Data Security and Privacy Act
Microsoft Word – 3_Data Security and Privacy Act_english version
FAR & AWAY DOO BEOGRAD (SAVSKI VENAC),
Microsoft Word – 3_Data Security and Privacy Act
www.faraway.rs (hereinafter: Travel agency Far&Away), as the handler of personal data, considers that the trust of persons who, in accordance with Article 4, paragraph 1, point ( 1) of the Law on Personal Data Protection “Official Gazette of RS”, no. 87 of 13 November 2018) (hereinafter: the Law) has provided its personal data (hereinafter: the users) by means of a internet presentation on a web address: https://isapsdays.com/en/ (hereinafter: the site) is very important and represents one of the fundamental ethical values of the Company’s operations. In this regard, the Company has taken the necessary measures and actions, in accordance with the Law, to protect and secure the privacy of the personal data provided, which will be presented below in the text of this act, in accordance with Article 23 of the Law.
INFORMATION ABOUT THE PERSONALITY WHICH COMPANY PROCESSES
The Company collects and processes the following information from site users:
- Identification informations: First name, last name and e-mail address (hereinafter:
- Website login and user behavior data (Cookies)
LEGAL BASIS OF PROCESSING PERSONAL DATA
The personal data of the users are processed only with their explicit consent, in accordance with Art. 15 of the Law. The consent request is presented in a way that stands out from other questions, in an understandable and easily accessible form, and by using clear and simple words.
CASES IN WHICH PERSONAL DATA IS PROCESSED
Users submit their personal information by entering it in the contact form available on the site, also in a case of presenting employees (as well as otherwise engaged), clients and partners as references in the sections of the site, called Contact and while using or viewing the site through the Cookies.
PURPOSE OF INTENDED PROCESSING OF PERSONAL DATA
The Company collects and processes the personal data of users only for the purpose of communication, in means of, establishing and maintaining contact with persons interested in a certain type of business cooperation with the Company, which may refer specifically (but not exclusively) to inquiries of persons for practice and employment, then upon invitation to make an offer for one of the services provided by the Company, but also for the purpose of representing the data subjects as members of the team, as well as in the provision of tourist travel organizing services, as well as other tourist services, or as clients and / or partners, just like any other form of business communication.
Establishing and maintaining communication involves two-way communication with the persons referred to the ones in paragraph 1 of this Article, which is related on informing those persons, first of all, about their rights in accordance with the Law, and also about all other relevant issues related to business cooperation that they wish to achieve, or which they have achieved with the Company.
Persons who accepted the possibility of being contacted by the Company about the particular form of business cooperation, as in other cases from Articles 2 and 4 of this Act, may at any time withdraw that acceptance in accordance with Art. 15, paragraph 3 of the Law, which will result in the suspension of processing of personal data of the persons to whom the data is related.
RIGHTS OF PERSONS TO WHOM THE DATA IS REFERRED
Persons to whom the data is referred have the right for transparent way of exercising their rights in accordance with Article 21 of the Law, and that means above all, the right of persons to be provided with all information from Art. 23 and Art. 24 of the Law, that is, information regarding the exercise of the rights referred to in Article 26, Art. 29 to 31, Article 33, Art. 36 to 38 and Art. 53 of the Law, in a concise, transparent, comprehensible and easily accessible manner, using clear and simple words. This information will be provided in writing and other forms, including electronic form, as appropriate. If requested by the data subject, the information may be provided orally in accordance with Article 21, paragraph 1 of the Law.
The rights of the data subject referred to Article 21 are simultaneously determined by the obligations of the data operator and informations about those rights may be provided in combination with standardized icons displayed in electronic form so it could be easy visible and understandable way to provide meaningful insight into the intended processing, in accordance with the Act.
In addition to the rights referred to the Article 6 of this Act, the data subject has the following rights, in accordance with the Law:
- Right to access:
The data subject has the right to request information from the operator whether he or she processes his personal data, access to such data, and other information in accordance with the Law.
- Right to correction and amendment:
The data subject has the right to correct his incorrect personal data without undue delay. Depending on the purpose of the processing, the data subject has the right to supplement his / her incomplete personal data, which includes making an additional statement.
- Right to delete personal data:
The data subject has the right to have his / her personal data erased by the operator, and he or she is obliged to delete that data without undue delay in certain cases provided by law.
- Right to Restrict Processing:
The data subject shall have the right to restrict the processing of his personal data by the operator if alternatively one of the cases, provided for in Article 31, paragraph 1, is fulfilled.
- The right of the data subject to be informed about the correction or deletion of data, as well as the restriction of processing:
The operator is obliged to notify all recipients to whom the data is referred about any correction or deletion of the personal data or the restriction of their processing (unless this is impossible or requires excessive time and resources). The operator is also obliged to inform the data subject, at his request, of all recipients to whom the personal data have been disclosed.
- Right to data portability:
The data subject has the right to receive his personal data, previously handled to the operator, from him in a structured, commonly used and electronically readable form and to have the data transmitted to the other operator without interruption by the operator to whom the data were submitted, subject to legal requirements. This right also includes the right of a person to have his or her personal data transferred directly to another operator by the operator to whom this information was previously provided, if technically possible.
- The right to object and to automatically make individual decisions:
If it is considered to be justified to the particular situation, the data subject shall have the right to object to the operator about processing of his or her personal data, at any time, which also applies to profiling, and the operator is obliged to suspend the processing of the data of the person which filed the complaintment unless the operator has provided legal grounds for processing which outweighs the interests, rights or freedoms of the data subject or they are about reporting, achieving or defensing the legal claim.
- Automated decision making and profiling:
The data subject has the right not to be subject to a decision made only on the basis of automated processing, including profiling, if that decision produces legal consequences for that person or that decision significantly affects his or her position.
The data subject may contact the Company, for the purpose of exercising his / her statutory rights.
RECIPIENTS OF PERSONAL DATA
The personal data from Article 2 of this Act shall not be discovered to anyone outside the organization of the Company. Only the person who, within the Company, is responsible for answering queries from the site, as well as the person or persons participating in the process of deciding how to handle those queries.
METHOD OF PROTECTION AND PERIOD OF PROCESSING PERSONAL DATA
The Company protects your information while communicating using an SSL security certificate that encrypts all data transmissions and baners for managing cookies, and it also has an F-secure server license and a special PC license.
The personal data of the users will be kept, first of all, in order to fulfill the purpose of their processing, from the Article 5 of this Act, in accordance with Art. 5, paragraph 1, item. (5) of the Law, that is, as long as there is a need to communicate with users. After the storage period expires, the personal data will be deleted.
Cookies are text files placed on the computer of a person who visited the site for the purpose of collecting standard information regarding the login to the site and the behavior of that person during their stay on the site, which may be sent to a web browser used by that person. The Company may collect / process such information automatically through cookies or similar technologies. For more information on Cookies, visit allaboutcookies.org.
Users who are concerned about the privacy and using the Cookies may set the Internet browser to notify them when they receive a Cookie, and to decline cookies that attempt to send other websites.
DATA SECURITY AND PRIVACY POLICIES OF OTHER WEBSITES
There is a possibility that the site has external links pointing to other websites. The provisions of this Privacy and Personal Data Protection Act apply only to the Site, so it does not assume responsibility for the privacy policies of other websites.
The provisions of this Act will be applied from the date of their publication on the Website.
The Company has the exclusive right to unilaterally amendment this act, and also to announce it in the manner provided in paragraph 1 of this Article.
RULE BOOK ON PROTECTION OF PERSONAL DATA – READ HERE