Do We Keep Your Personal Data Secure?

We take the security of your personal data seriously and implement appropriate technical and organizational measures (TOMs) designed to provide a level of security appropriate to the risk of processing your Personal Data. These measures are intended to protect your data against unauthorized access, loss, misuse, alteration, or destruction. Our security framework includes:

  • Use of industry-standard encryption and secure protocols;
  • Regular internal reviews of our data collection, storage, and processing practices;
  • Physical and electronic security measures to guard against unauthorized access to systems.

Limitation of Guarantee

While we strive to use commercially acceptable means to protect your Personal Data, the Licensee acknowledges that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, the Licensor cannot guarantee its absolute security or confidentiality.

International Data Transfers

We may transfer and process your personal data in countries other than the one you reside in. The Licensor maintains appropriate safeguards to ensure an adequate level of security in respect of all personal data we process. We strictly ensure that such transfers are made:

  • To countries within the European Economic Area (EEA);
  • To countries which ensure an adequate level of protection (as determined by the European Commission or the competent authorities in the Republic of Serbia);
  • Based on Standard Contractual Clauses (SCCs) or other valid legal mechanisms that ensure the protection of your data subject rights.

Support and Inquiries

If you have any specific questions about the technical security of our Website, the Platform, or the protective measures we have implemented, please contact us via the channels specified in the “Contact Us” section.

8. Changes to our Privacy Policy

Right to Amend. The Licensor reserves the right to change, modify, or update this Privacy Policy from time to time at its sole discretion to reflect changes in legal requirements, technical updates, or our business practices.

Effective Date. Any changes shall enter into force immediately upon being published on our Website. The Licensee is cautioned to review our Privacy Policy periodically to stay informed about how we are protecting their data.

Notification. If we have your email address, we may send you a notice regarding significant changes to this Policy. However, the absence of such notice does not waive the Licensee's responsibility to monitor updates on the Website.

 

Acceptance of Changes. By continuing to access the Website or use the Product/Service after those changes become effective, you agree to be bound by the revised Privacy Policy. In case you do not agree with the updated terms of our Privacy Policy, you must stop using our Website and the Product/Service immediately.

9. Contact Us

Should you wish to exercise any of the rights you have as a Data Subject, or you have a question for us regarding this Privacy Policy, please contact us.

 

Annex A

to the Privacy Policy 

Dated 2nd of March, 2026 

 

Party to which data is transferred

Purposes of data transfer

Processing methods

Data Center Location

Personal data to be transferred

IT contractors and service platforms (data processors)


Hetzner Online GmbH

Industriestr. 25

91710 Gunzenhausen

Germany


Company privacy policy: hetzner.com/legal/privacy-policy/

Storage and processing of data to the extent necessary for the operation of the Product

In accordance with Section 3 of the Privacy Policy

Germany

To the extent provided in Section 3 of the Privacy Policy

Marketing Contractors


Google Ireland Limited

Address: Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland


Company privacy policy: policies.google.com/privacy

Implementation of marketing purposes

In accordance with Section 3 of the Privacy Policy

Ireland

To the extent provided in Section 3 of the Privacy Policy

Facebook

Meta Platforms Ireland Limited  

4 Grand Canal Square,  

Grand Canal Harbour,  

Dublin 2,  

Ireland


Company privacy policy: 

facebook.com/privacy/policy/

Ireland