SavaMix

Privacy Policy

Last updated 25 June 2026

This policy explains how Sava Mix collects, uses, stores, and protects your personal data when you use our virtual office services or our website at savamix.com. We take your privacy seriously and handle your data in line with the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti, Official Gazette of the Republic of Serbia No. 87/2018) and, where it applies, the EU General Data Protection Regulation.

1. Who we are

Sava Mix provides a registered business address and mail-handling service in Vračar, Belgrade. For the personal data described in this policy we are the data controller, except for the contents of your postal mail, where we act as a data processor on your behalf (see section 5).

Contact us about privacy at privacy@savamix.com.

2. The personal data we collect

  • Account and contact details: your name, email, phone number, nationality, and residential address.
  • Identity-verification documents: a photo identity document (passport or national identity card) and proof of address, together with company and beneficial-ownership details. We are legally required to collect these (see section 4).
  • Company details: your company name, type, and registration information.
  • Mail content: the postal mail we receive, open, and scan on your behalf, which may contain personal or sensitive information.
  • Billing information: the records of your payments. Card details are handled by our payment provider, not stored by us.
  • Website data: technical information such as your IP address and browser type, and any cookies you consent to.

3. How we use your data and our legal bases

  • To provide the service (performance of our contract with you): managing your address, receiving and scanning your mail, and supporting your account.
  • To meet our legal obligations (legal obligation): verifying your identity and keeping records under the Law on the Prevention of Money Laundering and the Financing of Terrorism, and keeping accounting records under the Accounting Law.
  • To run and secure our business (legitimate interests): preventing fraud and misuse, and improving our service.
  • To send you marketing (consent): only where you have opted in, and you can withdraw at any time.

4. Identity verification and anti-money-laundering

As a provider of registered-address services we are an obligor under the Law on the Prevention of Money Laundering and the Financing of Terrorism. We are required to identify and verify every customer and their beneficial owners before we provide the service. The legal basis for collecting and keeping your identity documents is this legal obligation, not your consent, so we cannot provide the service without these checks.

We may be required to report information to the Administration for the Prevention of Money Laundering (Uprava za sprečavanje pranja novca) and to cooperate with other competent authorities. Where the law requires it, we may do so without prior notice to you, and we are in some cases legally prohibited from telling you that a report has been made.

5. Your postal mail

When we receive and scan your mail we process its contents on your behalf, as your data processor. You remain the controller of that content. We scan items and notify you, retain the scanned copies for the period set by your plan, and securely destroy physical originals on a defined schedule.

6. How long we keep your data

  • Identity-verification and due-diligence records: 10 years after our business relationship ends, as required by anti-money-laundering law.
  • Accounting and billing records: 10 years, as required by the Accounting Law.
  • Scanned mail: for the period set by your plan; physical originals are securely destroyed after the storage window.
  • Account data: for as long as you are a customer and a reasonable period afterwards.
  • Marketing data: until you withdraw your consent.

7. Who we share it with

We never sell your personal data. We share it only as needed to run the service and meet our obligations:

  • identity-verification providers who help us complete know-your-customer checks;
  • our payment provider, for billing;
  • our hosting and infrastructure providers, who store data securely on our behalf;
  • our accountants and professional advisers;
  • competent authorities, including the Administration for the Prevention of Money Laundering, where we are legally required to disclose.

8. Where your data is stored

Your data is held on secure, encrypted infrastructure. Where data is transferred outside Serbia or the European Economic Area, we rely on appropriate safeguards, such as transfers to countries with an adequate level of protection or standard contractual clauses.

9. Your rights

Under Serbian data-protection law you have the right to:

  • be informed about how we use your data;
  • access the data we hold about you;
  • have inaccurate data corrected;
  • have data erased, where we are not required to keep it;
  • restrict or object to certain processing;
  • receive your data in a portable form.

Some rights are limited where the law requires us to keep records. For example, we cannot erase identity-verification records that we are required to retain for 10 years. To exercise a right, contact privacy@savamix.com.

10. Cookies

We use only essential cookies by default. Any analytics or other non-essential cookies are used only with your consent, which you can manage or withdraw at any time. In particular, we use Google Analytics 4, a service provided by Google, to understand how visitors use the site. It is loaded only after you accept analytics cookies. When loaded, it sets cookies and may transfer data to Google, including to servers outside Serbia and the European Union, under appropriate safeguards. You can accept, decline, or withdraw your consent at any time using the "Cookie settings" link in the footer. The legal basis for this processing is your consent.

11. The supervisory authority

If you believe we have not handled your data properly, you may complain to the Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti), www.poverenik.rs. We would appreciate the chance to address your concerns first.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version here with a new date and, where the change is significant, let you know by email.