Please read this Privacy policy carefully. It explains the types of information we may collect about you, the purposes for and methods by which we collect it, and (where applicable) the lawful basis on which we do so, as well as information about data retention, your rights and how to contact us. The current Privacy Policy for personal data (hereinafter referred to as the „Privacy Policy”) applies to all information that the website www.portaraimontenegro.com (hereinafter referred to as “Porta Rai website”), located at the domain name www.portaraimontenegro.com (as well as its subdomains), may collect about you as the user during the use of the Porta Rai website (as well as its subdomains), its software, its services and its products (including but not limited to telegram bots).

This Privacy Policy covers both our online and offline data processing activities as set out below:

1.1 In this Privacy Policy, the following terms are used:

1.1.1. "Website Administration" (hereinafter referred to as the Administration) – authorized personnel responsible for managing the Porta Rai website, who organize and/or carry out the processing of Personal Data and determine the purposes of processing Personal Data, the composition of Personal Data Subject to processing, actions (operations) performed with Personal Data, including the person legally appointed as responsible for lawful processing of Personal Data on behalf of our Company (hereinafter „Data Protection Officer“).

1.1.2. "Personal Data" - any information related directly or indirectly to an identified or identifiable individual (Personal Data Subject).

1.1.3. "Personal Data Processing" - any action (operation) or a set of actions (operations) performed with Personal Data, using automation tools or without the use of such tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.

1.1 In this 1.1.4. "Confidentiality of Personal Data" - a requirement that the operator or any other person who has access to Personal Data must comply with, which prohibits the dissemination of Personal Data without the consent of the Personal Data Subject or the presence of another legal basis.Policy, the following terms are used:

1.1.5. "Porta Rai website" - a collection of interconnected web pages located on the internet at a unique address (URL): www.portaraimontenegro.com, as well as its subdomains, its softwares, its services and its products.

1.1.6. "User of the Porta Rai website (as well as its subdomains), its softwares, its services and its products" (hereinafter referred to as the „User”) – an individual who has access to the Porta Rai website via the internet and uses the information, materials, and products of the Porta Rai website.

1.1.7. "Cookies" – small pieces of data sent by a web server and stored on a User's computer, which the web client or web browser sends back to the web server in an HTTP request each time an attempt is made to open a page of the corresponding website.

1.1.8. "IP Address" – a unique network address of a node in a computer network through which the User accesses Porta Rai website.

2.1. The use of the Porta Rai website by the User signifies their agreement with this Privacy Policy and the terms of processing the User's Personal Data.

2.2. In case of disagreement with the terms of the Privacy Policy, the User must discontinue the use of the Porta Rai website.

2.3. This Privacy Policy applies to Porta Rai website. Porta Rai website does not control and is not responsible for third-party websites that the User may access through links available on the Porta Rai website.

2.4. The Administration does not verify the accuracy of the Personal Data provided by the User.

3.1. This Privacy Policy establishes the Administration's obligations regarding the non-disclosure and ensuring the confidentiality of Personal Data that the User provides at the request of the Administration when registering on Porta Rai website or subscribing to informational email newsletters.

3.2. The Personal Data permitted for processing under this Privacy Policy is provided by the User by filling out forms on the Porta Rai website or otherwise accessing Porta Rai website and includes the following information:

3.2.1. The User's last name, first name, and patronymic (if applicable).

3.2.2. The User's contact phone number.

3.2.3. The User's email address.

3.2.4. The User's place of residence (if necessary).

3.2.5. Geolocation information.

3.2.6. Device information, such as when you accessed our services and information about the device used (for example, IP address, software or internet browser used, preferred languages).

3.2.7. Online activity, including pages you have visited and content reviewed.

3.2.8. Other information about you that you have voluntarily disclosed.

3.3. Disabling cookies may result in the inability to access certain parts of the Porta Rai website that require authentication.

3.4. Any other Personal Data not mentioned above (browsing history, used browsers, operating systems, etc.) is subject to secure storage and non-disclosure, except as provided in clause 5.2. of this Privacy Policy.

5.1. The processing of the User's Personal Data is carried out without a time limit, by any lawful method, including in Personal Data information systems using automation tools or without using such tools.

5.2. The User's Personal Data may be transferred to authorized state authorities of Montenegro only on the grounds and in the manner established by the legislation of Montenegro.

5.3. In the event of loss or disclosure of Personal Data, the Administration has the right not to inform the User about the loss or disclosure of Personal Data.

5.4. The Administration takes necessary organizational and technical measures to protect the User's Personal Data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, and other unlawful actions by third parties. The Administration and the Company won’t be liable for any damages and/or loss which might occur to User/s and or third parties in case of User’s Personal Data unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, and other unlawful actions by third parties if such unlawful actions are not direct consequence of Company’s/Administration’s gross negligence or willful misconduct.

5.5. The Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's Personal Data.

5.6 Our affiliates, partners and contractors have access to Personal Data only to the extent necessary to help carry out the services they are performing for us, such as, but not limited to, fulfilment, creation, maintenance, hosting, and delivery of our services, conducting marketing, providing IT services and security, handling payments, email and order fulfillment, administering promotions, conducting research, measurement and analytics, deriving insights, or customer service/technical support.

5.7 Some of our services may contain links to other sites, for the purposes of customer interaction and marketing. The information practices of such other sites can be different from ours so you should consult their privacy policy and terms before submitting your Personal Data, as we have no control over Personal Data that is submitted to or collected by these third parties.

5.8 If you post or share Personal Data while interacting through interactive areas available on Porta Rai website, depending on the nature and publicity of the interaction this Personal Data can become public, after which, we cannot prevent further use or sharing of this Personal Data

5.9. Data retention. In broad terms, we will only retain your Personal Data for as long as is necessary for the purposes described in this Privacy Policy. This means that the retention periods will vary according to the type of Personal Data and the reason that we have collected the Personal Data in the first place. For example, some Personal Data related to the provision of our services to you will be kept for a number of years in order to comply with various finance and tax related legal obligations. After a retention period has lapsed, the Personal Data is securely deleted unless it is necessary for the establishment, exercise, or defense of legal claims. For further information regarding applicable retention periods, you should contact us using the contact methods set out in clause 6.3 below.

6.1. The User has the right to:

6.1.1. Make a free decision on providing their Personal Data necessary for using the Porta Rai website, and give consent to their processing.

6.1.2. Update or supplement the provided Personal Data information in case of changes in this Personal Data.

6.2. Under certain conditions, the User has the following rights:

6.2.1. You can request details of the Personal Data we hold, along with a copy of your Personal Data, unless this right is restricted in accordance with applicable law.

6.2.2. Right to erasure (“right to be forgotten”): The right, in certain circumstances, to ask for your Personal Data to be deleted. In specific cases, we may not be able to delete some types of Personal Data, in particular, where we have a legal obligation to keep that Personal Data (e.g. for regulatory reporting purposes) or, for example, where you want us to continue to provide you with services and the processing of the Personal Data is necessary for the provision of those services.

6.2.3. Right to object: The right to object (on grounds relating to your particular situation) to the processing of your Personal Data on the basis of your legitimate interests.

6.2.4. Right to withdraw consent: You can withdraw your consent at any time in respect of any processing of Personal Data which is based upon a consent.

6.3. We will assess any request to exercise these rights on a case by case basis. There may be circumstances in which we are not legally required to comply with a request because of relevant exemptions provided for in applicable data protection legislation. In some instances, this may mean that we are able to retain your Personal Data even if you withdraw your consent. To exercise these rights, or to contact our Data Protection Officer, please direct your request to:

Capital Estate DOO Budva, Montenegro

Dragan Lučić, CEO

dragan.lucic@capitalestate.me

6.4. The Administration is obliged to:

6.4.1. Use the received Personal Data exclusively for the purposes specified in clause 4 of this Privacy Policy.

6.4.2. Take precautions to protect the confidentiality of the User's Personal Data according to the procedure normally used for protecting such data in existing business transactions.

6.4.3. Block and/or erase (as appropriate) Personal Data related to the respective User from the moment of the User's or their legal representative's request, or the request of an authorized body for the protection of Personal Data subjects' rights, for the period of verification, in case of detection of unreliable personal data or unlawful actions.

7.1. General Data Protection Regulation Privacy Statement (“GDPR Statement”) applies to persons in the European Economic Area (“EEA”), including those based in the United Kingdom. GDPR Statement supplements our Privacy policy; however, where our Privacy policy conflicts with the GDPR Statement, the GDPR Statement will prevail as to persons located in the EEA.

7.2 Personal Data Rights Under GDPR. By using our services, and/or otherwise visiting and/or using Porta Rai website, it shall be deemed that you’ve provided us with rights to collect, process, store and otherwise use your Personal Data in accordance with this Privacy Policy. If you want to restrict and/or withdraw this consent, please read the following clauses and subclauses within this chapter 8.

7.2.1 The right to request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you.

7.2.2 The right to request correction of your Personal Data if it is inaccurate. You may also supplement any incomplete Personal Data we have, taking into account the purposes of the processing.

7.2.3. The right to request deletion of your Personal Data if:

- your Personal Data is no longer necessary for the purposes for which we collected or processed them; or

- you withdraw your consent if the processing of your Personal Data is based on consent and no other legal ground exists; or

- you object to the processing of your Personal Data and we do not have an overriding legitimate ground for processing; or

- your Personal Data is unlawfully processed; or

- your Personal Data must be deleted for compliance with a legal obligation.

7.2.4 The right to object to the processing of your Personal Data. We will comply with your request, unless we have a compelling overriding legitimate interest for processing or we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

7.2.5. The right to restrict the processing of Personal Data, if:

- the accuracy of your Personal Data is contested by you, for the period in which we have to verify the accuracy of the Personal Data; or

- the processing is unlawful, and you oppose the deletion of your Personal Data and request restriction; or

- we no longer need your Personal Data for the purposes of processing, but your Personal Data is required by you for legal claims; or

7.2.6. The right to data portability. You may request that we send the Personal Data to a third party, where feasible. You only have this right if it relates to Personal Data you have provided to us where the processing is based on consent or necessity for the performance of a contract between you and us, and the processing is conducted by automated means.

7.2.7. You also have the right to lodge a complaint before your national data protection authority.

7.3. You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights described in this Statement). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

7.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). To the extent you use a third party to submit a data request on your behalf, we may need to take reasonable steps to verify the authenticity of the request. These are security measures to ensure that Personal Data is not disclosed to any person who has no right to receive it. In an effort to speed up our response, we may also contact you to ask you for further information in relation to your request. To exercise your rights you can file a request to contact addresses as defined in clause 6.3 above

7.5. International Transfers

7.5.1.Your Personal Data may be stored or transferred to countries outside the EEA and the UK for the purposes described in this Statement. When we store or transfer your Personal Data outside the EEA and the UK, we take the following precautions to ensure that your personal information is properly protected:

- Whenever we store or transfer your Personal Data outside the EEA and the UK, we will do so in accordance with applicable law, and we will ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. Transfers of Personal Data are made:

• to a country recognised by the European Commission as providing an adequate level of protection; or

• to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission or by implementing other appropriate cross-border transfer solutions to provide adequate protection

7.5.2 By using our services, you understand that your Personal Data may be transferred to our facilities and those third parties with whom we share it, as described in this Privacy Policy.

8.1. Before going to court with a lawsuit regarding disputes arising from relations between the User and the Administration and/or the Company, it is mandatory to present a claim (a written proposal or proposal in electronic form about voluntary dispute resolution) to the other party – recipient of the claim.

8.2. The recipient of the claim must notify the claimant in writing or electronically about the results of the claim review within 30 calendar days from the day of receiving the claim

8.3. If an agreement is not reached, the dispute will be referred to the Basic Court of Kotor, Montenegro (Osnovni sud Kotor, Montenegro).

8.4. The current legislation of Montenegro applies to this Privacy Policy and the relations between the User and the Administration.

9.1. The Administration has the right to make changes to this Privacy Policy without the User's consent.

9.2. A new Privacy Policy comes into force from the moment it is published on the Porta Rai website, unless otherwise provided by the new edition of the Privacy Policy.

9.3. All suggestions or questions regarding this Privacy Policy should be addressed to:

Capital Estate DOO Budva, Montenegro

Dragan Lučić, CEO

dragan.lucic@capitalestate.me

9.4. The current Privacy Policy is posted on the page at Porta Rai.

9.5. In case of discrepancies between the different languages versions of this Privacy Policy, the English version will prevail.

Updated: July 1st, 2024

Budva, Montenegro.