OptSens Privacy Policy

Updated 02.06.2026.
This Privacy Policy describes how OptSens doo collects, uses, shares, and protects personal data across the OptSens consent platform, our website, our Shopify app, and related services. It also covers the data we handle on behalf of our customers about visitors to their websites, and the rights and choices you have.
 
The Serbian version of this Privacy Policy follows below. Srpska verzija ove Politike Privatnosti je u nastavku.

1. Who we are

OptSens doo (“OptSens”, “we”, “us”) operates the OptSens consent management platform, the websites at optsens.com, my.optsens.com, docs.optsens.com, and status.optsens.com, the OptSens app for Shopify, the OptSens WordPress plugin, the OptSens template for Google Tag Manager, and related services. Our address is Pana Đukića, 16000 Leskovac, Serbia. For any privacy question or to exercise your rights, contact us at [email protected].

2. Our roles as controller and processor

OptSens handles personal data in two different roles:
 
  • We are the controller of the personal data of our customers (the businesses that open an OptSens account) and of visitors to our own website. This means we decide why and how that data is processed, and this Privacy Policy describes it.
     
  • We are the processor of the consent data we collect on behalf of our customers about visitors to their websites. Here the website operator is the controller and decides why and how the data is used, and OptSens processes it only on their instructions. The terms are set out in a Data Processing Agreement, available to customers on request. If you are a visitor to a website that uses OptSens, please also read that website operator’s own privacy policy. 

3. Information we collect

3.1 Information you give us.

When you create and use an OptSens account, we collect your name, email address, your password (stored only in hashed form), your language and display preferences, the websites (domains) you add, and your billing details (company name, billing address, tax identification number, and country). When you contact support, we keep your messages and the contact details you provide.

3.2 Information we collect automatically.

When you use the dashboard, we record technical and usage data such as your IP address (stored in encrypted form), browser and device information, login activity, and actions taken in the platform, which we use for security and to operate the service. Our own website and dashboard use a small number of cookies (see section 5).

3.3 Information from our Shopify app.

When you install the OptSens app for Shopify, we receive limited store and app information through Shopify’s APIs, such as your store domain and the data needed to connect your OptSens account. The app requests no additional access scopes.

3.4 Data we process on behalf of our customers.

When a website installs OptSens, we collect, on behalf of that website operator, a record of each visitor’s consent. A consent record may include a consent identifier, the categories the visitor accepted or rejected, the date and time, the IP address (stored in encrypted form), browser and device information, the page address, the country, the chosen language, global privacy signals, and standard consent strings (for example IAB TCF and IAB GPP). To apply and remember these choices, OptSens also stores small values on the visitor’s device, such as os_consent, os_sid, euconsent-v2, and os_visitor_id. For this data the website operator is the controller and OptSens is the processor. A website can install OptSens directly as a script, or through our WordPress plugin, our Google Tag Manager template, or our Shopify app. The consent data described here is processed the same way no matter which method is used.

4. How we use information and our legal bases

We use personal data to:
 
  • Provide and operate the platform and the consent banner (legal basis: performance of our contract with you),
  • Issue invoices, take payment, and meet our accounting and tax obligations (legal bases: performance of contract and compliance with a legal obligation),
  • Keep the service secure, prevent fraud and abuse, and improve our products (legal basis: our legitimate interests),
  • Send service messages and, where you have agreed, marketing messages you can opt out of at any time (legal basis: consent),
  • Comply with the law and establish or defend legal claims (legal bases: legal obligation and legitimate interests).
 
For the consent data we process on behalf of our customers, the legal basis is determined by the website operator. The lawful basis for storing non-essential cookies on a visitor’s device is that visitor’s consent.

5. Cookies on our own website

Our website and dashboard use cookies that are necessary to sign you in, keep your session, and remember your preferences. These are separate from the consent banner that OptSens displays on our customers’ websites, which each customer configures for their own site.

6. Who we share data with

We do not sell personal data. We share it only with service providers that help us run OptSens, and only as needed:
 
  • AllSecure – payment processing (see section 6.1),
  • Hetzner – hosting and infrastructure (servers located in Germany),
  • Cloudflare – content delivery and security at the network edge,
  • Microsoft – sending account and service emails,
  • Sentry – error monitoring for the platform,
  • Google reCAPTCHA – protecting public forms from automated abuse,
  • Shopify – where you use the OptSens app for Shopify.
 
We may also disclose data where required by law or to protect our rights.

6.1 Payment processing (AllSecure).

Card payments are processed by AllSecure. When you pay, your card details are handled by AllSecure, and OptSens does not receive or store your full card number. We keep only a payment reference and the limited details needed for billing and accounting. AllSecure processes payment data under its own terms and privacy policy.

7. International data transfers

Our primary hosting is in Germany (European Union). Some of our service providers (for example network and security providers) may process data outside Serbia and the European Union. Where we transfer personal data outside Serbia, we rely on a transfer mechanism permitted under the Serbian Law on Personal Data Protection, such as transfer to a country recognized as providing an adequate level of protection, or appropriate safeguards such as standard contractual clauses.

8. How long we keep data

We keep personal data only as long as needed for the purposes above:
 
  • Account and profile data: for as long as your account is active, and deleted or anonymized after you close it,
  • Invoices and financial records: 10 years, as required by Serbian accounting law (these records are anonymized rather than deleted when an account is closed, so they no longer identify you while still meeting the retention obligation),
  • Consent records (processed on behalf of our customers): the consent log is kept as proof of consent for a period that depends on the website operator’s plan, from 30 days up to 3 years. A given consent stays valid for up to 360 days, after which the visitor is asked to choose again,
  • Security and technical logs: for a limited period needed to operate and protect the service.

9. How we protect data

We use technical and organizational measures to protect personal data, including encryption in transit and at rest (for example, IP addresses in consent records are stored encrypted), access controls, and hardened hosting. No method of transmission or storage is completely secure, but we work to protect your data and to respond appropriately to any incident.

10. Your rights

Depending on the applicable law, you have the right to access your data, to correct or complete it, to erase it, to restrict or object to its processing, to receive it in a portable format, and, where processing is based on consent, to withdraw that consent at any time. We do not make decisions that produce legal effects concerning you based solely on automated processing. To exercise any right, contact [email protected]. If you are a visitor to a website that uses OptSens, please direct requests about your consent data to that website operator, who is the controller, and we will support them in responding.

11. Complaint to the supervisory authority

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the Serbian supervisory authority: Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti), Bulevar kralja Aleksandra 15, 11000 Belgrade, Serbia, [email protected], www.poverenik.rs.

12. Children

OptSens is a business service and is not directed to children. We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will change the “Updated” date at the top and, for significant changes, take reasonable steps to inform you.

14. Contact us

OptSens doo, Pana Đukića, 16000 Leskovac, Serbia. Privacy questions and requests: [email protected].

OptSens Politika privatnosti

Ažurirano 02.06.2026.
Ova Politika privatnosti opisuje kako OptSens doo prikuplja, koristi, deli i štiti podatke o ličnosti u okviru OptSens platforme za upravljanje saglasnošću, našeg sajta, naše Shopify aplikacije i povezanih usluga. Takođe opisuje podatke koje obrađujemo u ime naših klijenata o posetiocima njihovih sajtova, kao i vaša prava i mogućnosti izbora.

1. Ko smo mi (Rukovalac)

OptSens doo (“OptSens”, “mi”) upravlja OptSens platformom za upravljanje saglasnošću, sajtovima optsens.com, my.optsens.com, docs.optsens.com, i status.optsens.com, OptSens aplikacijom za Shopify, OptSens WordPress dodatkom, OptSens šablonom za Google Tag Manager i povezanim uslugama. Naša adresa je Pana Đukića, 16000 Leskovac, Srbija. Za sva pitanja u vezi sa privatnošću ili radi ostvarivanja vaših prava, kontaktirajte nas na [email protected].

2. Naše uloge kao: rukovalac i obrađivač

OptSens obrađuje podatke o ličnosti u dve različite uloge:

 

  • Mi smo rukovalac podataka o ličnosti naših klijenata (privrednih subjekata koji otvore OptSens nalog) i posetilaca našeg sajta. To znači da odlučujemo o svrsi i načinu obrade tih podataka, a ova Politika privatnosti opisuje tu obradu.

 

  • Mi smo obrađivač podataka o saglasnosti koje prikupljamo u ime naših klijenata o posetiocima njihovih sajtova. U tom slučaju je operater sajta rukovalac i odlučuje o svrsi i načinu obrade, a OptSens te podatke obrađuje isključivo po njegovim uputstvima. Uslovi te obrade utvrđeni su Ugovorom o obradi podataka, koji je dostupan klijentima na zahtev. Ako ste posetilac sajta koji koristi OptSens, molimo vas da pročitate i politiku privatnosti tog operatera sajta.

3. Koje podatke prikupljamo

3.1 Podaci koje nam dostavljate.

Kada kreirate i koristite OptSens nalog, prikupljamo vaše ime, imejl adresu, lozinku (koju čuvamo isključivo u heširanom obliku), jezičke i prikazne postavke, sajtove (domene) koje dodate i podatke za naplatu (naziv firme, adresa za naplatu, poreski identifikacioni broj i država). Kada se obratite podršci, čuvamo vaše poruke i kontakt podatke koje navedete.

3.2 Podaci koje prikupljamo automatski.

Kada koristite kontrolnu tablu, beležimo tehničke podatke i podatke o korišćenju, kao što su vaša IP adresa (čuva se u šifrovanom obliku), podaci o pregledaču i uređaju, aktivnost prijavljivanja i radnje u platformi, koje koristimo radi bezbednosti i pružanja usluge. Naš sajt i kontrolna tabla koriste mali broj kolačića (videti odeljak 5).

3.3 Podaci iz naše Shopify aplikacije.

Kada instalirate OptSens aplikaciju za Shopify, preko Shopify API-ja dobijamo ograničene podatke o prodavnici i aplikaciji, kao što su domen prodavnice i podaci potrebni za povezivanje vašeg OptSens naloga. Aplikacija ne traži dodatna ovlašćenja pristupa.

3.4 Podaci koje obrađujemo u ime naših klijenata.

Kada sajt instalira OptSens, u ime tog operatera sajta prikupljamo zapis o saglasnosti svakog posetioca. Zapis o saglasnosti može da sadrži identifikator saglasnosti, kategorije koje je posetilac prihvatio ili odbio, datum i vreme, IP adresu (u šifrovanom obliku), podatke o pregledaču i uređaju, adresu stranice, državu, izabrani jezik, globalne signale privatnosti i standardne nizove saglasnosti (na primer IAB TCF i IAB GPP). Radi primene i pamćenja tih izbora, OptSens na uređaju posetioca čuva i male vrednosti, kao što su os_consent, os_sid, euconsent-v2 i os_visitor_id. Za te podatke je operater sajta rukovalac, a OptSens obrađivač. Sajt može da instalira OptSens direktno kao skriptu, ili preko našeg WordPress dodatka, našeg šablona za Google Tag Manager ili naše Shopify aplikacije. Podaci o saglasnosti opisani ovde obrađuju se na isti način bez obzira na izabrani način instalacije.

4. Svrhe obrade i pravni osnov

Podatke o ličnosti koristimo da bismo:

  • Pružali i održavali platformu i baner za saglasnost (pravni osnov: izvršenje ugovora sa vama),
  • Izdavali fakture, naplaćivali i ispunjavali računovodstvene i poreske obaveze (pravni osnov: izvršenje ugovora i poštovanje pravne obaveze),
  • Održavali bezbednost usluge, sprečavali prevare i zloupotrebe i unapređivali naše proizvode (pravni osnov: naš legitimni interes),
  • Slali servisne poruke i, uz vašu saglasnost, marketinške poruke od kojih u svakom trenutku možete odustati (pravni osnov: pristanak),
  • Poštovali propise i ostvarivali ili branili pravne zahteve (pravni osnov: pravna obaveza i legitimni interes).

Za podatke o saglasnosti koje obrađujemo u ime naših klijenata, pravni osnov određuje operater sajta. Pravni osnov za čuvanje nesuštinskih kolačića na uređaju posetioca jeste pristanak tog posetioca.

5. Kolačići na našem sajtu

Naš sajt i kontrolna tabla koriste kolačiće koji su neophodni za prijavljivanje, održavanje sesije i pamćenje vaših postavki. Oni su odvojeni od banera za saglasnost koji OptSens prikazuje na sajtovima naših klijenata, a koji svaki klijent podešava za sopstveni sajt.

6. Sa kim delimo podatke (Primaoci i obrađivači)

Ne prodajemo podatke o ličnosti. Delimo ih samo sa pružaocima usluga koji nam pomažu da vodimo OptSens, i to samo u meri u kojoj je potrebno:
 
  • AllSecure – obrada plaćanja (videti odeljak 6.1),
  • Hetzner – hosting i infrastruktura (serveri u Nemačkoj),
  • Cloudflare – isporuka sadržaja i bezbednost na mreži,
  • Microsoft – slanje naloga i servisnih mejlova,
  • Sentry – praćenje grešaka na platformi,
  • Google reCAPTCHA – zaštita javnih formulara od automatizovanih zloupotreba,
  • Shopify – kada koristite OptSens aplikaciju za Shopify.
 
Podatke možemo otkriti i kada to nalaže zakon ili radi zaštite naših prava.

6.1 Obrada plaćanja (AllSecure).

Plaćanja karticom obrađuje AllSecure. Kada platite, podatke o vašoj kartici obrađuje AllSecure, a OptSens ne prima niti čuva pun broj vaše kartice. Čuvamo samo referencu plaćanja i ograničene podatke potrebne za naplatu i računovodstvo. AllSecure obrađuje podatke o plaćanju u skladu sa sopstvenim uslovima i politikom privatnosti.

7. Prenos podataka u druge države

Naš primarni hosting je u Nemačkoj (Evropska unija). Pojedini pružaoci usluga (na primer mrežni i bezbednosni pružaoci) mogu obrađivati podatke izvan Srbije i Evropske unije. Kada prenosimo podatke o ličnosti izvan Srbije, oslanjamo se na mehanizam prenosa dozvoljen Zakonom o zaštiti podataka o ličnosti, kao što je prenos u državu za koju se smatra da obezbeđuje primereni nivo zaštite, ili odgovarajuće mere zaštite poput standardnih ugovornih klauzula.

8. Koliko dugo čuvamo podatke

Podatke o ličnosti čuvamo samo onoliko koliko je potrebno za navedene svrhe:
  • Podaci o nalogu i profilu: dok je vaš nalog aktivan, a brišu se ili anonimizuju nakon što ga zatvorite,
  • Fakture i finansijska dokumentacija: 10 godina, u skladu sa Zakonom o računovodstvu Republike Srbije (ova dokumentacija se prilikom zatvaranja naloga anonimizuje umesto da se briše, tako da vas više ne identifikuje, a ispunjava obavezu čuvanja),
  • Zapisi o saglasnosti (obrađeni u ime naših klijenata): evidencija saglasnosti čuva se kao dokaz o saglasnosti tokom perioda koji zavisi od plana operatera sajta, od 30 dana do 3 godine. Pojedinačna saglasnost važi do 360 dana, nakon čega se posetilac ponovo pita za saglasnost,
  • Bezbednosni i tehnički zapisi: tokom ograničenog perioda potrebnog za pružanje i zaštitu usluge.

9. Mere zaštite podataka

Primenjujemo tehničke i organizacione mere zaštite podataka o ličnosti, uključujući šifrovanje u prenosu i u mirovanju (na primer, IP adrese u zapisima o saglasnosti čuvaju se šifrovano), kontrolu pristupa i obezbeđeni hosting. Nijedan način prenosa ili čuvanja nije potpuno bezbedan, ali nastojimo da zaštitimo vaše podatke i da na odgovarajući način reagujemo na svaki incident.

10. Prava lica na koje se podaci odnose

U zavisnosti od merodavnog prava, imate pravo na pristup svojim podacima, na ispravku ili dopunu, na brisanje, na ograničenje obrade ili prigovor na obradu, na prenosivost podataka, a kada se obrada zasniva na pristanku, i pravo da pristanak opozovete u svakom trenutku. Ne donosimo odluke koje proizvode pravne posledice po vas isključivo na osnovu automatizovane obrade. Radi ostvarivanja bilo kog prava, kontaktirajte [email protected]. Ako ste posetilac sajta koji koristi OptSens, zahteve u vezi sa podacima o saglasnosti uputite operateru tog sajta, koji je rukovalac, a mi ćemo mu pomoći u postupanju.

11. Pravo na pritužbu Povereniku

Ako smatrate da je obrada vaših podataka o ličnosti izvršena suprotno propisima, imate pravo da podnesete pritužbu nadzornom organu u Srbiji: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, 11000 Beograd, Srbija, [email protected], www.poverenik.rs.

12. Deca

OptSens je poslovna usluga i nije namenjen deci. Ne prikupljamo podatke o ličnosti dece.

13. Izmene ove Politike

Ovu Politiku privatnosti možemo povremeno ažurirati. Izmenićemo datum “Ažurirano” na vrhu, a za značajne izmene preduzećemo razumne korake da vas obavestimo.

14. Kontakt

OptSens doo, Pana Đukića, 16000 Leskovac, Srbija. Pitanja i zahtevi u vezi sa privatnošću: [email protected].