TerminApp

Politika Privatnosti

Poslednje azuriranje: 6. maj 2026.

1. Ko smo mi i rukovaoc podataka

TerminApp je mobilna aplikacija za zakazivanje termina u salonima lepote, frizerskim salonima i slicnim objektima. Aplikacija omogucava korisnicima da pronadju salone u svom gradu, pregledaju usluge i cene, i zakazu termine online.

Rukovaoc podacima: Ivan Vekic, fizicko lice, Kraljevo, Republika Srbija. Odgovoran je za odredjivanje svrhe i nacina obrade vasih licnih podataka u smislu Zakona o zastiti podataka o licnosti ("ZZPL", Sl. glasnik RS 87/2018).

Kontakt: Za sva pitanja u vezi sa vasim podacima, obratite nam se na terminappsrb@gmail.com

2. Podaci koje prikupljamo

Starosno ogranicenje: Nasa aplikacija je namenjena osobama starijim od 16 godina. Svesno ne prikupljamo podatke od korisnika mladjih od 16 godina. Ako saznamo da smo prikupili podatke od korisnika mladjeg od 16 godina, te podatke cemo obrisati.

Prilikom koriscenja TerminApp, prikupljamo sledece podatke:

Podaci koje vi unosite:

Podatak Obavezan Svrha
Ime i prezime Da Identifikacija pri rezervaciji
Email adresa Da Prijava na nalog, obavestenja
Broj telefona Ne Kontakt za salon pri rezervaciji i u slucaju potrebe
Grad Da Prikaz salona u vasem gradu
Datum rodjenja Ne Provera starosnog ogranicenja (16+)
Profilna slika Ne Personalizacija profila
Biografija Ne Personalizacija profila
Naziv firme i licenca (samo za vlasnike salona) Ne Identifikacija poslovnog subjekta
Radno vreme i raspored (samo za osoblje) Ne Upravljanje terminima i dostupnoscu

Podaci koje automatski prikupljamo:

  • Podaci o uredaju — Tip telefona, verzija operativnog sistema i jedinstveni push token za slanje obavestenja. Notifikacije se isporucuju putem Expo Push servisa, koji koristi Firebase Cloud Messaging (za Android) i Apple Push Notification service (za iOS). Aplikacija povremeno proverava da li postoje nova azuriranja putem Expo servisa (EAS), koji prima osnovne podatke o uredaju, verziji aplikacije i platformi.
  • Podaci o koriscenju — Informacije o vasim rezervacijama, recenzijama i omiljenim salonima. Istorija pretrage se cuva iskljucivo lokalno na vasem uredaju (do 5 unosa) i nikad se ne salje na nase servere.
  • Podaci o prijavljivanju — IP adresa i informacije o pregledacu i uredaju (browser, operativni sistem, tip uredaja) prilikom prijavljivanja na nalog, u cilju bezbednosti naloga. Ne obavljamo IP geolokaciju — ne cuvamo zemlju ni grad korisnika.
  • Podaci o greskama — U slucaju pada ili greske u aplikaciji, automatski se prikupljaju tehnicke informacije (tip uredaja, verzija aplikacije, opis i stack trace greske) putem Sentry servisa, kako bismo poboljsali stabilnost aplikacije. Uz tehnicke podatke se salje i anonimizovani identifikator korisnika; ne saljemo Vas email, ime, broj telefona, niti snimke ekrana.

2a. Pravni osnov obrade

Vase licne podatke obradujemo na osnovu sledecih pravnih osnova u skladu sa ZZPL clanom 12:

  • Izvrsenje ugovora (cl. 12 st. 1 tac. b) — Obrada podataka neophodnih za pruzanje usluge zakazivanja: ime, email, broj telefona, grad, podaci o rezervacijama. Bez ovih podataka ne mozemo vam pruziti uslugu.
  • Pristanak (cl. 12 st. 1 tac. a) — Slanje push obavestenja. Pristanak mozete povuci u bilo kom trenutku kroz podesavanja aplikacije (Podesavanja > Obavestenja) ili slanjem zahteva na nasu email adresu.
  • Legitimni interes (cl. 12 st. 1 tac. f) — Vase podatke obradujemo na osnovu legitimnog interesa kako bismo:
    • Stitili Vas nalog i Servis od neovlascenog pristupa, prevara i automatizovanih napada (logovanje pokusaja prijave, blokada naloga posle 5 neuspelih pokusaja, CSRF zastita, ogranicavanje broja zahteva po IP adresi).
    • Pratili stabilnost i performanse aplikacije i otklanjali tehnicke probleme (interni monitoring, Sentry praćenje grešaka).
    • Komunicirali sa Vama o sigurnosno-tehnickim dogadjajima koji uticu na Vas nalog (npr. obavestenje o sumnjivim prijavama).
    • Sprecavali zloupotrebe Servisa (uzastopne lazne rezervacije, spam i slicno).
    Legitimni interes primenjujemo samo kada smo procenili da nasi interesi ne pretezu nad Vasim osnovnim pravima i slobodama. Imate pravo da ulozite prigovor na obradu zasnovanu na legitimnom interesu (cl. 38 ZZPL).

3. Kako koristimo vase podatke

Vase podatke koristimo iskljucivo za:

  • Pruzanje usluge — Omogucavanje rezervacija, prikazivanje vasih termina, slanje potvrda i podsecanja.
  • Komunikaciju — Obavestenja o vasim rezervacijama putem email-a i push notifikacija.
  • Sigurnost naloga — Zastita vaseg naloga od neovlascenog pristupa.
  • Poboljsanje aplikacije — Analiza kako koristite aplikaciju kako bismo je unapredili.

Vazno: Ne prodajemo vase podatke trecim stranama. Ne koristimo vase podatke za ciljano reklamiranje.

4. Deljenje podataka

Vase podatke delimo samo u sledecim slucajevima:

  • Sa salonima — Kada zakazete termin, salon vidi vase ime, email, broj telefona i profilnu sliku kako bi vas kontaktirao u vezi rezervacije.
  • Javno vidljivo — Ako ostavite recenziju, vase ime i profilna slika su vidljivi svim korisnicima aplikacije.
  • Hosting baze podataka — Svi podaci aplikacije se cuvaju u sertifikovanoj cloud bazi podataka u Evropskoj uniji, sa enkripcijom u mirovanju i ogranicenim pristupom.
  • Skladistenje slika — Profilne slike, slike salona, usluga i recenzija se cuvaju na nasem serveru u Evropskoj uniji, zajedno sa ostalim podacima aplikacije. Slike se isporucuju direktno preko nase domene (terminapp.rs/cdn).
  • Push obavestenja — Za isporuku obavestenja koristimo Expo Push servis koji prosledjuje notifikacije putem Firebase Cloud Messaging (Android) i Apple Push Notification service (iOS). Ovi servisi primaju push token vaseg uredaja i sadrzaj obavestenja.
  • Pracenje gresaka — Za poboljsanje stabilnosti koristimo Sentry servis koji prima tehnicke podatke o greskama u aplikaciji (tip uredaja, verzija aplikacije, opis i stack trace greske) zajedno sa anonimizovanim identifikatorom korisnika. Snimke ekrana, email, ime ni broj telefona se ne salju.
  • Slanje email-ova — Za verifikaciju naloga, pozivnice za osoblje i resetovanje lozinke koristimo Gmail (Google SMTP servis) za slanje email poruka na vasu email adresu.
  • Logovanje i metrika servera — Za pracenje dostupnosti i performansi koristimo interne sisteme za monitoring koji rade iskljucivo unutar nase serverske infrastrukture u Evropskoj uniji. Ovi sistemi ne obraduju licne podatke korisnika u svrhe izvan operativnog praćenja servera.
  • Vlasnici salona — Ako ste registrovani kao vlasnik salona, vase ime i email adresa se prikazuju javno na profilu salona koji ste kreirali, kako bi kupci i posetioci mogli da prepoznaju ko je vlasnik objekta.
  • Geokodiranje — Za prikaz salona na mapi koristimo OpenStreetMap Nominatim servis koji prima adrese salona (ne adrese korisnika).
  • Prikazivanje mapa — Za prikaz mapa koristimo CARTO plocice isporucene putem Fastly CDN. Ovi servisi primaju informacije o geografskoj oblasti koju pregledate.

4a. Medjunarodni prenos podataka

Pojedini pružaoci usluga koje koristimo (Expo, Google, Sentry) mogu poslovati izvan teritorije Republike Srbije, ukljucujuci SAD i drzave Evropske unije. Sopstveni server na kome aplikacija radi i na kome se cuvaju slike nalazi se u Evropskoj uniji. Korisćenjem aplikacije prihvatate da se vasi podaci mogu obradivati u tim drzavama. Biramo pružaoce usluga koji primenjuju odgovarajuce mere zastite podataka (standardne ugovorne klauzule ili slicne mehanizme).

5. Cuvanje podataka

Vase podatke cuvamo dok imate aktivan nalog u aplikaciji. Kada obrisete nalog:

  • Vas nalog se odmah deaktivira i vise ne mozete pristupiti aplikaciji
  • Sve aktivne sesije se odmah opozivaju
  • Predstojeće rezervacije se otkazuju automatski
  • Recenzije ostaju vidljive, ali sa uklonjenim licnim podacima autora (anonimizovane)
  • Evidencija rezervacija se cuva u skladu sa zakonskim obavezama
  • Trajno brisanje: Vasi licni podaci (ime, email, broj telefona, grad, datum rodjenja, profilna slika) ce biti trajno i nepovratno obrisani iz nasih sistema u roku od 30 dana od dana brisanja naloga.
  • Vlasnici salona: njihovi saloni se takodjer deaktiviraju prilikom brisanja naloga
  • Osoblje: deaktiviraju se iz svih salona u kojima su bili registrovani

6. Vasa prava

U skladu sa ZZPL, imate sledeca prava u vezi sa vasim podacima:

  • Pravo pristupa (cl. 26) — Mozete zatraziti kopiju svih podataka koje imamo o vama.
  • Pravo na ispravku (cl. 29) — Mozete ispraviti netacne podatke u podesavanjima profila u aplikaciji.
  • Pravo na brisanje (cl. 30) — Mozete obrisati svoj nalog u podesavanjima aplikacije (Podesavanja > Nalog > Obrisi nalog).
  • Pravo na ogranicenje obrade (cl. 31) — Mozete zatraziti da privremeno ogranicimo obradu vasih podataka u odredjenim okolnostima.
  • Pravo na prenosivost podataka (cl. 37) — Mozete zatraziti kopiju vasih podataka u masinski citljivom formatu.
  • Pravo na prigovor (cl. 38) — Mozete se zaliti na obradu vasih podataka zasnovanu na legitimnom interesu.
  • Pravo na pritužbu nadzornom organu (cl. 82) — Imate pravo da podnesete pritužbu Povereniku za informacije od javnog značaja i zaštitu podataka o ličnosti (Bulevar kralja Aleksandra 15, 11000 Beograd, www.poverenik.rs).

Pravo na ispravku i pravo na brisanje mozete ostvariti samostalno kroz aplikaciju (Podesavanja > Profil i Podesavanja > Nalog). Ostala prava — pristup, ogranicenje obrade, prenosivost i prigovor — ostvaruju se slanjem zahteva na nasu email adresu. Odgovor i, gde je primenljivo, kopiju vasih podataka u masinski citljivom formatu (JSON), dostavljamo u roku od 30 dana od prijema zahteva. U slucaju kompleksnih zahteva ili velikog broja zahteva istovremeno, mozemo produziti taj rok za dodatnih 60 dana, o cemu cemo Vas obavestiti u prvom roku zajedno sa razlogom produzenja. Ukoliko je zahtev ocigledno neosnovan ili se ucestalo ponavlja (vise od jednom u 12 meseci za isto pravo), zadrzavamo pravo da ga odbijemo ili naplatimo razumne troskove njegovog ostvarivanja.

6a. Lice za zaštitu podataka i automatsko odlučivanje

Lice za zaštitu podataka (DPO): TerminApp nije obveznik imenovanja Lica za zaštitu podataka u smislu čl. 56 ZZPL-a, jer naša osnovna delatnost ne podrazumeva redovno i sistemsko praćenje velikog broja lica, niti obradu posebnih kategorija podataka u značajnom obimu. Za sva pitanja u vezi sa obradom ličnih podataka možete nas kontaktirati na terminappsrb@gmail.com.

Automatsko odlučivanje: TerminApp ne donosi odluke isključivo na osnovu automatizovane obrade, uključujući profilisanje, koje proizvode pravne posledice po korisnika ili na sličan način značajno utiču na njega.

7. Sigurnost podataka

Iako preduzimamo razumne tehnicke i organizacione mere za zastitu vasih podataka, ni jedan sistem ne pruza apsolutnu sigurnost. Nase kljucne mere ukljucuju:

  • Sva komunikacija je zasticena HTTPS/TLS enkripcijom
  • Lozinke se cuvaju kriptografski hashirane korišćenjem industry-standard algoritma sa solom (nikada u plaintext-u)
  • Autentifikacioni tokeni se cuvaju u enkriptovanom lokalnom skladistu na uredaju
  • Pristup bazi podataka je ogranicen i zasticen
  • Redovno azuriramo sigurnosne mere

8. Kolacici (Cookies)

Koristimo iskljucivo tehnicke kolacice za autentifikaciju i upravljanje sesijama. Tokeni za pristup, osvezavanje sesije i fingerprint cuvaju se kao httpOnly+secure kolacici i nisu citljivi iz JavaScripta. Pored njih, postavljamo i jedan CSRF token kolacic koji jeste citljiv iz JavaScripta aplikacije, kako bi mogao biti poslan u zaglavlju zahteva i tako sprecio CSRF napade — ovaj kolacic ne sadrzi licne podatke i ne moze se koristiti za pracenje. Ne koristimo analiticke niti reklamne kolacice.

9. Izmene politike

Ovu politiku privatnosti mozemo povremeno azurirati. O znacajnim promenama cemo vas obavestiti putem aplikacije ili email-a. Preporucujemo da povremeno proverite ovu stranicu.

Imate pitanja?

Kontaktirajte nas

terminappsrb@gmail.com

1. Who We Are and Data Controller

TerminApp is a mobile application for booking appointments at beauty salons, hair salons, and similar establishments. The app allows users to find salons in their city, browse services and prices, and book appointments online.

Data Controller: Ivan Vekic, individual, Kraljevo, Republic of Serbia. Responsible for determining the purpose and means of processing your personal data under the Law on Personal Data Protection ("ZZPL", Official Gazette RS 87/2018).

Contact: For any questions regarding your data, please contact us at terminappsrb@gmail.com

2. Data We Collect

Age requirement: Our app is intended for users aged 16 and older. We do not knowingly collect data from users under the age of 16. If we learn that we have collected data from a user under 16, we will delete that data.

When using TerminApp, we collect the following data:

Data you provide:

Data Required Purpose
Full name Yes Identification for bookings
Email address Yes Account login, notifications
Phone number No Contact for salon upon booking and when needed
City Yes Display salons in your city
Date of birth No Age verification (16+)
Profile picture No Profile personalization
Bio No Profile personalization
Business name and license (salon owners only) No Business entity identification
Work schedule and availability (staff only) No Appointment and availability management

Data we collect automatically:

  • Device data — Device type, operating system version, and a unique push token for sending notifications. Notifications are delivered via the Expo Push service, which uses Firebase Cloud Messaging (for Android) and Apple Push Notification service (for iOS). The app periodically checks for updates via the Expo service (EAS), which receives basic device information, app version, and platform.
  • Usage data — Information about your bookings, reviews, and favorite salons. Search history is stored exclusively on your device (up to 5 entries) and is never transmitted to our servers.
  • Login data — IP address and browser/device information (browser, operating system, device type) when logging in to your account, for account security purposes. We do not perform IP geolocation — we do not store your country or city.
  • Error data — In case of an app crash or error, technical information is automatically collected (device type, app version, error description and stack trace) via the Sentry service to improve app stability. An anonymized user identifier is attached to these technical reports; we do not send your email, name, phone number, or screenshots.

2a. Legal Basis for Processing

We process your personal data on the following legal bases in accordance with ZZPL Article 12:

  • Contract performance (Art. 12(1)(b)) — Processing data necessary to provide the booking service: name, email, phone number, city, booking data. Without this data we cannot provide you the service.
  • Consent (Art. 12(1)(a)) — Sending push notifications. You can withdraw your consent at any time through the app settings (Settings > Notifications) or by sending a request to our email address.
  • Legitimate interest (Art. 12(1)(f)) — We process your data on the basis of legitimate interest in order to:
    • Protect your account and the Service from unauthorized access, fraud, and automated attacks (login attempt logging, account lockout after 5 failed attempts, CSRF protection, IP-based rate limiting).
    • Monitor the stability and performance of the application and resolve technical problems (internal monitoring, Sentry error tracking).
    • Communicate with you about security or technical events affecting your account (e.g. suspicious login alerts).
    • Prevent abuse of the Service (repeated fake bookings, spam, etc.).
    We rely on legitimate interest only when we have determined that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest (Art. 38 ZZPL).

3. How We Use Your Data

We use your data exclusively for:

  • Providing the service — Enabling bookings, displaying your appointments, sending confirmations and reminders.
  • Communication — Notifications about your bookings via email and push notifications.
  • Account security — Protecting your account from unauthorized access.
  • Improving the app — Analyzing how you use the app to make it better.

Important: We do not sell your data to third parties. We do not use your data for targeted advertising.

4. Data Sharing

We share your data only in the following cases:

  • With salons — When you book an appointment, the salon can see your name, email, phone number, and profile picture to contact you regarding the booking.
  • Publicly visible — If you leave a review, your name and profile picture are visible to all app users.
  • Database hosting — All application data is stored in a certified cloud database located in the European Union, with encryption at rest and restricted access.
  • Image storage — Profile pictures, salon images, service images, and review images are stored on our own server in the European Union, together with the rest of the application data. Images are delivered directly through our own domain (terminapp.rs/cdn).
  • Push notifications — For delivering notifications, we use the Expo Push service which forwards notifications via Firebase Cloud Messaging (Android) and Apple Push Notification service (iOS). These services receive your device's push token and notification content.
  • Error tracking — To improve stability, we use the Sentry service which receives technical error data from the app (device type, app version, error description and stack trace) along with an anonymized user identifier. Screenshots, email, name, and phone number are not sent.
  • Email delivery — For account verification, staff invitations, and password resets, we use Gmail (Google SMTP service) to send email messages to your email address.
  • Server logging and metrics — For monitoring availability and performance we use internal systems that run exclusively within our own server infrastructure in the European Union. These systems do not process user personal data for any purpose beyond operational server monitoring.
  • Salon owners — If you are registered as a salon owner, your name and email address are publicly displayed on the salon profile you have created, so that customers and visitors can recognise the owner of the establishment.
  • Geocoding — To display salons on the map, we use OpenStreetMap Nominatim service which receives salon addresses (not user addresses).
  • Map display — For displaying maps, we use CARTO map tiles delivered via Fastly CDN. These services receive information about the geographic area you are viewing.

4a. International Data Transfers

Some of the service providers we use (Expo, Google, Sentry) may operate outside the territory of the Republic of Serbia, including the USA and European Union countries. Our own server, on which the app runs and on which images are stored, is located in the European Union. By using the app you accept that your data may be processed in those countries. We select service providers that apply appropriate data protection measures (standard contractual clauses or similar mechanisms).

5. Data Retention

We retain your data as long as you have an active account in the app. When you delete your account:

  • Your account is immediately deactivated and you can no longer access the app
  • All active sessions are immediately revoked
  • Upcoming bookings are automatically cancelled
  • Reviews remain visible, but with the author's personal data removed (anonymized)
  • Booking records are retained in accordance with legal obligations
  • Permanent deletion: Your personal data (name, email, phone number, city, date of birth, profile picture) will be permanently and irreversibly deleted from our systems within 30 days of account deletion.
  • Salon owners: their salons are also deactivated upon account deletion
  • Staff: deactivated from all salons in which they were registered

6. Your Rights

In accordance with ZZPL, you have the following rights regarding your data:

  • Right of access (Art. 26) — You can request a copy of all data we hold about you.
  • Right to rectification (Art. 29) — You can correct inaccurate data in your profile settings in the app.
  • Right to erasure (Art. 30) — You can delete your account in the app settings (Settings > Account > Delete account).
  • Right to restrict processing (Art. 31) — You can request that we temporarily restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 37) — You can request a copy of your data in a machine-readable format.
  • Right to object (Art. 38) — You can object to the processing of your data based on legitimate interest.
  • Right to lodge a complaint with the supervisory authority (Art. 82) — You have the right to lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (Bulevar kralja Aleksandra 15, 11000 Belgrade, www.poverenik.rs).

The right to rectification and right to erasure can be exercised directly inside the app (Settings > Profile and Settings > Account). Other rights — access, restriction of processing, portability and objection — are exercised by sending a request to our email address. We will respond and, where applicable, deliver a copy of your data in a machine-readable format (JSON) within 30 days of receiving the request. For complex requests or a high volume of simultaneous requests, we may extend this period by an additional 60 days; in that case we will inform you within the first period and explain the reason for the extension. If a request is manifestly unfounded or repetitive (more than once in 12 months for the same right), we reserve the right to refuse it or charge a reasonable fee for fulfilling it.

6a. Data Protection Officer and Automated Decision-Making

Data Protection Officer (DPO): TerminApp is not required to designate a Data Protection Officer under Art. 56 of ZZPL, as our core activity does not involve regular and systematic monitoring of a large number of individuals, nor processing of special categories of data on a large scale. For any questions regarding the processing of personal data, you can contact us at terminappsrb@gmail.com.

Automated Decision-Making: TerminApp does not make decisions based solely on automated processing, including profiling, that produce legal effects concerning the user or similarly significantly affect them.

7. Data Security

While we apply reasonable technical and organisational measures to protect your data, no system can guarantee absolute security. Our key measures include:

  • All communication is protected with HTTPS/TLS encryption
  • Passwords are stored cryptographically hashed using an industry-standard salted algorithm (never in plaintext)
  • Authentication tokens are stored in encrypted local storage on the device
  • Database access is restricted and secured
  • We regularly update our security measures

8. Cookies

We use strictly necessary cookies for authentication and session management. The access token, refresh token and fingerprint cookies are stored as httpOnly+secure cookies and cannot be read from JavaScript. In addition, we set a single CSRF token cookie which is readable from JavaScript so it can be echoed in a request header to prevent CSRF attacks — this cookie does not contain personal data and cannot be used for tracking. We do not use analytics or advertising cookies.

9. Policy Changes

We may update this privacy policy from time to time. We will notify you of significant changes via the app or email. We recommend checking this page periodically.

Have questions?

Contact us

terminappsrb@gmail.com