THE XTRACODE

Privacy Policy

Last updated: March 10, 2026

1. Introduction

THE XTRACODE DOO BEOGRAD - ZVEZDARA ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our websites and services.

We process personal data in compliance with the General Data Protection Regulation (GDPR), the Serbian Law on Personal Data Protection, and other applicable data protection laws.

2. Data Controller

The data controller for the purposes of this policy is:

  • Company: THE XTRACODE DOO BEOGRAD - ZVEZDARA
  • Address: Jovanke Radakovic 88, 11060 Belgrade, Serbia
  • Email: office@thextracode.com

3. Data We Collect

3.1 Information You Provide

  • Contact information: name, email address, phone number, company name — when you fill out contact forms, request demos, or create accounts
  • Account data: username, password (hashed), preferences — when you register for our Services
  • Communication data: messages, support tickets, emails you send us
  • Payment information: billing address and payment details — processed through secure third-party payment processors; we do not store credit card numbers

3.2 Information Collected Automatically

  • Usage data: pages visited, features used, timestamps, referring URLs
  • Device data: browser type, operating system, screen resolution, language preference
  • Network data: IP address, approximate geographic location (country/city level)

3.3 Cookies and Tracking

We use two categories of cookies:

  • Essential cookies: required for the website to function (session management, security). These are always active and do not require consent.
  • Analytics cookies: help us understand how visitors interact with our website (e.g., page views, traffic sources). These are only set if you consent via our cookie banner.

We do not use advertising or third-party marketing cookies. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

4. How We Use Your Data

We process your personal data for the following purposes:

  • Service delivery: to provide, maintain, and improve our Services
  • Communication: to respond to your inquiries, send service updates, and provide support
  • Security: to protect against fraud, abuse, and unauthorized access
  • Analytics: to understand usage patterns and improve user experience (with consent)
  • Legal compliance: to comply with legal obligations, resolve disputes, and enforce agreements

5. Legal Basis for Processing

Under the GDPR, we process your data based on:

  • Contract performance: processing necessary to deliver Services you have requested (Art. 6(1)(b))
  • Legitimate interests: security, fraud prevention, and service improvement, where these interests do not override your rights (Art. 6(1)(f))
  • Consent: analytics cookies and optional marketing communications (Art. 6(1)(a)). You may withdraw consent at any time.
  • Legal obligation: where required by law (Art. 6(1)(c))

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: hosting providers, email delivery services, and payment processors who process data on our behalf under data processing agreements
  • Legal authorities: when required by law, court order, or to protect our legal rights
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice

7. Data Storage and Transfers

Your data is primarily stored on servers located in the European Union (Germany). Where data transfers outside the EU/EEA are necessary (e.g., certain cloud services), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: for the duration of your account, plus 30 days after deletion request
  • Contact form submissions: up to 2 years, or until the inquiry is resolved
  • Analytics data: aggregated and anonymized within 26 months
  • Invoice and billing data: as required by tax and accounting laws (typically 5-10 years)

9. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Restriction: request limitation of processing in certain circumstances
  • Data portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at office@thextracode.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Regular backups with encrypted storage
  • Employee training on data protection

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. For significant changes, we will provide additional notice (e.g., email notification).

14. Contact

For any questions about this Privacy Policy or our data practices, contact us at: