Privacy Policy
Welcome to the website https://sita.org.rs (hereinafter: Website) owned and operated by Serbian IT Association, ID number 28356552 (hereinafter: SITA or Association).
The aim of this Privacy Policy is to inform you about what personal data we collect and process, and for what purposes. Also, here you can read what rights you have as a data subject and how to exercise those rights.
In case you have any questions, please contact us at: info@sita.org.rs.
Content
- Key terms and scope of the Privacy Policy
- How we collect your data
- Processing purposes and legal grounds
- Use of cookies on the Website
- Sharing your data
- International transfers
- How we keep your data secure
- How long do we keep your data
- Your rights
- Amendments to the Privacy Policy
Key terms and scope of the Privacy Policy
The Privacy Policy regulates the processing of personal data by the Association as a data controller.
- Under personal data we mean any data relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to their name, identification number, location data, or factor specific to the physical, cultural, social, or other identity.
Data on companies, organizations, and other legal persons (entities) are not considered personal data. However, data about their representatives or employees may represent personal data (e.g., an email address that reads: name.surname@companyname.com).
Anonymized data does not constitute personal data, and this Privacy Policy does not apply to it.
- Under processing we mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
- This Privacy Policy applies to the following data subjects:
- Website visitors,
- Data subjects who contact us via email or social media,
- Data subjects who submit a membership application on their own behalf,
- Data subjects who submit a membership application on behalf of an entity that they represent,
- Members of the Association (data subjects) and representatives of the Member of the Associations (entities),
- Data subjects who attend an event organized by the Association, and
- Service providers (data subjects), i.e., representatives of the service providers (entities).
Please note that the Website and the activities of the Association are not intended for persons under the age of 15 and that by sharing your data with us, you confirm that you are at least 15 years old. If you believe that the Association has collected the personal data of a person under the age of 15, please inform us about it without delay. Upon notification, i.e., upon discovery of a possible error during the collection of personal data, we will delete such data without delay.
How we collect your data
We may collect your data:
- Directly from you (e.g., when you fill out the membership application),
- From publicly available sources (e.g., social media), and
- Other sources (e.g., from the entity you represent or through a reference).
If we do not collect data directly from you, we will inform you about the source that made your personal data available to us, unless one of the exceptions listed in Article 24 (5) of the Personal Data Protection Act can be applied, e.g., you already possess such information.
Processing purposes and legal grounds
Categories of Data Subjects | Data we process | Purposes and legal grounds for processing |
---|---|---|
Website visitor | Data collected through statistical marketing and/or other cookies that are not considered necessary for the functioning of the Website. | The processing of personal data through non-necessary cookies is based on the consent of the data subject and is explained in more detail in the cookie settings banner. |
Data subject who contacts us via email or social networks | Content of the message and email address/first and last name depending on the means of communication. | The processing is necessary in order to achieve the Association's legitimate interests which consist in promoting the Association and contributing to its goals and the membership base by responding to inquiries and making available the necessary explanations and answers. |
Data subject who wants to become a member of the Association |
First and last name email address whether you are applying as a regular member or an associate member how do you think you can contribute to the goals of the Association and what motivates you to join. Optional data is the contact address and place if you want us to contact you that way. |
We collect this data in order to identify the applicant and consider their request for membership in the Association. The processing of this data is necessary for the execution of the contract concluded with the data subject i.e. for taking actions at the request of the data subject before concluding the contract. We collect the mentioned optional data based on the data subject’s consent if they want us to deliver decisions materials and other information to them not electronically but to a physical address. Consent can be withdrawn at any time by contacting us with such a request but the withdrawal of consent does not affect the data processing that was carried out while the consent existed. |
Data subject who represents an entity that wants to become a member of the Association |
First and last name email address information that you are an authorized representative of the entity. |
The processing is necessary in order to achieve the legitimate interests of the Association which consists in considering the requests for membership submitted by the authorized representatives of the entity and communicating with them. |
Member of the Association (data subject) and representative of the Member of the Association (entity) |
First and last name email address; with respect to regular members the bank account number and possibly other optional data and in the case of the representative of the Association member who is an entity - both the position and the member they represent. |
The Association has legal obligations of bookkeeping and keeping records of its members as well as enabling its members to exercise their right to vote at the Association Assembly’s meetings in accordance with the statute identifying them for this purpose and providing them with the necessary materials. Accordingly the processing of this data is necessary in order to comply with the legal obligations of the controller. We collect the mentioned optional data based on the data subject’s consent if they want us to deliver decisions materials and other information to them not electronically but to a physical address. Consent can be withdrawn at any time by contacting us with such a request but the withdrawal of consent does not affect the data processing that was carried out while the consent existed. |
Data subject attending an event organized by the Association | Photograph or video recording | We process this data in order to achieve the Association's legitimate interests which consist of promoting the Association's work through social networks and the Website and in order to contribute to the achievement of the Association's goals. Please note that in case the processing is based on a legitimate interest you have the right to object to such processing and prevent further processing of that data. |
Newsletter subscribers | Email address | The processing is based on your consent. You can withdraw your consent at any time but the withdrawal of consent does not affect the data processing that took place while the consent existed. |
Service provider (data subject) |
First and last name email address head office address bank account number |
The processing of this data is necessary for the execution of the contract concluded with you. |
Representative of an entity – service provider |
First and last name email address position |
The processing is carried out in order to achieve the legitimate interests of the Association which consists of executing contracts with service providers and maintaining business relations with their representatives. |
Use of cookies on the Website
A cookie is a text file that is downloaded to a visitor’s computer or mobile phone when they access a website. With the use of cookies, the visitor’s device can be recognized and information about their preferences or activities on the website is stored.
The Association has implemented certain cookies on the Website (and similar technologies such as bacon, pixel, etc.) through which it can process your personal data. These are optional cookies, which are not necessary for the functioning of the Site, and will not be activated without your consent.
You can adjust them via the cookie banner or your browser settings.
Sharing your data
The Association can use the services of third parties, such as e.g. legal, accounting and marketing services, IT support services or organizing events, as a result of which it may be necessary for third parties to gain access to your personal data to the extent required for the provision of those services. For example, if you are a data subject and a regular member of the Association, we will share the necessary data with our accountants, for the purpose of bookkeeping. These third parties have the status of personal data processors.
When choosing a processor, we take into account whether they guarantee the application of appropriate technical, organizational and personnel measures in a way that ensures that the processing of your data is carried out in accordance with the law, as well as whether your rights are protected. Consequently, all the mentioned categories of potential recipients of your data are obliged to process your data exclusively in accordance with the instructions of the Association and for the stated purposes, based on the respective data processing agreement that we concluded with them.
Also, we can share your data when we have a legal or administrative obligation to do so (e.g. in response to a court order), or in case of status changes of the Association, in accordance with the law.
International transfers
The Association uses servers located in Serbia.
The Association does not transfer personal data to another country or international organization, except for the data of the Website visitors who have given their consent to the processing of data through optional cookies and the data of newsletter subscribers. With regard to the aforementioned data, we carry out international transfers. This means that we can transfer your data to EU or EEA member states, other countries that provide an adequate level of personal data protection, as well as countries that do not provide an adequate level of personal data protection if we ensure the application of appropriate data protection measures. If you want to get more detailed information about transmission protection measures, contact us at: info@sita.org.rs.
How do we keep your data secure
We always make sure that we process your data in a way that guarantees their security, confidentiality, integrity, and availability, and apply various security measures, in accordance with the current state of the art and good data protection practices. We pay special attention to the nature and scope of personal data that we process, the likelihood of risk occurrence, and the level of risk that the processing we carry out may have for data subjects. In addition, we take into account the costs and effectiveness of the personnel, technical, and organizational security measures we implement.
Given that the transmission of data over the Internet carries with it certain risks, we cannot guarantee 100% protection against unauthorized access to data in the event of data transmission in this way. However, in order to minimize such risks, we have implemented the following measures:
- physical access control – security doors, locking of areas where confidential data are stored, as well as automatic computer locking after a certain period of inactivity,
- virtual access control – installation and maintenance of antivirus solutions, firewall, encryption (SSL/TLS), pseudonymization, maintenance of backup system, and similar security measures,
- codes of conduct – within the Association data are shared exclusively between persons who have a genuine need to access to that data, and are obliged to keep the data confidential and comply with the “clear desk policy” principle.
How long do we keep your data
Your rights
Personal Data Protection Act prescribes certain rights that you have towards the person who processes your personal data, which in this case is the Association. These rights include:
- access to the data
- rectification, i.e., correction of data
- deletion of data
- limitation of data processing
- data portability
- objection to the processing
- rights related to automated processing
- consent withdrawal
- to lodge a complaint to the Commissioner for the Information of Public Importance and Personal Data Protection (hereinafter: Commissioner)
Below you can read what each right entails, and to exercise any of the above rights before the Association in accordance with the law, please contact us at: info@sita.org.rs.
The right of access means that you have the right to request information about whether we process your data, and if this is the case, to be informed about the details of that processing (purpose, type of data, recipients of data, retention period or criteria for determining it, rights that you have, the source of the data, the existence of automated decision-making, protection measures if there is a specific international transfer) and to receive a copy of the data we process.
The right of rectification means that you have the right to have your inaccurate data corrected or supplemented without undue delay, as well as to make an additional statement when it corresponds to the purpose of the processing.
The right to delete data means that you have the right to have your data deleted by the Association in the following cases: (i) the data is not necessary for the purpose for which it was collected or otherwise processed, (ii) you have withdrawn the consent which was the basis of the processing, and there is no other legal basis for processing, (iii) you submitted an objection in accordance with the law, and there is no other legal basis for processing that prevails over your legitimate interest, right or freedom, or you submitted an objection in connection with direct marketing, (iv) the data were processed illegally, (v) the data must be deleted in order to fulfill the statutory obligations of the controller, (vi) the data of a minor was collected. This right may be limited in order to exercise freedom of expression and information, submit, exercise or defend a legal claim, and in other cases prescribed by law.
The right to restriction of processing means that you have the right to restrict the processing of your personal data by us if: (i) you contest the accuracy of the data, and within a period that allows us to verify the accuracy, (ii) the processing is unlawful, but you object to the deletion of the data and instead of deletion, you request a limitation of data use, (iii) the Association no longer needs personal data to achieve the purpose of processing, but you requested them in order to submit, implement or defend a legal claim, (iv) you submitted an objection to the processing in accordance with the law, and an assessment as to whether the legal basis for processing by the controller outweighs your interests is still in process.
The right to data portability means that you have the right to receive your personal data, which you previously submitted to the Association, from the Association in a structured, commonly used and electronically readable form, and to transfer this data to another controller without interference from the Association. The condition for exercising this right is that the processing of the data you want to transfer is done automatically, and the legal basis of the processing is a contract with you or your consent. Also, you have the right to have your personal data directly transferred to another controller by the Association, if this is technically feasible.
The right to object means that you have the right to object to the processing of your data that we carry out in order to achieve our legitimate interest. We are obliged to stop processing your data, unless we present you with legal reasons for data processing that outweigh your interests, rights or freedoms, or are related to the submission, exercise or defense of a legal claim. This exception does not apply to the case of processing your data for the purposes of direct marketing, in respect of which you can always file an objection and prevent further data processing for these purposes.
The rights related to automated data processing means that you have the right not to be subject to a decision made solely on the basis of automated processing, which includes profiling, if that decision produces legal consequences for you or that decision significantly affects your position. However, this right does not apply if the decision (i) is necessary for the conclusion or execution of the contract between you and the Association, (ii) is based on the law, if appropriate measures are prescribed by that law to protect the rights, freedoms and legitimate interests of the data subject, or (iii) is based on your express consent.
The right to withdraw consent means that you have the right to revoke the consent you have given regarding the processing of certain of your data at any time. The withdrawal of consent does not affect the lawfulness of the processing that was carried out before the withdrawal, i.e., while we had your valid consent for such processing. The effect of consent withdrawal consists solely in the fact that your data will not be further processed by the Association.
The right to lodge a complaint to the Commissioner means that you have the right to contact the competent authority if you believe that the processing of your personal data has been carried out contrary to the provisions of the law. This right does not affect your right to initiate other administrative or judicial protection procedures. You can access the contact information via the link: https://www.poverenik.rs/en/
Amendments to the Privacy Policy
The Association reserves the right to update and modify this Privacy Policy at any time in accordance with the new functionalities of the Website, the development of Association’s activities, and future legal standards, so please read them from time to time. All changes shall become effective on the day they are published unless otherwise stated.
If you continue to use the Website after the amended Privacy Policy becomes effective, you will be deemed to have agreed to the changes. In case you do not want to accept the changes, please refrain from accessing or using the Website.