PRIVACY POLICY – NOTICE ON THE PROCESSING OF PERSONAL DATA
– NOTICE ON THE PROCESSING OF PERSONAL DATA OF CUSTOMERS, WEBSITE VISITORS AND BUSINESS PREMISES OF THE COMPANY –
Dear visitors of the website, the Company’s business premises and our clients,
Company RESITY TECHNOLOGIES doo Belgrade-New Belgrade ,Vladimira Popovića 8A street, 11070 Belgrade-New Belgrade, ID number: 21571148, Tax ID number: 111922324 (hereinafter: “Company” ) hereby informs website visitors, business premises visitors and clients/potential clients of the Company or another person (hereinafter in the text collectively designated as: “Client” ) whose personal data the Company collects (hereinafter: “Personal Data” ), about all essential aspects of the collection and processing of his/her Personal Data, maximally respecting his/her privacy. The collection and storage of Personal Data is carried out in accordance with the Law on the Protection of Personal Data (“Official Gazette of the Republic of Serbia” No. 87/2018 – hereinafter: “the Law” ), as well as with the General Regulation of the EU on the Protection of Personal Data ( EU 2016/679, hereinafter: “GDPR” ), when it is applicable. In the case of processing Personal Data of Clients who are citizens of one of the member states of the European Union, the Company will also apply the provisions of the GDPR, to the extent that it is applicable.
The Company has published this Privacy Policy in order to protect the privacy of each Client and so that the Client is informed of which Personal Data the Company collects, for what purpose and on what basis it is processed, how the Data is protected and how it is collected, as well as what are the rights related to Personal Data that the Client has.
You can contact the company regarding all questions regarding the protection of Personal Data at the email address: gdpr@deltaholding.rs
Key definitions of terms from the Personal Data Protection Act of the Republic of Serbia
” Personal data ” is any data related to a natural person whose identity is determined or determinable, directly or indirectly, especially on the basis of the label identity;
” Processing of personal data ” is any action or set of actions performed automatically or non-automated with personal data or their sets, such as collection, recording, sorting, grouping, i.e. structuring, storing, matching or changing, disclosure, insight, use, disclosure by transmission, i.e. delivery, duplication, dissemination or otherwise making available, comparison, restriction, deletion or destruction;
” Sensitive Data ” refers to data relating to racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic information, criminal record and biometric data used for the purpose unique identification.
The Company does not collect the Client’s sensitive data, unless the Client makes it available voluntarily or if the Company is obliged to do so by applicable regulations.
” Personal data of children ” refers to persons under the age of 18.
The company does not collect data from children under the age of 18, and to that end, it always requires confirmation from the Client that he is 18 or older. A legal representative (parent or legal guardian) should not allow children to make their Personal Data available without their permission and consent.
Personal data of the Client that the Company collects and processes includes:
1. Name and surname;
2. E-mail address;
3. The text of the Client’s comments written in free form.
Method of collecting Personal Data
Personal data is collected directly from the Client, as the person whose data is being processed or by other persons.
1. Direct collection of Personal Data from the Client whose data is being processed
a) Provision of services to the Client
In order for the Company to provide the service in a timely manner, for which the Client hired it, it is necessary to have the following Personal Data of the Client: Name and surname, e-mail address.
The Company processes the Personal Data of the legal representative/contact person/authorized person at the Client on several grounds.
The Company processes the Personal Data of the Client based on the conclusion and execution of the contract or for taking actions, at the request of the Client, before the conclusion of the contract. The provision of Personal Data by the legal representative/contact person/authorized person at the Client is a contractual obligation, i.e. the provision of Personal Data is a necessary condition for the conclusion/execution of the contract, which is why the legal representative/contact person/authorized person at the Client has the obligation to disclose Personal Data to employees of the Company . Otherwise, the Company will not be able to conclude and execute a specific contract.
Additionally, in the event that an invoice is issued to the Company, the received invoice, which may contain personal data of the Client’s legal representative/authorized person, will be stored by the Company in its databases, in order to fulfill legal obligations (tax and accounting regulations). Please note, in this case, Personal data from invoices are not processed individually, while invoices are stored for five years in the Company’s databases.
When Personal Data are processed based on the conclusion and performance of a contract or for the performance of an action that is an integral part of the pre-contractual phase, the purpose of Personal Data processing is the conclusion of a specific contract, i.e. the performance of a contract. Contract execution actions often imply that Personal Data are made available to third parties, in order to fulfill the contract in its entirety.
When personal data is processed based on the fulfillment of obligations, the Company will use such data exclusively for the purposes of issuing a pro-invoice or invoice, in accordance with the relevant regulations of the Republic of Serbia.
Further, when we process Personal Data based on the Client’s consent, the Company will in that case use Personal Data exclusively for the purposes of maintaining communication and inviting events, including the period after the termination of the specific contract. In that case, as the basis of processing for the stated purposes is the Client’s consent, you need to keep in mind that you can revoke the consent at any time by sending a request to the email address: gdpr@deltaholding.rs . Revocation of consent does not affect the admissibility of processing that was carried out on the basis of consent before the revocation.
When the Company processes Personal Data of the Client on the basis of the concluded Agreement, it stores the Personal Data in its databases for five years. On the other hand, when processing personal data based on consent, the Company stores personal data in its databases until the consent is revoked.
Personal data that the Company processes in order to fulfill legal obligations, the Company stores in the databases until the expiration of the term defined by law (five years from the date of issuing the invoice or pro-invoice).
b) Visits of the Client to the Company’s business premises
The Company processes the Client’s personal data for the purpose of property protection and the general safety of persons who are in the Company’s business premises, as well as the Client’s personal safety when visiting our business premises, i.e. to collect data in case of extraordinary events (theft, damage to property, etc.).
Accordingly, the Company processes Personal Data of the Client on the basis of legitimate interest, which consists in preserving the safety of property and persons located in the Company’s business premises, i.e. for the purpose of preventing extraordinary events or collecting data in case of extraordinary events.
Personal data – Name and surname, e-mail address, the Company stores in its database within one year, unless an event occurs as a result of which court proceedings are initiated, in which case they are kept until the legally binding end of the proceedings, i.e. until the statute of limitations in in accordance with the law.
After the expiration of the specified terms, they will be deleted or destroyed.
c) Maintenance of marketing and other promotional activities of the Company
During promotions of the Company’s products and other promotional activities, the Company may collect the following Personal Data of the Client: first and last name and e-mail address, in order to inform the Client about all news and benefits prepared by the Company.
The purpose of processing the aforementioned Personal Data is the promotion and marketing of the Company as well as the annexation of Persons who purchase products and services.
The above Personal Data are stored in the Company’s database until the Client revokes the consent.
d) Visits and use of the website – www.resity.net
When the Client visits and uses the Company’s website, Personal Data is also collected through cookies, more about which can be found in the Cookie Policy document.
e) Subscription to the newsletter
When signing up for the newsletter, the Client consents to the Company collecting the following Personal Data of the Client: first and last name and email address.
The purpose of processing the aforementioned Personal Data is to send notifications about special and personalized offers, news and events organized by the Company, internet promotion and other promotional activities.
The above Personal Data are stored in the Company’s database until the Client revokes the consent.
f) Contacting employees of the Company
On occasions when the Client contacts (through our website) employees of the Company to answer various inquiries regarding the Company’s products and services or leaves a specific comment in the form of free text, in this way he gives consent to the Company to collect the following Personal Data: name and last name, email address and content of the text of the Client’s comments written in free form.
The purpose of processing the aforementioned Personal Data is to establish communication with the Client, in order to provide answers to inquiries or to clarify requests. Providing unrecorded Personal Data is a necessary condition for establishing communication between the Client and the Company. Otherwise, the Company would not be able to respond to the Client’s inquiries.
2. Personal data provided by other persons
There are cases when the Client may submit Personal Data of third parties to the Company, in which case the Company will consider that the Client was authorized by such person for such action and in no case shall the Company bear responsibility for the processing of the Personal Data of the third party,
Purpose of data collection
The purpose of data collection is:
• compliance with the Company’s legal obligations (statutory and sub-statutory);
• concluding and executing concluded contracts, as well as taking actions before concluding the contract;
• protection of property and general safety of persons;
• inviting to events, achieving and/or maintaining communication and cooperation;
Legal basis of data processing and method of data collection
The legal basis for data processing is:
• Client’s consent
The Client’s personal data obtained by the Company on the basis of consent will be processed and stored as long as the Client’s consent exists, that is, until the Client revokes the consent. The Client can revoke the consent for the collection, processing and use of data at any time by sending an electronic request to the email address: gdpr@deltaholding.rs
The revocation of consent does not affect the permissibility of personal data processing based on the Client’s consent before the revocation.
• Execution of contractual obligations
The Company collects personal data that is necessary for the conclusion and execution of the contract with the Client and the fulfillment of pre-contractual obligations. If the Client does not provide us with the necessary Personal Data, the Company will not be able to process the Client’s request or conclude a contract with him.
• Legitimate interest
The Company processes Personal Data for the purpose of safeguarding the Company’s legitimate interests. The legitimate interests of the Company in particular mean the protection of property and the general safety of persons.
• Compliance with legal obligations
To the extent that the processing of the Client’s Personal Data is necessary for the fulfillment of the Company’s legal obligations, i.e. obligations defined by various laws, the Company processes and stores the Client’s Personal Data within the legal deadlines.
Recipient and third party
The Company also discloses Personal Data to specific recipients, i.e. third parties, namely: related parties on the territory of the Republic of Serbia, employees, companies that provide security services for premises, property and persons, legal service providers, IT service providers, external auditors, accounting and bookkeeping agencies.
The Company will not make the Client’s Personal Data available to other recipients, i.e. third parties, except in the cases specified in this Privacy Policy, nor will personal data be transferred to other countries.
Personal Data retention period
• data that the Company collects on the basis of the law as a legal basis, it is obliged to keep as long as determined by a specific law or other positive regulation.
• data collected by the Company based on the contractual relationship are kept for five (5) years.
• data processed solely on the basis of the Client’s consent are kept until the consent is revoked.
• data processed by the Company due to legitimate interest are stored permanently, i.e. within 30 days – data on extraordinary events, unless an event occurs as a result of which court proceedings are initiated, in which case they are kept until the legally binding end of the proceedings, i.e. until the statute of limitations begins in accordance with with the law.
Rights of the Client in connection with the processing of Personal Data
The person to whom the Personal Data refers has the rights:
• to request information from the Company on whether it processes his Personal Data and access to that data;
• to request from the Company the correction, addition or deletion of his Personal Data and the right to object to the processing;
• to submit a complaint to the Commissioner for Information of Public Importance and Personal Data Protection;
• that his inaccurate Personal Data be corrected without undue delay. Depending on the purpose of the processing, the Client has the right to supplement his incomplete Personal Data, which includes providing an additional statement;
• to limit the processing of Personal Data by the Company if one of the following cases is met:
1) the person to whom the data refers disputes the accuracy of the Personal Data, within the time limit that allows the Company to check the accuracy of the Personal Data;
2) the processing is illegal, and the person to whom the data refers opposes the deletion of the Personal Data and instead of deletion requests the restriction of the use of the Personal Data;
3) The Company no longer needs the Personal Data to achieve the purpose of processing, but the person to whom the data refers has requested it in order to submit, implement or defend a legal claim;
4) the person to whom the data refer has submitted an objection to the processing in accordance with Article 37, paragraph 1 of the Law, and an assessment is underway as to whether the legal basis for the processing outweighs the interests of the Person.
The Company is obliged to inform all recipients to whom Personal Data has been disclosed about any correction or addition or deletion of Personal Data or limitation of their processing in accordance with the Law, unless this is impossible or requires an excessive expenditure of time and resources. The company is obliged to inform the person to whom the data refer, at his request, about all recipients.
The person to whom the data refers has the right to receive from him the Personal Data that he previously provided to the Company in a structured, commonly used and electronically readable form, and has the right to transfer this data to another operator without interference from the operator to whom the data was provided. submitted, in accordance with the Law.
If he considers that it is justified in relation to his particular situation, the Client to whom the data refers has the right to submit an objection to the Company at any time regarding the processing of his Personal Data, in accordance with the Law.
The client to whom the data refers has the right not to apply to him a decision made solely on the basis of automated processing, including profiling, if that decision produces legal consequences for that person or that decision significantly affects his position.
Procedure in case of violation of Personal Data
If a breach of personal data can cause a high risk to the rights and freedoms of natural persons, the Company is obliged to notify the person to whom the data relate to the breach without undue delay, in accordance with the Law.
In the event of a breach of personal data that may pose a risk to the rights and freedoms of the Client, the Company is obliged to notify the Commissioner for Access to Information of Public Importance and Personal Data Protection without undue delay or, if possible, within 72 hours. from knowledge of the violation. The notification submitted to the competent authority contains all information in accordance with the Law.
Transfer of Personal Data to other countries
The transfer of Personal Data to another country or international organization without prior approval may be carried out if it has been established that that other country/international organization provides an adequate level of personal data protection. In this regard, the Decision on the list of countries, parts of their territories or one or more sectors of certain activities in those countries and international organizations in which an adequate level of protection of personal data is considered to be provided (“Official Gazette of RS”, No. 55 /2019) (hereinafter: “Decision”) it was determined where it is considered that an adequate level of protection of personal data is provided. However, in this particular case there is no transfer of data to other countries.
Links to third-party websites and services
The Company’s website may contain links to third-party websites. The Client should note that the Company is not responsible for the collection, use, maintenance, sharing or disclosure of data and information by third parties. If the Client provides information on third-party sites and uses those sites, the privacy policies and terms of use of those third parties will be applicable. The Company always recommends the Client to read the privacy policies of the websites he visits before sending Personal Data.
Data confidentiality and transparency
The Client’s personal data will be treated as confidential information and the Company will take appropriate necessary measures to protect it in accordance with the Law. Access to them will be granted only to persons who, considering the description of the work they perform, should be familiar with Personal Data and only to the extent necessary for the performance of their work.
This Privacy Policy is available on the website www.resity.net
If we decide to change our Privacy Policy, the changes will be posted and published on the website www.resity.net
This Privacy Policy is adopted by the Company’s director, who has the right to amend the Privacy Policy when necessary. The Company’s privacy policy is binding from the date of adoption.
If you have any question or suggestion regarding the processing of your personal data, do not hesitate to contact the Company at email: gdpr@deltaholding.rs