Privacy Policy
POLITIKA PRIVATNOSTI
ei-apps Platforma
1. Uvod
Ova Politika privatnosti opisuje kako ei-apps platforma prikuplja, koristi, cuva i stiti licne podatke korisnika svih web aplikacija i usluga dostupnih putem platforme ei-apps (u daljem tekstu: Platforma), ukljucujuci ali ne ogranicavajuci se na aplikaciju Evidencija rada i sve buduće aplikacije koje budu objavljene na Platformi.
Ova Politika uskladena je sa:
- Zakonom o zastiti licnih podataka Bosne i Hercegovine (Sl. glasnik BiH br. 49/06, 76/11, 89/11)
- Opcom uredbom EU o zastiti podataka (GDPR — Uredba EU 2016/679)
- Paddle GDPR smjernicama za prodavce
2. Ko su kontrolori i obradjivaci podataka
2.1 ei-apps kao kontrolor podataka (za korisnicke podatke)
O.D. “Ei-APPS” vl. Ibrahimović Emir, koji upravlja platformom ei-apps, nastupa kao kontrolor podataka za licne podatke korisnika koji su direktno prikupljeni radi pruzanja usluge (registracija, pretplata, komunikacija).
2.2 ei-apps kao obradjivac podataka (za podatke koje korisnici unose o trecim licima)
Kada korisnici Platforme unose licne podatke trecih lica (npr. klijenti, pacijenti, kupci) u okviru aplikacija, ei-apps nastupa iskljucivo kao obradjivac podataka (data processor) u ime korisnika koji nastupa kao kontrolor podataka. U takvim slucajevima:
- Korisnik je iskljucivo odgovoran za zakonitost obrade tih podataka i posjedovanje odgovarajuce pravne osnove
- ei-apps obradjuje takve podatke iskljucivo prema uputstvima korisnika i u svrhe tehnicke isporuke usluge
- ei-apps ne snosi odgovornost za sadrzaj, tacnost niti zakonitost podataka trecih lica koje korisnici unose
Potpuna verzija Dodatka o obradi podataka (DPA) sastavni je dio ovih uvjeta i javno je dostupna na stranici: https://ei-apps.com/dpa
3. Koje podatke prikupljamo
3.1 Podaci koje korisnik direktno unosi
- Ime i prezime
- E-mail adresa
- Lozinka (pohranjena u enkriptiranom obliku putem Firebase Authentication — nikada u cistom tekstu)
- Podaci o organizaciji ili poslovnom subjektu (neobavezno)
3.2 Podaci koje korisnici unose u aplikacije (podaci trecih lica)
Korisnici mogu unositi licne podatke trecih lica (npr. ime, broj telefona, e-mail adresa klijenta). ei-apps ne kontrolira ove podatke i nije njihov kontrolor — iskljuciva odgovornost lezi na korisniku kao kontroloru tih podataka.
3.3 Podaci koji se automatski prikupljaju
- IP adresa (pri prvom logovanju — za detekciju geografske regije i odredjivanje cjenovnog nivoa)
- Datum i vrijeme pristupa
- Tip uredjaja i preglednik (putem PWA / Service Worker funkcionalnosti)
- Podaci o koristenju Platforme i aplikacija
3.4 Podaci prikupljeni putem Paddlea
Kada se korisnik pretplati, Paddle.com (Merchant of Record) prikuplja i obradjuje podatke o placanju (kartica, adresa naplate). ei-apps NE prima niti pohranjuje podatke o platnim karticama. Paddle nam prosljedjuje iskljucivo: e-mail adresu kupca, status pretplate i informacije potrebne za isporuku usluge.
Vise o Paddle politici privatnosti: https://www.paddle.com/legal/privacy
4. Svrha i pravna osnova obrade
Svrha obrade | Pravna osnova |
Pruzanje usluge i aplikacija Platforme | Izvrsenje ugovora (cl. 6(1)(b) GDPR) |
Upravljanje korisnickim racunom | Izvrsenje ugovora |
Obrada pretplate i placanja | Izvrsenje ugovora / Zakonska obaveza |
Detekcija regije (IP adresa) — odredjivanje cijene | Legitimni interes |
Sigurnost i prevencija prijevara | Legitimni interes |
Poboljsanje funkcionalnosti Platforme (anon. podaci) | Legitimni interes |
Slanje obavijesti o izmjenama uvjeta i politike | Legitimni interes / Saglasnost |
Obrada podataka trecih lica unesenih od strane korisnika | Ugovorni nalozi korisnika kao kontrolora (DPA) |
5. Pohrana i sigurnost podataka
5.1 Infrastruktura pohrane
Podaci se pohranjuju na sljedecim infrastrukturnim servisima:
- Google Firebase Firestore (Google Cloud) — EU regija (europe-west1, Belgium); DPA dostupan na: firebase.google.com/support/privacy
- MongoDB Atlas — konfigurisan unutar EU regije; DPA dostupan na: mongodb.com/legal/privacy-policy
- IndexedDB — lokalno na uredjaju korisnika (samo relevantni podaci za offline rad PWA)
5.2 Sigurnosne mjere
- Autentifikacija putem Firebase Authentication
- Firestore Security Rules — svaki korisnik pristupa iskljucivo vlastitim podacima
- MongoDB pristupna kontrola i sigurnosna pravila na nivou kolekcije
- Enkripcija u prijenosu (HTTPS/TLS)
- Enkripcija osjetljivih lokalnih podataka na uredjaju
- Redovne sigurnosne provjere i pracenje pristupa
5.3 Rok cuvanja
- Korisnicki podaci cuvaju se dok postoji aktivan korisnicki racun
- IP adresa cuvana za detekciju regije pohranjena je uz korisnicki profil; ne pohranjuje se u posebnom logu pristupa
- Podaci o placanju: u skladu s Paddle politikom cuvanja (minimum 7 godina za porezne svrhe)
- Podaci trecih lica koje je unio korisnik brisanjem racuna se brisju u roku od 30 dana
- Nakon brisanja korisnickog racuna, svi podaci se brisju u roku od 30 dana
6. Dijeljenje podataka s trecim stranama
Vasih podataka ne prodajemo niti iznajmljujemo trece stranama. Podatke dijelimo iskljucivo s:
- Google Firebase / Google Cloud (Google LLC) — pohrana podataka i autentifikacija. DPA: firebase.google.com/support/privacy
- MongoDB Atlas (MongoDB, Inc.) — pohrana podataka. Politika privatnosti: mongodb.com/legal/privacy-policy
- Paddle.com (Paddle Europe S.R.L.) — obrada placanja. Paddle nastupa kao samostalni kontrolor podataka za transakcije. Politika: paddle.com/legal/privacy
- Drzavna tijela i regulatorna tijela — iskljucivo u slucajevima predvidjenim zakonom ili na temelju sudskog naloga
Niti jedno dijeljenje podataka ne vrsi se van EU/EEA bez odgovarajucih zastita (SCC ili ekvivalentni mehanizmi).
7. Prava korisnika (nositelja podataka)
U skladu s Zakonom o zastiti licnih podataka BiH i GDPR-om, imate sljedeca prava:
- Pravo pristupa — uvid u podatke koje o vama pohranjujemo
- Pravo na ispravku — ispravak netacnih ili nepotpunih podataka
- Pravo na brisanje (pravo na zaborav) — brisanje podataka ako vise nisu potrebni ili je povucena saglasnost
- Pravo na ogranicenje obrade — privremeno zaustavljanje obrade u odredjenim okolnostima
- Pravo na prenosivost — primanje podataka u strojno citljivom formatu
- Pravo na prigovor — prigovor na obradu temeljenu na legitimnom interesu
- Pravo na povlacenje saglasnosti — ako je obrada temeljena na saglasnosti, bez uticaja na prethodnu obradu
Za ostvarivanje navedenih prava pisajte na: info@ei-apps.com. Odgovaramo u roku od 30 dana od prijema zahtjeva.
Imate pravo na prigovor Agenciji za zastitu licnih podataka BiH (azlp.ba) ili nadzornom tijelu u vasoj drzavi clanici EU.
8. Kolacici i lokalna pohrana
Platforma i njene aplikacije koriste iskljucivo tehnicke kolacice i localStorage/IndexedDB za:
- Odrzavanje sesije (Firebase Auth token)
- Cuvanje preferencija korisnika (jezik, tema, podesavanja)
- Rad PWA funkcionalnosti i offline rezima
Ne koristimo analiticke kolacice trecih strana (npr. Google Analytics), reklamne kolacice niti kolacice za pracenje ponasanja korisnika u marketinske svrhe.
9. Maloljetnici
Platforma i njene aplikacije nisu namijenjene osobama mladjim od 18 godina. Svjesno ne prikupljamo licne podatke maloljetnih osoba. Ako saznamo da smo prikupili takve podatke, odmah cemo ih obrisati i obavijestiti nadlezna tijela gdje je to propisano zakonom.
10. Medjunarodni prijenos podataka
Podaci se obradjuju na Google Cloud serverima i MongoDB Atlas serverima u EU/EEA. Google LLC i MongoDB, Inc. certifikovani su prema EU-US Data Privacy Framework ili primjenjuju GDPR standardne ugovorne klauzule (SCC) kao osnov za prijenos podataka.
Nikakav prijenos licnih podataka ne vrsi se u trece drzave bez odgovarajuceg nivoa zastite u skladu sa GDPR poglavljem V.
11. Bezbjednost i obavijest o povredi podataka
Primjenjujemo tehnicke i organizacijske mjere u skladu sa cl. 32 GDPR-a kako bismo osigurali prikladnu razinu sigurnosti. U slucaju povrede sigurnosti koja bi mogla prouzrokovati rizik po prava i slobode fizickih lica, obavijestit cemo:
- Nadlezno nadzorno tijelo u roku od 72 sata od saznanja o povredi
- Korisnika (kontrolora podataka za podatke trecih lica) bez odloznog odgadjanja
- Pogodjena lica ako povreda predstavlja visok rizik po njihova prava i slobode
12. Izmjene Politike privatnosti
Ovu Politiku privatnosti mozemo izmijeniti radi uskladivanja s novim zakonskim zahtjevima ili promjenama u pruzanju usluge. O znacajnim izmjenama obavijestit cemo vas putem e-maila i/ili unutar Platforme najmanje 14 dana unaprijed.
Datum posljednje izmjene: 22.05.2026.
13. Kontakt — zastita podataka
O.D. “Ei-APPS” vl. Ibrahimović Emir
Adresa: Stupska 19 AII, Ilidža, Bosna i Hercegovina
E-mail za zastitu podataka: info@ei-apps.com
JIB: 4304382050006
Web: https://ei-apps.com
Datum izmjena: 22.05.2026.
© 2026 ei-apps Sva prava zadržana
PRIVACY POLICY
ei-apps Platform
1. Introduction
This Privacy Policy explains how the ei-apps platform collects, uses, stores, and protects personal data of users of all web applications and services available through the ei-apps platform (hereinafter: the Platform), including but not limited to the "Evidencija rada" application and all future applications published on the Platform.
This Policy is aligned with:
- The Law on Personal Data Protection of Bosnia and Herzegovina (Official Gazette BiH No. 49/06, 76/11, 89/11)
- The EU General Data Protection Regulation (GDPR — Regulation EU 2016/679)
- Paddle GDPR guidelines for sellers
2. Data Controllers and Processors
2.1 ei-apps as Data Controller (for user account data)
O.D. “Ei-APPS” vl. Ibrahimović Emir, which operates the ei-apps platform, acts as data controller for personal data of users directly collected for the purpose of providing the service (registration, subscription, communication).
2.2 ei-apps as Data Processor (for third-party data entered by users)
When Platform users enter personal data of third parties (e.g. clients, patients, customers) within applications, ei-apps acts solely as a data processor on behalf of the user, who acts as data controller. In such cases:
- The user is solely responsible for the lawfulness of processing such data and for having an appropriate legal basis
- ei-apps processes such data solely in accordance with the user's instructions and for the purpose of technical service delivery
- ei-apps bears no liability for the content, accuracy, or legality of third-party data entered by users
The full Data Processing Agreement (DPA) forms an integral part of these Terms and is publicly available at: https://ei-apps.com/dpa
3. Data We Collect
3.1 Data provided directly by users
- Full name
- Email address
- Password (stored in encrypted form via Firebase Authentication — never in plain text)
- Organisation or business entity information (optional)
3.2 Data entered by users into applications (third-party data)
Users may enter personal data of third parties (e.g. name, phone number, email address of clients). ei-apps does not control this data and is not its controller — sole responsibility rests with the user as data controller of such data.
3.3 Automatically collected data
- IP address (on first login — for geographic region detection and pricing tier determination)
- Access date and time
- Device type and browser (via PWA / Service Worker functionality)
- Platform and application usage data
3.4 Data collected through Paddle
When a user subscribes, Paddle.com (Merchant of Record) collects and processes payment data (card details, billing address). ei-apps does NOT receive or store payment card details. Paddle provides us only with: the customer's email address, subscription status, and information needed for service delivery.
More on Paddle's privacy policy: https://www.paddle.com/legal/privacy
4. Purpose and Legal Basis of Processing
Purpose of Processing | Legal Basis |
Providing Platform services and applications | Performance of contract (Art. 6(1)(b) GDPR) |
User account management | Performance of contract |
Subscription and payment processing | Performance of contract / Legal obligation |
Region detection (IP address) — pricing tier | Legitimate interest |
Security and fraud prevention | Legitimate interest |
Platform improvement (anonymised usage data) | Legitimate interest |
Notifications of changes to Terms and Policy | Legitimate interest / Consent |
Processing third-party data entered by users | User instructions as controller (DPA) |
5. Data Storage and Security
5.1 Storage Infrastructure
Data is stored on the following infrastructure services:
- Google Firebase Firestore (Google Cloud) — EU region (europe-west1, Belgium); DPA available at: firebase.google.com/support/privacy
- MongoDB Atlas (MongoDB, Inc.) — configured within the EU region; Privacy policy: mongodb.com/legal/privacy-policy
- IndexedDB — locally on the user's device (only relevant data for PWA offline functionality)
5.2 Security Measures
- Authentication via Firebase Authentication
- Firestore Security Rules — each user accesses only their own data
- MongoDB access control and collection-level security rules
- Encryption in transit (HTTPS/TLS)
- Encryption of sensitive local data on the device
- Regular security reviews and access monitoring
5.3 Retention Periods
- User data is retained while the user account remains active
- IP address stored for region detection is retained with the user profile; it is not stored in a separate access log
- Payment data: in accordance with Paddle's retention policy (minimum 7 years for tax purposes)
- Third-party data entered by the user is deleted upon account deletion within 30 days
- Following account deletion, all data is removed within 30 days
6. Data Sharing with Third Parties
We do not sell or rent your personal data to third parties. Data is shared solely with:
- Google Firebase / Google Cloud (Google LLC) — data storage and authentication. DPA: firebase.google.com/support/privacy
- MongoDB Atlas (MongoDB, Inc.) — data storage. Privacy policy: mongodb.com/legal/privacy-policy
- Paddle.com (Paddle Europe S.R.L.) — payment processing. Paddle acts as an independent data controller for transactions. Policy: paddle.com/legal/privacy
- State authorities and regulatory bodies — solely in cases required by law or pursuant to a court order
No personal data is shared outside the EU/EEA without appropriate safeguards (SCCs or equivalent mechanisms).
7. User Rights (Data Subject Rights)
In accordance with the BiH Law on Personal Data Protection and the GDPR, you have the following rights:
- Right of access — to view the personal data we hold about you
- Right to rectification — correction of inaccurate or incomplete data
- Right to erasure (right to be forgotten) — deletion of data where it is no longer necessary or consent is withdrawn
- Right to restriction of processing — temporary halt of processing in certain circumstances
- Right to data portability — to receive your data in a machine-readable format
- Right to object — to object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, without affecting prior processing
To exercise any of these rights, please contact us at: info@ei-apps.com. We respond within 30 days of receiving a request.
You have the right to lodge a complaint with the Agency for Personal Data Protection of BiH (azlp.ba) or the supervisory authority in your EU member state.
8. Cookies and Local Storage
The Platform and its applications use only technical cookies and localStorage/IndexedDB for:
- Session management (Firebase Auth token)
- Storing user preferences (language, theme, settings)
- Enabling PWA functionality and offline mode
We do not use third-party analytics cookies (e.g. Google Analytics), advertising cookies, or cookies for behavioural tracking for marketing purposes.
9. Minors
The Platform and its applications are not intended for individuals under the age of 18. We do not knowingly collect personal data of minors. If we become aware that we have collected such data, we will delete it immediately and notify relevant authorities where required by law.
10. International Data Transfers
Data is processed on Google Cloud servers and MongoDB Atlas servers within the EU/EEA. Google LLC and MongoDB, Inc. are certified under the EU-US Data Privacy Framework or apply GDPR Standard Contractual Clauses (SCCs) as the basis for data transfers.
No personal data is transferred to third countries without an adequate level of protection in accordance with GDPR Chapter V.
11. Security and Data Breach Notification
We apply technical and organisational measures in accordance with Art. 32 GDPR to ensure an appropriate level of security. In the event of a security breach that may pose a risk to the rights and freedoms of natural persons, we will notify:
- The competent supervisory authority within 72 hours of becoming aware of the breach
- The user (data controller for third-party data) without undue delay
- Affected individuals if the breach poses a high risk to their rights and freedoms
12. Changes to This Privacy Policy
We may amend this Privacy Policy to reflect new legal requirements or changes to our services. Users will be notified of significant changes via email and/or within the Platform at least 14 days in advance.
The date of the last amendment is always indicated at the top of this document.
13. Contact — Data Protection
O.D. “Ei-APPS” vl. Ibrahimović Emir
Address: Stupska 19 AII, Ilidža, Bosnia and Herzegovina
Data protection email: info@ei-apps.com
Business ID / JIB: 4304382050006
Website: https://ei-apps.com
Last updated: 22.05.2026.
© 2026 ei-apps. All rights reserved.