DOO PK TREBIČ - SUNCE SOKOBANJA (hereinafter Hotel Sunce) is the handler of personal data of natural persons and processes them in accordance with the applicable regulations, i.e. in accordance with the Law on the Protection of Personal Data ("Official Gazette of RS", No. 87 /2018) as well as Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (in cases where applicable).
The person to whom the data refers is any natural person (individual) or representative of a legal entity whose personal data is processed.
Field of application
The policy primarily applies to natural persons and natural persons representing legal entities, who submit a request or use, use services and products or are interested in using services and products.
The policy does not apply to anonymous data. Anonymous data is data that has been modified in such a way that it cannot be linked to a specific natural person or cannot be linked without a disproportionate effort, and therefore, in accordance with current regulations, it is not considered personal data.
Processing of personal data
Law, transparency and responsible behavior
We undertake to ensure a legal, fair and transparent way of processing personal data by applying the following measures:
- a) a clear and reviewed way of forwarding information to the person to whom the data relates about the purpose, method and type of personal data processing by applying already at the stage of collecting personal data;
- b) processing is required for the purpose of concluding an agreement or contract concluded with the person to whom the data refer (eg customers and clients, employees, potential clients) or is based on the prior consent of the person to whom the data refer;
- c) processing is required to fulfill the legal obligation that applies to DOO PK TREBIČ - SUNCE SOKOBANJA as a personal data handler (e.g. forwarding personal data of employees to external institutions on the basis of concluded employment contracts);
DOO PK TREBIČ - SUNCE SOKOBANJA processes personal data for purposes that are specifically determined, explicit, justified and legal, and still cannot be processed in a way that is not in accordance with those purposes, that is, the conditions that you have accepted.
In the event that personal data is intended to be processed for other purposes, the proponent of the new processing of personal data prepares an assessment of the impact on data protection and, if necessary, obtains the consent of the person to whom the data refer.
Minimum data volume
Obtaining personal data about the person to whom the data refers, only personal data is provided that is necessary to fulfill the purpose for which the data is processed.
Additional personal data is obtained with the consent of the person to whom the data relates, and for the purpose of fulfilling a specific purpose.
The accuracy of personal data is ensured by the introduction of automatic and manual controls that include the processing of personal data.
Data Retention Limitations
All data are stored within the legally defined retention periods and within the periods necessary to achieve the purpose of their processing.
In the case of personal data processing after the expiration of the storage period for the purposes of e.g. statistical analyses, all data will be anonymous in such a way that it is not possible to identify the natural person to whom the personal data refer.
How we collect personal data
We collect personal data in the following ways:
- We collect data primarily directly from the persons to whom the data refer, and in such a way that they provide it to us. The most common example of this type of data collection is submitting a request for a particular service or product, either online or by physical presence, whereby the person to whom the data refers, if he wants to use a particular service or product, provides the data and documents needed for identification ( e.g. first name, last name, address, scanned personal document, JMBG, etc.). We also collect data during communication with the person to whom the data relates via phone, website and social networks, when resolving complaints, etc.
- We collect data that occurs automatically when the person to whom the data refers uses the services and/or products, i.e. the website. For example, data about the IP address and location of the site user is automatically collected on the server.
- We collect data from publicly available sources such as, for example, data from the register of companies or data that you have set to be publicly available.
A prerequisite for any collection of personal data of the data subject is the existence of an appropriate legal basis based on the law.
What types of data we collect
Personal data of the person to whom the data refers, which are collected and subject to data protection, include, among other things, data on:
- a) the identity of the person - name and surname;
- b) IP address of the person - IP address of the equipment of the person to which the data refers;
- c) availability of the person - contact phone (landline and/or mobile phone), e-mail;
- f) business data of a legal entity - in cases where a natural person represents a legal entity
For what purposes we use the collected data
We consider the personal data of the person to whom the data refers to be their property and treat them accordingly. However, in order to be able to provide a service to the person to whom the data relates, and in accordance with the legal bases listed below, it is necessary to process a minimum set of data necessary for the quality provision of a particular service, that is, a product from our offer. Otherwise, i.e. if the data subject refuses to provide the requested data set, we will not be able to provide the appropriate service. In accordance with the above, personal data are processed when one of the following conditions is met:
- b) processing is necessary to comply with legal obligations when, for any reason, we are obliged to provide state institutions with collected data about an individual, natural or legal person.
- c) processing is necessary for the needs of the legitimate interests of DOO PK TREBIČ - SUNCE SOKOBANJA or third parties - except when those interests are stronger than those interests or the fundamental rights and freedoms of the person to whom the data refer that require the protection of personal data, especially if in to the minor to whom the data refer. By legitimate interest, we mean processing that serves to improve the process, product development and business improvement, ensure compliance of our company's operations with international regulations of extraterritorial application, prevent illegal actions / unlawful activities of persons to our detriment, and the detriment of our clients and/or third parties , modernized services, offered products and services that were expected to facilitate business,
- d) the person to whom the data refers has given consent to the processing of his personal data for one or more special purposes - the consent must be demonstrable and voluntary, written in an easily understandable language and the person to whom the data refers has the right to withdraw his consent at any time (withdrawing consent must be as simple as giving it).
- e) processing is necessary in order to protect the key interests of the data subject or other natural and legal person;
- f) processing is necessary for the purpose of performing tasks in the public interest or exercising the powers prescribed by law.
Data that is processed automatically
Making decisions based on automatic data processing is an integral part of every business and as such is necessary, and is carried out:
- a) in accordance with applicable laws and regulations;
- b) in order to ensure the safety and reliability of the service provided;
- c) if it is necessary for the conclusion or execution of a contract between the person to whom the data refer and the operator, which includes reducing risks in business, improving business, certain overnight processing that is an integral part of the IT system, etc.;
- d) when the person to whom the data refer has expressly given his consent.
In accordance with the Law, DOO PK TREBIČ - SUNCE SOKOBANJA enables the persons to whom the data refer the right to object to automatic, as well as manual, data processing for the purpose of direct advertising, including profiling to the extent that it is related to direct advertising, either in with respect to initial or further processing, at any time and free of charge.
Access to data
Only employees of our company, who are previously familiar with the law on personal data protection and responsibilities, have access to your personal data, as well as our associates who need this data to perform their work, i.e. for which there is a "need to know" (the so-called "need to know" principle).
We can forward collected personal data to processors (vendors) with whom we have concluded a corresponding contract, members of the Group, competent state authorities, as well as other persons, in accordance with the law of the Republic of Serbia.
How we protect personal data
We protect your personal data from any breach, including unauthorized access, accidental loss, destruction, damage, and any other breach of personal data security.
With the aim of protecting your personal data, we apply technical and organizational measures such as control of the right to access all data and documents, ensuring the fulfillment of confidentiality obligations by all persons who have the right to access your personal data, we apply access control methods (passwords, PINs , smart cards, etc.) and methods of monitoring access and activities in information systems, as well as the application of software solutions to ensure the security of our information equipment and data.
Second, you have the right to rectification of personal data, which means that you have the right to submit a request for the correction of your inaccurate personal data, as well as the right to complete incomplete personal data, including by providing an additional statement if necessary.
Third, you have the right to restrict the processing of your personal data in the following cases:
- a) when you dispute the accuracy of the personal data, we will limit the processing to the period that allows us to check the accuracy of the personal data;
- b) when the processing of your personal data is illegal, and you object to the deletion of the data and instead request the restriction of its processing;
- c) when there is no longer a need to process your personal data, and you request that we continue processing for the purpose of submitting, exercising or defending your legal claims; and
- d) when you file an objection to the processing based on Article 37, paragraph 1 of the Personal Data Protection Act, awaiting confirmation of whether there are legal reasons for the processing of personal data that outweigh your interests, rights or freedoms or are related to the submission, by realizing or defending a legal claim.
Fourth, you have the right to object, which means that you have the right to object to the processing of personal data that involves processing that is necessary for the purpose of:
- a) performing tasks in the public interest or exercising powers prescribed by law;
- b) pursuit of the legitimate interests of DOO PK TREBIČ - SUNCE SOKOBANJA or of third parties, unless those interests are outweighed by the interests or basic rights and freedoms of the person to whom the data refer that require the protection of personal data, and especially if the person to whom the data refer to a minor.
When you file an objection, we may no longer process your personal data, unless we demonstrate that there are legal reasons for the processing that override your interests, rights or freedoms or are related to the submission, exercise or defense of a legal claim.
Apart from the mentioned rights of the person whose personal data is processed, we also inform you about the right to erasure and the right to portability of personal data.
Clarification, the right to erasure ("right to be forgotten") means your right to have your personal data erased in the following cases:
- a) when your personal data is no longer necessary to achieve the purpose for which it was collected or otherwise processed;
- b) when the person to whom the data refers revokes the consent on the basis of which the processing was carried out, in accordance with Article 12. paragraph 1. item 1) or Article 17. paragraph 2. item 1) of the Law on Protection of Personal Data, and there is no other legal basis for processing;
- c) when you file an objection to processing in accordance with Article 37, paragraph 1 of this law, and there is no other legal basis for processing that prevails over the legitimate interest, right or freedom of the person to whom the data refer, or Article 37, paragraph 2 of the Law on personal data protection;
- d) when your personal data has been unlawfully processed i
- e) when we have to delete personal data in order to comply with our legal obligations in accordance with the law of the Republic of Serbia.
Furthermore, the person's right to data portability means the right to receive your personal data that you previously submitted in a structured, commonly used and electronically readable form and you have the right to transfer such data to another operator without interference from our side, if your data has been used for processing automatically by means of a consent or contract.
How you can exercise your rights
You can send your request to the following e-mail address firstname.lastname@example.org or call us at 018/4151900
Filing a complaint to the Commissioner for Information of Public Importance and Protection of Personal Data.
The supervisory body for the protection of personal data in the Republic of Serbia is the Commissioner for Information of Public Importance and Protection of Personal Data, Bulevar kralja Aleksandra 15, Belgrade (hereinafter: Commissioner).
We inform you that you can submit a complaint to the Commissioner about our actions in connection with the processing of your personal data.