Tiny Portals Logo

PRIVACY POLICY

Effective date: July 19th, 2025.

Owner: Dalibor Belić PR

This Privacy Policy ("PP") describes how personal data is collected, used, stored, and protected when using the Tiny Portals website and services ("Platform"). The Owner of the Platform is committed to protecting the privacy and rights of all Users in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Acceptance of this Policy is a mandatory condition for creating a registered profile on the Platform. By registering an account and checking a box next to this PP, the User confirms that they have read, understood, and agreed to the terms of this Policy. If the User does not accept this Policy, it is not possible to create a registered profile or access the full range of services provided by the Platform.

The purpose of this Policy is to explain what categories of personal data are collected, the reasons and legal basis for processing, how data is stored and protected, the rights of Users, and how Users can exercise those rights. This Policy also provides information about data retention, third-party services, and the use of cookies (with further details available in the separate Cookie Policy).

The Platform and these Terms are designed to be in compliance with relevant European Union legislation, including but not limited to: the General Data Protection Regulation (GDPR) (EU) 2016/679, the e-Commerce Directive 2000/31/EC, the Consumer Rights Directive 2011/83/EU, the Digital Services Act (DSA) (EU) 2022/2065, the Payment Services Directive 2 (PSD2) (EU) 2015/2366.

Definitions

For the purposes of these Terms, the following definitions apply:

  • "Service" or "Platform" refers to the Tiny Portals website and all related functionalities, features, and content accessible at https://www.tiny-portals.com/.
  • "Owner" means Dalibor Belic PR, Sindeliceva 47, Becej, 21220, Serbia, VAT: 112708937, the business that owns and operates the Service.
  • "User" means any individual or entity who accesses or uses the Service, whether as a visitor or as a registered user.
  • "Registered User" means every User who opens a profile on Platform.
  • "Profile" means a User account created on the Platform, enabling access to additional features and services.
  • "Portal" means a digital workspace or environment created by a registered user within the Platform, which may include document sharing, user invitations, chat, notes, and meeting scheduling.
  • "Subscription" means a paid plan (monthly, annual, or trial) that grants access to certain features of the Service.
  • "Third-Party Services" refers to services provided by external providers, such as Calendly, which may be integrated into the Platform.
  • "Content" means all data, documents, files, notes, messages, and other materials uploaded, shared, or created by users on the Platform.

1. Purpose

This Privacy Policy describes how personal data is collected, used, stored, and protected when using the Tiny Portals website and services, with the primary goal of ensuring transparency and compliance with data protection laws.

2. Categories of personal data collected

The owner is collecting different types of personal data that are sorted into categories of personal data as follows:

  • When creating a registered profile on the Platform, the following personal data is collected: Name (the User may also provide a surname, but it is not mandatory), Email address, and Password (chosen by the User).
  • Registered Users may upload and share documents through the Platform. These documents may contain personal data, depending on the content provided by the User. The Platform does not control or monitor the specific types of data included in uploaded documents. Users are solely responsible for ensuring that any personal data shared in documents complies with applicable laws and does not infringe the rights of third parties.
  • If the User subscribes to the Platform's newsletter, the Platform collects and processes the User's email address for the purpose of sending informational and promotional communications. Subscription to the newsletter is voluntary and requires separate consent, which can be withdrawn at any time.
  • When accessing and using the Platform, certain data is collected automatically, including the User's IP address, browser type, device information, and usage data. The Platform also uses cookies and similar technologies to enhance the User experience and for analytical purposes. Details regarding the use of cookies are provided in the separate Cookie Policy (link: https://www.tiny-portals.com/cookie-policy).

3. Purposes and Legal Basis for Processing

The Owner collects and processes personal data for the following purposes and based on the specified legal grounds:

  • Account Registration: Purpose is to send newsletters, updates, and promotional materials about the Platform's services, and legal basis is consent (the User's explicit consent is obtained separately for newsletter subscriptions).
  • Services Provision and Communication: Purpose is to operate the Platform, facilitate portal creation, document sharing, communication features (chat, notes), and meeting scheduling, and to communicate with the User regarding service-related matters, and legal basis is performance of a contract (Terms of Service – the processing is necessary to provide the requested services).
  • Newsletter and Marketing Communication: Purpose is to send newsletters, updates, and promotional materials about the Platform's services, and legal basis is consent (the User's explicit consent is obtained separately for newsletter subscriptions).

4. Consent

Consent must be given explicitly through clear affirmative action by the User.

In any situation where consent is used as a legal basis the User has the right to withdraw consent at any time.

If User withdraws their consent for the processing of personal data, this will be treated as an exercise of the right to erasure ("right to be forgotten"). All personal data collected on the basis of such consent will be deleted. Withdrawal of consent may also result in the deletion of the User's profile if the processing of personal data is necessary for maintaining the account and providing the services.

5. Account Registration and Management

To access the full range of services on the Platform, the User must create a registered profile by providing the required personal data, such as name, email address, and password. The User is responsible for ensuring that all information provided during registration is accurate, complete, and kept up to date.

The User may access, update, or correct their personal data at any time through their account settings. If the User wishes to delete their account, they may do so by following the instructions provided on the Platform or by contacting the Owner directly.

Deletion of the account will result in the removal of the User's personal data, except where retention is required by law or for legitimate business purposes, as described in this Policy.

6. Account Creation and Security

When creating an account on the Platform, the User must choose a secure password and keep their login credentials confidential. The User is solely responsible for all activities that occur under their account and must immediately notify the Owner of any unauthorized access or suspected security breach.

The Owner implements appropriate technical and organizational measures to protect User accounts and personal data, including encryption of data both at rest and in transit. Access to personal data is strictly limited to authorized individuals and is protected by access controls.

Despite these measures, no system can be guaranteed to be completely secure. The Owner cannot be held liable for any unauthorized access or loss of data that occurs despite the implementation of reasonable security safeguards.

7. Service Provision and Communication

The Owner processes personal data to provide, operate, and improve the Platform's services, including account management, portal creation, document sharing, communication features (such as chat and notes), and meeting scheduling. Personal data may also be used to communicate with the User regarding service updates, technical issues, security alerts, or changes to the Platform or its policies.

All communications related to the provision of services are considered essential and are not subject to marketing consent. The Owner may use the User's email address and other contact information for these purposes. The User cannot opt out of receiving essential service-related communications while maintaining an active account on the Platform.

8. Security and Fraud Prevention

The Owner processes personal data to ensure the security and integrity of the Platform, protect against unauthorized access, misuse, or fraudulent activities, and to detect and prevent security incidents. This includes monitoring account activity, logging IP addresses, and implementing technical safeguards such as encryption and access controls.

Personal data may be used to investigate suspicious behavior, respond to security threats, and comply with legal obligations related to data security. These measures are necessary to protect both the Platform and its Users.

9. User Responsibility for Uploaded Content

Registered Users are solely responsible for the content and documents they upload, share, or distribute through the Platform. The Platform does not monitor or control the specific types of data included in uploaded documents, and the Owner cannot be held liable for the nature or legality of such content.

Users must ensure that any personal data or other information contained in uploaded documents complies with applicable laws and does not infringe the rights of third parties. By uploading content, the User confirms that they have all necessary rights and permissions to share such data.

10. Use of Cookies and Similar Technologies

The Platform uses cookies and similar technologies to enhance the User experience, analyze Platform usage, and for other operational purposes. Detailed information about the types of cookies used, their purpose, and how Users can manage their preferences is available in the separate Cookie Policy (link: https://www.tiny-portals.com/cookie-policy).

11. Data Storage

All personal data collected through the Platform is stored on secure servers located in Frankfurt, Germany, through a cooperation with Neon, Inc. This may involve the transfer of data outside the country of the Owner's residence. The Owner ensures that all data storage and processing comply with applicable data protection laws, including the GDPR.

12. Data Transfer

All personal data collected through the Platform is stored on secure servers located in Frankfurt, Germany. This may involve the transfer of data outside the country of the Owner's residence. Germany is included on the list of countries to which data transfers are permitted under the decisions of the European Data Protection Board (EDPB) and in accordance with Convention 108 of the Council of Europe.

13. Data Retention

The Owner retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the provision of services, compliance with legal obligations, resolution of disputes, and enforcement of Terms of Service (agreement between parties).

Personal data associated with inactive registered profiles will be regularly deleted after a period of two (2) years from the last activity on the profile. Prior to the deletion of an inactive account, the Owner will send a notification email to the User's registered email address. This notification is solely for the purpose of informing the User about the impending deletion and allowing them to react or prevent the deletion, and it is not used for marketing purposes.

The right to erasure of personal data does not extend to data stored in backup systems. Backup data is retained for a limited period for disaster recovery purposes and is subject to strict security measures. Once the backup retention period expires, the data is securely deleted.

14. User rights under GDPR

The Owner respects all rights granted to data subjects under the General Data Protection Regulation (GDPR). A Registered User may exercise the rights listed below by sending a written request to the contact address published on the Platform. Before acting on a request, the Owner may require additional information to verify the User's identity. The Owner normally responds within one (1) month; this period may be extended by two (2) further months for complex or numerous requests. No fee is charged, unless a request is manifestly unfounded or excessive.

Right:

  • Access – The User may obtain confirmation whether personal data are processed and receive a copy of the data and accompanying information. This right may be refused or limited where disclosure would adversely affect the rights & freedoms of others or conflict with legal secrecy obligations.
  • Rectification – The User may have inaccurate or incomplete personal data corrected without undue delay. None, save where the Owner must retain an immutable record for legal reasons.
  • Erasure – "Right to be Forgotten" – The User may request deletion of personal data processed on the basis of consent or where data are no longer needed. The Owner may retain data (a) to comply with legal obligations, (b) to establish, exercise, or defend legal claims, and (c) in disaster-recovery backups (which are automatically overwritten after the backup retention cycle). Deletion of consent-based data will normally also delete the User profile where that data are essential for the account.
  • Restriction of Processing – The User may request that data be "frozen" (no active processing) while accuracy, legality, or objection claims are assessed. Processing may continue for storage and for legal claims.
  • Data Portability – The User may receive personal data provided to the Owner in a structured, commonly used, machine-readable format and have them transmitted directly to another controller where technically feasible. Applies only to data processed by automated means on the basis of consent or contract.
  • Objection – The User may object at any time to processing carried out on the basis of legitimate interests. Processing will cease unless the Owner demonstrates compelling legitimate grounds overriding the User's interests or needs the data for legal claims. Not applicable to processing based on consent or legal obligation. Marketing e-mails can be opted-out at any time via the "unsubscribe" link.
  • Withdraw Consent – The User may withdraw consent at any time with future effect. Withdrawal will be treated as a request for erasure of all data processed solely on the basis of that consent and may result in deletion of the User's profile if such data are necessary for the service. Consent withdrawal does not affect processing performed before withdrawal nor data retained under other lawful bases.
  • No Automated Individual Decision-Making – The Platform does not rely on solely automated decisions that produce legal or similarly significant effects on the User.
  • Complaint to a Supervisory Authority – The User may lodge a complaint with the competent data-protection authority, in particular in the EU Member State of habitual residence, place of work, or place of the alleged infringement. For Users in Serbia, the competent authority is the Commissioner for Information of Public Importance and Personal Data Protection; for EU Users, any relevant EU supervisory authority may be contacted.

Exercising any of the above rights will not prejudice the User's other statutory remedies.

15. Third-Party Services

The Platform may integrate with or provide access to third-party services, including but not limited to Calendly, Google Sign-In, and Google Drive. When using these services, personal data may be shared with or processed by the respective third-party providers. The processing of personal data by these third parties is governed solely by their own privacy policies and terms of service.

The Owner does not control and is not responsible for the data processing practices, security measures, or privacy policies of third-party services. Users are encouraged to review the privacy policies of any third-party services they choose to use in connection with the Platform.

Use of third-party services is voluntary and not required for all functionalities of the Platform. Any data shared with third-party services is at the User's own discretion and risk.

16. Data Security Measures

The Owner implements robust technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • Encryption: Personal data is encrypted both at rest (when stored on servers) and in transit (when being transmitted over networks).
  • Access Controls: Access to personal data is strictly limited to authorized personnel who require access for the performance of their duties, and is protected by strong authentication and authorization mechanisms.
  • Regular Security Audits: The Owner conducts regular security assessments and audits to identify and address potential vulnerabilities.
  • Backup and Recovery: Regular backups of data are performed to ensure data availability and recovery in the event of a disaster. As noted in Section 13 (Data Retention), backup data is retained for a limited period and is not subject to immediate erasure requests.
  • Physical Security: Servers and data storage facilities are located in secure data centers with appropriate physical security controls.

While the Owner strives to ensure a high level of data security, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, the Owner cannot guarantee absolute security of personal data. The User acknowledges this inherent risk when using the Platform.

17. Changes to this Privacy Policy

The Owner reserves the right to update or modify this Privacy Policy at any time to reflect changes in legal requirements, business practices, or the functionalities of the Platform. Users will be notified of any material changes to this Policy through the Platform or by email, where possible.

Continued use of the Platform after such changes have been communicated constitutes acceptance of the updated Privacy Policy. If the User does not agree with the revised Policy, the User should discontinue use of the Platform and may request deletion of their account and personal data.

18. Contact information

For any questions regarding this Privacy Policy or personal data processing, please contact the Owner via the contact details provided on the Platform via email: dan@tiny-portals.com.

19. Governing Law and Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Serbia.

Any dispute, controversy, or claim arising out of or relating to this PP, the Platform, or the services provided, including the validity, interpretation, or performance thereof, shall be finally resolved by business arbitration seated within the European Union, at the choice of the claimant (User or Owner). Alternatively, the claimant may choose to submit the dispute to the competent courts in Belgrade, Republic of Serbia.

The language of the arbitration shall be English, unless otherwise agreed by the parties. The decision of the arbitral tribunal shall be final and binding on the parties.