Privacy

Temelj za rast Privacy Notice

How Temelj collects, uses and protects personal information shared through this website.

Last updatedMay 4, 2026

ControllerTemelj za rast

In shortLast updated: May 4, 2026Website: https://temelj.meCompany / controller: Temelj za rastTrading name: Temelj za rastRegistered address: Trg slobode 5, Ste 12, 85310 Budva, Montenegro Temelj za rast respects your privacy...Overview

Overview

Last updated: May 4, 2026
Website:https://temelj.me
Company / controller: Temelj za rast
Trading name: Temelj za rast
Registered address: Trg slobode 5, Ste 12, 85310 Budva, Montenegro

Temelj za rast respects your privacy and handles personal data with care. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we keep it, who we share it with and what rights you have.

This policy applies to our website, contact forms, demo requests, email communication, marketing activity and general business communication. It also explains how our products, including GuestNesty and Libar, may handle personal data when used by clients.

In shortTemelj za rast is a hospitality growth systems company from Budva, Montenegro. We provide digital growth services, website work, SEO, content marketing, Digital PR, performance marketing, social media marketing...1. Who we are

1. Who we are

Temelj za rast is a hospitality growth systems company from Budva, Montenegro. We provide digital growth services, website work, SEO, content marketing, Digital PR, performance marketing, social media marketing, analytics and hospitality software.

Our software products include:

GuestNesty, an AI concierge for guest communication.
Libar, front-desk software for reception workflow, tasks, discussions, handovers and Booking.com API-supported reservation workflows.

For most website activity, Temelj za rast acts as the data controller. That means we decide why and how we process personal data collected through our website, forms, email and marketing activity.

For some product and client work, especially when a client uses GuestNesty or Libar to process guest data, Temelj za rast may act as a data processor. In that case, the client controls the data and we process it under the client’s instructions and a data processing agreement.

In shortThis Privacy Policy covers personal data connected with: visits to our website; contact forms and demo requests; newsletter or email campaign signups; business inquiries; client communication; service proposals and...2. Scope of this policy

2. Scope of this policy

This Privacy Policy covers personal data connected with:

visits to our website;
contact forms and demo requests;
newsletter or email campaign signups;
business inquiries;
client communication;
service proposals and contracts;
analytics and website performance;
advertising and remarketing;
social media communication;
GuestNesty and Libar inquiries;
product demos, onboarding and support;
data processed through Booking.com API inside Libar, when authorized by a client.

This policy does not replace product-specific agreements, contracts, data processing agreements or client instructions. When a client uses GuestNesty or Libar, additional product terms and data processing terms may apply.

In shortWe collect only the data we need for clear business purposes. The exact data depends on how you interact with us. 3.1 Website visitor data When you visit our website, we may collect technical and usage data such as: IP...3. Personal data we collect

3. Personal data we collect

We collect only the data we need for clear business purposes. The exact data depends on how you interact with us.

3.1 Website visitor data

When you visit our website, we may collect technical and usage data such as:

IP address;
browser type and version;
device type;
operating system;
pages visited;
time and date of visit;
referral source;
language preference;
approximate location based on technical data;
cookie and consent preferences;
interaction with buttons, forms or links.

Some of this data comes from server logs. Some may come from analytics tools, but only where the cookie and consent setup allows it.

3.2 Contact form and inquiry data

When you contact us, request a demo or ask for information, we may collect:

name and surname;
business name;
job title;
email address;
phone number;
website URL;
country or city;
message content;
project details;
property type;
services or products of interest;
preferred contact method;
any files or information you choose to send.

Do not send sensitive personal data through our website forms unless we specifically ask for it and have a lawful reason to process it.

3.3 Newsletter and email marketing data

When you subscribe to email communication or agree to receive marketing emails, we may collect:

email address;
name;
company or property name;
language preference;
consent date and source;
email opens;
link clicks;
unsubscribe status;
campaign preferences.

We use this data to send relevant updates, service information, product news, educational content and offers related to hospitality growth, digital marketing and our products.

3.4 Client and business data

When we work with a client, we may collect:

business contact details;
billing details;
contract details;
project communication;
website access details, where needed;
marketing account access, where authorized;
analytics access, where authorized;
brand, content and campaign materials;
reporting data;
meeting notes;
support requests;
payment and invoice records.

We collect this data to deliver services, manage the relationship, issue invoices, provide support and keep accurate business records.

3.5 Product demo and SaaS account data

For GuestNesty and Libar demos, onboarding and support, we may collect:

name;
business email;
property name;
property type;
role in the business;
phone number;
preferred product;
demo notes;
account access data;
support messages;
configuration choices;
property rules;
service information;
guest journey details;
operational workflows.

For live product use, we may process additional data depending on the client setup and the product contract.

3.6 GuestNesty product data

GuestNesty may process guest communication data when a client uses it as an AI concierge. This can include:

guest questions;
message content;
language preference;
arrival or stay-related information;
property rules;
approved property knowledge;
response history;
escalation notes;
service instructions.

GuestNesty should not receive unnecessary sensitive data. Clients should configure the product with approved information and clear escalation rules.

3.7 Libar product data

Libar may process operational data for reception teams. This can include:

reservation references;
guest name, where required for the workflow;
check-in and check-out dates;
booking status;
room or unit information;
internal notes;
tasks;
handover notes;
staff comments;
operational discussions;
issue status;
Booking.com API data, within available permissions and authorized integration settings.

The exact data depends on the client’s configuration, the Booking.com API permissions and the operational workflow agreed with the client.

3.8 Social media data

When you interact with us on social media, we may process:

profile name;
public profile information;
comments;
messages;
reactions;
shares;
campaign interactions;
lead form details, where submitted.

Social platforms also process your data under their own privacy policies. We do not control how those platforms use your data outside our own pages, campaigns and messages.

3.9 Job or collaboration inquiries

When someone contacts us about work, collaboration or partnership, we may process:

name;
email;
phone number;
CV or portfolio;
work history;
public professional profile;
message content;
interview or meeting notes.

We use this data only to review the inquiry and communicate about possible cooperation.

In shortWe collect data in these ways: directly from you when you fill out a form, email us, book a demo or communicate with us; automatically when you visit the website, through server logs, cookies and similar technologies...4. How we collect personal data

4. How we collect personal data

We collect data in these ways:

directly from you when you fill out a form, email us, book a demo or communicate with us;
automatically when you visit the website, through server logs, cookies and similar technologies;
from clients when they provide business, property or product setup data;
from authorized integrations, such as Booking.com API inside Libar;
from marketing and analytics tools, where allowed;
from public business sources, when relevant for B2B communication;
from social media platforms when you interact with our pages or campaigns.

We do not intentionally collect more data than we need.

In shortWe use personal data for clear business and operational purposes. 5.1 To respond to inquiries We use contact data to answer messages, schedule calls, prepare proposals, provide demos and respond to business requests. 5.2...5. Why we use personal data

5. Why we use personal data

We use personal data for clear business and operational purposes.

5.1 To respond to inquiries

We use contact data to answer messages, schedule calls, prepare proposals, provide demos and respond to business requests.

5.2 To provide services

We use client and project data to deliver website work, SEO, content marketing, Digital PR, paid media, analytics, reporting, consulting and other agreed services.

5.3 To provide products

We use account, configuration, support and operational data to provide GuestNesty and Libar, including onboarding, setup, product support and technical maintenance.

5.4 To support Libar integrations

When a client authorizes Booking.com API integration, Libar may use permitted reservation data to support reception workflow, tasks, handovers, discussions and operational visibility.

5.5 To improve our website

We use website and analytics data to understand how visitors use the site, which pages perform well and where the user experience needs improvement.

5.6 To send marketing communication

We use email and campaign data to send updates, educational content, offers, service information and product news where we have consent or another lawful basis.

5.7 To run advertising and remarketing

We may use advertising tools to show relevant campaigns on platforms such as Google, Meta, TikTok, LinkedIn or Yandex, depending on the active setup and cookie consent.

5.8 To protect security

We use technical data to detect abuse, prevent spam, protect the website, secure accounts, investigate errors and prevent unauthorized access.

5.9 To comply with legal duties

We use data when needed for accounting, tax, contracts, legal claims, regulatory requests and recordkeeping.

In shortWhen GDPR or similar rules apply, we rely on one or more legal bases. Purpose Type of data Legal basis Responding to inquiries Name, email, phone, message, business details Pre-contract steps or legitimate interests...6. Legal bases for processing

6. Legal bases for processing

When GDPR or similar rules apply, we rely on one or more legal bases.

Purpose	Type of data	Legal basis
Responding to inquiries	Name, email, phone, message, business details	Pre-contract steps or legitimate interests
Preparing proposals	Contact details, business information, project needs	Pre-contract steps
Providing services	Client data, project data, access data, communication	Contract performance
Providing GuestNesty or Libar	Account data, setup data, support data	Contract performance
Processing guest data for clients	Guest messages, reservation data, operational data	Client instructions under data processing terms
Sending newsletters	Email, consent record, preferences	Consent
B2B service updates to existing contacts	Business contact details	Legitimate interests, where allowed
Advertising and remarketing	Cookie IDs, device data, campaign interaction	Consent, where required
Analytics	Usage data, device data, page behavior	Consent or legitimate interests, depending on setup
Security and fraud prevention	IP address, logs, technical events	Legitimate interests
Legal and accounting records	Invoice, contract and payment data	Legal obligation
Legal claims	Relevant records and communication	Legitimate interests or legal obligation

We use legitimate interests only where we believe our business need does not override your privacy rights.

In shortOur website may use cookies, pixels, tags, scripts and similar technologies. These tools help the website work, remember preferences, measure performance and support marketing. A cookie is a small file stored on your...7. Cookies and similar technologies

7. Cookies and similar technologies

Our website may use cookies, pixels, tags, scripts and similar technologies. These tools help the website work, remember preferences, measure performance and support marketing.

A cookie is a small file stored on your device. Some cookies are necessary. Others require your consent.

7.1 Cookie categories

We may use these categories:

Category	Purpose	Consent required
Strictly necessary cookies	Keep the website working, store security settings, remember cookie choices	Usually no
Preference cookies	Remember language, display or interface choices	Usually yes, unless strictly necessary
Analytics cookies	Measure traffic, page behavior and website performance	Yes, unless configured as exempt under local rules
Marketing cookies	Support ads, retargeting, campaign measurement and audience building	Yes
Embedded content cookies	Support maps, videos, social embeds or third-party content	Yes, where non-essential

7.2 Cookie consent

When required, we ask for consent before setting non-essential cookies. You can accept, reject or manage cookie categories through the cookie banner or cookie settings link.

You can withdraw consent at any time through Cookie Settings in the website footer or through the consent banner settings.

7.3 Tools that may use cookies or similar technology

Depending on the active website setup, we may use tools such as:

Google Analytics 4;
Google Tag Manager;
Google Ads;
Google Search Console;
Meta Pixel;
LinkedIn Insight Tag;
TikTok Pixel;
Yandex Metrica;
Yandex Ads / Yandex Direct tags;
newsletter tools;
CRM tools;
embedded video tools;
embedded map tools;
security and spam prevention tools.

This list must match the actual tools installed on the website. Remove any tool that is not used.

7.4 Cookie table to publish after a scan

Add the final cookie table after scanning the live website.

Cookie / tool	Provider	Category	Purpose	Duration
[cookie name]	[provider]	Strictly necessary	[purpose]	[duration]
[cookie name]	[provider]	Analytics	[purpose]	[duration]
[cookie name]	[provider]	Marketing	[purpose]	[duration]
[cookie name]	[provider]	Preference	[purpose]	[duration]

7.5 Browser controls

You can also control cookies through your browser settings. Blocking some cookies may affect website functionality.

In shortWe may send marketing emails, service updates, product information and educational content. We send marketing emails only where we have a valid basis. This may include consent, an existing business relationship or...8. Email marketing and communication

8. Email marketing and communication

We may send marketing emails, service updates, product information and educational content.

We send marketing emails only where we have a valid basis. This may include consent, an existing business relationship or another lawful basis allowed by applicable rules.

Every marketing email includes an unsubscribe option. You can also contact us at Email to stop receiving marketing communication.

We may still send non-marketing messages when needed, such as service notices, contract communication, product support messages, billing notices and security updates.

In shortWe may use analytics tools to understand website performance and improve the user experience. Analytics may help us understand: which pages people visit; how visitors move through the site; which devices and browsers...9. Analytics and performance measurement

9. Analytics and performance measurement

We may use analytics tools to understand website performance and improve the user experience.

Analytics may help us understand:

which pages people visit;
how visitors move through the site;
which devices and browsers they use;
which campaigns bring traffic;
which forms or buttons generate interest;
where the website needs improvement.

Where required, analytics tools run only after consent. We aim to avoid collecting unnecessary personal data through analytics.

In shortWe may run advertising campaigns through platforms such as Google, Meta, TikTok, LinkedIn or Yandex. These campaigns may use: campaign interaction data; device and browser data; cookie or pixel identifiers; page visit...10. Advertising and remarketing

10. Advertising and remarketing

We may run advertising campaigns through platforms such as Google, Meta, TikTok, LinkedIn or Yandex.

These campaigns may use:

campaign interaction data;
device and browser data;
cookie or pixel identifiers;
page visit data;
form interaction data;
audience segments;
conversion events.

We use this data to measure campaigns, improve ads and show more relevant messages. Where required, marketing cookies and pixels run only after consent.

Advertising platforms may act as independent controllers, joint controllers or processors depending on the tool and setup. Their own privacy policies may also apply.

In shortGuestNesty uses AI-assisted functionality to support guest communication. It may process guest questions, approved property information, house rules, service details and message context to help generate useful responses...11. GuestNesty and AI-assisted processing

11. GuestNesty and AI-assisted processing

GuestNesty uses AI-assisted functionality to support guest communication. It may process guest questions, approved property information, house rules, service details and message context to help generate useful responses.

We design GuestNesty to support hospitality teams, not to remove human responsibility. Sensitive cases, complaints, special requests and unusual situations should return to the property team.

Where Temelj za rast processes GuestNesty data for a client, we follow the client’s instructions and the applicable product agreement or data processing agreement.

We do not use client guest data to train public AI models unless the contract, law and required consent or authorization clearly allow it.

In shortLibar supports reception workflow, tasks, internal discussions, shift handovers and operational reservation control. When a client authorizes Booking.com API integration, Libar may receive or process reservation data...12. Libar and Booking.com API data

12. Libar and Booking.com API data

Libar supports reception workflow, tasks, internal discussions, shift handovers and operational reservation control.

When a client authorizes Booking.com API integration, Libar may receive or process reservation data available under that integration. This may include booking references, guest names, stay dates, booking status, room or unit data, notes or other permitted fields.

The exact data depends on Booking.com API permissions, client configuration and technical setup.

Libar uses this data to help the client organize daily reception work. It does not decide legal rights, prices or guest eligibility by itself.

Clients remain responsible for ensuring they have the right to connect their booking data to Libar and to inform guests where required.

In shortWhen a hotel, villa, resort or accommodation business uses GuestNesty or Libar, guest data may belong to the client’s own privacy relationship with the guest. In those cases: the client usually acts as the data...13. Client guest data

13. Client guest data

When a hotel, villa, resort or accommodation business uses GuestNesty or Libar, guest data may belong to the client’s own privacy relationship with the guest.

In those cases:

the client usually acts as the data controller;
Temelj za rast may act as a data processor;
we process guest data only under agreed instructions;
we use subprocessors only where needed for the product;
we protect the data with appropriate technical and organizational measures;
we assist the client with reasonable privacy requests where required by the agreement.

Clients should publish their own guest-facing privacy notice explaining how they use GuestNesty, Libar or other guest communication and operational tools.

In shortWe do not sell personal data to data brokers. We may share personal data with trusted providers and partners when needed for business, service delivery, security, analytics or legal compliance. 14.1 Service providers We...14. Who we share personal data with

14. Who we share personal data with

We do not sell personal data to data brokers.

We may share personal data with trusted providers and partners when needed for business, service delivery, security, analytics or legal compliance.

14.1 Service providers

We may use providers for:

website hosting;
website maintenance;
ProcessWire or CMS support;
email hosting;
contact forms;
CRM systems;
analytics;
advertising;
newsletter delivery;
cloud storage;
project management;
invoicing and accounting;
legal and professional advice;
cybersecurity;
product infrastructure;
AI infrastructure used for GuestNesty;
Booking.com API-supported workflows used by Libar.

14.2 Advertising and analytics platforms

Where active and consented, data may be shared with platforms such as Google, Meta, TikTok, LinkedIn, Yandex or similar providers.

14.3 Business and legal recipients

We may share data with:

accountants;
lawyers;
banks;
payment providers;
tax authorities;
regulators;
courts or public authorities, when legally required.

14.4 Client-authorized integrations

For Libar, we may exchange data with Booking.com or related systems only where the client has authorized the integration and the technical setup requires it.

In shortTemelj za rast operates from Montenegro. Some service providers may process data in Montenegro, the European Economic Area, the United Kingdom, the United States or other countries. When personal data moves across...15. International data transfers

15. International data transfers

Temelj za rast operates from Montenegro. Some service providers may process data in Montenegro, the European Economic Area, the United Kingdom, the United States or other countries.

When personal data moves across borders, we use appropriate safeguards where required. These may include:

data processing agreements;
Standard Contractual Clauses;
adequacy decisions, where available;
technical and organizational security measures;
access controls;
encryption or secure transmission;
provider security reviews.

No online system can remove all risk. We choose providers carefully and limit transfers to what the service requires.

In shortWe keep personal data only for as long as needed for the purpose collected, unless a longer period applies for legal, accounting, tax, security or dispute reasons. Data type Typical retention Website server logs [insert...16. How long we keep personal data

16. How long we keep personal data

We keep personal data only for as long as needed for the purpose collected, unless a longer period applies for legal, accounting, tax, security or dispute reasons.

Data type	Typical retention
Website server logs	[insert period, e.g. 3–12 months]
Contact form inquiries	24 months after last contact
Demo requests	24 months after last contact
Newsletter data	Until unsubscribe or consent withdrawal, plus records needed to prove consent
Client contracts	For the contract period and legal limitation period
Invoices and accounting records	As required by applicable accounting and tax rules
Analytics data	According to tool settings and consent configuration
Marketing audience data	Until consent withdrawal, audience removal or campaign purpose ends
GuestNesty product data	According to the client contract, DPA and product settings
Libar product data	According to the client contract, DPA and product settings
Support tickets	[insert period, e.g. contract term plus 12–24 months]
Job or collaboration inquiries	[insert period, e.g. 6–12 months unless longer consent exists]

When retention ends, we delete, anonymize or securely archive the data, depending on the situation and legal requirements.

In shortWe use reasonable technical and organizational measures to protect personal data. These measures may include: access control; password protection; role-based permissions; secure hosting; encrypted connections where...17. Security measures

17. Security measures

We use reasonable technical and organizational measures to protect personal data.

These measures may include:

access control;
password protection;
role-based permissions;
secure hosting;
encrypted connections where available;
backups;
malware protection;
provider security review;
limited staff access;
confidentiality duties;
secure account management;
logging and monitoring;
internal procedures for handling requests and incidents.

No website, email system or software product is completely risk-free. We work to reduce risk and respond quickly when issues appear.

In shortIf we discover a personal data breach, we assess the risk and take steps to contain, investigate and resolve the issue. Where required by law, contract or data processing terms, we notify the relevant client, authority...18. Data breach handling

18. Data breach handling

If we discover a personal data breach, we assess the risk and take steps to contain, investigate and resolve the issue.

Where required by law, contract or data processing terms, we notify the relevant client, authority or affected individuals.

For product data processed on behalf of clients, we notify the client according to the product agreement or data processing agreement.

In shortDepending on where you live and which laws apply, you may have the right to: access your personal data; receive a copy of your data; correct inaccurate data; ask us to delete your data; restrict how we process your data...19. Your privacy rights

19. Your privacy rights

Depending on where you live and which laws apply, you may have the right to:

access your personal data;
receive a copy of your data;
correct inaccurate data;
ask us to delete your data;
restrict how we process your data;
object to processing based on legitimate interests;
object to direct marketing;
withdraw consent at any time;
request data portability;
complain to a supervisory authority;
ask for information about international transfer safeguards;
challenge certain automated decisions, where applicable.

To exercise your rights, contact us at Email.

We may need to verify your identity before completing the request. We will respond within the period required by applicable law.

In shortWhere we rely on consent, you can withdraw it at any time. You can withdraw cookie consent through the cookie settings link. You can withdraw email marketing consent by using the unsubscribe link or contacting us...20. Right to withdraw consent

20. Right to withdraw consent

Where we rely on consent, you can withdraw it at any time.

You can withdraw cookie consent through the cookie settings link. You can withdraw email marketing consent by using the unsubscribe link or contacting us.

Withdrawing consent does not affect processing that happened before withdrawal.

In shortYou can object to direct marketing at any time. After you object or unsubscribe, we will stop sending marketing emails to that address. We may keep a suppression record to make sure we do not contact you again for...21. Right to object to direct marketing

21. Right to object to direct marketing

You can object to direct marketing at any time.

After you object or unsubscribe, we will stop sending marketing emails to that address. We may keep a suppression record to make sure we do not contact you again for marketing.

In shortWe do not use website visitor data for decisions that create legal effects or similarly significant effects based only on automated processing. Marketing tools may create audience segments, campaign reports or...22. Automated decision-making and profiling

22. Automated decision-making and profiling

We do not use website visitor data for decisions that create legal effects or similarly significant effects based only on automated processing.

Marketing tools may create audience segments, campaign reports or remarketing lists where consent allows it. These tools help us understand interest and campaign performance. They do not make final legal or contractual decisions about you.

GuestNesty may generate AI-assisted communication suggestions or replies, depending on the client setup. Human oversight and escalation rules should apply for sensitive, unusual or high-impact situations.

In shortOur website and services target business users, hospitality teams and adults. They are not aimed at children. We do not knowingly collect personal data from children through the website. Accommodation clients may process...23. Children’s data

23. Children’s data

Our website and services target business users, hospitality teams and adults. They are not aimed at children.

We do not knowingly collect personal data from children through the website.

Accommodation clients may process guest data that includes children or family booking details inside their own systems. When that data enters GuestNesty or Libar, the client remains responsible for having a lawful basis and providing the right notice to guests.

In shortOur website may contain links to third-party websites, booking platforms, social media pages, videos, maps or other embedded content. We do not control third-party websites. Their privacy policies apply when you visit...24. Third-party links and embedded content

24. Third-party links and embedded content

Our website may contain links to third-party websites, booking platforms, social media pages, videos, maps or other embedded content.

We do not control third-party websites. Their privacy policies apply when you visit them or interact with their content.

Embedded content may collect data about your interaction, especially if you are logged into that third-party service. Where required, we block non-essential embedded tracking until consent.

In shortWe may operate pages or profiles on social media platforms. When you interact with our social media pages, both Temelj za rast and the platform may process personal data. The platform may process data for analytics...25. Social media pages

25. Social media pages

We may operate pages or profiles on social media platforms.

When you interact with our social media pages, both Temelj za rast and the platform may process personal data. The platform may process data for analytics, advertising, security and its own business purposes.

Review the privacy policy of each platform you use.

In shortClients must make sure that any personal data they provide to Temelj za rast has a lawful basis. This includes: guest data; staff data; booking data; messages; customer lists; email campaign lists; analytics access...26. Data provided by clients

26. Data provided by clients

Clients must make sure that any personal data they provide to Temelj za rast has a lawful basis.

This includes:

guest data;
staff data;
booking data;
messages;
customer lists;
email campaign lists;
analytics access;
advertising audiences;
CRM exports;
property data connected to guests or employees.

Clients should not provide personal data that is unnecessary for the agreed service or product.

In shortWhen Temelj za rast processes personal data on behalf of a client, we may enter into a Data Processing Agreement. That agreement may cover: subject matter of processing; processing duration; categories of data...27. Data processing agreements

27. Data processing agreements

When Temelj za rast processes personal data on behalf of a client, we may enter into a Data Processing Agreement.

That agreement may cover:

subject matter of processing;
processing duration;
categories of data;
categories of data subjects;
client instructions;
subprocessors;
confidentiality;
security measures;
assistance with data subject requests;
breach notification;
deletion or return of data;
audit or review rights;
international transfers.

This is especially important for GuestNesty, Libar, Booking.com API-supported workflows and marketing work involving client customer data.

In shortWe may use subprocessors to deliver hosting, infrastructure, AI functionality, analytics, communication, support, storage and security. We choose subprocessors based on service need, reliability and security. Where...28. Subprocessors

28. Subprocessors

We may use subprocessors to deliver hosting, infrastructure, AI functionality, analytics, communication, support, storage and security.

We choose subprocessors based on service need, reliability and security. Where required, we use contractual safeguards.

For SaaS clients, a current subprocessor list should be provided in the product agreement, DPA or support documentation.

In shortWe do not ask website visitors to send special category data, such as health data, religious beliefs, biometric data or similar sensitive information. Do not include sensitive information in contact forms or general...29. Special category data

29. Special category data

We do not ask website visitors to send special category data, such as health data, religious beliefs, biometric data or similar sensitive information.

Do not include sensitive information in contact forms or general business messages unless we specifically request it and have a lawful reason to process it.

If sensitive information appears inside product messages or client-provided data, we process it according to the client agreement, product settings and applicable law.

In shortWhen payments, invoices or accounting records are involved, we may process: billing name; company name; address; tax number; invoice number; payment status; bank or payment reference; contract and service details. We use...30. Payment and invoice data

30. Payment and invoice data

When payments, invoices or accounting records are involved, we may process:

billing name;
company name;
address;
tax number;
invoice number;
payment status;
bank or payment reference;
contract and service details.

We use this data to manage payments, accounting, tax duties and legal records.

We do not store full payment card details unless a payment provider requires it and handles it under its own security terms.

In shortFor some services, clients may give us access to tools such as: website CMS; hosting; Google Analytics; Google Tag Manager; Google Search Console; Google Ads; Yandex tools; Meta Business Manager; email marketing tools...31. Access to client tools

31. Access to client tools

For some services, clients may give us access to tools such as:

website CMS;
hosting;
Google Analytics;
Google Tag Manager;
Google Search Console;
Google Ads;
Yandex tools;
Meta Business Manager;
email marketing tools;
CRM tools;
booking systems;
content platforms.

We use access only for the agreed work. Clients should provide the minimum access needed and remove access when the work ends.

In shortSome information we receive may not be personal data, but it can still be confidential. This includes strategy documents, reports, financial signals, occupancy plans, media plans, campaign data, product setup and...32. Confidential business information

32. Confidential business information

Some information we receive may not be personal data, but it can still be confidential. This includes strategy documents, reports, financial signals, occupancy plans, media plans, campaign data, product setup and internal workflows.

We handle confidential business information with care and use it only for the agreed purpose.

In shortWe may update this Privacy Policy when our website, services, products, tools, legal duties or business processes change. The updated version will appear on this page with a new “Last updated” date. For major...33. Changes to this policy

33. Changes to this policy

We may update this Privacy Policy when our website, services, products, tools, legal duties or business processes change.

The updated version will appear on this page with a new “Last updated” date.

For major changes, we may provide additional notice where required.

In shortFor privacy questions, data requests or cookie questions, contact: Temelj za rastTemelj za rastTrg slobode 5 85310 Budva MontenegroBudva, MontenegroEmail: EmailTo see email, turn on JavaScript.Website: temelj.me You can...34. Contact

34. Contact

For privacy questions, data requests or cookie questions, contact:

Temelj za rast
Temelj za rast
Trg slobode 5 85310 Budva Montenegro
Budva, Montenegro
Email: Email
Website: temelj.me

You can also contact the relevant data protection authority if you believe your privacy rights have not been respected.

For Montenegro, the competent authority is the Agency for Personal Data Protection and Free Access to Information.

In shortBefore publishing this policy, complete these steps: Insert the legal company name, address, registration number, tax number and privacy email. Scan the live website for cookies and fill the cookie table. Install a...35. Practical implementation checklist

35. Practical implementation checklist

Before publishing this policy, complete these steps:

Insert the legal company name, address, registration number, tax number and privacy email.
Scan the live website for cookies and fill the cookie table.
Install a cookie banner with Accept, Reject and Manage options.
Block analytics, advertising and remarketing cookies before consent.
Add a permanent Cookie Settings link in the footer.
Add privacy notice links near every form.
Confirm which tools are active: GA4, GTM, Google Ads, Meta, TikTok, Yandex, CRM, newsletter, maps, video embeds.
Confirm all providers and subprocessors.
Confirm retention periods with accounting, legal and product needs.
Prepare a Data Processing Agreement for GuestNesty, Libar and client marketing work involving guest or customer data.
Review Booking.com API terms and make sure Libar’s integration language matches the real technical setup.
Check international transfer safeguards for EU/EEA data.
Prepare an internal process for data access, deletion and consent withdrawal requests.
Create a breach response process.
Keep a record of consent for email marketing and cookies.