Privacy Policy

Last updated: 24.02.2021

BEYOND42 DOO BELGRADE (hereinafter: BEYOND42 or Controller) based in Belgrade, Palmotićeva Street 16, registration number: 21479900 is engaged in renting a platform for virtual fairs to its clients who are the organizers of the fair. In this way, BEYOND42 and the organizer of each individual fair are joint operators, on which an agreement of joint operators is concluded. Exceptionally, if the fair organizer so requests, BEYOND42 may have the position of data processor for the needs of the fair organizer, who is the data controller, in which case a contract on entrusted processing is then concluded.

In terms of the Act on the Protection of Personal Data ( “RS Official Gazette”, no. 87/2018, hereinafter referred to as APPD), BEYOND42, as the owner of the online platform has the capacity of the controller and is the person who organizes and is responsible for the processing of personal data. This Policy contains an overview of activities related to the processing of personal data organized and conducted by the Controller, as well as other information relevant to the persons whose data are processed. 

Collection, storage, processing, and transfer of personal data, as well as all other actions related to personal data are performed exclusively in accordance with the law, including but not limited to the Law on Personal Data Protection (“Official Gazette of RS” , No. 87/2018, hereinafter: APPD), but also to all other relevant regulations governing the field of data protection.   


1. WHAT IS PRIVACY POLICY?

The privacy policy aims to inform and provide all necessary information to individuals about what data we collect, for what purpose, how long we keep it, what type of protection we apply and on what basis we process it. In order to facilitate understanding of the Privacy Policy as well as the terms we use, for the purposes of this Policy, certain terms have the following meaning: 

  • Personal data means any information relating to a natural person whose identity is determined or identifiable by such information;
  • The person to whom the data relate means the natural person whose personal data are processed;
  • Controller means BEYOND42, since they, as the owner of the internet platform, determines the purpose and manner of processing personal data;
  • The processor includes a natural or legal person who processes personal data on behalf of the Controller;
  • Joint Controllers include natural or legal persons who jointly determine the purpose and manner of data processing;
  • Processing of personal data is any action performed with personal data such as collection, transmission, storage, but also other actions of using personal data (hereinafter: processing);
  • Commissioner means the Commissioner for Information of Public Importance and Personal Data Protection.

If you have any doubts and / or questions regarding this text, the meaning of certain terms or expressions, or any question related to the processing of personal data, contact us at dataprotection@collectivibe.com 


2. HOW WE COLLECT PERSONAL DATA AND WHAT DATA WE COLLECT AND PROCESS?

a) Method of data collection

The method of personal data collection, as well as the processing operations, depends on the specific purpose for which the data is collected.

Most often, the data is collected directly from the person to whom it relates (eg through requests for cooperation, registration and registration of participants for a particular event – online fair organized by BEYOND42 or other services provided by the Operator through online platforms, social networks, applications that the Operator has, by e-mail, concluding a contract with the operator, etc.). If the data are collected indirectly, such processing is performed in accordance with Article 24 of the LPPD, and the person whose data are collected must be notified.


b) Processing operations

BEYOND42 performs the following processing operations: collecting, recording, structuring, storing, matching or modifying, using, deleting, as well as other processing operations that are necessary to achieve the specific purpose for which the data are collected.


c) Types of personal data that we collect, categories of persons whose data are processed (persons to whom the data relate), and method of collection 

The controller, depending on the category of persons whose data are processed, processes the following types of personal data:  

From visitors to online platforms, online fairs and social networks BEYOND42 collects and processes personal data such as name and surname, username and password, etc. as well as other data that the data subject shares about himself. The legal basis for this type of personal data processing is the informed consent of the person whose data are processed in terms of Article 12, paragraph 1, item 1) of the LPP;

BEYOND42 collects personal data of individuals who visit a web site or online fair as follows: By

  1. voluntarily registering a natural person on one of the online platforms, social networks, you provide your personal data to the Operator on the basis of informed consent. 
  2. By self-registration – a person who visits an id of fairs and chooses the option “Register”, submits personal data to the Operator. Depending on the type of registration, the type of data that is submitted also depends – most often the following data are in question: name, surname, e-mail address, contact data, data on employment or membership in the association, as well as other data shared by the person. This data is collected solely on the basis of informed consent.

We collect data related to technical information as follows:

By visiting our website or online fair, whether it is people who want to register or just visit, at that time we are left with some of your technical data related to the application data or log data:

Web server logs – like the vast majority of Internet sites, we automatically collect information about you from the web server logs when you visit one of our sites via the host computer on which our website (webserver) is located. The web server automatically recognizes some information, such as the network (“IP”) address (other than those described below), the date and time you visited our website, the links you opened on our website, the page you came from, the type of browser which you use (eg Internet Explorer, Firefox, Chrome), the type of operating system you use (eg Windows PC, MAC OS X) and the domain and address of your ISP. We often review server logs to see what is being visited, all in order to better understand the way visitors use our website. This data is popularly called web statistics and allows us to maintain and improve our service. In addition, in the event of system abuse, we may use this information to successfully identify the source of the abuse, together with your ISP and/or local authorities.

IP or network address – this page uses the Internet Protocol (IP) address. An IP address is a number that your ISP assigns to your device so that you can access the Internet first. The IP address changes each time you connect to the Internet (this is a “dynamic” address). However, it is possible that the IP address we record, and even the cookie we use, may contain information based on which we can identify you. The reason is that some connections do not change the IP address (it is static) and can connect to a computer. As already mentioned, IP addresses are part of the information contained in the web server logs. We use your IP address to record total usage data and to improve the page. 

From employees (employed) BEYOND42 collects and processes personal data prescribed by domestic regulations governing the field of labor law, including the Labor Law, the Law on Labor Records and the Law on Compulsory Social Insurance. This type of processing is necessary in order to respect the legal obligations of the Operator in terms of Art. 12 st. 1 point 3) APPD;

From job candidates BEYOND42 collects and processes personal data contained in the CV, such as name and surname, contact information such as phone number, e-mail address, etc. This type of processing is performed on the basis of the informed consent of the person whose data are processed in terms of Art. 12th century 1 item 1) APPD or at the request of the person whose data are processed in terms of Art. 12 st. 1 point 2) of the same law.

From persons who use some type of service provided by BEYOND42, the personal data necessary for concluding a contract with BEYOND42 are processed. In the pre-contractual phase at the request of the person whose data are processed, then personal data necessary to fulfill the contractual obligation of the Operator (in the contract validity phase) and personal data which are kept after the expiration of the contractual relationship (post-contractual phase.) it is necessary for the execution of the contract concluded with the person to whom the data relate or for the undertaking of actions, at the request of the person to whom the data relate, before the conclusion of the contract in terms of Art. 12th century 1 item 2) APPD, ie in order to respect the legal obligations of the Operator in terms of Art. 12th century 1 point 3) APPD;

From persons who otherwise communicate or come into contact with BEYOND42, it collects and processes data such as name and surname, contact as well as other data that the data subject shares with BEYOND42. The legal basis for this type of processing of personal data is at the request of the data subject, as well as based on the informed consent of the person whose data are processed in terms of Article 12 paragraph 1 item 1) LPP or 

Personal data are collected only to the extent are necessary to achieve a specific purpose.

3. WHAT IS THE LEGAL BASIS OF PROCESSING?

BEYOND42 collects and processes personal data only with the existence of an appropriate legal basis, and depending on the purpose for which the collection should be achieved, they differ:

  • Processing based on informed consent of the data subject, with prior notification of the data subject on all relevant aspects processing. The consent of the person whose data are processed is voluntary, explicit, unambiguous and may be withdrawn at any time, which entails the cessation of further processing;
  • Processing for the purpose of fulfilling legal obligations. When collecting data for the purpose of fulfilling legal obligations, BEYOND42 does so only to the extent necessary, and access to data is provided only to authorized persons and bodies; 
  • Processing for the purpose of fulfilling obligations from the contractual relationship, ie preparation for concluding the contract. BEYOND42, as a contracting party, offers various types of services to legal entities, entrepreneurs, individuals, etc. In the process of concluding and fulfilling obligations from the contractual relationship, BEYOND42 processes personal data. Also, in order to exercise its rights, on the basis of the services it provides, as well as to establish a business relationship, it collects and processes certain personal data. 
  • Processing for the legitimate interest of BEYOND42 and the legitimate interest of third parties. BEYOND42 only exceptionally processes personal data in order to achieve a certain legitimate interest, such as protection of the security of facilities, people and property, prevention of abuse, etc. He uses this possibility only exceptionally, and only when the protection of a legitimate interest clearly prevails over the protection of personal data.


4. FOR WHAT PURPOSES DO WE USE THE DATA?

BEYOND42 uses data for various purposes that are always closely related to the legal basis of processing. 

During the fair, BEYOND42 has access to data left voluntarily by fair visitors. The organizer of the fair determines which data are required for registration. After the end of the fair, BEYOND42 within 30 days sends the aggregate data collected during the fair to the fair organizer and then permanently deletes them from all its databases.

You, as a Fair Visitor who registers at the online fair, depending on the specific registration, store your data in our databases to log in / access various functionalities of the fair. Accordingly, you will be asked for different types of data, some of which are necessary for a specific registration. In case you do not want to respond to the information necessary for the application, it will mean the impossibility of the application and the termination of the further registration procedure. The information you leave during registration is necessary for the realization of the fair.

Everything we have stated that we do with your data, ie data collection and other processing operations are possible only if you clicked on the option I agree with during registration – which refers to the processing of specific data in accordance with a special notice on the processing of specific data. previously presented. Without your consent, we are unable to contact you in any way or collect or store your information.

As for the technical data, we do absolutely nothing with them and based on the technical data you left when visiting the website, we cannot identify the person who left that data. Since we cannot identify a person, it means that we cannot use the data because we do not have it.

In addition to the above, BEYOND42 uses personal data for the following purposes: 

Fulfillment of legal obligations to the extent prescribed, as well as for the purpose of preparing, concluding and fulfilling contracts that BEYOND42 concludes on any basis. This primarily refers to employees, legal representatives, and employees of legal entities/entrepreneurs and business partners who are in a contractual relationship with BEYOND42 and whose data are processed to the extent necessary to achieve this purpose.

Communication with the person whose data is processed at his request (persons who in any way contact BEYOND42, via e-mail, internet portals, calls, etc.),

Data analysis (which refers to all data on persons using the portal BEYOND42, Facebook page, Instagram, etc.) I Improving the activities and business of BEYOND42.   

Send information about BEYOND42 activities (Newsletter and other similar information materials – for individuals, legal representatives and employees of legal entities or entrepreneurs who are in a contractual relationship with BEYOND42, newsletter subscribers, as well as other marketing purposes solely with the informed consent of the person whose data are processed for this purpose.  


5. WHO HAS ACCESS TO YOUR INFORMATION?

Depending on the categories of data and the person to whom the data relates, personal data that BEYOND42 collects and processes can be divided with:

  • The relevant state authorities,
  • Organizers of fairs,
  • Contractual partners BEYOND42; 
  • Companies for physical security;
  • Companies that produced and/or maintained the software for the processing of personal data;
  • Companies that maintain information systems BEYOND42;
  • Hosting companies;
  • Other natural and legal persons who fall into the category of a data processor, recipient data, and customer data, in accordance with applicable laws and regulations;

All of the above persons are obliged to implement data protection measures, in accordance with du with applicable laws and guidelines BEYOND42.

Some of the listed persons who may have access to personal data fall into the category of Processors. The controller has concluded contracts with all Personal Data Processors in order to comply with the LPP. The controller remains responsible for all data processing actions entrusted to the processors.

Depending on the legal basis and specific purpose, the following categories of persons may have access:

Associates and / or partners BEYOND42, depending on the services provided by these natural or legal persons to BEYOND42 or provided together with BEYOND42. These associates or partners BEYOND42 may not use the data for any purpose other than that stated.  

BEYOND42confidential requires all associates to enter into data processing agreements or joint controller agreements and to respect security and privacy to the extent described in this Privacy Policy, the personal data processing agreements in question, and the Data Protection Act. the personality of Serbia ( “Official Gazette”, no. 87/2018)

DATA we collect the third parties may share if such transmission is connected to the purpose for which it was collected. In that case, we require that the third party process the entrusted data in accordance with these rules, as well as the Law on Personal Data Protection. All third parties with whom we share your data must be contractually obliged to provide a level of protection that is at least at the level provided by these rules and the Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of RS”, No. 87/2018)). 

All data collected can be forwarded outside the borders of the Republic of Serbia to partners associated with BEYOND42, business partners, and representatives of  BEYOND42. Some of the data processing operations can also be provided by processors who are incorporated and active in the EU or third countries. The transfer of data outside the borders of the Republic of Serbia is performed in accordance with the Law on Personal Data Protection of the Republic of Serbia. The data may, with your consent and when there is a legal basis for the transfer, be transferred to the countries of the European Union.

Transfers to such countries are made:

  • Based on the decision on adequacy for EU / EEA countries in accordance with Article 64 of the LPP. The cross-border transfer to these countries is free (without the prior approval of the Commissioner) in accordance with Article 64 paragraph 2 of the LPP; Such a transfer exists by law for the member states of the CoE 108 Convention, EU states, and states or territories for which the EU has determined that there is an appropriate level of protection (decision on the adequacy of the European Commission). You can see the complete list of countries for which the European Commission has determined that they achieve an adequate level of protection here:  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en, while the list of members of the Convention SE 108 can be seen here: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures. 
  • On the basis of adequate guarantees in accordance with Article 65, paragraph 2, item 2 of the LPP, ie. based on an agreement (Personal Data Transfer Agreements) that includes standard data protection clauses issued by the Commissioner.

Personal data may be shared with public authorities if this is necessary to fulfill the legal obligations of the Operator, provided that the use of personal data by public authorities is limited to the minimum necessary to meet specific legal requirements.

6. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROTECTION OF YOUR DATA THAT BEYOND42 PROCESSES?

  • The person whose data are processed has the following rights: 
  • the right to request information on processing (Articles 23 and 24 of the LPP);
  • the right to request access to personal data from BEYOND42 (Article 26 of the LPPR);
  • the right to request a correction, supplementation, or deletion of personal data, as well as restriction of processing (Articles 29, 30, 31, and 33 of the Law on Personal Data);
  • the right to data portability (Article 36 of the LPPR);
  • the right to object to the processing of data (Articles 37-39 APPD);
  • the right to file a complaint to the Commissioner for Access to Information of Public Importance and Personal Data Protection, the right to judicial protection, as well as the right to compensation in case of illegal processing (Articles 82, 84, and 86 of the LPP), 
  • and all other rights guaranteed by the current LPP. 


Additional information on the manner of exercising these rights is prescribed by the internal acts of the Operator, and all information on the manner of exercising the rights can be obtained from the Operator by sending an inquiry to the e-mail address: dataprotection@collectivibe.com.

Contact of the competent authority in charge of personal data protection in the Republic of Serbia:

Commissioner for Information of Public Importance and Personal Data Protection

Bulevar Kralja Aleksandra 11120, Belgrade, Serbia

office@poverenik.rs

The Commissioner will provide the data subject with all relevant information concerning his rights under the APPD.


7) HOW IS YOUR DATA PROTECTED?

BEYOND42 within its business organization strives to apply the highest possible standards in the field of personal data protection and applies all necessary organizational, technical, and personnel measures, including, but not limited to:  

  • technical protection measures,
  • control of physical access to the system where they are stored Personal data,
  • data access
  • control, data transfer
  • control, data entry control, data
  • availability control,
  • other information security measures,
  • all other measures necessary for the protection of personal data.

All processors and/or recipients of personal data are also obliged to apply all prescribed protection measures.


8) USE OF OUR SERVICES BY CHILDREN AND MINORS

Children may not use the services provided by BEYOND42. Minors who have reached the age of 15 and over can use the services of BEYOND42. 


9) HOW LONG IS YOUR DATA KEPT?

We store the data for the period necessary to achieve a certain, specific purpose, after which the data is deleted or made unrecognizable (anonymization measures). The specific retention period is prescribed by the internal acts of the Operator for each individual purpose, and each person whose data are processed is informed in advance.

The processing of personal data on the basis of the informed consent of the person is performed until the purpose for which the consent was given is fulfilled or until the consent of the person whose data are processed is revoked.

Personal data of employees are kept permanently in accordance with the obligations under the law governing records in the field of work.

Data processed on the basis of a concluded contract are stored for 10 years from the day of execution of the contract, ie termination of the contract.


10) WHO CAN YOU CONTACT FOR MORE INFORMATION ?

In connection with all issues related to the processing of personal data, including the manner of exercising rights and access to documents that further regulate the manner of processing, you can contact us via e-mail dataprotection@collectivibe.com.  

The controller will respond to each request of the person whose data are processed as soon as possible, depending on the complexity of the request, but each within no longer than 30 days from the date of addressing the data subject. 

This Policy may be amended from time to time, provided that it does not in any way diminish the level of the legal protection of data subjects. All possible amendments come into force on the day of publication on the website www.collectivibe.com. The data subject will be notified of any material changes to this Policy by normal means.




Collectivibe Talk

Sign up
for a demo

What happens after I fill in my information?
We will review your information and reach back in shortest time possible.