Privacy Policy — Klub čitalaca (Readers' Club)

Effective date: 18 July 2026

This privacy policy explains how Društvo sa ograničenom odgovornošću Nova knjiga (Nova knjiga LLC), with its registered office at Ludvika Kube, Gorica C — zgrada Razvršja bb, Podgorica, Montenegro, tax ID (PIB) 02290006 ("we" or "Nova knjiga"), collects, uses, shares, and protects the data of users of the Klub čitalaca mobile application (the "app").

Who we are and how to contact us

Who this policy applies to

This policy applies to users of the Klub čitalaca app. The app does not allow creating a new membership or account. It only allows users whose membership already exists in the PANTHEON business system to sign in via a one-time email link, access their existing membership data, view member benefits and purchase history, and, if they choose, receive notifications.

What data we collect

Data you provide

Membership and service usage data

PANTHEON may hold a wider set of member data, including username, email, national ID number (JMBG), date of birth, registration date, last sign-in, profile photo, name, card number, and loyalty category. The app uses only the name, card number, loyalty category, email, and date of birth from that set. The app does not retrieve or use the JMBG, registration date, last sign-in, or profile photo from PANTHEON.

Device, analytics, and diagnostics data

Depending on app settings and your choices, the app and its embedded services may process:

We link Sentry diagnostics only to a pseudonymous user identifier, without sending the email address. Microsoft Clarity is not used in the app.

We do not access your contacts, photos, videos, microphone, or precise device location, unless app functionality changes in the future and we notify you in advance.

How we use data

PurposeData used
Sign-in and access to an existing membership accountEmail, account identifiers, first and last name
Displaying membership, purchases, points, discounts, and benefitsMembership, membership card, and purchase data
Service messages, including the sign-in linkEmail, account data, and technical delivery data
Push notifications, including the birthday benefit — only with your permissionPush token, user identifier, date of birth, and notification history
Usage analytics and app improvement (Firebase Analytics)Pseudonymous identifiers and device, app, session, and interaction data
Detecting and fixing errors and monitoring performance (Sentry)Pseudonymous identifier, diagnostics, and performance data
Support and responding to user requestsContact data, request content, and technical data related to the report
Meeting legal obligationsData we must retain or disclose under law

An email address is required to sign in. The date of birth and push notifications are voluntary — all core account features work without them; you simply will not receive the related benefit or notifications.

Who we share data with

We do not sell data or share it with third parties for advertising. We provide data to the following service providers only to the extent needed to run the app:

We require service providers to use data only to provide the contracted service and to apply appropriate safeguards. Some providers use infrastructure outside Montenegro and the European Economic Area; such transfers rely on safeguards provided for by data protection regulations.

Data security

Communication between the app and our servers uses HTTPS/TLS encryption, and access to data is limited on a need-to-know basis. Sign-in uses time-limited one-time links instead of passwords. No security measure can remove risk entirely, but we review our measures regularly in line with the nature of the processing.

How long we keep data

We keep data only as long as needed for the purposes it was collected for, unless the law requires a longer period:

After the applicable period expires, we delete the data or irreversibly anonymize it.

Account and data deletion

It is not possible to create a new membership or delete an existing membership in the app. Membership and related data are managed in the PANTHEON business information system, while the app provides access to an existing membership.

You can request deletion of your data or termination of your membership at nknjiga@gmail.com. Nova knjiga will process the request and, where needed, coordinate its execution with the PANTHEON provider. After receiving a request, we may ask for reasonable identity verification to prevent unauthorized deletion. Under normal circumstances we complete the request within 15 days.

When a membership is fully deleted or anonymized, data that exists only in the application system is also deleted. Historical business records that must be retained by law are kept in a form that can no longer be linked to the user.

Deleting the app from your device does not by itself delete your account.

Your controls and rights

Children

The app is intended exclusively for adult users, i.e. persons at least 18 years old. We do not knowingly collect data of persons under 18. Membership is opened in person at a Nova knjiga store with an identity document check. If we learn that a person under 18 is using the app, we will take reasonable steps to disable access and delete data collected contrary to these rules.

Changes to this policy

We may update this policy from time to time to reflect changes to the app, service providers, or regulations. The effective date of the latest version is shown at the top of the document. We will notify you of significant changes through the app or by email.

The current version of this policy is available at legal.kc.novaknjiga.com, and in English at legal.kc.novaknjiga.com/en.