Privacy policy

1. Annex to the Data Management Policy

NOTICE ON DATA MANAGEMENT REGARDING THE RIGHTS OF INDIVIDUALS IN RELATION TO THE MANAGEMENT OF THEIR PERSONAL DATA

CONTENT

INTRODUCTION

CHAPTER I – NAME OF THE DATA CONTROLLER

CHAPTER II – NAMES OF DATA PROCESSORS

  1. IT service provider of our Company
  2. Ticketing system developer of our Company

CHAPTER III – ENSURING COMPLIANCE WITH DATA MANAGEMENT LAWS

  1. Data management based on consent from the data subject
  2. Data management based on the fulfillment of legal obligations
  3. Promotion of the rights of the data subjects

CHAPTER IV – DATA MANAGEMENT OF WEBSITE VISITORS – COOKIE (COOKIES) USAGE NOTICE

CHAPTER V – NOTICE ON THE RIGHTS OF DATA SUBJECTS

INTRODUCTION

Based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter: Regulation), which pertains to the protection and free movement of personal data, and the repeal of Directive 95/46/EC, the Data Controller must take appropriate actions to ensure that the data subject is provided with all necessary information regarding the management of personal data in a concise, clear, transparent, comprehensible, and accessible form, as well as to ensure the conditions for the fulfillment of the rights of the data subject.

The obligation to inform the data subject in advance about the right to informational self-determination and freedom of information is also stipulated by Act CXII of 2011.

The following text fulfills our obligations as required by the aforementioned laws and regulations.

The notice should be prominently displayed on the company’s website or sent to the data subject upon their request.

CHAPTER I

NAME OF THE DATA CONTROLLER

The issuer of this notice, also the Data Controller:

Company Name:  EKO TRAKA BP
Headquarters: Beograd

Company Registration Number: 20035374
Tax ID: 103845291
Representative: Ljubomir Aleksić

Phone Number:

011 71 21 100

011 71 18 107

Email Address: ekotraka@ekotraka.rs

Website: www.ekotraka.rs

 

(hereinafter: the Company)

CHAPTER II

NAMES OF DATA PROCESSORS

A data processor is an individual or legal entity, a governmental body, agency, or any other organization that processes data on behalf of the data controller; (Regulation, Article 4, Paragraph 8.)

The use of a data processor is not dependent on prior consent from the data subject, but it is necessary to inform the data subject. In accordance with these regulations, we provide the following notice:

  1. IT Service Provider of the Company

The company uses the services of a data processor that provides IT services (hosting services) for the maintenance and management of its website, and within these services – in accordance with the contract between the two parties – manages the personal data left on the website by storing them on the server.

Name and details of the data processor:

Company Name: ErdSoft LLC

Headquarters: 24000 Subotica, Somborski Put 33a, Serbia

Company Registration Number: 21354619

Tax ID: 101801079

Representative: Daniel Erdudac

Phone Number: +381 60 44 60 555

Fax: none

Email Address: daniel.erdudac@erdsoft.com

Website: erdsoft.com

 

III. ENSURING COMPLIANCE WITH DATA MANAGEMENT LAWS

Data Management Based on Consent

The Company must obtain consent for managing personal data through a form, the content of which is defined by the data management policy.
Consent can be given by marking a field on a website or through other clear statements. Silence or pre-checked fields do not constitute consent.
Consent covers all activities related to data management with the same purpose. For different purposes, separate consent must be sought.
If consent is part of a broader written statement, it must be clear and separate from other purposes.
Consent for data management cannot be a condition for entering into a contract.
Withdrawing consent must be as easy as giving it.
If data is collected with consent, it can be used to fulfill legal obligations without additional consent and after consent is withdrawn.
Data on minors is not collected and is deleted once its existence is known.

Data Management Based on Legal Obligations

The scope, purpose, retention period, and users of the data are determined by laws.
Data management based on legal obligations does not depend on the data subject’s consent. The individual must be informed of the mandatory data collection and all relevant facts.
The notice may include the publication of legal regulations containing the necessary information.

Promotion of Data Subject Rights

The Company must enable individuals to exercise their rights in all data management activities.

CHAPTER IV

DATA MANAGEMENT OF WEBSITE VISITORS – COOKIE (COOKIES) USAGE NOTICE

Website visitors must be informed about the use of cookies, except for technically necessary ones, and consent must be obtained for all other cookies.

General Information About Cookies:

Cookies are data that a website sends to the browser for storage and later use. They can be temporary or persistent and are used to identify users. There is a risk that users may not be aware that cookies identify them, which can allow user tracking.
Types of Cookies:

  • Technically Necessary: Essential for the functionality of the site (e.g., session ID).
  • Functional Cookies: Remember user choices (e.g., site layout).
  • Performance Cookies: Collect data on user behavior (e.g., Google Analytics).

Information About Cookies on the Company’s Website:

Data collected during a visit:

  • IP address, browser type, operating system features, visit time, pages, and clicks. Retained for up to 90 days for security purposes.

Types of Cookies:

  • Technically Necessary: Ensure site functionality and are deleted after the session.
  • Functional Cookies: Remember user choices and require visitor consent.
  • Performance Cookies: Analyze user behavior and send promotional offers, requiring visitor consent.

See the links below for cookie settings in popular browsers:

• Google Chrome: Chrome support

• Firefox: Firefox support

• Microsoft Internet Explorer 11: Microsoft support 

• Microsoft Internet Explorer 10: Microsoft support 

• Microsoft Internet Explorer 9: Microsoft support

• Microsoft Internet Explorer 8: Microsoft support

• Microsoft Edge: Microsoft support

• Safari: Apple support

CHAPTER V

NOTICE OF THE RIGHTS OF DATA SUBJECTS

I. Summary of Data Subject Rights:

Transparent Information, Communication, and Modalities for Exercising Data Subject Rights

Providing clear, understandable information and facilitating the exercise of rights.
Right to Prior Information When Personal Data is Collected from Data Subjects

Informing about the identity of the data controller, the purpose of processing, the legal basis, and any potential recipients of the data.
Information Provided When Personal Data is Not Obtained from the Data Subject

Notifying about the source of the data and relevant information regarding processing.
Right of Access

The right to obtain confirmation of data processing and a copy of the processed data.
Right to Rectification

The right to correct inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten")

The right to delete data under certain circumstances.
Right to Restriction of Processing

The right to limit data processing in certain situations.
Obligation to Notify about Rectification, Erasure, or Restriction of Processing

Informing users about changes related to data processing.
Right to Data Portability

The right to receive data in a machine-readable format and transfer it to another controller.
Right to Object

The right to object to data processing, including for direct marketing.
Automated Individual Decision-Making, Including Profiling

The right to avoid decisions based solely on automated processing.
Restrictions

Possible restrictions on rights based on laws.
Notification to Data Subjects about Personal Data Breaches

Notification in case of a personal data breach.
Right to Complain to the Supervisory Authority

The right to lodge complaints with the supervisory authority.
Right to Effective Legal Remedy Against the Supervisory Authority

The right to legal recourse against decisions of the supervisory authority.
Right to Effective Legal Remedy Against the Controller or Processor

The right to legal recourse against the controller or processor in case of rights violations.

II. Detailed Rights of Data Subjects:

Transparent Information, Communication, and Modalities for Exercising Data Subject Rights

The controller provides information clearly and understandably. Information can be provided in writing or electronically, or verbally with identification.
Right to Prior Information When Personal Data is Collected from Data Subjects

The controller provides information about the purpose of processing, legal basis, data recipients, and potential transfer to third parties.
Information Provided When Personal Data is Not Obtained from the Data Subject

The controller informs the data subject about the type and source of the data, as well as any public source of the data.
Right of Access

The data subject can request confirmation of processing and copies of the data.
Right to Rectification

The data subject can request correction of inaccurate data and completion of incomplete data.
Right to Erasure ("Right to be Forgotten")

The controller must delete data if it is no longer needed, if consent is withdrawn, if an objection is made, or if processing is unlawful.
Right to Restriction of Processing

Restriction of processing can be requested in certain situations, such as for inaccurate data or legality of processing.
Obligation to Notify about Rectification, Erasure, or Restriction of Processing

The controller informs all users about changes related to data processing.
Right to Data Portability

The data subject can receive data in a structured format and transfer it to another controller.
Right to Object

The right to object to data processing based on specific reasons, including direct marketing.
Automated Individual Decision-Making, Including Profiling

The data subject can avoid decisions based on automated processing that significantly affects them.
Restrictions

Rights and obligations may be restricted by legal measures, respecting fundamental rights and freedoms.
Notification to Data Subjects about Personal Data Breaches

In the event of a breach, the controller must inform the data subject about the nature of the breach and the measures taken.
Right to Complain to the Supervisory Authority

The data subject can file a complaint with the supervisory authority regarding data processing.
Right to Effective Legal Remedy Against the Supervisory Authority

The data subject has the right to legal recourse against the decisions of the supervisory authority.
Right to Effective Legal Remedy Against the Controller or Processor

The data subject can seek legal recourse against the controller or processor to protect their rights.

Cookie settings

We use cookies to personalise content and ads, to provide social media features and to analyse website traffic. You can read more by clicking on the "Settings" button.
We use cookies to personalise content and ads.