PRIVACY POLICY & COOKIES
Joint law office Despotović, Nikolić, Vujaković, Glavan, seated in Belgrade at Resavska 38b, as well as all its members (“Office”), make maximum efforts to comply with the relevant regulations on protection of personal data as well as to enable the exercise of rights of persons whose data are being processed. Due to our professional duty of confidentiality, we are committed to the utmost secrecy in all our dealings. Accordingly, this Privacy Policy has been prepared in accordance with the Law on Personal Data Protection (“Official Gazette of Republic of Serbia”, No. 87/2018), including bylaws adopted based on this law.
This Privacy Policy contains a general overview of the personal data processing and protection system implemented by the Office. The Office may, if necessary, and at your request, provide you with additional information related to processing of your personal data.
The Office reserves the right to modify and supplement this Privacy Policy. This can occur (but not limited to) in the event of change of the relevant laws and/or methods of processing and measures of protection of personal data. Each time you review this Privacy Policy you should check when it was last updated.
This Privacy Policy provides information on:
METHOD OF COLLECTION AND PROCESSING OF YOUR PERSONAL DATA
CATEGORIES OF DATA SUBJECTS COVERED BY THE DATA PROCESSING AND PURPOSES OF DATA PROCESSING
PERSONS TO WHOM WE MAY DISCLOSE PERSONAL DATA
COOKIES
DATA TRANSFERS
MEASURES FOR PROTECTION OF PERSONAL DATA
EXERCISE OF RIGHTS BY DATA SUBJECTS
1. METHOD OF COLLECTION AND PROCESSING OF YOUR PERSONAL DATA
The Office seeks to collect personal data directly from the data subject. As a rule, this will be the case when you contact us and/or we establish first contact and cooperation with you. Sometimes collection of personal data directly from the data subject is not possible or is not an effective solution given the nature, basis and purpose of data processing. Accordingly, the Office may also collect and process your personal data provided by other persons. Other persons are, as a rule, Clients, i.e. entities or individuals who have a contract on provision of legal services with the Office. At the same time, competent state authorities or other persons may disclose your personal data to the Office in the appropriate judicial, administrative, enforcement or other proceedings.
Regardless of the way personal data are collected, the Office focuses on establishing and implementing appropriate mechanisms which enable exercise of rights by individuals pursuant to relevant laws. Despite our efforts of always ensuring an appropriately high standard of diligence requirements, information you have provided via the internet may be accessed or used by other persons. We do not assume any liability whatsoever for the disclosure of information due to errors in the data transfer and/or unauthorized access by third parties not caused by us (e.g. hacking of e-mail accounts, telephone, or interception or unlawful monitoring of Internet traffic).
When processing your personal data, the Office complies with the processing principles defined by the relevant laws. The Office strives for the processing of your personal data to be lawful, fair and transparent, and to be conducted solely to the extent necessary for fulfilment of expressly specified and justified purposes. As the processing of personal data creates a number of obligations for the Office, the Office has an interest in processing the minimum scope of personal data necessary for the fulfilment of purpose of data processing and for the minimum period of time justified by such purpose.
Consequently, we process your contact details to fulfil our contractual and legal obligations, to contact you or based on our legitimate interest to optimize our contact management system. You may object at any time to any further processing of your data for the optimization of our contact management system. If you send us a reasoned notice of objection, we will examine the facts and either cease or adjust the processing operations or inform you of compelling and legitimate reasons why it is necessary to continue the data processing.
We strive to keep your personal data updated and accurate. To ensure this, we invite you to point out if there is any need to correct and/or update your personal data.
2. CATEGORIES OF DATA SUBJECTS COVERED BY DATA PROCESSING AND PURPOSE OF DATA PROCESSING
The Office processes data of its members, employees and other engaged persons, as well as personal data of candidates for employment, or persons who establish business cooperation with the Office, solely for the purpose and to the extent necessary for fulfilment of the legal obligations in the area of labor law, social security, social protection and other legal obligations related to establishment of employment relationship, establishment of business cooperation, as well as for conclusion and execution of employment contracts, or other contracts concluded with said persons.
The Office also processes personal data of persons against whom the Office or a person to whom the Office provides legal services has a claim, in order to collect or realize the said claim.
The Office also processes the personal data of users of its website (located at dnvg-law.com) (“Website”) for the purpose of enabling a more efficient use of the Website, improvement of the Website and for our internal procedures and processes. You may use the Website and access its public content generally without having to disclose your personal data. We only record information provided by your internet provider, including but not limited to your IP address and the duration and time of your visit. This information is saved during the time of your visit and analyzed solely for statistical purposes under strict protection of anonymity.
For optimized system performance, user friendliness and the provision of useful information on our services, the Website provider automatically collects and stores so-called server log files, which your browser automatically transmits to us. This information includes your IP address, browser and language settings, operating system, referrer URL, your internet service provider, and the date/time of your visit. We need to process these logfiles to ensure the functionality, stability and security of the Website. This data is not pooled with sources of personal data. We reserve the right to examine this data if there is solid evidence suggesting unlawful use.
We also collect your personal data if you disclose such data voluntarily or explicitly when you visit the Website in connection with using the services offered on the Website (e.g. contact form). We only use this information for the specific purpose of the individual service and in compliance with applicable laws.
The corresponding legal basis for this processing of your personal data is on the one hand our legitimate interest in ensuring the functionality, security, etc. of our website and on the other hand your consent, which you can withdraw at any time with immediate effect
3. PERSONS TO WHOM WE DISCLOSE PERSONAL DATA
The basic policy of the Office with respect to sharing and exchange of personal data is to conduct this only if it is necessary and strictly in compliance with all the rules and obligations established by the relevant laws regarding such transfer.
The execution of legal services on your behalf may require us to transfer your data to third parties (e.g. to insurance companies and service providers we may use and to which we provide data, etc.), and to courts or authorities. Data will be transferred only in reliance on the law and to perform the mandate agreed between us or based on your prior consent.
If necessary, your personal data will be e.g. transferred to the following recipients:
Some of the above recipients of your personal data may be located abroad or process your data there. The level of data protection in other countries may not be equal to the level of protection in Serbia. We will transfer your personal data only to countries members of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, countries which the relevant Serbian authorities decided have an appropriate level of data protection, or we will take measures to ensure that all recipients maintain an appropriate level of data protection.
Our processors (i.e. service providers) also process your personal data. These processors are in particular IT-services providers, providers of other tools and software solutions as well as of corresponding or related services. Our processors will only process your personal data on our behalf, in accordance with our instructions and for the purposes mentioned in this Privacy Policy. Some of these processors are located outside the territory of the EU/EEA. However, whenever we use processors, we always ensure to maintain the European level of data protection and the Serbian data security standards.
Furthermore, information relating to the specific circumstances of your case may regularly be sourced from third parties (e.g. search engines, social networks, your company website) in connection with our legal services. However, in all these cases, we will always ensure that we comply with legal regulations and protect your data.
4. COOKIES
A “cookie” is a tiny text file that is downloaded by our web server on the hard drive of your computer via your browser and allows our website to recognize you as a user if a connection is made between our web server and your browser (“Cookie”). Cookies help us to establish the frequency of use and the number of users who visit our website. The content of the Cookies we use is confined to an identification number and does not allow us to personally identify a user. The main purpose of Cookies is to recognize the user of a website.
We use Cookies to ensure a more efficient and better use of the functions of the Website, as well as to improve the Website and business. Their purpose is to enable all functionalities of our internet pages, as well as to give a better user experience to our visitors.
During your first visit to the Website, we shall inform you that while using our pages you can agree to use of cookies. You can, at any time, recall your consent for use of cookies.
Also, we have limited use of cookies to a minimum. Following categories of cookies are used on the Website:
– Necessary cookies that enable proper functioning of our internet pages;
– Statistical cookies (such as Google Analytics) that help us understand the way you use the Website and allow us to improve its functionalities.
You can delete cookies from your device or disable their usage through your browser. You can find information on how to delete cookies within your browser, as this depends on the browser you use to access the Website.
The Website contains links to other web pages and social networks (such as LinkedIn). While visiting such web pages, please keep in mind that their respective Privacy Policies shall apply on such visits.
5. DATA TRANSFERS
The Office, in principle, does not transfer personal data outside of the Republic of Serbia, except for the information collected through third-party cookies that may be stored on servers outside the Republic of Serbia.
If there is a need to transfer personal data to other countries and/or international organizations due to the nature, legal basis and purposes of data processing, and if such countries and international organizations do not provide and guarantee an adequate level of protection in accordance with the relevant regulations of the Republic of Serbia, the Office will endeavour to ensure implementation of appropriate and sufficient personal data protection measures.
6. MEASURES FOR PROTECTION OF PERSONAL DATA
The Office is taking significant steps when it comes to education of its members, employees and other engaged persons on issues relevant for personal data protection. All persons involved in the processing of personal data carry out such processing based on the authority provided by the Office, which shall include restrictions on access and processing of personal data, as well as conditions and responsibilities regarding the processing of personal data. The Office applies the “need-to-know principle” in all matters concerning the processing of personal data. At the same time, all persons involved in such processing are obliged to maintain confidentiality of the data in question, as well as of any data related to the processing.
To ensure compliance with relevant regulations, the Office has enacted a number of internal procedures and acts applicable to the processing of personal data.
The Office takes appropriate measures and procedures for the purpose of physical and technical protection of personal data which prevent unauthorized access and processing of personal data and at the same time protects the integrity of personal data. The Office periodically tests the measures for protection of personal data applied by it in order to assess the need for improvement and modification of such measures.
The Office will store your data no longer than it is necessary to fulfil our contractual or legal obligations, i.e. as long as there is a legitimate purpose for processing, and to defend liability claims, if any. If we do no longer require your personal data, we erase or render them anonymous to ensure that you can no longer be identified. Depending on the purpose of the processing, different retention periods apply to different data categories. We are happy to provide you with more specific information on the respective storage duration of your data.
7. EXERCISE OF THE RIGHTS OF DATA SUBJECTS
Internal procedures within the Office, as well as contracts concluded by the Office with other persons, establish mechanisms which enable the exercise of the rights of persons whose personal data are processed. If the Office is not authorized to respond to your request in the specific case, the Office will forward your request to the authorized person.
Subject to the attorney-client privilege, you have the right to information on your personal data processed by us, on their origin and recipients, the duration of storage, and the purpose of data processing.
If we process inaccurate or incomplete personal data, you have the right to rectification or completion of such data.
You may also request us to erase data which have been processed unlawfully. You may exercise this right only in respect of inaccurate, incomplete or unlawfully processed data or other cases in which the legal requirements for exercising this right are met.
These rights complement each other; you can request us only to either rectify or complete or erase your data. Such a request must contain sufficient justification why the data should be corrected, deleted or limited, so that we can assess whether the legal requirements for complying with your request are met. In the event of a correction, the request must also state in which way the data should be corrected and how the data should be read correctly.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Such withdrawal does not affect the lawfulness of processing your data based on your consent before its withdrawal. You have the right to object to the processing of your personal data if the processing is based on the legal basis of our legitimate interest. If you exercise your right to object, we ask you to give the reasons for doing so.
In certain cases, you also have the right to receive your personal data processed by us in a machine-readable format of our choice, or to instruct us to transmit such data directly to a third party of your choice; in this context, data portability must not be precluded by unreasonable efforts or legal or other obligations or requirements of confidentiality (right to data portability).
Despite our best efforts to guarantee the protection and integrity of your data, we cannot fully rule out that disagreements will arise on the nature of the use of your data. If you con-sider that we are unlawfully using your data, you may lodge a complaint with the commis-sioner for information of public importance and personal data protection (“Commissioner”). However, we hope that you will contact us first and we can address and dispel any doubts you may have.
For all additional questions, especially for submission of the request for exercise of your rights arising from data processing, please contact us through the following contact data:
Joint law office Despotović | Nikolić | Vujaković | Glavan
address: Resavska 38b, Belgrade, Republic of Serbia
phone number: +381 11 401 5568
e-mail: dataprotection@dnvg-law.com
Copyright 2021, DNVG Attorneys. All Right Reserved
