Privacy Policy
Contents
- Who We Are — Data Controller
- What Personal Data We Collect and How
- Purposes and Legal Basis for Processing
- How Long We Keep Your Data
- Who Receives Your Data
- International Transfers of Personal Data
- Cookies and Tracking Technologies
- Your Rights
- Security of Your Personal Data
- Links to Third-Party Websites
- Children's Privacy
- Changes to This Policy
- How to Contact Us
This Privacy Policy explains how PILTY PREDUZEĆE ZA PROIZVODNJU I PROMET DOO, operating commercially as Transfers in Belgrade, collects, uses, stores, and protects your personal data when you visit our website www.transfersinbelgrade.com or contact us to book a private transfer or chauffeur service.
We process your personal data in accordance with the Law on Personal Data Protection of the Republic of Serbia (Official Gazette No. 87/2018, hereinafter: ZZPL), which is aligned with Regulation (EU) 2016/679 (GDPR). Please read this Policy carefully before submitting any personal information to us.
1. Who We Are — Data Controller
The entity responsible for the lawful processing of your personal data (the Data Controller) is:
Legal name: PILTY PREDUZEĆE ZA PROIZVODNJU I PROMET DOO
Trading as: Transfers in Belgrade
Website: www.transfersinbelgrade.com
Tax ID (PIB): 100164426
Company Reg. No. (MB): 06760040
Registered in: Agency for Business Registers of the Republic of Serbia (APR)
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +381 69 249 5688
All inquiries, requests, and complaints relating to the protection of your personal data should be directed to the contact details above, with the subject line "Data Protection".
2. What Personal Data We Collect and How
2.1 Data you provide to us directly
When you contact us to request a quote or make a booking — through our website contact form, by email, or via messaging applications (WhatsApp, Viber, Telegram) — you may provide the following personal data:
- Full name
- Email address
- Phone number
- Pickup and drop-off address or location
- Travel date and time
- Flight number and arrival/departure details
- Number of passengers and luggage
- Any special requirements or requests you choose to share
Providing this data is voluntary; however, without the minimum information needed to arrange your transfer (name, contact detail, date, route), we cannot perform the service.
2.2 Data collected automatically
When you visit our website, certain data is collected automatically through cookies and similar technologies:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited, time on page, referring URL
- Approximate geographic location (country/city level, derived from IP)
This data is collected via Google Analytics and Google Tag Manager. For further details, see Section 7 (Cookies).
2.3 Data collected through messaging platforms
If you contact us via WhatsApp, Viber, or Telegram, your messages and the data contained therein are processed both by us and by the respective platform operators (Meta Platforms Inc., Viber Media S.à r.l., Telegram FZ LLC) under their own privacy policies. We recommend reviewing those policies separately.
3. Purposes and Legal Basis for Processing
We process your personal data only where we have a lawful basis to do so under Article 12 of the ZZPL. The table below sets out each processing activity, its purpose, and the applicable legal basis.
| Processing activity | Purpose | Legal basis (ZZPL Art. 12) |
|---|---|---|
| Processing booking inquiries and quotes | To respond to your request and, if confirmed, to organise and carry out the transfer service | Art. 12(1)(b) — Processing necessary for the performance of a contract or pre-contractual steps at your request |
| Sharing booking details with partner driver | To dispatch the assigned driver with the information required to carry out your transfer (name, phone, pickup location, flight details) | Art. 12(1)(b) — Performance of contract; Art. 12(1)(f) — Legitimate interest (delivery of the service you have booked) |
| Issuing invoices and maintaining accounting records | To comply with tax and accounting obligations under Serbian law (Accounting Act, VAT Act) | Art. 12(1)(c) — Processing necessary for compliance with a legal obligation |
| Email and message correspondence | To communicate with you before, during, and after your transfer; to handle any changes, cancellations, or complaints | Art. 12(1)(b) — Performance of contract; Art. 12(1)(f) — Legitimate interest in handling customer communications |
| Website analytics (Google Analytics) | To understand how visitors use our website and to improve its content and performance | Art. 12(1)(a) — Your consent, given when you accept cookies via our cookie banner |
| Fraud prevention and service security | To detect and prevent fraudulent bookings or abusive behaviour | Art. 12(1)(f) — Legitimate interest in protecting our business and other customers |
| Compliance with legal claims or court orders | To establish, exercise, or defend legal claims if a dispute arises | Art. 12(1)(f) — Legitimate interest; Art. 12(1)(c) — Legal obligation where applicable |
We do not send marketing emails or newsletters. We do not use your personal data for automated profiling or automated decision-making that produces legal or similarly significant effects.
4. How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.
| Category of data | Retention period | Reason |
|---|---|---|
| Booking details, invoices, payment records | 5 years from the date of the service | Obligation under the Serbian Accounting Act (Sl. gl. 62/2013) and VAT Act |
| Email and messaging correspondence | 2 years from the last interaction, or 5 years if related to a confirmed booking | Legitimate interest in handling potential disputes or complaints |
| Unfulfilled inquiries (no booking confirmed) | 6 months from the date of the inquiry | Legitimate interest; deleted upon expiry unless you re-engage |
| Website analytics data (Google Analytics) | Up to 14 months (GA default configuration) | Analytics purpose; anonymised after this period |
| Server log data (IP, access logs) | Up to 12 months | Security and fraud prevention |
Upon expiry of the applicable retention period, your data is permanently deleted or irreversibly anonymised.
5. Who Receives Your Data
We do not sell, rent, or trade your personal data. We share it only in the following circumstances and only to the extent strictly necessary:
5.1 Partner drivers (subcontractors)
To carry out your booked transfer, we share the minimum required booking details (your name, phone number, pickup and drop-off location, date, time, and flight number where applicable) with the licensed driver assigned to your journey. All partner drivers are bound by confidentiality obligations and may not use your data for any purpose other than carrying out your transfer.
5.2 Service providers acting on our behalf
We use the following third-party service providers who may access your data in the course of providing services to us:
| Provider | Service | Location |
|---|---|---|
| Google LLC | Google Analytics, Google Tag Manager — website analytics | United States (see Section 6) |
| Adriahost d.o.o. | Web hosting — our website and email are hosted on Adriahost shared servers | Serbia |
| Google LLC (Gmail) | Email service used to receive and respond to booking inquiries | United States (see Section 6) |
| Meta Platforms Inc. | WhatsApp — messaging channel for booking inquiries | United States (see Section 6) |
| Viber Media S.à r.l. | Viber — messaging channel for booking inquiries | Luxembourg / international servers |
| Telegram FZ LLC | Telegram — messaging channel for booking inquiries | United Arab Emirates / international servers |
5.3 Legal and regulatory authorities
We may be required to disclose your personal data to competent authorities (courts, tax authorities, inspection bodies) where required by applicable Serbian law. We will always verify the legal basis for any such request before complying.
6. International Transfers of Personal Data
Some of the service providers listed in Section 5 are located outside the Republic of Serbia and the European Economic Area (EEA). Where your personal data is transferred to a country that does not offer an equivalent level of data protection, we rely on one of the following safeguards as required by Article 65 of the ZZPL:
- Google LLC (Analytics, Gmail): Google LLC participates in and certifies compliance with the EU–US Data Privacy Framework and implements Standard Contractual Clauses (SCCs) approved by the European Commission. Details: policies.google.com/privacy
- Meta Platforms Inc. (WhatsApp): Meta implements Standard Contractual Clauses for transfers outside the EEA. Details: whatsapp.com/legal/privacy-policy
- Viber / Telegram: These platforms operate under their own international data transfer mechanisms. We recommend reviewing their respective privacy policies before use.
You may request a copy of the relevant safeguards by contacting us at the details in Section 13.
7. Cookies and Tracking Technologies
Our website uses cookies — small text files stored on your device — and similar technologies. We use them for the following purposes:
| Cookie type | Purpose | Legal basis | Can be declined? |
|---|---|---|---|
| Strictly necessary | Essential for the website to function (session, language preference, security) | Legitimate interest — cannot be disabled without breaking the site | No |
| Analytics (Google Analytics / GTM) | Collecting anonymous statistics on website usage to improve performance and content | Your consent | Yes — via cookie banner |
You can manage your cookie preferences at any time by clicking the cookie settings link in the footer of our website, or by adjusting your browser settings to refuse or delete cookies. Withdrawing consent for analytics cookies does not affect the lawfulness of any processing carried out before withdrawal.
For full details, please see our separate Cookie Policy.
8. Your Rights
Under the ZZPL (Articles 26–38), you have the following rights in relation to your personal data. These rights are not absolute — in certain circumstances, we may be entitled to refuse a request, in which case we will explain the reason in writing.
Right of Access Art. 26
You may request a copy of the personal data we hold about you, together with information about how we use it.
Right to Rectification Art. 29
You may ask us to correct inaccurate data or complete incomplete data we hold about you.
Right to Erasure Art. 30
You may request deletion of your data where it is no longer necessary for the purpose it was collected, or where you withdraw consent and no other legal basis applies.
Right to Restriction Art. 31
You may ask us to restrict processing of your data while we verify its accuracy or consider your objection.
Right to Data Portability Art. 36
Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
Right to Object Art. 37
You may object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent Art. 12(3)
Where processing is based on your consent (e.g. analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint Art. 82
You have the right to submit a complaint to the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia (see below).
How to exercise your rights
To exercise any of the rights above, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. with the subject line "Data Protection Request". We will respond within 30 days of receiving your request. If your request is complex or you have submitted multiple requests, we may extend this period by a further 60 days, in which case we will notify you within the initial 30-day period.
We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.
Right to complain to the supervisory authority
If you believe that our processing of your personal data infringes the ZZPL, you have the right to submit a complaint to:
Authority: Commissioner for Information of Public Importance and Personal Data Protection
(Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti)
Address: Bulevar kralja Aleksandra 15, 11120 Belgrade, Republic of Serbia
Website: www.poverenik.rs
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
We would, however, appreciate the opportunity to address your concerns before you contact the Commissioner, so please contact us first.
9. Security of Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:
- HTTPS encryption for all data transmitted through our website
- Password-protected access to email accounts containing booking correspondence
- Restricted access to personal data — only persons who need it to perform the service have access
- Contractual obligations on partner drivers to maintain confidentiality
Please be aware that no method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee its absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, as required by Article 53 of the ZZPL.
10. Links to Third-Party Websites
Our website may contain links to third-party websites (for example, online travel agencies, tourist attractions, or partner sites). We are not responsible for the privacy practices of those websites. We recommend that you review their privacy policies before submitting any personal information to them.
11. Children's Privacy
Our services are intended for adults who are booking transport services. We do not knowingly collect personal data from children under the age of 15 without verifiable parental or guardian consent. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will delete that data promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make changes, we will update the effective date at the top of this page.
We encourage you to review this Policy periodically. Where changes are material, we will make reasonable efforts to notify you — for example, by displaying a notice on our website.
13. How to Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or our handling of your personal data, please contact us:
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Subject line: Data Protection
Phone: +381 69 249 5688
Post: PILTY PREDUZEĆE ZA PROIZVODNJU I PROMET DOO, Republic of Serbia
We aim to acknowledge your message within 3 business days and to resolve your request within 30 days.
Popular Transfers
Contact Details
+381 69 24 95 688
(whatsApp, Viber, Telegram, Signal)
availlable 24/7
office@transfersinbelgrade.com
We usually respond as soon as possible
Chat with us 
