INTRODUCTION
We recommend that you carefully read this Privacy Policy, hereinafter: The Policy, which may be changed from time to time, or supplemented to reflect changes in our practices regarding the processing of personal data, or changes in applicable laws and regulations. Any future changes to the Policy will be posted immediately on our website.
Certain products/solutions of our vendors have their own special privacy policies that are not under our control. Company, Tridesetri, will, at every request, provide all the necessary information, and wherever possible, on their website visibly place a link to the official website of the vendor.
Any use of our website is subject to our General Terms of Use of the site and the Cookie Policy on the website of TRIDESETRI d.o.o. Belgrade
1. PURPOSE
The policy, acting as a data controller, is issued by the company Tridesetri, located in Belgrade, hereinafter: Tridesetri, as an expression of its commitment to protecting privacy and personal data through compliance with the laws and regulations governing it in all countries where we operate, as well as when using our website by all interested parties, hereinafter referred to as: User, or plural Users.
2. PURPOSE, SCOPE, AND IMPLEMENTATION
The policy is intended for all persons whose personal data we collect and process, outside of our organization with whom we communicate, including visitors to our website and all other users of our services.
This Policy sets out the basic principles on which Tridesetri collects, uses, and processes personal data of business partners: customers, suppliers, subcontractors, and all other individuals. Minors under the age of eighteen are not eligible to use our website and therefore we ask that minors do not provide us with any personal information or use any of the services provided through or through our website.
This Policy prescribes the obligations and responsibility of all its business organizational units and directly or indirectly controlled related legal entities and employees therein, during and in connection with the processing of personal data. The transfer of privacy liability to subcontractors will be governed by a contract for each individual project.
Responsible for the consistent implementation of this Policy is the director of the company Tridesetri.
3. REFERENCE DOCUMENTS
• Law on Personal Data Protection of the Republic of Serbia
• EU Regulation on the protection of personal data - GDPR
• General terms of use of the site
• Cookie Policy
• Rules on organization and systematization of workplaces
4. BASIC CONCEPTS, DEFINITIONS AND ABBREVIATIONS
Controller - the natural or legal person, public authority, agency, or other body that alone or together with other bodies determines the purposes and means of the processing of personal data, the entity that decides how and why the personal data are processed. It has the main responsibility for compliance with applicable data protection laws.
Supervisory authority - an independent public authority that has the legal task of overseeing compliance with applicable data protection laws.
Personal data - Personal data are all data relating to a natural person whose identity has been determined or can be determined based on them.
Processing means anything that is done with any personal data, whether automated or not, such as: collection, recording, organization, structuring, storage, adaptation or modification, downloading, consultation, use, disclosure by transmission, dissemination or making available in any way, by alignment or combination, restriction, erasure, or destruction.
Processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Anonymization: Irreversibly de-identifying personal information so that the person cannot be identified using reasonable time, cost, and technology either by the controller or any other person. The principles of personal data processing do not apply to anonymous data because they are no longer personal data.
Pseudonymization: The processing of personal data in such a way that the personal data can no longer be attributed to a particular data subject without the use of additional information, provided that such additional data are kept separately and are subject to technical and organizational measures to ensure that they are not attributed to any natural person. Pseudonymization reduces, but does not completely remove, the possibility of linking personal data with the data subject. Since pseudonymized data are still personal data, the processing of pseudonymized data should comply with the principles of personal data processing.
THE LAW ON PERSONAL DATA PROTECTION OF THE REPUBLIC OF SERBIA.
5. WHAT PERSONAL DATA WE COLLECT AND PROCESS
✓ Name and surname
✓ Employer name
✓ Employer's address
✓ Position/function at the employer
✓ Professional qualification
✓ Contact information: mobile and landline phones, email address
✓ Social media accounts data
✓ Membership in professional associations, associations, etc.
Information about the interaction of users with our website:
Device details: device type, operating system, browser type, browser settings, IP address, language settings, dates, and times of connection to our website and other technical communication information.
Usage data: records of the use of our website and other services, including registrations, details of the content with which you interact, votes in surveys, questions, downloads, ratings, feedback, search queries, anonymous views, page views.
Data for analysis: keywords, community, trends, quality, and significance of content.
Views, opinions, and interests: any comments, ratings, views or opinions that you choose to send to us, publish through our website, through surveys or publicly disclose through social media platforms; interests and solutions relevant to the wider community and corporate social responsibility.
6. IN WHAT WAYS WE COLLECT PERSONAL DATA
We collect personal data of Users when they submit them to us themselves, by e-mail, phone, by filling out a questionnaire about attending one of our events, on our website or in any other way.
We collect, use and process personal data that the User apparently decides to publish himself, including through our website.
We may receive personal data from third parties, e.g., through social media platforms where we are present with our official websites.
We collect personal data through log files in accordance with our Cookie Policy. By visiting our website, using any function, or an online resource, the User's device and Internet browser will automatically disclose certain data, some of which may constitute personal data.
7. LEGAL BASIS FOR THE COLLECTION OF PERSONAL DATA
We may rely on one or more of the following legal bases, depending on the circumstances:
• Explicit, informed, unambiguous, clearly communicated consent to the collection and processing. Consent, i.e., consent is voluntary and can be withdrawn at any time, which entails the deletion or anonymization of the collected data, provided that the withdrawal of consent does not affect the processing of personal data that was carried out before the revocation. Our products and solutions do not collect personal data, IP addresses and do not use cookies without the prior consent of the user.
• The processing is necessary in connection with the performance of our obligations under any contract that the User may enter with us.
• The board is required by the law.
• Processing is necessary to protect the vital interests of any individual.
• The legitimate interest to carry out processing for the purpose of managing, operating, or promoting our business, provided that our legitimate interest does not override the interests, fundamental rights and freedoms of the User.
We do not collect or otherwise process sensitive personal data of users, except in cases of:
• Processing is required or permitted by applicable law to detect or prevent crime (including fraud prevention).
• Processing is necessary for the establishment, exercise, or defense of legal rights.
8. WHAT ARE THE PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA
Tridesetri collects data only for the purpose of cooperation in a particular business or marketing event and communicating and interacting with Users through our website and social media accounts.
We collect personal data for the following purposes:
• Processing of User orders.
• Submitting a submission to receive the Newsletter.
• Sending marketing communications.
• Proposing content that the User may be interested in based on his/her past activities.
• Marketing communications with Users in any way (email, telephone, text messages, via social media, mail or in person), news and other information, provided that such communications are provided in compliance with applicable law.
• Recommending user content to others.
• Creating a task.
• Enabling the use of certain functions of our solutions.
• Adapting products and services to the needs of the User.
• Providing customer support.
• Managing job applications at TRIDESETRI.
• Fulfillment of our contractual obligations during which we work on our own behalf and on behalf of our clients to provide services to natural persons
• Managing cooperation with our vendors
• Improving our website and our services: identifying problems with the existing Internet site and our services; planning to improve the existing website and our services; Creating a new website and our services.
• Surveys and Quizzes: Collaborate with Users to get views about our website or our services
9. SECURITY OF PERSONAL DATA
In accordance with applicable law, we have taken strict physical, electronic, and administrative measures in the field of security against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of processing.
The data is available only to employees and related persons, or partners who need this information to perform the job or fulfill the contract.
We store and store personal data in our internal electronic records (databases) in relation to which we apply all necessary organizational, technical and personnel protection measures in accordance with the requirements of the applicable ZZPL, including:
• control of physical access to the system where Personal Data is stored.
• control of access to data.
• control of data transmission.
• control of data entry.
• control of the availability of data.
• other information security measures that are necessary for the protection of personal data.
a. Data Accuracy
We take every reasonable step to ensure that the Personal Data of the User we process is accurate and, if necessary, up to date. Any of the personal data processed by us that are inaccurate (given the purposes for which they are processed) are deleted or corrected without delay. From time to time, we may ask the User to verify the accuracy of their personal data.
b. Minimize data
We take every reasonable step to ensure that the personal data of the Users we process is limited to personal data that are reasonably necessary in connection with the purposes set out in this policy and the purposes set out above.
c. IT manager is responsible for:
Ensures that all systems, services, and equipment used to store data meet acceptable security standards.
Performs regular checks and scans to ensure that security hardware and software are functioning properly.
10. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
The private information we collect is not and will not be the subject of sales. Private data is distributed to third parties only for the purpose and in the context of the performance of the work.
With the user's prior explicit consent, we may provide his/her personal information to our customers, or vendors, for the purpose of enabling them to contact the User with information that may be of interest to him provided that such communication does not otherwise violate applicable laws.
Individual processors who can access personal data that Users leave through our website are based in foreign countries, such as IT service providers; plug-in suppliers for social networks; etc., located anywhere in the world. The transfer of data outside the country is carried out based on the default level of appropriate protection of personal data in those countries, in accordance with our ZZPL and GDPR.
In accordance with the applicable regulations in the field of personal data protection, Tridesetri has the right, in the event of a request from a state authority, institution, agency or competent regulatory body, to make data on the User available to those authorities, institutions and regulatory bodies to the extent necessary for the establishment, exercise or defense of legal rights, for the purpose of investigation, prevention and detection of criminal offenses and criminal prosecution.
11. LEGAL RIGHTS OF USERS IN RELATION TO THE PERSONAL DATA WE COLLECT AND PROCESS
• The right to request access to personal data and information concerning the processing or copy of his personal data.
• The right to object, on legitimate grounds, to the processing of your personal data.
• The right to request the rectification of any inaccuracies or amendments in his personal data.
• Right to request the erasure of his personal data.
• The right to request the restriction of the processing of his personal data.
• The right to data portability, to transfer the User's personal data to another Controller, to the extent possible.
• Where we process personal data based on consent, the right to withdraw this consent.
• The right not to be subject to a decision made solely based on automated processing, including profiling.
• The right to be informed of a personal data breach, if such a breach of personal data may result in a high risk to the rights and freedoms of natural persons.
• The right, in connection with the processing of personal data, to lodge a complaint with the enforcement regulatory body of the ZZPL. The complaint is filed by filing a complaint with the regulatory body:
Commissioner for Access to Information of Public Importance and Personal Data Protection Bulevar kralja Aleksandra no. 15, 11120 Belgrade, phone: +38111 3408 900, e-mail: office@poverenik.rs
• Right to judicial protection if he/she considers that his/her rights under the ZZPL have been violated.
• Other rights guaranteed by the current ZZPL.
The data subject may exercise his rights by completing the Request for the Exercise of Rights, which is available in the business premises of the Controller, as well as on the Website of the Controller.
The user can contact us at any time if he no longer wishes to receive any information from the Tridesetri by sending UNSUBSCRIBE by e-mail to the address: info@tridesetri.com and will be immediately removed from our mailing list.
In relation to the exercise of his/her rights, the controller shall provide the person whose data have collected all necessary additional information, as well as assistance, in accordance with the conditions and in the manner prescribed by the applicable ZZPL.
12. USE OF COOKIES
We use cookies on our website to identify users. Cookies are small files that are temporarily stored on the user's hard drive. Some cookies store information about the User that is personal. However, such information is stored only if the User has published it himself or entered it on the website and this is solely for the purpose of obtaining the necessary information for easier functioning and use of the website.
If the User wants to view our website without cookies, he can do so. Most website viewers automatically accept cookies, in which case it is necessary to turn off this option in them. Details about this can be viewed in the web reader's manual. If the use of cookies is excluded, there is a possibility that some content from our websites may not be open.
13. IN WHAT PERIOD IS PERSONAL DATA STORED
We will keep copies of personal data in a form that permits identification until the moment of revocation of informed consent, or only for as long as necessary in connection with the purposes and purposes set out in this Policy, unless applicable law requires a longer period.
We may retain the User's personal data for any period necessary to establish, exercise or defend any legal rights.
14. HOW ADDITIONAL PROCESSING NOTIFICATIONS CAN BE OBTAINED
The data subject, in connection with all matters relating to the processing of Personal Data, including the manner of exercising the rights and insight into the documents regulating the manner of data processing more closely, can contact our Contact Authority regarding personal data protection by phone: +381 11 438 70 70 , e-mail address: dpo@tridesetri.com and/or a letter to the address: TRIDESETRI DOO Narodnih heroja 43, 11070 Belgrade (New Belgrade) Serbia.
The person in charge of contact regarding the protection of personal data will respond to each inquiry as soon as possible, depending on the inquiry itself, but not later than 30 days from the date of regular receipt of the inquiry. This period may, where necessary, be extended by an additional two months, considering the complexity and number of requests.