PRIVACY POLICY

and personal data processing

Neon Firefly — Last updated: March 2026.

1. Introductory provisions

This Privacy Policy sets out how Neon Firefly Nenad Bosnić s.p. Banja Luka (hereinafter: "we", "us" or "controller") collects, uses, stores and protects the personal data of users who visit the website theneonfirefly.com or who get in touch via the forms available on the website.

Please read this document carefully before submitting your personal data to us. By using our website or completing any of the forms, you confirm that you are aware of how we process your data.

This policy is aligned with the General Data Protection Regulation of the European Union (Regulation EU 2016/679, hereinafter: "GDPR") and with the Law on Personal Data Protection of Bosnia and Herzegovina (Official Gazette of BiH no. 12/2025, hereinafter: "the Law").

2. Data controller

The personal data controller within the meaning of the GDPR and the Law is:

Neon Firefly Nenad Bosnić s.p. Banja Luka
Email: office@theneonfirefly.com
Website: https://theneonfirefly.com

3. What personal data we collect

Depending on which form you complete, we may collect:

  • First and last name — for identification and personalisation of communication
  • Email address — in order to respond to your enquiry
  • Mobile phone number — for contact regarding your enquiry
  • Company, association or organisation name — to understand the business context
  • Primary business activity — to tailor the service offering
  • Message or question content — in order to respond appropriately

We do not collect special categories of personal data (sensitive data) such as health data, racial or ethnic origin, political opinions, religious beliefs or biometric data.

4. Purpose and legal basis for processing

4.1 Responding to enquiries and preparing business engagement

Purpose: Processing data in order to respond to your enquiry and prepare a potential business engagement.
Legal basis: Article 8(1)(b) of the Law — taking steps at the request of the data subject prior to entering into a contract.

4.2 Legitimate business interest

Purpose: Keeping records of received enquiries and improving service quality.
Legal basis: Article 8(1)(f) of the Law — legitimate interests of the controller.

4.3 Compliance with legal obligations

Purpose: Retaining data for the purpose of fulfilling legal obligations.
Legal basis: Article 8(1)(c) of the Law.

5. Cookies

Our website uses cookies — small text files stored on your device.

5.1 Types of cookies

  • Necessary cookies — required for the website to function correctly, do not require consent
  • Analytical cookies — Google Analytics, activated only with your consent
  • Functional cookies — remember your preferences, activated with your consent

5.2 Managing cookies

When you first visit the website, you will be shown a cookie notice. You can change your preferences at any time via your browser settings.

6. Data retention period

Data category Retention period
Contact form data (no business engagement) 12 months
Data related to business engagement Duration + 5 years
Training registration data 24 months from the date of training
Analytical data (anonymised) 14 months

7. Sharing data with third parties

We do not sell or share your personal data with third parties for commercial purposes. Data may be accessible to the following technical service providers:

  • Automattic Inc. (WordPress) — the platform on which the website is hosted
  • WPForms — plugin for form processing
  • Google LLC (Google Analytics) — analytics, with IP address anonymisation

8. Transfer of data outside the EEA

Certain providers (e.g. Google LLC) may process data outside the European Economic Area, protected by standard contractual clauses (SCCs) approved by the European Commission.

9. Your rights as a data subject

  • Right of access (Article 17 of the Law) — the right to find out what data we process
  • Right to rectification (Article 18 of the Law) — the right to request correction of inaccurate data
  • Right to erasure (Article 19 of the Law) — the right to request deletion of your data
  • Right to restriction of processing (Article 20 of the Law) — the right to restrict processing in certain situations
  • Right to data portability (Article 22 of the Law) — the right to receive your data in a machine-readable format
  • Right to object (Article 23 of the Law) — the right to object to processing based on legitimate interest
  • Right to withdraw consent (Article 9 of the Law) — at any time, without retroactive effect

You may submit a request to office@theneonfirefly.com and expect a response within 30 days.

10. Right to lodge a complaint with a supervisory authority

For users in Bosnia and Herzegovina:
Agency for Personal Data Protection of BiH (AZLP) — azlp.ba

For users in the EU:
The supervisory authority in the member state where you habitually reside.

11. Data security

We apply appropriate technical and organisational security measures. The website uses SSL/TLS encryption (HTTPS protocol) for secure data transfer.

12. Links to external websites

Our website may contain links to third-party websites. We are not responsible for their privacy policies.

13. Changes to this policy

We reserve the right to amend this Privacy Policy. All changes will be published on this page along with the date of the last update.

14. Contact

Neon Firefly Nenad Bosnić s.p. Banja Luka
Email: office@theneonfirefly.com

This document constitutes the Privacy Policy and personal data processing policy of the website theneonfirefly.com.

FEEL FREE TO REACH OUT

with a question, a proposal, or an invitation to lunch:

office@theneonfirefly.com

Copyright © Neon Firefly 2026