serbia flag EN
Privacy Policy

DATA PRIVACY POLICY

 

EGT Group doo Belgrade is a controller of personal data of persons and processes them in accordance with applicable regulations, in accordance with the Law on Personal Data Protection ("Official Gazette of RS", No. 87/2018) as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (where applicable).

The data subject is any person (individual) or representative of a legal entity whose personal data are processed.

 

Area in which it is applied

 

The privacy policy applies to all personal data that we collect, use or otherwise process, directly or through our partners, third parties. Personal data is any data relating to a person whose identity has been established or can be established, directly or indirectly (hereinafter: data or personal data). Data processing is any action performed on personal data, for example the collection, recording, storage, use, transmission of data and insight into personal data.

The privacy policy applies to all EGT Group services and products that include the processing of any personal data.

The policy primarily refers to persons and persons representing legal entities, who submit a request or use services and products or are interested in using services and products.

The policy does not apply to anonymous data. Anonymous data is data that has been changed in such a way that it cannot be linked to a certain person or cannot be linked without disproportionate effort, and therefore, in accordance with the applicable regulations, it is not considered personal data.

 

Processing of personal data


Law, transparency and responsible conduct

 

We undertake to provide a legal, fair and transparent way of processing personal data by applying the following measures:

a) Clear and transparent way of passing information to the data subject on the purpose, manner and type of processing personal data by application already in the phase of collecting personal data;

b) b) Processing is necessary for the purpose of concluding an agreement or contract concluded with the data subject (e.g. customers and clients, employees, potential clients) or based on the prior consent of the data subject;

c) c) Processing is necessary in order to fulfill the legal obligation that applies to EGT Group as a personal data controller (e.g. forwarding personal data of employees to external institutions on the basis of concluded employment contracts);

 

Purpose limitation

 

EGT Group processes personal data for purposes that are specifically determined, explicit, justified and lawful and still cannot be processed in a way that is not in accordance with those purposes or conditions that you have accepted.

In the event that personal data are intended to be processed for other purposes, the proposer of a new personal data processing shall make an assessment of the impact on data protection and, if necessary, obtain the consent of the data subject.

 

Minimum scope of data

 

Obtaining personal data on the data subject shall provide only the personal data necessary to fulfill the purpose for which the data are processed.

Additional personal data are obtained with the consent of the data subject, in order to fulfill a specific purpose.

 

Data accuracy

 

The accuracy of personal data is ensured by the introduction of automatic and manual controls that include the processing of personal data.

 

Restrictions on data retention

 

All data are kept within the legally determined retention periods and within the time limits necessary to achieve the purpose of their processing.

In the case of processing personal data after the expiration of the retention period for purposes e.g., making statistical analyzes, all data will be anonymous in a way that it is not possible to identify the person to whom the personal data refers.

 

How we collect personal data

 

We collect personal data in the following ways:

 

  • We collect data primarily directly from the data subject, and in a way that they provide it to us. The most common example of this way of collecting data is submitting a request for a particular service or product, either online or in person, where the data subject, if he wants to use a particular service or product, provides the data and documents needed for identification (e.g., name, surname, address, personal document read, JMBG, etc.). We also collect data during communication with the person to whom the data relates by phone, website and social networks, when resolving complaints, etc.
  • We collect data that is generated automatically when the data subject uses the services and / or products or the website. For example, data on the IP address and location of site users is automatically collected on the server.
  • We collect data from publicly available sources such as, for example, data from the register of companies or data that you have set to be publicly available.

 

A prerequisite for any collection of personal data of the data subject is the existence of an appropriate legal basis based on law.

 

What types of data do we collect?

 

Personal data of the data subject, which are collected and are subject to data protection, are, among other things, data on:

 

a) identity of the person - name and surname, name of the company;

b) addresses of persons - IP address of the equipment of the person to whom the data refer;

c) availability of persons - contact phone (landline and / or mobile phone), e-mail;

d) business data of the legal entity - in cases when it is the person who represents the legal entity

 

For what purposes do we use the collected data?

 

We consider the personal data of the persons to whom the data relate to be their property and treat them as such. However, in order to be able to provide a service to the person to whom the data relates, and in accordance with the legal bases below, it is necessary to process the minimum set of data necessary for the quality of a particular service or product from our offer. Otherwise, if the data subject refuses to provide the requested data set, we will not be able to provide the appropriate service. In accordance with the above, personal data are processed when one of the following conditions is met:

 

a) Processing is necessary for the performance of the contract in which the data subject is a party or in order to take action at the request of the data subject before the conclusion of the contract; depending on the service and the method of data collection, it is possible that the contract is automatically concluded by accepting the terms and privacy policy.

 

b) Processing is necessary in order to comply with legal obligations when, for any reason, we are obliged to submit to state institutions the collected data on an individual, natural or legal entity.

 

c) The processing is necessary for the legitimate interests of the EGT Group or a third party - except when those interests are stronger than the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, especially in the case of a minor the data relate. By legitimate interest we mean processing that serves to improve the process, product development and business improvement, ensure compliance of our company's business with international regulations of extraterritorial application, prevent illegal actions / illegal activities of persons to our detriment, and the detriment of our clients and / or third parties, modernize services, offer products and services that are expected to facilitate business.

d) The data subject has given his or her consent to the processing of his or her personal data for one or more special purposes - the consent must be provable and voluntary, written in easy-to-understand language and the data subject has the right to withdraw his or her consent at any time. (Withdrawing consent must be as simple as giving it).

e) Processing is necessary in order to protect the key interests of the data subject or another natural and legal entity.

f) Processing is necessary for the purpose of performing activities in the public interest or exercising legally prescribed powers.

 

Data that are processed automatically

 

Decision-making based on automatic data processing is an integral part of every business and as such is necessary, and is carried out:

a) In accordance with applicable laws and regulations;

b) In order to ensure the security and reliability of the service provided;

c) If necessary for the conclusion or execution of a contract between the data subject and the controller, which includes the reduction of business risks, business improvement, certain overnight processing that is an integral part of the IT system, etc.;

d) When the data subject has expressly given his or her consent.

In accordance with the Act, the EGT Group allows data subjects the right to object to automatic, but also manual, data processing for the purpose of direct advertising, including profiling to the extent that it is related to direct advertising, either in relation to the initial or further processing, at any time and free of charge.

 

Access to data

 

Access to your personal data is available only to employees of our company, who are previously familiar with the law on personal data protection and responsibilities, as well as our associates who need this data to perform their work, i.e.. for which there is a "need to know" (the so-called "need to know" principle).

 

We can forward the collected personal data to processors (vendors) with whom we have concluded an appropriate contract, members of the Group, competent state authorities, as well as other persons, in accordance with the law of the Republic of Serbia.

 

How we protect personal information

 

We protect your personal information from any injury, including unauthorized access, accidental loss, destruction, damage, and any other breach of personal data security.

In order to protect your personal data, we apply technical and organizational measures such as control of the right of access to all data and documents, ensuring compliance with the obligation of confidentiality of all persons who have the right to access your personal data, we apply access control methods (passwords, PINs, smart cards, etc.) and methods of monitoring access and activities in information systems, as well as the application of software solutions to ensure the security of our information equipment and data.

First of all, you have the right to access personal data, which means the right to receive information about whether we process your personal data. If we process them, by accepting the terms of the privacy policy you are aware of the rights and uses of the data. Upon request, you can be informed about the purpose of processing personal data, the category of personal data, recipients or categories of recipients to whom personal data have been or will be disclosed, the intended period in which personal data will be kept, and the rights you can achieve.

Secondly, you have the right to have your personal data corrected, which means that you have the right to request the correction of your incorrect personal data, as well as the right to supplement incomplete personal data, by giving an additional statement if necessary.

Third, you have the right to limit the processing of your personal data in the following cases:

a) When you dispute the accuracy of personal data, we will limit the processing to a period that allows us to verify the accuracy of personal data;

b) When the processing of your personal data is illegal, and you oppose the deletion of the data and instead request a restriction on their processing;

c) When there is no longer a need to process your personal data, and you request that we continue with the processing in order to submit, realize or defend your legal claims;

d) When you object to the processing pursuant to Article 37, paragraph 1 of the Personal Data Protection Act, awaiting confirmation of whether there are legal grounds for the processing of personal data that outweigh your interests, rights or freedoms or are related to the submission, by pursuing or defending a legal claim.

Fourth, you have the right to object, which means that you have the right to object to the processing of personal data, which implies the processing necessary in order to:

a) Performing activities in the public interest or exercising statutory powers,

b) Exercising the legitimate interests of EGT Group or a third party, unless those interests are overridden by the interests or fundamental rights and freedoms of data subjects requiring personal data protection, and especially if the data subject is a minor.

When you lodge an objection, we may no longer process your personal data unless we indicate that there are legal grounds for processing that outweigh your interests, rights or freedoms or are related to the filing, exercise or defense of a legal claim.

In addition to the stated rights of the person whose personal data are processed, we also inform you of the right to deletion, and the right to the portability of personal data.

Clarification, the right to erasure ("right to be forgotten") means your right to erase your personal data in the following cases:

a) When your personal data are no longer necessary to achieve the purpose for which they were collected or otherwise processed;

b) When the data subject revokes the consent on the basis of which the processing was performed, in accordance with Article 12, paragraph 1, item 1, or Article 17, paragraph 2, item 1 of the Law on Personal Data Protection, and there is no other legal basis for processing;

c) When you object to the processing in accordance with Article 37, paragraph 1 of this Law, and there is no other legal basis for the processing that prevails over the legitimate interest, right or freedom of the data subject, or Article 37, paragraph 2 of the Law on personal data protection;

d) When your personal data have been processed illegally and

e) When we must delete personal data in order to comply with our legal obligations in accordance with the law of the Republic of Serbia.

Furthermore, the right of a person to data portability means the right to receive your personal data that you have previously provided in a structured, commonly used and electronically legible form and you have the right to transfer such data to another controller without interference by us, processing automatically, and on the basis of consent or contract.

 

How you can exercise your rights

 

By filling out the form on the Contact page, your request will be resolved as soon as possible.
You can send a request to the following e-mail address info@egt-bg.rs or call us at +381113011983

 

Filing a complaint to the Commissioner for Information of Public Importance and Personal Data Protection

 

The Supervisory Body for Personal Data Protection in the Republic of Serbia is the Commissioner for Information of Public Importance and Personal Data Protection, Bulevar Kralja Aleksandra 15, Belgrade (hereinafter: The Commissioner).

 

We would like to inform you that you can file a complaint with the Commissioner about our actions regarding the processing of your personal data.

 

Additional information

 

All additional information related to the exercise of rights related to the law on personal data protection or our privacy policy can be requested by clicking here and filling out the contact form, sending an inquiry to the e-mail address info@egt-bg.rs or by phone + 381113011983

 

Terms of use and complaints

 

You can find out about the terms of use of the site and the abuse of copyright that we claim by clicking here.