Last updated: 24.02.2021
BEYOND42 DOO BELGRADE (hereinafter: BEYOND42 or Controller) based in Belgrade, Palmotićeva Street 16, registration number: 21479900 is engaged in renting a platform for virtual fairs to its clients who are the organizers of the fair. In this way, BEYOND42 and the organizer of each individual fair are joint operators, on which an agreement of joint operators is concluded. Exceptionally, if the fair organizer so requests, BEYOND42 may have the position of data processor for the needs of the fair organizer, who is the data controller, in which case a contract on entrusted processing is then concluded.
In terms of the Act on the Protection of Personal Data ( “RS Official Gazette”, no. 87/2018, hereinafter referred to as APPD), BEYOND42, as the owner of the online platform has the capacity of the controller and is the person who organizes and is responsible for the processing of personal data. This Policy contains an overview of activities related to the processing of personal data organized and conducted by the Controller, as well as other information relevant to the persons whose data are processed.
Collection, storage, processing, and transfer of personal data, as well as all other actions related to personal data are performed exclusively in accordance with the law, including but not limited to the Law on Personal Data Protection (“Official Gazette of RS” , No. 87/2018, hereinafter: APPD), but also to all other relevant regulations governing the field of data protection.
If you have any doubts and / or questions regarding this text, the meaning of certain terms or expressions, or any question related to the processing of personal data, contact us at [email protected]
2. HOW WE COLLECT PERSONAL DATA AND WHAT DATA WE COLLECT AND PROCESS?
a) Method of data collection
The method of personal data collection, as well as the processing operations, depends on the specific purpose for which the data is collected.
Most often, the data is collected directly from the person to whom it relates (eg through requests for cooperation, registration and registration of participants for a particular event – online fair organized by BEYOND42 or other services provided by the Operator through online platforms, social networks, applications that the Operator has, by e-mail, concluding a contract with the operator, etc.). If the data are collected indirectly, such processing is performed in accordance with Article 24 of the LPPD, and the person whose data are collected must be notified.
b) Processing operations
BEYOND42 performs the following processing operations: collecting, recording, structuring, storing, matching or modifying, using, deleting, as well as other processing operations that are necessary to achieve the specific purpose for which the data are collected.
c) Types of personal data that we collect, categories of persons whose data are processed (persons to whom the data relate), and method of collection
The controller, depending on the category of persons whose data are processed, processes the following types of personal data:
From visitors to online platforms, online fairs and social networks BEYOND42 collects and processes personal data such as name and surname, username and password, etc. as well as other data that the data subject shares about himself. The legal basis for this type of personal data processing is the informed consent of the person whose data are processed in terms of Article 12, paragraph 1, item 1) of the LPP;
BEYOND42 collects personal data of individuals who visit a web site or online fair as follows: By
We collect data related to technical information as follows:
By visiting our website or online fair, whether it is people who want to register or just visit, at that time we are left with some of your technical data related to the application data or log data:
Web server logs – like the vast majority of Internet sites, we automatically collect information about you from the web server logs when you visit one of our sites via the host computer on which our website (webserver) is located. The web server automatically recognizes some information, such as the network (“IP”) address (other than those described below), the date and time you visited our website, the links you opened on our website, the page you came from, the type of browser which you use (eg Internet Explorer, Firefox, Chrome), the type of operating system you use (eg Windows PC, MAC OS X) and the domain and address of your ISP. We often review server logs to see what is being visited, all in order to better understand the way visitors use our website. This data is popularly called web statistics and allows us to maintain and improve our service. In addition, in the event of system abuse, we may use this information to successfully identify the source of the abuse, together with your ISP and/or local authorities.
IP or network address – this page uses the Internet Protocol (IP) address. An IP address is a number that your ISP assigns to your device so that you can access the Internet first. The IP address changes each time you connect to the Internet (this is a “dynamic” address). However, it is possible that the IP address we record, and even the cookie we use, may contain information based on which we can identify you. The reason is that some connections do not change the IP address (it is static) and can connect to a computer. As already mentioned, IP addresses are part of the information contained in the web server logs. We use your IP address to record total usage data and to improve the page.
From employees (employed) BEYOND42 collects and processes personal data prescribed by domestic regulations governing the field of labor law, including the Labor Law, the Law on Labor Records and the Law on Compulsory Social Insurance. This type of processing is necessary in order to respect the legal obligations of the Operator in terms of Art. 12 st. 1 point 3) APPD;
From job candidates BEYOND42 collects and processes personal data contained in the CV, such as name and surname, contact information such as phone number, e-mail address, etc. This type of processing is performed on the basis of the informed consent of the person whose data are processed in terms of Art. 12th century 1 item 1) APPD or at the request of the person whose data are processed in terms of Art. 12 st. 1 point 2) of the same law.
From persons who use some type of service provided by BEYOND42, the personal data necessary for concluding a contract with BEYOND42 are processed. In the pre-contractual phase at the request of the person whose data are processed, then personal data necessary to fulfill the contractual obligation of the Operator (in the contract validity phase) and personal data which are kept after the expiration of the contractual relationship (post-contractual phase.) it is necessary for the execution of the contract concluded with the person to whom the data relate or for the undertaking of actions, at the request of the person to whom the data relate, before the conclusion of the contract in terms of Art. 12th century 1 item 2) APPD, ie in order to respect the legal obligations of the Operator in terms of Art. 12th century 1 point 3) APPD;
From persons who otherwise communicate or come into contact with BEYOND42, it collects and processes data such as name and surname, contact as well as other data that the data subject shares with BEYOND42. The legal basis for this type of processing of personal data is at the request of the data subject, as well as based on the informed consent of the person whose data are processed in terms of Article 12 paragraph 1 item 1) LPP or
Personal data are collected only to the extent are necessary to achieve a specific purpose.
3. WHAT IS THE LEGAL BASIS OF PROCESSING?
BEYOND42 collects and processes personal data only with the existence of an appropriate legal basis, and depending on the purpose for which the collection should be achieved, they differ:
4. FOR WHAT PURPOSES DO WE USE THE DATA?
BEYOND42 uses data for various purposes that are always closely related to the legal basis of processing.
During the fair, BEYOND42 has access to data left voluntarily by fair visitors. The organizer of the fair determines which data are required for registration. After the end of the fair, BEYOND42 within 30 days sends the aggregate data collected during the fair to the fair organizer and then permanently deletes them from all its databases.
You, as a Fair Visitor who registers at the online fair, depending on the specific registration, store your data in our databases to log in / access various functionalities of the fair. Accordingly, you will be asked for different types of data, some of which are necessary for a specific registration. In case you do not want to respond to the information necessary for the application, it will mean the impossibility of the application and the termination of the further registration procedure. The information you leave during registration is necessary for the realization of the fair.
Everything we have stated that we do with your data, ie data collection and other processing operations are possible only if you clicked on the option I agree with during registration – which refers to the processing of specific data in accordance with a special notice on the processing of specific data. previously presented. Without your consent, we are unable to contact you in any way or collect or store your information.
As for the technical data, we do absolutely nothing with them and based on the technical data you left when visiting the website, we cannot identify the person who left that data. Since we cannot identify a person, it means that we cannot use the data because we do not have it.
In addition to the above, BEYOND42 uses personal data for the following purposes:
Fulfillment of legal obligations to the extent prescribed, as well as for the purpose of preparing, concluding and fulfilling contracts that BEYOND42 concludes on any basis. This primarily refers to employees, legal representatives, and employees of legal entities/entrepreneurs and business partners who are in a contractual relationship with BEYOND42 and whose data are processed to the extent necessary to achieve this purpose.
Communication with the person whose data is processed at his request (persons who in any way contact BEYOND42, via e-mail, internet portals, calls, etc.),
Data analysis (which refers to all data on persons using the portal BEYOND42, Facebook page, Instagram, etc.) I Improving the activities and business of BEYOND42.
Send information about BEYOND42 activities (Newsletter and other similar information materials – for individuals, legal representatives and employees of legal entities or entrepreneurs who are in a contractual relationship with BEYOND42, newsletter subscribers, as well as other marketing purposes solely with the informed consent of the person whose data are processed for this purpose.
5. WHO HAS ACCESS TO YOUR INFORMATION?
Depending on the categories of data and the person to whom the data relates, personal data that BEYOND42 collects and processes can be divided with:
All of the above persons are obliged to implement data protection measures, in accordance with du with applicable laws and guidelines BEYOND42.
Some of the listed persons who may have access to personal data fall into the category of Processors. The controller has concluded contracts with all Personal Data Processors in order to comply with the LPP. The controller remains responsible for all data processing actions entrusted to the processors.
Depending on the legal basis and specific purpose, the following categories of persons may have access:
Associates and / or partners BEYOND42, depending on the services provided by these natural or legal persons to BEYOND42 or provided together with BEYOND42. These associates or partners BEYOND42 may not use the data for any purpose other than that stated.
DATA we collect the third parties may share if such transmission is connected to the purpose for which it was collected. In that case, we require that the third party process the entrusted data in accordance with these rules, as well as the Law on Personal Data Protection. All third parties with whom we share your data must be contractually obliged to provide a level of protection that is at least at the level provided by these rules and the Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of RS”, No. 87/2018)).
All data collected can be forwarded outside the borders of the Republic of Serbia to partners associated with BEYOND42, business partners, and representatives of BEYOND42. Some of the data processing operations can also be provided by processors who are incorporated and active in the EU or third countries. The transfer of data outside the borders of the Republic of Serbia is performed in accordance with the Law on Personal Data Protection of the Republic of Serbia. The data may, with your consent and when there is a legal basis for the transfer, be transferred to the countries of the European Union.
Transfers to such countries are made:
Personal data may be shared with public authorities if this is necessary to fulfill the legal obligations of the Operator, provided that the use of personal data by public authorities is limited to the minimum necessary to meet specific legal requirements.
6. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROTECTION OF YOUR DATA THAT BEYOND42 PROCESSES?
Additional information on the manner of exercising these rights is prescribed by the internal acts of the Operator, and all information on the manner of exercising the rights can be obtained from the Operator by sending an inquiry to the e-mail address: [email protected].
Contact of the competent authority in charge of personal data protection in the Republic of Serbia:
Commissioner for Information of Public Importance and Personal Data Protection
Bulevar Kralja Aleksandra 11120, Belgrade, Serbia
The Commissioner will provide the data subject with all relevant information concerning his rights under the APPD.
7) HOW IS YOUR DATA PROTECTED?
BEYOND42 within its business organization strives to apply the highest possible standards in the field of personal data protection and applies all necessary organizational, technical, and personnel measures, including, but not limited to:
All processors and/or recipients of personal data are also obliged to apply all prescribed protection measures.
8) USE OF OUR SERVICES BY CHILDREN AND MINORS
Children may not use the services provided by BEYOND42. Minors who have reached the age of 15 and over can use the services of BEYOND42.
9) HOW LONG IS YOUR DATA KEPT?
We store the data for the period necessary to achieve a certain, specific purpose, after which the data is deleted or made unrecognizable (anonymization measures). The specific retention period is prescribed by the internal acts of the Operator for each individual purpose, and each person whose data are processed is informed in advance.
The processing of personal data on the basis of the informed consent of the person is performed until the purpose for which the consent was given is fulfilled or until the consent of the person whose data are processed is revoked.
Personal data of employees are kept permanently in accordance with the obligations under the law governing records in the field of work.
Data processed on the basis of a concluded contract are stored for 10 years from the day of execution of the contract, ie termination of the contract.
10) WHO CAN YOU CONTACT FOR MORE INFORMATION ?
In connection with all issues related to the processing of personal data, including the manner of exercising rights and access to documents that further regulate the manner of processing, you can contact us via e-mail [email protected].
The controller will respond to each request of the person whose data are processed as soon as possible, depending on the complexity of the request, but each within no longer than 30 days from the date of addressing the data subject.
This Policy may be amended from time to time, provided that it does not in any way diminish the level of the legal protection of data subjects. All possible amendments come into force on the day of publication on the website www.collectivibe.com. The data subject will be notified of any material changes to this Policy by normal means.
What happens after I fill in my information?
We will review your information and reach back in shortest time possible.