Afensia
Legal

Privacy Policy

Last update: March 2, 2026

General Information

This Privacy Policy describes how "Mimas BV" (hereinafter – the "We", "Our" and "Us") may use your personal data (sometimes referred to as "personal information" or "personally identifiable information"), and provides information about your rights in relation to personal data in a situation when You:

  • (i.) Visit Our Website at – www.afensia.com (the "Website"), and/or
  • (ii.) Contact Us using the contact details provided on Our Website, and/or
  • (iii.) Contact Us through Our official social media profiles.

We are the owner and operator of Our Website and act as either the "Data Controller" or the "Data Processor" of Users' personal data, depending on the specific circumstances.

Notice:Our Website may contain links to other websites that are not operated by Us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites and/or services located outside Our Website.

Definitions

The terms used, such as "controller", "processor", "third-party", "personal data breach", "personal data" or their "processing" refer to the definitions in Article 4 of the GDPR.

The term "User" covers all categories of persons affected by data processing. These include our business partners, customers, potential customers, employees, contractors, subcontractors, service providers, and other visitors to Our Website.

Grounds for Collection of Personal Data

Any processing of User(s) personal data is performed only in accordance with this Privacy Policy, the Regulation (EU) 2016/679 (GDPR) of 27 April 2016, the Personal Data Protection Law of Montenegro, as amended in 2023, and other regulatory acts.

Notice:We process personal data of User(s) only in compliance with the relevant data protection regulations. Legal bases: (i) consent – Art. 6 para. 1 lit. a and Art. 7 GDPR; (ii) contract performance – Art. 6 para. 1 lit. b GDPR; (iii) legal obligation – Art. 6 para. 1 lit. c GDPR; (iv) legitimate interests – Art. 6 para. 1 lit. f GDPR.

How and What Personal Information We Collect

The User(s) directly provide Us with most of the personal data we collect. We collect and process the following personal data:

  • Personal data: We DON'T collect personal data such as name, date of birth, passport number, tax number, address, personal email, phone number, or company data when the User(s) visit our Website, UNLESS the User intentionally provides it through contact forms, consent pop-ups, surveys, or newsletter sign-ups. By providing this data, the User gives full consent to its collection and processing.
  • Non-personally identifiable data (browser type, referring website, date and time of requests, and other log data) to better understand how our Website is used.
  • Other data the User may provide when completing a survey or participating in promotional/marketing offers.

Cookie Files

When the User uses Our Website, so-called "cookies" are created. These are small text files stored on the User's device, used to ensure website operation and improve functionality.

We collect information from cookies such as connection date and IP address. This data is used for administrative and statistical purposes, behavior analysis, and content personalization.

Notice:The User(s) are not obliged to accept cookies, but this may result in Our Website not functioning fully properly.

We use Persistent Cookies that store data over a long period and are activated each time the User visits Our Website. Cookies placed on your device may be "first party" (placed by Us or our service providers) or "third party" (placed by third-party advertisers, social media providers, or video content providers such as YouTube).

Children's Privacy

Our Website and Services are not directed to anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If We become aware that We have collected such data without parental consent, We take steps to delete it from Our servers.

Protection and Use of Personal Data

We use appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal data. We DON'T share personal data with third parties, except for Our affiliates, employees, contractors, or subcontractors who have agreed not to disclose or use personal data for any other purpose.

We use User(s) personal data to:

  • Respond effectively to User(s) inquiries
  • Improve the quality of service and Our Website
  • Fulfill risk management and fraud prevention obligations
  • Inform User(s) about changes and new features of Our Services
  • Share with marketing and advertising partners to improve strategies
  • Comply with applicable laws and regulations
Notice:We DON'T currently sell any personal data We collect from Users to third parties. If We do so in the future, We will update this Privacy Policy and notify all Users with an opportunity to opt-in or opt-out.

Storage of Personal Data

We securely store your data in Our internal Customer Relationship Management system (CRM), that includes Gmail (Google Mail).

The data retention period is calculated individually, generally from 6 (six) months from the first collection to the maximum period allowed by applicable law.

Notice:If the User(s) requests that We DON'T store their personal data by emailing support@afensia.com, We will take all reasonable measures to delete it. With explicit consent, we may retain a streamlined profile (email only) to keep the User informed of our offers.

Your Rights (GDPR – Articles 15–21)

The User(s) has the following rights in connection with the processing of personal data by Us:

  • Right of access – Request a copy of the personal data We hold about You.
  • Right to rectification – Request correction of incomplete or inaccurate data.
  • Right to erasure – Ask Us to delete personal data when there are no compelling reasons for its continued processing.
  • Right to object – Object to processing based on legitimate interest, or for direct marketing purposes.
  • Right to restriction – Request We pause processing of personal data.
  • Right to data portability – Request transfer of personal data to another party.
Notice:To exercise any of these rights, please contact Us at support@afensia.com.

Transfer of Personal Data to Third Countries

Personal data may be transferred to third countries when Our Services are provided in the territory of such country, or when We receive tax, legal, or audit advice from entities in third countries.

Any transfer to the United States or outside the EU/EEA is carried out on the basis of Standard Contractual Clauses (SCC) together with a Transfer Impact Assessment (TIA) in accordance with Art. 46(2)(c) GDPR, and with the consent of the User(s).

Any transfer within the EU/EEA is carried out on the basis of a Data Protection Agreement (DPA) in accordance with Art. 28 GDPR and Art. 32 GDPR.

Notice:By accepting Our Privacy Policy, You agree and authorize Us to transfer Your data as described in this section. To withdraw this authorization, contact Us at support@afensia.com.

Applicable Terms – Third-Party Service Providers

We work with the following third-party service providers, each subject to their own privacy policies:

  • Google My Business (Google LLC) – Business listing and location management. Subject to Google's Privacy Policy.
  • VirusTotal (Google LLC) – URL scanning and security checks. Data processed: URL scanned, technical metadata. Subject to VirusTotal's Privacy Policy.
  • Postmark (Wildbit, LLC) – Transactional email delivery. Data processed: email address, email content, delivery metadata. Subject to Postmark's policies.
  • Facebook Ads & Audience Network (Meta, Inc.) – Conversion tracking and ad efficiency analysis. Subject to Meta's Privacy Policy.
  • LinkedIn Marketing Solutions (LinkedIn Corporation) – Ad campaign efficiency tracking. Subject to LinkedIn's Privacy Policy.
  • X Advertising / X Conversion Tracking (X Corp.) – Ad campaign efficiency tracking. Subject to X's Privacy Policy.
  • RevenueCat, Inc. – Subscription and in-app purchase management. Data processed: transaction identifiers, subscription status, device identifiers. Subject to RevenueCat's Privacy Policy.
  • Skipcalls – Spam/scam phone number validation. Data processed: phone number checked, check results. Subject to Skipcalls' Privacy Policy.
  • Google Sign-In & Apple Sign-In – Authentication services. Data processed: account identifier, name, email, authentication tokens. Subject to Google's and Apple's Privacy Policies.
  • Amazon Web Services, Inc. (AWS) – Cloud hosting and infrastructure. Data processed: account information, authentication data, IP addresses, system logs, and any personal data stored in our systems. Subject to AWS's Privacy Policy.

Reporting a Vulnerability

If you have discovered an issue that you believe is an in-scope vulnerability, please email support@afensia.com. Include the following:

  • A detailed description of the vulnerability
  • Full URLs associated with the vulnerability
  • A Proof of Concept (POC) or step-by-step instructions
  • Entry fields, filters, or other input objects involved
  • Your assessment of risk or exportability
  • Instructions for how to reach you with follow-up questions

Updates to This Privacy Policy

We have the right to periodically update this Privacy Policy. We will notify User(s) of significant changes by posting news on the Website before changes become effective and updating the "Last update" date at the top of this policy and/or via email newsletter.

Changes become effective 30 (thirty) calendar days from the date of publication of the updated version. By continuing to interact with Our Website, you confirm your acceptance of the changes.

This Privacy Policy is written in English. We are not responsible for the accuracy or quality of any translation.

Contact Us

If you have any questions about Our Privacy Policy, the data We hold about you, or you would like to exercise one of your data protection rights, please contact Us: