Skip to content
00.00
APEX∑ SR

Privacy Policy

Last updated: 10 June 2026

1. Data Controller

This Privacy Policy describes how ApexSigma d.o.o. processes personal data. Full registration details (registered address, company registration number, and tax ID/PIB) are available on request (hereinafter "Apex Sigma", "we", "us" or "our").

Apex Sigma acts as a data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation — GDPR) and the Serbian Law on Personal Data Protection ("Sl. glasnik RS", No. 87/2018 — ZZPL).

For any questions regarding the processing of your personal data, please contact us at: office@apexsigma.rs. If a dedicated Data Protection Officer has been appointed, the contact is available on request.

2. What Data We Collect

Our website (apexsigma.rs) is a static site that sets no analytics, marketing, or tracking cookies. Personal data is collected solely when a visitor completes and submits the contact/briefing form. In that case we collect:

  • Full name
  • Organisation name
  • Email address
  • A brief description of your primary need / message

We do not collect special categories of personal data (e.g. health, biometric, or racial/ethnic origin data). We do not carry out automated decision-making or profiling based on the data we collect.

3. Legal Basis for Processing (GDPR Art. 6 / ZZPL Art. 12)

Processing of personal data collected via the form is based on:

  • Consent of the data subject (GDPR Art. 6(1)(a); ZZPL Art. 12(1)(1)) — by submitting the form you consent to us contacting you regarding your enquiry.
  • Legitimate interests of the controller (GDPR Art. 6(1)(f); ZZPL Art. 12(1)(6)) — responding to business enquiries and ensuring the security of information systems.

4. How We Use Your Data

We use your data exclusively for the following purposes:

  • Responding to your enquiry and providing requested information about our services
  • Establishing a business relationship, if you request one
  • Fulfilling legally required record-keeping and reporting obligations

We do not sell, rent, or otherwise commercially transfer your personal data to third parties. Data is not used for marketing purposes without your explicit consent.

5. Cookies

Our website currently sets no cookies other than those that are strictly technically necessary for the site to function (if any). We do not use third-party analytics tools (such as Google Analytics, Facebook Pixel, or similar) or tracking pixels.

Should we introduce analytics or functional cookies in the future, this Privacy Policy will be updated before such cookies are activated, and you will be notified via an appropriate cookie notice on the site.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, and no longer than:

  • Contact form data — up to one year from the last contact, unless a business relationship has been established that requires a longer retention period, or unless a statutory obligation dictates otherwise.
  • Data forming part of contractual or accounting documentation — in accordance with applicable legislation on accounting records and archive material.

On expiry of the retention period, data is permanently deleted or anonymised.

7. Data Sharing and Processors

We may share your data with the following categories of recipients, solely for the purposes described in this Policy:

  • Form submission and email delivery service provider — available on request (data processor, engaged under a data processing agreement in accordance with GDPR Art. 28 / ZZPL Art. 45)
  • Competent public authorities and regulatory bodies — only where disclosure is required by law

Where data is transferred outside the European Economic Area or outside Serbia, we ensure appropriate safeguards in accordance with GDPR Chapter V and ZZPL Arts. 64–72 (standard contractual clauses or other permissible transfer mechanisms).

8. Your Rights

Under GDPR and ZZPL, you have the following rights regarding your personal data:

  • Right of access — to obtain confirmation of whether your data is processed and a copy of that data (GDPR Art. 15; ZZPL Art. 26)
  • Right to rectification — to request correction of inaccurate or completion of incomplete data (GDPR Art. 16; ZZPL Art. 29)
  • Right to erasure ("right to be forgotten") — to request deletion of your data where statutory grounds apply (GDPR Art. 17; ZZPL Art. 30)
  • Right to restriction of processing — to request temporary suspension of processing in certain cases (GDPR Art. 18; ZZPL Art. 31)
  • Right to data portability — to receive your data in a structured, machine-readable format (GDPR Art. 20; ZZPL Art. 36)
  • Right to object — to object to processing based on legitimate interests or for direct marketing purposes (GDPR Art. 21; ZZPL Art. 37)
  • Right to withdraw consent — without affecting the lawfulness of processing carried out before withdrawal (GDPR Art. 7(3); ZZPL Art. 15)

To exercise any of the above rights, please contact us at: office@apexsigma.rs. We will respond within 30 days of receipt of the request (with a possible extension of a further 60 days for complex requests, with prior notification).

If you believe that the processing of your data infringes data protection regulations, you have the right to lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia (www.poverenik.rs). If GDPR applies, you may also contact the supervisory authority in the EU member state where you have your habitual residence or place of work.

9. Data Security

We apply technical and organisational security measures in accordance with GDPR Art. 32 and ZZPL Art. 50, including encryption in transit (HTTPS/TLS), access controls, and periodic risk assessments. As a company specialising in cybersecurity, data protection is at the core of our operations.

10. Contact

For any questions, requests, or complaints regarding the processing of your personal data, please contact us at:

  • Email: office@apexsigma.rs
  • Postal address: available on request

11. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in legislation, our services, or how we process data. The date of the last update is shown at the top of this document. In the event of material changes, you will be notified in an appropriate manner.

APEX∑

Serbian cyber compliance & awareness concept. Legal compliance, cyber awareness, SOC, and penetration testing connected into one provable program.

Capability

Legal complianceCyber awarenessDefense monitoringPenetration testing

Channel

Initial assessmentoffice@apexsigma.rs
© 2026 APEX∑ · STATUS: OPERATIONAL Privacy Policy ·Imprint ▸ type apex anywhere · or press ~