🔒 Politika privatnosti / Privacy Policy

Planeta računari — kako sakupljamo, koristimo i štitimo Vaše lične podatke.

📋 Verzija 1.0 📅 Stupanje na snagu 21. maj 2026. 🔄 Ažurirano 21. maj 2026.

1 Ko smo

Ova politika privatnosti opisuje kako Planeta računari (u daljem tekstu "Planeta", "mi", "nas", "naš") sakuplja, koristi i deli Vaše lične podatke kada koristite naše proizvode i usluge.

Podaci o rukovaocu:

  • Naziv: [POPUNI — pun pravni naziv firme, npr. "Planeta računari d.o.o." ili "Aleksander Krsmanović PR"]
  • Sedište: [POPUNI — pun adresa, ulica i broj, Čačak]
  • Matični broj: [POPUNI]
  • PIB: [POPUNI]
  • Email: office@planeta-racunari.rs
  • Veb sajt: https://planeta-racunari.rs

Ova politika se primenjuje na:

  • Veb sajt https://planeta-racunari.rs i sve njegove pod-stranice
  • Prodajni portal https://planeta-racunari.rs/qr-license/buy/
  • Klijent portal https://planeta-racunari.rs/qr-portal/
  • License server https://planeta-racunari.rs/qr-license/
  • WordPress plug-in QR vCard Pro instaliran na sajtovima naših klijenata

2 Koje podatke sakupljamo

2.1 Kada kupujete licencu (klijent Planete)

Kada izvršite kupovinu preko /qr-license/buy/, sakupljamo:

  • Identifikacioni podaci: ime, prezime, naziv firme (ako ste pravno lice)
  • Kontakt podaci: email adresa, broj telefona (opciono)
  • Podaci za fakturisanje: adresa za fakturu, PIB (za pravna lica)
  • Podaci o plaćanju: broj kreditne kartice se NE čuva kod nas — obrađuje ih isključivo naš platni procesor (Stripe ili WSPay) prema njihovim sigurnosnim standardima (PCI DSS)
  • Licencni podaci: license key, datum kupovine, izabrani tier (Personal/Single/5 Sites/Unlimited/Agency)
  • Tehnički podaci: IP adresa, tip uređaja i pretraživača (za potrebe sprečavanja prevara)

2.2 Kada koristite naš license server

Kada Vaš plug-in komunicira sa https://planeta-racunari.rs/qr-license/, sakupljamo:

  • Domene aktivacije: lista domena na kojima je Vaš license key aktiviran
  • Datum i vreme aktivacije / deaktivacije
  • Provera ažuriranja: datumi automatskih provera, verzija plug-ina koju koristite
  • IP adresa servera koji se konektuje

2.3 Kada koristite klijent portal

Kada se logujete na https://planeta-racunari.rs/qr-portal/, sakupljamo:

  • Login podaci: korisničko ime, hashovana lozinka (mi NIKADA ne vidimo Vašu lozinku u čistom tekstu)
  • Sesijski podaci: vreme prijave, IP adresa sesije
  • Podaci o aktivnostima: koje QR kartice ste kreirali, kada ste ih ažurirali

2.4 Kada posetioci skeniraju QR kartice naših klijenata

VAŽNA NAPOMENA O ULOGAMA: Kada krajnji korisnik (osoba sa telefonom) skenira QR kod naših klijenata, podaci koje plug-in sakuplja pripadaju našem klijentu kao rukovaocu podataka. Planeta je u ovom slučaju obrađivač podataka (Data Processor), a naš klijent je rukovalac (Data Controller).

Podaci koji se sakupljaju:

  • Tehnički podaci o skeniranju: datum i vreme, tip uređaja, pretraživač, referer URL
  • IP adresa: podrazumevano se čuva kao SHA256+salt hash — što znači da originalna IP adresa NE MOŽE biti rekonstruisana. Ovo omogućava brojanje "jedinstvenih skenova" bez čuvanja stvarne IP adrese.
  • Geografska lokacija (opciono): ako je naš klijent uključio ovu funkciju, šaljemo IP ka servisu ip-api.com (sa sedištem u Australiji) radi dobijanja gradskog/državnog nivoa lokacije. Tačna IP adresa se ne čuva nigde.
  • Podaci putem Contact Exchange forme (opciono): ime, email, telefon, firma, poruka — sakupljaju se SAMO uz eksplicitnu saglasnost posetioca preko opt-in čekboksa, i ide direktno klijentu kao rukovaocu.

2.5 Kada posećujete naš veb sajt

  • Standardni analitički podaci: IP adresa, tip pretraživača, posećene stranice, vreme posete (preko [POPUNI — npr. Google Analytics 4 ili Plausible])
  • Kolačići: vidite Sekciju 10 ispod

3 Pravni osnov za obradu

U skladu sa GDPR Članom 6, naš pravni osnov za obradu Vaših ličnih podataka je:

AktivnostPravni osnov
Obrada kupovine i aktivacija licenciIzvršenje ugovora (Član 6(1)(b))
Sakupljanje podataka o skeniranju (hashed IP)Legitimni interes našeg klijenta (Član 6(1)(f)) — analitika sopstvenih QR kartica
Contact Exchange (sa opt-in saglasnošću)Eksplicitna saglasnost (Član 6(1)(a))
Geografska lokacija via ip-api.comLegitimni interes rukovaoca, uz obavezu transparentnosti
Marketing email-ovi (newsletter)Saglasnost (Član 6(1)(a)) — uvek možete odjaviti
Računovodstveni i poreski podaciZakonska obaveza (Član 6(1)(c)) — srpski Zakon o računovodstvu
Sprečavanje prevara (fraud detection)Legitimni interes (Član 6(1)(f))

4 Kako koristimo Vaše podatke

Vaše podatke koristimo isključivo za:

  • Pružanje usluge: dostava license key-a, aktivacija plug-ina, podrška
  • Komunikacija: transakcioni email-ovi (potvrda kupovine, dostava licence, support odgovori)
  • Sigurnost: detekcija sumnjivih aktivnosti, sprečavanje zloupotrebe
  • Pravne obaveze: izdavanje računa, čuvanje računovodstvene evidencije
  • Poboljšanje usluge: anonimizovani statistički podaci o korišćenju plug-ina

Vaše podatke NE PRODAJEMO trećim licima. NE KORISTIMO ih za behavioralni marketing. NE PROFILIŠEMO Vas.

5 Sa kim delimo Vaše podatke

Delimo Vaše podatke isključivo sa sledećim trećim licima, i to samo u meri koja je neophodna:

5.1 Platni procesori

  • Stripe, Inc. (ako koristimo Stripe) — sedište: San Francisco, USA. Procesira plaćanja kreditnim karticama. Privacy Policy: https://stripe.com/privacy
  • WSPay (ako koristimo WSPay) — sedište: Zagreb, Hrvatska. Procesira plaćanja za balkansko tržište. Privacy Policy: https://wspay.eu/privacy

5.2 Hosting i infrastruktura

  • [POPUNI — npr. cPanel hosting provider] — sedište: [POPUNI]. Hostuje naš sajt i license server.

5.3 Email servisi

  • [POPUNI — npr. SendGrid, Mailgun, ili SMTP od hosting providera] — šalje transakcione email-ove

5.4 Analitika

  • [POPUNI — Google Analytics 4 ili Plausible] — anonimizirana web analitika

5.5 Geografska lokacija (samo ako klijent uključi)

  • ip-api.com (Salesforce.com Inc., Brisbane, Australija) — geografska lokacija po IP-u. Privacy Policy: https://ip-api.com/docs/legal

5.6 Zakonska obaveza

Možemo otkriti Vaše podatke nadležnim organima ako to zakon nalaže (npr. po nalogu suda, poreske inspekcije, ili u slučaju istrage prevare).

6 Međunarodni prenos podataka

Neki od naših procesora (Stripe, ip-api.com) se nalaze van Evropske ekonomske zone (EEZ) i Srbije:

  • Prenos u USA: Stripe se oslanja na Standardne ugovorne klauzule (SCCs) odobrene od strane Evropske komisije, kao dodatak na nove Privacy Shield aranžmane.
  • Prenos u Australiju: ip-api.com pruža samo opcione geografske podatke (city-level), bez čuvanja IP adrese.

Sve prenose vršimo uz odgovarajuće zaštitne mere u skladu sa članovima 44-49 GDPR-a.

7 Koliko dugo čuvamo Vaše podatke

Vrsta podatakaPeriod čuvanja
Računovodstveni podaci (fakture, plaćanja)10 godina (srpski Zakon o računovodstvu)
Aktivne licence i license key-eviDoživotno (dok licenca važi) ili dok ne zatražite brisanje
Login sesije (klijent portal)30 dana od poslednje aktivnosti
Hashovani IP-ovi sa QR skeniranja365 dana (default, naš klijent može da konfiguriše kraći period)
Contact Exchange podaciDok rukovalac (naš klijent) ne obriše ili dok subjekt ne zatraži brisanje
Email marketing podaciDo odjave ili do 24 meseca neaktivnosti
Tehnički logovi (server logs)90 dana
Backup-ovi30 dana rotirajući

Po isteku ovih perioda, podaci se brišu ili anonimiziraju.

8 Vaša prava

U skladu sa GDPR (i srpskim ZZPL gde je primenjivo), imate sledeća prava:

PravoŠta to znači
Pravo na pristupMožete tražiti kopiju svih podataka koje imamo o Vama
Pravo na ispravkuMožete tražiti ispravku netačnih podataka
Pravo na brisanje ("right to be forgotten")Možete tražiti brisanje Vaših podataka (uz neka ograničenja — npr. ne možemo da brišemo računovodstvene podatke pre isteka 10 godina)
Pravo na ograničenje obradeMožete tražiti da privremeno obustavimo obradu
Pravo na prenosivost podatakaMožete tražiti svoje podatke u strukturisanom, mašinsko-čitljivom formatu (JSON, CSV)
Pravo na prigovorMožete uložiti prigovor na obradu zasnovanu na legitimnom interesu
Pravo na odjavu pristankaAko je obrada zasnovana na saglasnosti, možete je povući bilo kada
Pravo na žalbu nadzornom organuMožete podneti žalbu Povereniku za informacije od javnog značaja i zaštitu podataka o ličnosti Republike Srbije (poverenik.rs) ili nadležnom EU organu ako ste iz EU

Kako da ostvarite ova prava: Pošaljite email na office@planeta-racunari.rs sa naslovom "[GDPR ZAHTEV] [tip zahteva]". Odgovaramo u roku od 30 dana od prijema zahteva. Identitet ćemo verifikovati pre obrade osetljivih zahteva (npr. brisanja).

9 Bezbednost podataka

Primenjujemo sledeće tehničke i organizacione mere za zaštitu Vaših podataka:

Tehničke mere:

  • HTTPS/TLS enkripcija za sav saobraćaj
  • Lozinke se čuvaju kao bcrypt/argon2 hash-evi (nikad u čistom tekstu)
  • IP adrese za skeniranje se čuvaju kao SHA256+salt hash
  • Redovni backup-ovi sa enkripcijom
  • Firewall i intrusion detection na nivou hosting providera
  • Redovne sigurnosne nadogradnje WordPress core-a, plug-inova i tema
  • Restrikcija pristupa license serveru po IP listi i autentikaciji

Organizacione mere:

  • Pristup ličnim podacima imaju samo ovlašćena lica (Aleksander Krsmanović)
  • Politika lozinki sa minimalnom dužinom i kompleksnošću
  • Dvofaktorska autentikacija (2FA) za admin pristup
  • Trening za prepoznavanje phishing pokušaja
  • Politika "least privilege" za sve sistemske naloge

Šta NE garantujemo: Iako preduzimamo razumne mere, nijedan sistem nije 100% siguran. U slučaju data breach-a koji utiče na Vaša prava i slobode, obavestićemo Vas u roku od 72 sata od saznanja, kao i nadležni nadzorni organ.

10 Kolačići (Cookies)

Naš sajt koristi sledeće kolačiće:

Neophodni kolačići (uvek aktivni)

  • PHPSESSID — sesija na sajtu, briše se nakon zatvaranja pretraživača
  • woocommerce_* (ako koristimo WooCommerce) — korpa, checkout

Funkcionalni kolačići (opciono, sa Vašom saglasnošću)

  • cookie_consent — pamti Vaš izbor o kolačićima
  • language — pamti izabrani jezik

Analitički kolačići (opciono, sa Vašom saglasnošću)

  • _ga, _gid, _gat — Google Analytics (ako se koristi)
  • plausible_ignore — Plausible Analytics

Možete upravljati kolačićima preko našeg cookie banner-a koji se prikazuje prilikom prve posete, ili kroz podešavanja Vašeg pretraživača.

11 Maloletna lica

Naše usluge nisu namenjene osobama mlađim od 16 godina. Svesno NE sakupljamo podatke od maloletnih lica. Ako ste roditelj/staratelj i saznate da je Vaše dete dalo nam svoje podatke, kontaktirajte nas na office@planeta-racunari.rs — odmah ćemo ih izbrisati.

12 Izmene ove politike

Ovu politiku možemo povremeno menjati. Materijalne izmene ćemo komunicirati:

  • Email obaveštenjem aktivnim klijentima (najmanje 30 dana pre stupanja na snagu)
  • Banner-om na naslovnoj strani sajta
  • Datumom "Poslednje ažurirano" na vrhu ovog dokumenta

Verzioniramo politiku, pa možete videti stare verzije na zahtev.

13 Kontakt

Za sva pitanja, žalbe, ili ostvarivanje Vaših prava, kontaktirajte nas:

Planeta računari (Aleksander Krsmanović)

Nadzorni organ u Srbiji: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti

  • Web: https://www.poverenik.rs
  • Email: office@poverenik.rs
  • Adresa: Bulevar Kralja Aleksandra 15, 11000 Beograd

Nadzorni organi u EU: Lista nadzornih organa po državama: https://edpb.europa.eu/about-edpb/about-edpb/members_en

1 Who We Are

This Privacy Policy describes how Planeta računari (hereinafter "Planeta", "we", "us", "our") collects, uses, and shares your personal data when you use our products and services.

Data Controller details:

  • Legal Name: [FILL IN — full legal company name]
  • Registered Address: Milice Pavlović 32/3/12, 32000 Čačak, Serbia
  • Registration Number: [FILL IN]
  • Tax ID: [FILL IN]
  • Email: office@planeta-racunari.rs
  • Website: https://planeta-racunari.rs

This policy applies to:

  • Website https://planeta-racunari.rs and all sub-pages
  • Sales portal https://planeta-racunari.rs/qr-license/buy/
  • Client portal https://planeta-racunari.rs/qr-portal/
  • License server https://planeta-racunari.rs/qr-license/
  • WordPress plug-in QR vCard Pro installed on our clients' sites

2 What Data We Collect

2.1 When You Purchase a License (Planeta's customer)

When you make a purchase via /qr-license/buy/, we collect:

  • Identification: first name, last name, company name (if business)
  • Contact: email address, phone number (optional)
  • Billing: invoice address, Tax ID (for businesses)
  • Payment: credit card details are NOT stored by us — processed exclusively by our payment processor (Stripe or WSPay) under their PCI DSS standards
  • License data: license key, purchase date, selected tier (Personal/Single/5 Sites/Unlimited/Agency)
  • Technical: IP address, device and browser type (for fraud prevention)

2.2 When You Use Our License Server

When your plug-in communicates with https://planeta-racunari.rs/qr-license/, we collect:

  • Activation domains: list of domains where your license key is activated
  • Activation/deactivation timestamps
  • Update checks: dates of automatic checks, version of plug-in in use
  • IP address of the connecting server

2.3 When You Use the Client Portal

When you log into https://planeta-racunari.rs/qr-portal/, we collect:

  • Login data: username, hashed password (we NEVER see your password in plaintext)
  • Session data: login time, session IP address
  • Activity data: QR cards you created, when you updated them

2.4 When Visitors Scan Our Clients' QR Cards

IMPORTANT ROLE NOTICE: When an end user (someone with a phone) scans our clients' QR code, the data collected by the plug-in belongs to our client as the Data Controller. Planeta acts as a Data Processor in this case, and our client is the Controller.

Data collected:

  • Technical scan data: date and time, device type, browser, referer URL
  • IP address: stored by default as SHA256+salt hash — meaning the original IP CANNOT be reconstructed. This enables counting "unique scans" without storing actual IP addresses.
  • Geographic location (optional): if our client has enabled this feature, we send the IP to ip-api.com (Australia-based) to obtain city/country level location. The exact IP is not stored anywhere.
  • Contact Exchange form data (optional): name, email, phone, company, message — collected ONLY with the visitor's explicit consent via opt-in checkbox, and goes directly to the client as the controller.

2.5 When You Visit Our Website

  • Standard analytics: IP address, browser type, pages visited, visit time (via [FILL IN — e.g. Google Analytics 4 or Plausible])
  • Cookies: see Section 10 below

3 Legal Basis for Processing

Pursuant to GDPR Article 6, our legal bases for processing your personal data are:

ActivityLegal Basis
Purchase processing and license activationPerformance of contract (Art. 6(1)(b))
Scan data collection (hashed IP)Legitimate interest of our client (Art. 6(1)(f))
Contact Exchange (with opt-in consent)Explicit consent (Art. 6(1)(a))
Geographic lookup via ip-api.comLegitimate interest with transparency obligation
Marketing emails (newsletter)Consent (Art. 6(1)(a)) — always opt-out available
Accounting and tax dataLegal obligation (Art. 6(1)(c)) — Serbian Accounting Act
Fraud detectionLegitimate interest (Art. 6(1)(f))

4 How We Use Your Data

We use your data solely for:

  • Service provision: delivering license keys, plug-in activation, support
  • Communication: transactional emails (purchase confirmation, license delivery, support replies)
  • Security: detecting suspicious activity, preventing abuse
  • Legal obligations: issuing invoices, maintaining accounting records
  • Service improvement: anonymized statistical data on plug-in usage

We DO NOT SELL your data to third parties. We DO NOT USE it for behavioral marketing. We DO NOT PROFILE you.

5 Who We Share Your Data With

We share your data only with the following third parties, and only to the extent necessary:

5.1 Payment Processors

  • Stripe, Inc. (if used) — San Francisco, USA. Processes credit card payments. Privacy Policy: https://stripe.com/privacy
  • WSPay (if used) — Zagreb, Croatia. Processes payments for the Balkan market. Privacy Policy: https://wspay.eu/privacy

5.2 Hosting and Infrastructure

  • [FILL IN — hosting provider] — Belgrade, Serbia (EU adequacy). Hosts our website and license server.

5.3 Email Services

  • [FILL IN — SendGrid, Mailgun, or SMTP from hosting provider] — sends transactional emails

5.4 Analytics

  • [FILL IN — Google Analytics 4 or Plausible] — anonymized web analytics

5.5 Geographic Lookup (only if client enables)

  • ip-api.com (Brisbane, Australia) — IP-based geographic lookup. Privacy Policy: https://ip-api.com/docs/legal

5.6 Legal Obligations

We may disclose your data to authorities if required by law (e.g., court order, tax inspection, fraud investigation).

6 International Data Transfers

Some of our processors (Stripe, ip-api.com) are located outside the European Economic Area (EEA) and Serbia:

  • Transfers to USA: Stripe relies on Standard Contractual Clauses (SCCs) approved by the European Commission, in addition to new Privacy Shield arrangements.
  • Transfers to Australia: ip-api.com provides only optional geographic data (city-level), without storing the IP address.

All transfers are performed with appropriate safeguards in accordance with GDPR Articles 44-49.

7 How Long We Retain Your Data

Data TypeRetention Period
Accounting data (invoices, payments)10 years (Serbian Accounting Act)
Active licenses and license keysLifetime (while license is valid) or until you request deletion
Login sessions (client portal)30 days from last activity
Hashed IPs from QR scans365 days (default, our client may configure shorter)
Contact Exchange dataUntil controller (our client) deletes or subject requests deletion
Email marketing dataUntil unsubscribe or 24 months inactivity
Technical logs (server logs)90 days
Backups30 days rotating

After these periods, data is deleted or anonymized.

8 Your Rights

Pursuant to GDPR (and Serbian ZZPL where applicable), you have the following rights:

RightWhat It Means
Right of AccessRequest a copy of all data we hold about you
Right to RectificationRequest correction of inaccurate data
Right to Erasure ("right to be forgotten")Request deletion of your data (with some limitations — e.g., we cannot delete accounting data before the 10-year period expires)
Right to RestrictionRequest temporary suspension of processing
Right to Data PortabilityRequest your data in structured, machine-readable format (JSON, CSV)
Right to ObjectObject to processing based on legitimate interest
Right to Withdraw ConsentWhere processing is based on consent, you can withdraw it anytime
Right to Lodge a ComplaintFile a complaint with the Serbian Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs) or your EU supervisory authority

How to Exercise These Rights: Email office@planeta-racunari.rs with subject "[GDPR REQUEST] [request type]". We respond within 30 days of receiving your request. We will verify your identity before processing sensitive requests (e.g., deletion).

9 Data Security

We implement the following technical and organizational measures to protect your data:

Technical Measures:

  • HTTPS/TLS encryption for all traffic
  • Passwords stored as bcrypt/argon2 hashes (never plaintext)
  • IP addresses for scans stored as SHA256+salt hash
  • Regular encrypted backups
  • Firewall and intrusion detection at hosting provider level
  • Regular security updates for WordPress core, plug-ins, and themes
  • Access restrictions on license server by IP whitelist and authentication

Organizational Measures:

  • Personal data access limited to authorized personnel only (Aleksander Krsmanović)
  • Password policy with minimum length and complexity
  • Two-factor authentication (2FA) for admin access
  • Phishing awareness training
  • "Least privilege" policy for all system accounts

What We DO NOT Guarantee: Although we take reasonable measures, no system is 100% secure. In case of a data breach affecting your rights and freedoms, we will notify you within 72 hours of becoming aware, as well as the competent supervisory authority.

10 Cookies

Our site uses the following cookies:

Necessary Cookies (always active)

  • PHPSESSID — site session, deleted after browser close
  • woocommerce_* (if WooCommerce used) — cart, checkout

Functional Cookies (optional, with your consent)

  • cookie_consent — remembers your cookie choice
  • language — remembers selected language

Analytics Cookies (optional, with your consent)

  • _ga, _gid, _gat — Google Analytics (if used)
  • plausible_ignore — Plausible Analytics

You can manage cookies via our cookie banner displayed on first visit, or through your browser settings.

11 Minors

Our services are not intended for persons under 16 years of age. We do not knowingly collect data from minors. If you are a parent/guardian and learn that your child has provided us with personal data, contact us at office@planeta-racunari.rs — we will delete it immediately.

12 Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via:

  • Email notification to active clients (at least 30 days before effective date)
  • Banner on the homepage
  • Updated "Last updated" date at top of this document

We version the policy, so old versions can be retrieved on request.

13 Contact

For any questions, complaints, or to exercise your rights, contact:

Planeta računari (Aleksander Krsmanović)

Supervisory Authority in Serbia: Commissioner for Information of Public Importance and Personal Data Protection

  • Web: https://www.poverenik.rs
  • Email: office@poverenik.rs
  • Address: Bulevar Kralja Aleksandra 15, 11000 Belgrade, Serbia

EU Supervisory Authorities: List of national authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

# 🛠️ TEHNIČKI UPUTSTVO ZA POSTAVLJANJE

14 Kako da implementiraš ovo na sajtu

1. WordPress (planeta-racunari.rs):

  • wp-admin → Settings → Privacy → kreiraj novu stranicu "Privacy Policy"
  • Paste ceo sadržaj iznad
  • Postavi kao "Privacy Policy Page"
  • Footer link se automatski generiše

2. HTML konverzija (ako koristiš custom buy stranicu):

  • Konvertuj markdown u HTML (pandoc, online tool, ili VS Code extension)
  • Stavi u /qr-license/buy/privacy.html ili kao samostalnu stranicu
  • Link u footer-u svake stranice

3. Cookie banner — instaliraj Complianz ili CookieYes plug-in (besplatne verzije ima)

  • Konfiguracija takava da poziva ovaj Privacy Policy

4. Email footer — dodaj na sva transakciona email-a: ```

Planeta računari · Čačak · office@planeta-racunari.rs Privacy Policy: https://planeta-racunari.rs/privacy-policy/ ```

U slučaju neslaganja između srpske i engleske verzije, srpska verzija prevazilazi za kupce sa prebivalištem u Srbiji, dok engleska verzija prevazilazi za sve ostale kupce.

⬆️ Na vrh
error: Content is protected !!