Privacy Protection » Welcome to Serbia

Privacy Protection

Privacy Policy for Users of Website https://www.welcometoserbia.org/

This Privacy Policy was last modified on March 1th 2020 in Belgrade.

 

Association Welcome to Serbia, based in Belgrade, st. Gospodar Jevremova 2, registration number: 28254920, TIN: 110700112 (hereinafter: “Data Controller“), which has the status of Data Controller in terms of the Law on Personal Data Protection (“Official Gazette”, No. 87/2018, hereinafter: LPDP), i.e. as an entity which organizes and is responsible for the processing of personal data, hereby informs the visitors of the website https://www.welcometoserbia.org/ , whose data are processed (hereinafter: Visitors), on all important aspects processing of personal data in accordance with applicable regulations:

INTRODUCTORY REMARKS:

  • This Privacy Policy regulates the collection and processing of data within the website of Association Welcome to Serbia: https://www.welcometoserbia.org/ . By interacting and using any function of the website : https://www.welcometoserbia.org/ , or the associated sub-site, it will be considered that you have read this Privacy Policy, that you are familiar with all its provisions and that you accept it without any remarks, objections and reserves.
  • Terms used within this Policy have the meanings prescribed by the current Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018, hereinafter: LPDP), and if necessary, other laws governing specific relations, occurrences, concepts and their meaning.
  • By ticking the checkbox, i.e. by clicking on the “I Accept” button, or a differently marked button with essentially the same function, in the pop-up window that is displayed to new users of the website : https://www.welcometoserbia.org/ during the first visit to the website, it will be considered an active, voluntarily done action in order to constitute a valid legal basis for data collection and processing in the manner and for the purposes described in this Privacy Policy. The controller will be able to prove, by electronic record (log), or otherwise, that the data subject has committed the said active, voluntary action by which he has confirmed that he is aware of and agrees with this Privacy Policy.
  • The mentioned electronic record (log) will be considered legally valid and sufficient proof of the given consent, in the sense of Article 15, paragraph 1 of the LPDP.
  • This Privacy Policy can be changed at any time, provided that the change will be clearly displayed on the front page of : https://www.welcometoserbia.org/ . In that case, the data subjects will be required to give new consent for the processing of personal data, in accordance with the changes made to this Privacy Policy.
  • The rules governing the collection of personal data through Cookies will be presented, within a separate Cookie Policy. Rules related to giving consent to the Privacy Policy within the provided pop-up window, as well as keeping and evidentiary form and power of the electronic record (log), but also the manner of change and informing the data subject about the changes, in full will also apply to used Cookies.
  • For all additional questions related to the rules and provisions of this Privacy Policy, you can contact us via e-mail: office@welcometoserbia.org and / or by sending an inquiry to the address Association Welcome to Serbia, st. Gospodar Jevremova 2, Belgrade, Serbia.

1. WHAT DATA DO WE COLLECT AND PROCESS?

We are responsible for the processing of the personal data that the Users contributes to the Service, or for the personal data that we in other ways collects with regards to the Service.

 We collect personal data about Users from Users when Users;

  • make an application through the Service or otherwise, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn; and
  • use the Service to connect with our staff, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.
  • provides identifiable data in the chat (provided through the website that uses the Service) and such data is of relevance to the application procedure;

We collect data from third parties, such as Facebook, LinkedIn and through other public sources. This is referred to as “Sourcing” and be manually performed by our employees or automatically in the Service.

The types of personal data collected and processed
The categories of personal data that can be collected through the Service can be used to identify natural persons from names, e-mails, pictures and videos, information from Facebook and LinkedIn-accounts, answers to questions asked through the recruiting, titles, education and other information that the User or others have provided through the Service. Only data that is relevant for the recruitment process is collected and processed.

Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify a certain User. Thus, such data is not considered personal data.

The consent of the data subject
The User consents to the processing of its personal data with the purpose of Controller’s handling recruiting. The User consents that personal data is collected through the Service, when Users;

  • make an application through the Service, adding personal data about themselves either personally or by using a third-party source as Facebook or LinkedIn, and that Controller may use external sourcing-tools to add additional information; and
  • when they use the Service to connect to Controller’s recruitment department, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.

The User also consents to the Controller collecting publically available information about the User and compiles them for use in recruitment purposes.

The User consents to the personal data being collected in accordance with the above a) and b) will be processed according to the below sections Storage and transfer and How long the personal data will be processed.

The User has the right to withdraw his or her consent at any time, by contacting Controller using the contact details listed under 9. Using this right may however, mean that the User can not apply for a specific job or otherwise use the Service.

How long the personal data will be processed
If a User does not object, in writing, to the processing of their personal data, the personal data will be stored and processed by us as long as we deem it necessary with regards to the purposes stated above. Note that an applicant (User) may be interesting for future recruitment and for this purpose we may store Users’ Personal Data until they are no longer of value as potential recruitments. If you as a User wish not to have your Personal Data processed for this purpose (future recruitment) please contact us using the contact details in paragraph 9.

2. WHAT IS THE LEGAL BASIS OF PROCESSING

The legal basis for the processing of personal data is the free and informed consent of the data subject, i.e. their consent for the purposes specified in this Privacy Policy, in accordance with Article 12, paragraph 1 of the LPDP.

Processing can be performed in order to fulfill the obligations from the contractual relationship, i.e. preparation for the conclusion of the contract. The Data Controller, as a contracting party, offers different types of services to legal entities, entrepreneurs, individuals, etc. In the procedure of concluding and performing obligations from the contractual relationship, the Data Controller processes personal data. Also, in order to exercise his rights, based on the services he provides, as well as to establish a business relationship, the Data Controller collects and processes certain personal data. This especially refers to sending job applications and inquiries via the website https://www.welcometoserbia.org/ and the indicated official e-mail addresses.

In special situations, the collection and processing of personal data may be necessary in order to pursue the legitimate interests of the Data Controller, or a third party, under the conditions and in accordance with Article 15 paragraph 6 of the LPDP. Before collecting and processing personal data of data subjects based on the legitimate interests of the Data Controller, or a third party, if any, in accordance with Article 15 paragraph 6 of the LPDP, the Data Controller will conduct an assessment of legitimate interest based on a tripartite test:

  1. Purpose test (identification of legitimate interest);
  2. Necessity test (whether data processing is necessary);
  3. Balancing test (measuring the legitimate interests of the controller and the data subject).

Also, in exceptional situations, processing may be based on the obligation to perform the legal obligations of the Data Controller. The Data Controller falls under the obligations of laws and other regulations that more closely regulate the business activities of law firms and the provision of legal services. When collecting data for the purpose of fulfilling legal obligations, the Data Controller does so exclusively to the extent necessary, and access to the data is provided only to authorized persons and competent state bodies, in accordance with the law.

3. FOR WHAT PURPOSES DO WE USE THE DATA?

The Data Controller uses the data for various purposes that are always closely related to the legal basis of the processing. Thus, the main purpose of direct collection and processing of personal data of data subjects is to establish communication with persons interested in establishing business contact, i.e. receiving newsletters and processing applications of interested candidates for employment, at their request. The Data Controller processes personal data for the purpose of fulfilling obligations under the law and other regulations, for the purpose of providing various types of services, for the purpose of fulfilling contractual obligations, for maintaining personal and business contact with its clients, as well as for analyzing business results and archiving, in accordance with the law. For all additional processing purposes for which there is a need, the data subject will be informed of all necessary information, before starting such processing operations, and the processing itself will be based on the appropriate legal basis, in accordance with the law.

4. WHO HAS ACCESS TO DATA?

Depending on the legal basis and the specific purpose, the following categories of persons may have access:

  • Authorized employees within the Association Welcome to Serbia in accordance with their work duties and authorizations, i.e. associates with whom a special agreement on cooperation, a contract on professional training, etc. has been concluded. All persons are obliged to act in accordance with all provisions of the LPDP regarding the security of personal data processing;
  • Competent state bodies (Tax Administration, Ministry of Interior, inspection and other administrative bodies, authorized control and regulatory state bodies, competent courts and prosecutor’s offices, etc.), if they have the appropriate authorization for access or other type of data processing in accordance with the law, namely only to the extent provided by law;
  • Persons who are in a contractual relationship with the Data Controller (Data Processors) and who are entrusted with certain data processing activities, in accordance with the legally prescribed conditions relating to information security, confidentiality and contractual regulation of rights and obligations.

5. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROTECTION OF YOUR DATA  WHICH ASSOCIATION WELCOME TO SERBIA , AS A DATA CONTROLLER, PROCESS?

You have the right to:

  • request access to your personal information,
  • request the correction or deletion of your personal data or the restriction of processing, to object to the processing of your data,
  • to object to the processing of your data,
  • to have your data transferred to other Controllers,
  • to contact the competent authority – the Commissioner for Access to Information of Public Importance and Personal Data Protection, in case you suspect that there is illegal processing,
  • other rights prescribed by applicable regulations.

Certain rights (e.g. the right to delete), in certain situations may be subject to statutory restrictions, and their use may cause various legal consequences, in accordance with the law (e.g. inability to continue to provide certain services, the obligation to compensate for damage, etc.).

6. HOW IS YOUR DATA PROTECTED?

Within his business organization, the Data Controller strives to apply the highest possible standards in the field of personal data protection, and applies all necessary organizational, technical and personnel measures, including, but not limited to:

  • technical protection measures,
  • control of physical access to the system where personal data is stored,
  • data access control,
  • data transfer control,
  • data entry control,
  • data availability control,
  • other information security measures,
  • all other measures necessary for the protection of personal data.

All processors and/or other recipients of personal data are also obliged to apply all prescribed protection measures, in accordance with the signed contract with the Data Controller and the standards and obligations prescribed by law.

 

  1. How we use cookies? (Cookie policy)

If you access our information or services through our website, you should know that we use cookies. Cookies are data files that are stored in your browser. Our website automatically installs and uses cookies in your browser when you visit it.

Cookies are used for the following purposes:

  1. To create statistics that will help us understand how you access our website, which shall allow us to improve the structure of our website and its content and thus improve your experience;
  2. To create a profile for you to display relevant materials related to advertising networks;
  3. To keep traffic statistics in order to reliably manage settlements with advertising partners;
  4. To save your settings and customize the website to suit your needs and preferences.

To achieve the aforementioned goals, the website uses two basic types of cookies, session cookies and persistent cookies. Session cookies are temporary files that are stored in your browser until you log out, leave the site or close your browser. Persistent cookies are stored in your browser for a longer period of time, as specified in the cookie parameters or until you remove them.

Cookies may be used by partners and advertising networks, such as the Google Network, to display ads that are for you and in accordance with your preferences while you use our website.

To achieve this goal cookies may store information about your navigation path or the time you spent on our website.

The default browser settings are probably set to allow storage of cookies. You can change your browser settings and delete or block cookies. See the browser documentation for details. Please note that if you do so, you may not be able to use or activate certain features available on our website.

Social media plugins

In addition to the above, we may provide you with an access to third-party websites (social media plugins). Please note that all information you provide using this feature is governed by the applicable third party privacy policy and not by this Privacy policy. We have no control over and shall not be held liable for any use of third party information you provide by using this feature.

 

8. HOW LONG IS YOUR DATA KEPT?

The Data Controller strives to keep the data for the period necessary to achieve a specific purpose of processing, after which the data is deleted or made unrecognizable (anonymization measures). The specific retention period, i.e. the criteria by which it is possible to determine it, depends on the purpose for which personal data are processed. The data collected for the purposes of the newsletter is kept until the withdrawal of consent to receive this type of promotional messages and notifications, after which they are deleted or anonymized. Data on candidates for employment are kept until the withdrawal of the given consent of the candidate, and for a maximum of six months from the day of data collection. Data collected for the purpose of establishing business contact, at the initiative of the data subject, are kept until the withdrawal of consent for the processing of this data. The data collected through the Internet browser and cookies are stored within the deadlines provided by the cookies accepted by the person to whom the data relate, and as described in the Cookie Policy of Sturgeon Systems d.o.o.. Data collected during the implementation of ancillary services are kept as long as necessary to fulfil the contractual obligations, as well as in an adequate period after the termination of the contract in order to carry out accompanying actions and possible obligations prescribed by law.

9. WHO CAN YOU CONTACT FOR MORE INFORMATION?

Regarding all questions related to the processing of personal data, you can get via e-mail: office@welcometoserbia.org   and / or by sending an inquiry to the address Association Welcome to Serbia, st. Gospodar Jevremova 2, 11000 Belgrade,Serbia.

We will respond to your inquiry as soon as possible, depending on the complexity of the inquiry itself, but each within 30 days from the date of addressing the data subject, with the possibility of extending the deadline in special situations and with an explanation, in accordance with law.

10. ADDITIONAL INFORMATION

Personal data collected through the website https://www.welcometoserbia.org/, are not taken out of the Republic of Serbia, except during the possible use of third party cookies, for which Association Welcome to Serbia cannot be held responsible. The servers used for data transfer are located within EEA countries where an adequate level of personal data protection is provided. If in exceptional cases the data transfer is performed via a server outside the EEA, such data transfer will be performed with the application of appropriate protection measures, in accordance with the law.

In case of need to transfer personal data to another country, i.e. outside the territory of the Republic of Serbia, the transfer will be made in accordance with all rules prescribed by the applicable LPDP, and in accordance with the situation and need, standard contractual clauses prescribed by the Commissioner for Access to Information of Public Importance and Personal Data Protection will apply.

The provision of data by the data subject is not a legal or contractual obligation, when using the possibilities provided by the website. Failure to provide the requested information as a consequence can only lead to the impossibility of establishing the requested contact, necessary for further communication in this way, i.e. the impossibility of using the services available through the website https://www.welcometoserbia.org/ . When processing the data collected through the website, Association Welcome to Serbia, as the Data Controller, does not use any automated decision-making, nor profiling of the persons to whom the data relates.

Changes to the Privacy Policy

Any use of Association Welcome to Serbias website is subject to the terms and conditions listed above. This Privacy Policy may be amended at any time without prior notification or special user consent. Any changes to the Privacy Policy will be published on this website. Please make sure to check the content of the Privacy Policy periodically to get timely information on any changes. If you continue to use our website after the changes to our Privacy Policy, you will be deemed to have agreed to those changes.