Privacy Policy

Date of last version: 15.03.2019.


With this Privacy Policy PHIACADEMY doo (hereinafter: the Academy) shall inform you on how it intends to use the personal information (Personal Data) it has collected from you (hereinafter: the Data Subject) in the process of ordering ticket(s) for the MasterClass 2019 event which shall be held 20 – 22 September 2019 in Belgrade, Serbia via our website, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Serbian Personal Data Protection Act, in regard to the following:

Provision of Consent

The provision of Personal Data Processing Consent is voluntary and in accordance with the Privacy Policy you are hereby providing your consent to process your personal data.

Registering Another Attendee

If you are registering another person as an Attendee, it is your responsibility to ensure that said person is aware of the terms of this Privacy Policy and that he/she complies with this Privacy Policy.

Type of Information We Collect

The reason we ask for your Personal Data is because we require it to complete the order and delivery of your ticket(s) to our MasterClass 2019 event. We do not collect nor process any special categories of personal data.

Categories of Personal Data Processed

Personal Data includes:

  • Your personal details: first and last name, address, city/town, state, postal (zip) code, e-mail address
  • Data re your purchase: quantities and price
  • Attendee info: first and last name

Purpose and Legal Basis of Personal Data Processing

The Academy processes Personal Data based on the Law and the consent of the Data Subject. The Academy processes Personal Data with aim to:

  • execute the rights and obligations derived from the business relationship between the Academy and the Data Subject to fulfil our contractual obligations, this includes, in particular, the delivery of the tickets ordered.
  • fulfill our legal obligations such as the storage of business papers and contractual documents. Such obligations may arise from the GDPR, the Serbian Company Law, Serbian Tax Legislation or the Serbian Civil Code.
  • execute legislative obligations of the Academy (in accordance with the Personal Data Protection Law and the GDPR)

How Long Do We Process Your Personal Data?

The Academy shall process Personal Data collected for the purpose of executing the rights and obligations derived from the business relationship until the completion of the business relationship with the Data Subject (within 7 days from the final day of the MasterClass 2019 event ) except in cases when the Academy is obliged to keep data even after the business relationship with the Data Subject has ended, according to the Law and in accordance with the Data Subject’s consent or legitimate interest (e.g. in the event of a legal dispute between the Data Subject and the Academy).

Who Receives Your Personal Data?

The Academy’s employees will receive your personal information for the purposes outlined above. If we are legally obliged to do so, we will also transfer your Personal Data to state bodies and authorities. In addition, companies commissioned by us (in particular, IT or payment services and back office providers) will receive your Personal Data if they need it to fulfill their respective tasks. These providers are obliged to treat your Personal Data with confidentiality, to process it only to the extent necessary for their service provision and have undertaken to ensure an adequate level of Personal Data protection.

Are You Obliged to Provide Personal Data?

For the fulfilment of our contractual obligations, it is necessary that you provide your Personal Data, otherwise we cannot enter into a contractual relationship with you and you will not be able to order your ticket(s).

Your Rights in the Context of the Processing of Your Personal Data

The Data Subject has the right to access the Personal Data being processed by the Academy.

In cases stipulated by regulations in the area of personal data protection, the Data Subject has the right to require rectification, update, erasure, as well as the right to object to and restrict processing. The Data Subject has the right to submit a complaint in regard to his/her Personal Data processing at any moment.

Right to Lodge a Complaint with a Supervisory Authority

Under the conditions set forth by the regulation, if you believe that we have violated your rights under the GDPR or Serbian Personal Data Protection Act while processing your Personal Data, please contact us. In this manner, will address your concerns as quickly as possible.

The Data Subject has the right to lodge a complaint with a supervisory authority (the Commissioner for Information of Public Importance and Personal Data Protection of Serbia) regarding the Personal Data processing of his/her Personal Data.

Automated Decision-making

We do not apply automated decision-making or profiling.

Transaction Information

When you access our website for payment processing, we do not retain any information which may be used for personal identification or any financial information that you have entered into our website in order to execute a payment transaction. We do not collect or store any information that is entered into our website contained on payment cards. This applies in both payment methods – bank transfer and the use of credit or debit cards.

Data protection for card payments

During the entering of payment card information, confidential information is transmitted via a public network in a secure (encrypted) form using SSL protocols, using the latest methods of sensitive data tokenization, and in accordance with PCI-DSS standards. The security of the data during the purchase is guaranteed by the processor of payment cards UniCredit Bank Belgrade. No information about the payment card is available to the Academy as the merchant at any moment.
3D Secure Protection for All Merchants and Customers – AllSecure Payment Gateway uses the highest global standards of protection and privacy of data. All merchants who use AllSecure Payment Gateway are automatically included in 3D-Secure protection, which guarantees customers the security of purchasing. Customer payment card numbers are not stored on the merchant system and the entry itself is protected by SSL data encryption.
PCI DSS Standards – AllSecure Payment Gateway is consistently compliant with all the requirements of card organizations in order to increase the level of security of traders and customers. From 2005 to the present, without interruption, the system has been certified as PCI-DSS Level 1, which is the highest standard in the industry. PCI Data Security Standard (PCI-DSS) is a standard that defines the necessary security measures for processing, storage and transmission of sensitive card data. PCI Standards are sensitive to sensitive cardholder data during the entire payment process: from the moment the data is entered at the merchant’s point of sale, during communications between the trader and the relevant banks and card organizations and the subsequent storage of such data.

When the customer card data, at his request or upon the Academy’s decision, is stored in a certified manner for later use, this data is stored on AllSecure PCI-DSS level 1 certified servers. Such card data is transferred in a completely secure and certified manner. The Academy at no time has access to card number information and other sensitive data, but it gets a reference token that can only be used in accordance with the terms agreed with the Date Subject. The Date Subject has the option of deregistration of the previously registered card, as well as to change the details of the previously tokenized card.

Links to Other Web Sites

This Privacy Policy applies to our website only. The website may contain links to other websites not operated or controlled by us (i.e. Third-Party Websites). The policies and procedures we have described herein do not apply to Third-Party Websites and we are not responsible for the privacy, information or other practices of any Third-Party Websites. The inclusion of a link on our website does not imply endorsement of the linked website by us. We suggest contacting those websites directly for information on their privacy policies.

Changes to this Privacy Policy

Our website may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this Privacy Policy periodically, and especially before providing any Personal Data. This Privacy Policy was last updated on the date indicated above. If you did not ask us to erase your Personal Data after any changes or revisions to this Privacy Policy, this shall indicate your agreement and or consent with the terms of such revised Privacy Policy.


We use cookies on our website, which are small files stored on your device (web browser). On your next visit to our website using the same device, the information stored in cookies will subsequently be returned to our website. We use the Data collected through these cookies to better represent our website and to make our offers user-friendly, for example, to evaluate the use of our website. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit. Other cookies are stored on our website only for the duration of your visit.

Access to Information: Contacting Us

To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the website:

Who Can You Contact?

If you have any questions or concerns relating to your Personal Data, contact us directly by e-mail by by telephone or by postal services at the following addresses:

Company: PhiAcademy doo Belgrade
Phone number: + 381 63 681 077
Address: Bulevar Oslobodjenja 137 Belgrade, Serbia