Privacy Policy

1. **How We Collect Your Personal Data and the Legal Basis for Processing**

All the information we collect is provided directly by you when you decide to request the service from us. All your personal information is treated as strictly confidential, and Dermatology Online keeps it secure through the proper operation of our data protection system. In accordance with the applicable laws that regulate the protection of personal data, we may process your personal data based on the following legal grounds: - When the processing of your personal data is necessary for the conclusion and fulfillment of the obligations you agree to; - When the processing of your personal data is necessary to fulfill certain legal obligations (this includes particularly data we keep due to tax obligations); - When we have a legitimate interest in processing your personal data, unless your interests or fundamental rights and freedoms override that interest; - When you have given us your consent for the processing of your personal data for a specific purpose, and you have the right to withdraw that consent at any time; Providing personal data for all other legal bases is voluntary, but we note that if you withhold this information, in some situations, we may not be able to provide you with certain services. As part of our broader approach to data protection, we will treat all your data fully in line with our practices and business policy. We emphasize that all these legal grounds are applied based on the purpose for which we collect your data, which we will inform you about in each specific case.

2. **What Data We Collect From You**

Dermatology Online collects several categories of personal data depending on the specific request from the user:

2.1. **Purchasing/Orders on the Dermatology Online Website**

When you make a request for a service provided on the dermatologyonline.rs website, depending on the case, you may be asked to provide certain personal data necessary to conclude a remote sales contract or to fulfill obligations from the sales contract—such as product delivery, payment, and receipt (of digital goods). When using our online shopping services through the website, in addition to the above-mentioned data, we also need your email address to confirm your purchase and send you the digital product. Data collected in this way is used exclusively to conclude and execute the remote sales contract, which includes managing and tracking (digital) products, communicating with you, and handling complaints or warnings. To ensure that the services you request are delivered adequately, we share your data with our internal collaborators for the purpose of providing appropriate services (e.g., your name, email address). More information about our partners can be found in the section "Who Has Access to Your Data?"

2.2. **Complaints** In case of accepting the execution of a service on our part, which is typically prepaid, and later it turns out that it cannot be executed, Dermatology Online’s administrative team will refund the payment as soon as possible.

2.3. **Service Execution on the dermatologyonline.rs Website** When you decide to request a service on our website, for this purpose, we collect the following data:

**Mandatory data:** - Email address; - Your inquiry; **Additional data:** - Full name; Any further data will be requested in the direct service execution process to adequately fulfill it. We emphasize that we do not intentionally collect special categories of data, such as information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in a trade union, nor do we process genetic, biometric, sexual life, or sexual orientation data. Since we provide the service exclusively based on your consent, you can withdraw your consent at any time before the service is executed on our part, after which we will delete all data we hold about you. You can withdraw your consent to receive notifications about current offers and promotions at any time. In this case, we will stop sending you promotional offers. Withdrawing consent does not affect the lawfulness of processing done on the basis of consent before its withdrawal. Regardless of how you signed up to receive notifications, you can withdraw your consent via the unsubscribe option at the bottom of each email or directly. Please be informed that for sending newsletters, we engage internal collaborators for the execution of these services, and your data may be transferred to them (such as email address, full name).

2.5. **Visiting the Website** With your consent, we track your behavior as a user of our website, dermatologyonline.rs. User behavior tracking primarily involves the data about the sections where you stay and the links you click on. This helps us create personalized user profiles with your personal data and/or email address to enable us to create a personalized advertising offer from Dermatology Online in the form of newsletters, on-site advertisements, and printed materials, tailored to your personal interests and thereby improving our offer. Dermatology Online processes your data when visiting this website and other platforms. Various data may be exchanged between your device and our server during this process, which may include personal data. Data collected in this way is used, among other things, for optimizing our website or for displaying ads in your device's browser. If you have enabled geolocation in your browser, operating system, or other device settings and given your consent, we use this feature to offer you individual services based on your current location. We process location data solely for this purpose. The legal basis for processing the IP address is legitimate interest, which stems from the aforementioned purpose of data processing, as it is a technical requirement for the website to function. We do not transfer this data to third parties. The data is stored temporarily for the duration of your visit to the site and is automatically deleted afterward.

2.6. **Use of Cookies** Our website uses so-called cookies. Cookies are small files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not contain viruses, trojans, or other malicious software. They store information related to the device you are using. However, this does not mean we are aware of your identity. On the one hand, cookies are used to make your visit to the website more pleasant (we use session cookies to recognize that you have already visited certain parts of our site or that you are already logged in to your account. They are automatically deleted when you leave the website). Furthermore, we also use temporary cookies that are stored for a certain period on your device. When you revisit our website, it automatically recognizes that you have visited the site before and what settings you had, so you do not need to repeat these actions. On the other hand, we use cookies to statistically record the usage of our website for the purpose of optimizing our offer and displaying information tailored to your interests. These cookies allow us to automatically recognize you when you revisit our website. You can always manually delete cookies from your computer. Most browsers automatically accept cookies. However, you can set your browser not to store cookies on your device or to always show a message before a new cookie is created. However, completely disabling cookies may mean that you cannot use all features of our website.

2.7. **Google Analytics** For the purpose of adapting the design and continuously improving our websites, we use Google Analytics—a web analytics service provided by Google Inc. ("Google"). In this context, pseudonymized user profiles are created, and cookies are used. The data is used to evaluate the usage of our website, to compile reports on activities on the site, and to provide other services related to the use of the website and internet usage. The data is processed for market research purposes and to tailor these websites accordingly. IP addresses are anonymized, so it is not possible to determine the identity (this is called IP masking). Under no circumstances will your IP address be linked to other data by Google.

2.8. **Social Media** The same type of data you provide on the website can also be provided on the social media platforms of Dermatology Online. Access to these social media platforms is limited to our internal collaborators, who undergo mandatory identity verification and protection during service execution. Access to social channels and the entire Dermatology Online platform is strictly controlled. For more detailed information about the data processing by platform operators and possible objections, you can find them in their privacy protection rules: - Facebook - Instagram Data collected on social media is processed for the purpose of informing users about current promotions and offers, to interact and improve relationships with followers, and to explain the execution of the service. Data collected on social media platforms based on your consent, such as comments, video clips, images, likes, and posts, will be published by the operator. Dermatology Online reserves the right to delete unlawful content, hate comments, explicit content, and data that represents a criminal offense. (For web tracking methods enabled by the platform operator of social media, both the operator and we are jointly responsible. Web tracking can occur even if you are not logged in or registered on the social media platform. As mentioned earlier, we have limited control over the platform’s web tracking methods, such as not being able to disable them.) The legal basis for web tracking methods is legitimate interest, which consists in optimizing the social media platform and the specific fan page (fan-page).

3. **Who Has Access to Your Data?** Dermatology Online's team places great importance on protecting your personal data. Therefore, we ensure that your personal data is not disclosed to unauthorized individuals. Within our company, only those sectors or internal collaborators who need it to fulfill the purpose for which the personal data was collected have access to your data (our administrators and dermatologists). In addition to our employees, to provide certain services, we may share your data with third parties within the scope that is in line with Dermatology Online's business policy and with those for whom we can fulfill data processing while fully preserving user anonymity and data confidentiality. In all these cases, our relationship with external partners and how we protect and process your personal data is ensured in compliance with the Law.

4. **How Long Do We Retain Your Data?** We retain personal data only as long as necessary to fulfill the purposes mentioned above. We also take into account legal obligations to retain personal data. Data collected based on consent will be deleted upon withdrawal of consent if the purpose for which we collected the data has been fulfilled (service fully completed). When the basis for collecting data is the conclusion and execution of a contract, data related to executed services and users is retained for as long as required by tax regulations and regulations governing sales contracts.

5. **What Rights Do You Have as a Data Subject?** At any time, you can contact us with any of the following requests: - To allow you to access your personal data, to inform you about the purposes for which the data is used, as well as to access such personal data, to know the processing purpose, categories of your personal data we store, third parties or categories of third parties with whom your personal data is shared, and the period for which we retain the data. - To request the correction of inaccurate, incorrect, or outdated data; - To request the deletion of your personal data if the processing is based on your consent, legitimate interest, or if the personal data is no longer necessary for the purpose for which it was collected; - To file an objection to how we process your data, even in cases where it is clear that we process the data in accordance with the Law; - To lodge a complaint with the Commissioner for Personal Data Protection in accordance with the Law. For any additional questions and requests related to personal data processing, you can contact our Data Protection Officer in our administrative team via email with a clear request.

6. **Effective Date and Changes to the Privacy Policy** This Privacy Policy is effective as of [date], 2025. The Privacy Policy may be amended or supplemented depending on the needs and changes in the Dermatology Online processes, changes in legal frameworks, or at the request of the competent authority (the Commissioner for Information of Public Importance and Personal Data Protection). It is recommended that users regularly check for updates to this Privacy Policy on the Dermatology Online website.

‍