BrightMarbles d.o.o. ("BrightMarbles", "we", "us", or "our") is a software engineering and consulting company headquartered in Novi Sad, Serbia. We provide custom software development, product design, staff augmentation, and managed engineering services to clients across Europe and beyond. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website at brightmarbles.io or interact with our services.

We collect the following categories of personal data: Contact form data — When you reach out via our contact form, we collect your name, email address, company name (optional), and the message you submit. Job application data — When you apply for a position, we collect your name, email address, phone number, CV/résumé, cover letter, and any additional information you choose to provide. Analytics and usage data — We collect anonymised information about how visitors interact with our website, including pages visited, time on page, referral source, browser type, and device type. This is collected via Google Analytics and Google Tag Manager. Technical data — IP addresses, cookies, and similar identifiers as described in our Cookie Policy.

We use collected data for the following purposes: — To respond to your enquiries and provide the services you have requested — To evaluate job applications and manage the recruitment process — To understand how our website is used and improve its content and performance — To send you updates or marketing communications where you have given consent — To comply with legal obligations and protect our legitimate business interests

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases: Contractual necessity — to fulfil a contract or take pre-contractual steps at your request. Legitimate interests — for analytics, security, and improving our services. Consent — for marketing communications and non-essential cookies (you may withdraw consent at any time). Legal obligation — where required by applicable law.

We work with the following trusted third-party providers who may process your data on our behalf: Google Analytics & Google Tag Manager — website analytics and tag management (Google LLC, USA). Data is anonymised and processed under Google's privacy framework. Prepr.io — our headless content management system (CMS) used to manage website content. Amazon Web Services (AWS SES) — email delivery service for processing contact form submissions. Email data is processed in the eu-north-1 (Stockholm) region. Google reCAPTCHA — bot protection on our contact form. All third parties are bound by data processing agreements and are required to handle your data in accordance with applicable privacy law.

We retain personal data only as long as necessary for the purposes for which it was collected: — Contact form enquiries: up to 2 years — Job applications (unsuccessful): 6 months after the decision, unless you consent to longer retention — Analytics data: 26 months (Google Analytics default) — Cookie data: see our Cookie Policy for specific durations After these periods, data is securely deleted or anonymised.

Under GDPR and applicable data protection laws, you have the following rights: Right of access — request a copy of the personal data we hold about you. Right to rectification — request correction of inaccurate or incomplete data. Right to erasure — request deletion of your data ("right to be forgotten"). Right to restriction — request that we limit how we process your data. Right to portability — receive your data in a structured, machine-readable format. Right to object — object to processing based on legitimate interests or for direct marketing. Right to withdraw consent — withdraw consent at any time where processing is based on consent. To exercise any of these rights, please contact us at the details below. We will respond within 30 days.

We use cookies and similar tracking technologies on our website. For full details on the cookies we use, their purpose, and how to manage them, please see our Cookie Policy.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), access controls, regular security reviews, and secure cloud infrastructure hosted within the EU.

Some of our third-party service providers may transfer personal data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the latest changes were made. We encourage you to review this page periodically.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: BrightMarbles d.o.o. Email: privacy@brightmarbles.io Website: brightmarbles.mk You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.