Privacy Policy
INTRODUCTION
We recommend you to carefully read this Privacy Policy, hereon: the Policy, which may be amended or modified occassionally so as to reflect changes in our practice related to personal data processing or changes in the relevant law and regulations. Any further modifications of the Policy shall be immediately published on our Internet page.
Certain products/solutions of our vendors are subject to their specific policies related to privacy, which are not controlled by us. TeleGroup shall provide, if requested, all necessary information and wherever possible, will also publish on our Internet page visible link leading to the Vendor’s official Internet page.
Any usage of our internet page is subject to our General terms of usage of TeleGroup Beograd web pages and Cookie Policy on TeleGroup doo Beograd webpages .
1. PURPOSE OF THE POLICY
The Policy, acting as Controller of personal data, is issued by the company TeleGroup doo Beograd, hereon referred to as: TeleGroup, as an expression of its dedication to privacy and personal data protection through compliance with the law and regulations governing it in all countries where we operate, as well as during usage of our website by all interested parties, hereon referred to as: User, or in plural Users.
2. PURPOSE, AREA OF APPLICATION AND IMPLEMENTATION
The Policy is intended to any person whose personal data are collected and processed by us, outside of our organization, with who we communicate, incl. visitors of our website and other users of our services.
This Policy determines basic principles on which TeleGroup collects, uses and processes personal data of its business partners: buyers, suppliers, sub-contractors and all other individuals. Minors younger than eighteen years of age do not comply with terms for usage of our Internet page and that is why we kindly ask minors not to disclose to us any of their personal data and not to use any of the services provided by or through our Internet page.
With this Policy, TeleGroup sets out obligations and responsibilties of all its business organizational units and directly or indirectly controlled associated legal entities and their employees, during and related to processing of personal data. Transfer of liability for Privacy protection to sub-contractors shall be regulated by an Agreement for each particular project.
The owner of this Policy, responsible for its adequacy and updating is IMS Manager.
Person responsible for consistent implementation of this Policy is director of company TeleGroup.
3. REFERENCE DOCUMENTS
- Law on personal data protection of the Republic of Serbia
- EU Regulation on personal data protection - GDPR
- General terms of TeleGroup web-page usage
- Cookie Policy on TeleGroup web-pages
- Rulebook on organization and systematization of jobs
- Request for excersising rights Form
4. BASIC TERMS, DEFINITIONS AND ABBREVIATIONS
Controller - an individual or legal entity, authority, agency or other body that alone or together with other bodies determines the purposes and means of processing personal data, the entity that decides how and why personal data are processed. He/she/it has the main responsibility for compliance with applicable Laws on personal data protection.
Supervisory body – independent public body that has the legal task of monitoring compliance with applicable data protection laws.
Personal data – Personal data are all data which are related to a individual whose identity is determined or it can be determined, based on these data.
Processing - means anything that is done with any personal data, whether through automated process or otherwise, such as: collection, recording, organization, structuring, storage, adjustment or modification, retrieval, consultation, use, disclosure by transmission, by spreading or making available in any way, by harmonization or combination, limitation, deletion or destruction.
Processor – refers to any individual or legal entity, authority, agency or another body performing personal data processing on behalf of the Controller.
Anonymization: Personal data are irreversibly deidentified so that a person cannot be identified using reasonable time, cost and technology either by the Controller or any other person. The principles of personal data processing do not apply to anonymous data because they are no longer personal data.
Pseudonymization: The processing of personal data in such a way that personal data can no longer be attributed to a particular data subject without the use of additional information, provided that such additional data are kept separately and are subject to technical and organizational measures to ensure that they are not associated with any individual person. Pseudonymization reduces, but does not completely eliminate, the possibility of associating personal data with the data subject. Since pseudonymized data are still personal data, the processing of pseudonymized data should be in accordance with the principles of personal data processing.
PDPL – Personal Data Protection Law of the Republic of Serbia
5. PERSONAL DATA THAT ARE COLLECTED AND PROCESSED
- Name and surname
- Name of the Employer
- Address of the Employer
- Position/function with the Employer
- Professional Qualifications
- Contact data: mobile tel. and office no., e-mail address
- Data on social media profiles
- Membership in expert associations, organizations, etc.
Information on user interaction with our website:
Details on device: type of device, operating system, type of browser, browsing settings, IP address, language settings, dates and time of connection to our Internet location and other technical communication information.
Usage data: records on logging and use of our website and other services, including: registrations, details of the content you communicate with, votes in polls, questions, downloads, ratings, feedback, search queries, anonymous impressions (reviews), pageviews.
Data for analysis: key words, community, trends, quality and importance of contents.
Reviews, opinions and interests: any comments, ratings, opinions or statements you decide to send to us, or post on our Internet page, through a questionaire or publicly post on social media platforms; interests and solutions relevant for wider community and CSR.
6. WAYS OF COLLECTING PERSONAL DATA
Users’ personal data are being collected when they are disclosed by themselves, via e-mail, telephone, by fulfilling questionaire on presence at some of our events, on our Internet page and in any other manner.
We collect, use and process personal data which the User clearly decided to disclose himself, including via our Internet page.
User’s personal data can be received from third parties, e.g. via social medias platforms on which we are present with our official pages.
We collet data via log files in accordance with our Cookie Policy on TeleGroup d.o.o. Beograd web pages. By visiting our Internet pages, using any function or on-line available resource, device and Internet browser of User shall automatically detect certain data, out of which some may represent personal data.
7. LEGAL BASIS OF PERSONAL DATA COLLECTION
We can rely on one or several legal basis, depending on circumstances:
- Explicit, informed, unambiguous, clearly communicated consent for data collection and processing. Consent, i.e. approval is voluntary and can be withdrawn at any time, which entails deleting or anonymizing the collected data, provided that the withdrawal of consent does not affect the processing of personal data that was performed before the revocation. Our products and solutions do not collect personal data, IP addresses and do not use cookies without the prior consent of the user.
- Data processing is necessary in relation to performance of our obligations per any Agreement which the User may conclude with us.
- Data processing is required by applicable relevant law.
- Data processing is necessary in order to protect vital interests of any individual.
- Legitimate interest to condutct processing for the purpose of management, doing business or promoting our business, provided that our legitimate interest does not overpower interests, fundamental rights and freedom of the User.
We do not collect nor in any other way process sensitive personal data of the User, except when:
- Data processing is required or is allowed by applicable law on disclosure or prevention of criminal activities (including prevention of fraud);
- Data processing is necessary for establishment, exercise or defense of legal rights.
8. PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA
TeleGroup collects data only for the purpose of cooperation on particular project or marketing event and communication and interaction with Users via our Internet pages and social media profiles.
Collection of personal data is done for the following purposes:
- Processing of Users’ orders;
- Sending application for reception of Newsletter;
- Sending of marketing announcements;
- Proposing of contents which might be of interest for the User, based on his/her previous activities;
- Marketing communication with Users through any media (e-mail, telephone, text messages, via social media, mail or courier), news and other information, provided that it is secured that such communication is realized in compliance with relevant law;
- Recommendation of contents by the User to others;
- Profile settings;
- Enabling usage of certain functions of our solutions;
- Adjusting of products and services to Users’ needs;
- Providing Customer support;
- Management of job applications in TeleGroup;
- Realization of our contract obligations during which we provide services to individuals on our behalf and for the account of our clients;
- Management of cooperation with our vendors;
- Improvement of our Internet page and our services: identification of problems with existing Internet location and our services; planning of improvement of existing Internet page and our services; creating new website and our services.
- Questionnaires and quizzes: cooperation with Users in order to obtain responses, opinions, on our Internet page or our services
9. SAFETY OF PERSONAL DATA
In accordance with the applicable Law, we have taken strict physical, electronical and administrative measures related to the safety against accidental or illegal destruction, loss, changes, unauthorized disclosure, unauthorized access and other illegal or unauthorized ways of processing.
The data are available only to the employees and associated persons or partners which require those data for doing business or fulfillment of the contract.
We store and keep personal data in our internal electronic databases to which we apply all necessary organizational, technical and personnel measures of protection in accordance with requirements of existing Personal Data Protection Law (PDPL), including:
- Control of physical access to the system where personal data are stored;
- Data access control;
- Data transmission control;
- Data entering control;
- Data availability control;
- Other measures of information safety which are necessary for personal data protection.
a. Data Accuracy
We take every reasonable step to ensure that the personal data of the Users we process are accurate and, where necessary, up to date. Any of the personal data we process that are inaccurate (given the purposes for which they are processed) is deleted or corrected without delay. We may from time to time ask the User to confirm the accuracy of his/her personal data.
b. Minimizing of data
We take every reasonable step to ensure that the personal data of the Users we process are limited to the personal data reasonably required in relation to the purposes set out in this Policy and the purposes of collection and processing set out above.
c. IT manager is responsible for:
Ensures that all systems, services and equipment used for data storage fulfill acceptable safety standards.
Performance of regular check-ups and scanning, so as to ensure that safety hardware and software are properly functioning.
d. Marketing director is responsible for:
Communication with Users via all media types (Internet, e-mail, letters...)
Responding to any enquiry related to data protection received from the press or media houses.
If required, cooperation with IMS Manager so as to ensure that marketing initiatives are compliant with data protection principles.
e. Human resources director is responsible for:
Raising the level of awareness of employees about the protection of personal data of Users.
Organizing trainings on personal data protection in order to raise the awareness of employees who work with personal data.
f. Head of legal and personnel affairs is responsible for:
Personal data protection agreed with customer being transferred to suppliers and subcontractors;
In cooperation with relevant managers, works on improving the level of awareness of suppliers and subcontractors on personal data protection;
Reduction only to the necessary requirements for the transfer of personal data to any third party, suppliers and subcontractors we use.
g. Procurement service
Must ensure that the company preserves the right to revision of suppliers from the field of personal data protection.
10. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
The private information we collect are not and will not be subject of trade. Private data are distributed to third parties only for the purposes and in the course of doing business.
With the prior express consent of the User, we may provide his/her personal data to our customers or vendors in order to allow them to contact the User with information which may be of interest to him/her, provided that such communication does not otherwise violate relevant laws.
Certain Processors that can access personal data which Users leave through our website are based in foreign countries, such as IT service providers; plugin vendors for social networks; etc., which are placed anywhere in the world. Exporting data outside the country is done on the basis of the default level of adequate protection of personal data in those countries, in accordance with our PDPL and GDPR.
In accordance with the applicable regulations in the field of personal data protection, TeleGroup has the right to, in case of a request of a state body, institution, agency or competent regulatory body, make the User's data available to those bodies, institutions and regulatory bodies, exercising or defending legal rights, for the purpose of investigation, prevention and detection of criminal offenses and criminal prosecution.
11. LEGAL RIGHTS OF USERS IN RELATION TO PERSONAL DATA WE COLLECT AND PROCESS
- 1. The right to request access to personal data and information concerning the processing or copy of his/her personal data.
- 2. The right to object, on legitimate grounds, to the processing of his/her personal data.
- 3. The right to request the correction of any inaccuracy or amendment of his/her personal data.
- 4. The right to request the deletion of his/her personal data.
- 5. The right to request a restriction on the processing of his/her personal data.
- 6. The right of data transfer, to transfer the User's personal data to another Controller, so much as possible.
- 7. In cases we process personal data on the basis of consent, the right to withdraw that consent.
- 8. The right not to be subject to a decision made solely on the basis of automated processing, incl. profiling.
- 9. The right to be informed about the violation of personal data, if that violation of personal data can produce a high risk to the rights and freedom of natural persons.
- 10. In relation to processing of personal data, the right to file a complaint with the regulatory body for the implementation of the PDPL. The complaint is submitted by filing a complaint to the regulatory body:
Commissioner for information of public importance and personal data protection
Bulevar kralja Aleksandra broj 15, 11120 Beograd,
telefon: +38111 3408 900, e-mail: office@poverenik.rs - 11. The right to judicial protection if he/she considers that his/her rights from the PDPL have been violated.
- 12. Other rights guaranteed by applicable PDPL.
The person, subject of data, may exercise his/her rights by filling in the Request for exercising the right which is available in the business premises of the Controller, as well as on the website of the Controller.
The user can contact us at any time if he no longer wishes to receive any information from TeleGrup by sending UNSUBSCRIBE by e-mail to: marketing@telegroup-ltd.com and will be immediately removed from our mailing list.
In relation to the exercise of his/her rights, the Controller will provide the person whose data have been collected with all necessary additional information, as well as assistance, in accordance with the conditions and in the manner prescribed by the applicable PDPL.
12. USE OF COOKIES
We use cookies on our website that enable user identification. Cookies are small text files that are temporarily stored on a user's hard drive. Some cookies store informations about the User that are of personal nature. However, such information is stored only if the User has published or entered it on the website and only for the purpose of obtaining the necessary information for easier functioning and use of the website.
In case that the User wants to view our website presentation without cookies, he can do so. Most web browser programs automatically accept cookies, in which case it is necessary to turn off this feature. Details on this can be found in the web browser guide. If the use of cookies is excluded, there is a possibility that some content from our website will not be able to be opened.
13. PERIOD OF PERSONAL DATA STORAGE
We will retain copies of personal information in a form that allows identification until the moment of revocation of informed consent, or only for as long as it is necessary in relation to the goals and purposes set forth in this Policy, unless applicable law requires a longer period.
In particular, we may retain the personal data of the User for any period necessary to establish, exercise or defend any legal rights.
14. MANNER OF OBTAINING ADDITIONAL PROCESSING NOTICES
The person whose data are being processed, in relation to all issues related to the processing of personal data, including the manner of exercising rights and access to documents that further regulate the manner of data processing, may contact our Officer in charge for contact regarding personal data protection, Dragan Zikic on the phone: 011/3081913, e-mail address: dragan.zikic@telegroup-ltd.com
and / or by letter to the address:
TeleGroup, Svetozara Miletića 9a, 11108 Beograd, PAK101113
The contact person in charge for personal data protection shall respond to any enquiry in the shortest possible time, depending of the enquiry itself, but in any case not longer than 30 days from the proper reception of enquiry. This deadline may be prolonged, if required, for additional two months, taking into consideration complexity and number of enquiries.