Owner: Iris Mega d.o.o.
Address: Gospodara Vučića 176, Belgrade, Serbia

Introduction
At SPAWN, a brand owned by Iris Mega d.o.o., we are dedicated to ensuring the protection and privacy of personal data. This policy outlines our commitment to handling personal data responsibly in compliance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).

1. Scope of the Policy
This Data Protection Policy applies to all personal data collected, processed, and stored by Iris Mega d.o.o. as part of its operations, including interactions with customers, business partners, and employees. While SPAWN does not operate as a web shop, we may collect personal data through other interactions, such as events, partnerships, marketing activities, and customer support.

2. Data We Collect
We may collect and process the following types of personal data:
– Contact information (e.g., name, email, phone number, address)
– Company or organizational details (for business partners or clients)
– Communication preferences
– Feedback and inquiries made through our customer support channels
– Information from public events, exhibitions, and promotional activities

3. Purpose of Data Processing
We collect personal data for the following purposes:
– To maintain communication with clients, customers, and business partners
– To provide product information, promotions, and updates
– To manage business relationships and partnerships
– To respond to inquiries, requests, or feedback
– To organize and manage events and exhibitions
– To comply with legal obligations

4. Legal Basis for Processing
We process personal data based on one or more of the following legal bases:
– Consent of the data subject
– Legitimate interest in conducting business operations
– Compliance with legal obligations
– Performance of contracts or agreements

5. Data Storage and Security
Iris Mega d.o.o. ensures that personal data is stored securely and only for as long as necessary to fulfill the purposes outlined above. We use appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

6. Data Sharing
We do not share personal data with third parties unless it is necessary to fulfill contractual obligations, comply with legal requirements, or with the explicit consent of the data subject. Any data shared with third parties, such as service providers, is subject to strict confidentiality agreements.

7. Data Subject Rights
Under the GDPR, individuals have the following rights regarding their personal data:
– Right to access: You can request a copy of your personal data that we hold.
– Right to rectification: You can request corrections to any inaccurate or incomplete data.
– Right to erasure: You can request the deletion of your personal data, subject to legal and contractual obligations.
– Right to restrict processing: You can request limitations on how we process your data.
– Right to data portability: You can request a transfer of your personal data to another organization.
– Right to object: You can object to certain types of data processing.

8. Data Breach Management
In the event of a data breach, we will take immediate steps to mitigate the impact and notify affected individuals and relevant authorities as required by law.

9. Contact Information
For any questions or requests regarding this Data Protection Policy, or if you wish to exercise your data subject rights, please contact us:

Iris Mega d.o.o.
Gospodara Vučića 176, Belgrade, Serbia
Email: office@irismega.rs
Phone: +381 11 71 58 000

10. Policy Updates
This policy may be updated periodically to reflect changes in legal requirements or our data processing practices. Any significant changes will be communicated through appropriate channels.

By maintaining strong data protection practices, SPAWN and Iris Mega d.o.o. ensure the privacy and security of all personal data entrusted to us.