Privacy Policy

1. Who We Are

Secure Diplo Invite is a proprietary digital invitation and access control platform owned and developed by ZOE MILANO d.o.o.

Zoe Milano d.o.o. operates internationally and develops proprietary digital platforms and software solutions.

2. Scope of This Privacy Policy

This Privacy Policy applies to the Secure Diplo Invite website, applications, and related services (collectively, the "Service").

It explains how personal data is collected, used, stored, and protected when users:

• request information or a demo,
• use Secure Diplo Invite as organizers, invitees, or security staff,
• interact with the Service through web or mobile interfaces.

3. Personal Data We Collect

We collect only personal data necessary to provide and operate the Service.

This may include:

• name and surname,
• email address,
• organization name (if provided),
• invitation status (accepted, rejected, pending, revoked),
• access and scan logs (date, time, status of QR code scans),
• technical metadata required for system security, integrity, and audit purposes.

We do not intentionally collect sensitive personal data as defined under GDPR.

4. How We Use Personal Data

Personal data is processed solely for the following purposes:

• creation and management of event invitations,
• delivery of invitations and recording confirmations,
• access verification at event entry points,
• generation and maintenance of audit and security logs,
• responding to inquiries and providing support,
• ensuring system security, integrity, and reliability,
• compliance with legal and regulatory obligations.

We do not sell, rent, or trade personal data.

5. Legal Basis for Processing

Personal data is processed in accordance with Article 6 of the GDPR based on:

• performance of a contract or provision of the Service,
• legitimate interests related to security, access control, and auditability,
• user consent where applicable,
• compliance with legal obligations.

6. Data Storage and Security

Zoe Milano d.o.o. applies appropriate technical and organizational measures to protect personal data, including:

• secure servers and controlled environments,
• access control and role-based permissions,
• encrypted communication (HTTPS/TLS),
• monitoring and audit mechanisms.

Personal data is retained only for as long as necessary to fulfill its intended purpose or to meet applicable legal requirements.

7. Offline Operation and Audit Logs

Secure Diplo Invite supports offline entry verification. Access and scan logs generated during offline operation are stored locally and synchronized with the server once connectivity is restored.

Such logs are used exclusively for access control, auditability, and security review purposes.

8. Data Sharing

Personal data may be shared only with:

• trusted service providers supporting hosting, infrastructure, or email delivery,
• competent authorities when required by law.

All service providers are contractually required to comply with GDPR or equivalent data protection standards.

9. International Data Transfers

As an international service provider, Zoe Milano d.o.o. may process personal data outside the Republic of Serbia and the European Union.

In all cases, appropriate safeguards are implemented in accordance with GDPR requirements.

10. Data Subject Rights

Data subjects have the right to:

• access their personal data,
• request rectification of inaccurate data,
• request erasure of personal data,
• withdraw consent where applicable,
• object to processing,
• request data portability.

Requests may be submitted to: privacy@zoemilano.com

11. Changes to This Privacy Policy

This Privacy Policy may be updated periodically. Any changes will be published on this page with an updated revision date.