PERSONAL DATA PRIVACY
Dear All,
We inform you that personal data protection is of utmost importance for HBIS GROUP Serbia Iron & Steel llc Belgrade (hereinafter: HBIS GROUP Serbia). With that goal, HBIS GROUP Serbia fully guarantees the readiness to handle your personal data responsibly and in accordance with all the valid regulations, with the implementation of adequate technical and organizational measures for the protection of personal data which you provide to HBIS GROUP Serbia and which are processed by HBIS GROUP Serbia as the controller.
In accordance with Articles 21 and 23 of the Law on Personal Data Protection (“the Official Gazette of the Republic of Serbia”, No.87/2018 – hereinafter: the Law), by fulfilling the obligation of the controller in the capacity of a legal entity toward you, as a person from whom data related to you are collected, we provide to you, at the moment of the collection of those data, not depending on whether the collecting is performed via our web page or via other channels, with the following pieces of information:
- THE CONTROLLER OF PERSONAL DATA
- PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
- TYPE OF PERSON TO WHOM DATA REFER AND TYPE OF PERSONAL DATA
- ADDITIONAL INFORMATION
- DATA PROCESSING NOTIFICATION RELATED TO BUSINESS PARTNERS (CUSTOMERS, SUPPLIERS, CONTRACTORS, SUBCONTRACTORS, VISITORS) AND THEIR EMPLOYEES
- NOTIFICATION ON PERSONAL DATA PROTECTION DURING THE SUBMISSION OF A CANDIDATE`S EMPLOYMENT APPLICATION
1. THE CONTROLLER OF PERSONAL DATA
Business name of the controller, the seat, address:
HBIS GROUP Serbia Iron & Steel llc Belgrade,
Bulevar Mihajla Pupina 6, Belgrade-New Belgrade, 11000 Belgrade, Serbia,
Address for the receipt of mail: Radinac, 11300 Smederevo, Serbia,
2. PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
The purpose of the intended personal data processing is to establish exclusively legitimate business cooperation, both in the process of sale and procurement of goods and services, as well as in the process of establishing other forms of cooperation with our customers, suppliers, service providers, contractors, subcontractors and other associates, whereby the legal basis for processing is contained in Article 12 Paragraph 1 Items 1, 2, 3, and 6 of the Law on Personal Data Protection.
Every personal data related to a natural person whose identity is determined or determinable on the basis of those data is considered as the personal data.
Legal entities` data are not considered as personal data; therefore, this Notification does not refer to them.
HBIS GROUP Serbia as the controller processes personal data it collects either directly from you as the persons to whom the data refer, or from third parties (your employers as our business partners, and similar).
HBIS GROUP Serbia processes personal data on the basis of relevant laws and/or consents of the persons to whom the data refer, for the following purposes specifically:
- Execution of contracts, when the processing of personal data is required for the proper fulfillment of the assumed contractual obligations and necessary for the realization of rights and obligations arising from the contract or is necessary for undertaking actions, upon the request of a person to whom the data refer, prior to the conclusion of a contract.
- Execution of contractual obligations of HBIS GROUP Serbia in accordance with the Law on Personal Data Protection and other relevant laws which order the processing of certain personal data and/or by which the compliance of the company with the valid regulations is ensured. In case of a legal obligation, we reserve the right to disclose data about you to the competent state authorities.
- realization of legitimate/justified interests of HBIS GROUP Serbia or third parties, exclusively for the needs of lawful business operation and promotion of business operation of our Company, unless the interests or basic rights and freedoms of a person to whom those data refer prevail over those interests, which requires personal data protection,
- on the basis of a consent of a person to whom data refer, which is given through an express assent of that person for the processing of data for precisely determined purposes, such as: candidates` applications for employment, offering and providing information on production programs which correspond to the specific needs and requests of the persons to whom data refer, as well as with the goal of improving the business relation of HBIS GROUP Serbia and the person to whom the data refer, organizing and conducting certain events (entertainments, surveys, marketing activities, market analysis, and other promotional activities).
3. TYPE OF PERSON TO WHOM DATA REFER AND TYPE OF PERSONAL DATA
Personal data which are collected and processed by HBIS GROUP Serbia refer to the following categories of persons:
- Employees and persons engaged outside employment, former employees, pensioners and members of their families all for the purpose of fulfillment legal obligations from the field of labor, pension, disability, health and social insurance, solidarity benefits and other forms of help and gifts, tax and accounting regulations, regulations from the field of safety and health at work and other regulations;
- Persons submitting an application for employment; More detailed information can be found in document Notification on Personal Data Protection During the Submission of a Candidate`s Employment Application.
- Persons engaged by the business partners with which the Company has the concluded commercial contracts for the purpose of realization of the contractual and legal obligations and persons who enter the Company location as visitors, whereby the Company has a legitimate interest to process personal data of all persons entering the business area and business premises of HBIS GROUP Serbia with the goal of protection of their personal safety and the safety of assets and employees of the Company. More detailed information can be found in document Data Processing Notification Related to Business Partners (Customers, Suppliers, Contractors, Subcontractors, Visitors) and Their Employees.
Personal data which are being processed are the following: General identification data and contact data needed for a business relation (such as name and last name, job title, address, phone number, e-mail address, and other contact data, a unique ID number of the cell phone and your computer`s IP address if you are using our internet pages), data stated in the offer, and/or other documents which precede a contract or they are inextricably connected to the contract (attachments, dispatch notes, and similar).
During the visit and usage of our internet page exclusively for the informative purposes HBIS GROUP Serbia does not collect personal data from you (e.g. name, address, phone number, email address) unless you voluntarily decide to disclose such data.
Educational institutions that, in accordance with their plans and programs, request that their students have professional practice in our Company, are obligated to ensure the personal consent of the student or parent exercising parental rights, that is, another legal representative of a minor under the age of 15, that our Company may collect and process personal data referring to them.
4. ADDITIONAL INFORMATION
Besides the stated pieces of information, we also provide to you at the moment of collecting data which are related to you the additional information which may be necessary in order to secure transparent processing of those data, specifically:
1) The retention period for your data:HBIS GROUP Serbia keeps your personal data until the expiration of the statutory retention period, that is, until there is a legitimate interest for that, that is, a valid consent or assent. HBIS GROUP Serbia shall not keep your personal data longer than it is necessary and legal because it shall process them exclusively for the purposes for which it has collected the stated data.
2) In accordance with Article 26 of the Law you have the right to request from the controller the access to data, the right to a correction/supplement or erasure of your personal data in accordance with Articles 29 and 30 of the Law, the right to restriction of processing in accordance with Article 31 of the Law, the right to data portability in accordance with Article 36 of the Law, as well as the right to a complaint in accordance with Article 37 of the Law.
3) you are entitled to a revocation of assent at any time, but the revocation of assent does not affect the admissibility of processing on the basis of the assent before revocation, if processing is performed on the basis of Article 12 Paragraph 1 Item 1) of the Law (assent of a person to the processing of its personal data for one or more particularly determined purposes) or on the basis of Article 17 Paragraph 2 Item 1) of the Law (an explicit assent of a person to whom the data refer for the processing for one or more purposes of processing, unless it has been prescribed by law that processing is not performed on the basis of an assent);
4) If you have any doubts about how we process your personal data or you would like to file a complaint, you can contact us via some of the below stated contacts so that we could investigate your case. In case you are not satisfied with our answers or you believe that the processing of your personal data is not in compliance with the law, you are entitled, in accordance with Article 82 of the Law, to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection.
5) Provision of personal data is an obligation of the person to whom the data refer because they represent a necessary condition for the conclusion of a contract.
6) an automated decision making, including profiling, as any form of an automated processing which is used to evaluate a particular personality trait, can be applied to you only in exceptional cases and under the conditions and in a manner referred to in Article 38 of the Law, as well as in accordance with the purpose of the Law and its protective provisions which are related to the persons whose data are protected.
7) Basically, your personal data are forwarded to other controllers only if that is necessary for the fulfillment of the contractual obligations, or if we, or a third party, have a legitimate interest to perform the data transfer, or if you have given us consent. Besides that, data can be transferred to other controllers when we are obligated to do that on the basis of law provisions or valid administrative or court orders. Employees of HBIS GROUP Serbia who, within the performance of their regular work obligations and duties collect, process, have access to, or in any other manner handle personal data of natural persons, are aware that in any moment of data processing they have to guarantee the right to protection of their privacy and they are obligated to maintain the confidentiality of those pieces of information.
8) HBIS GROUP Serbia may collect personal data of the children younger than the age of 15 exclusively from the parents who are executing the parental right, that is, from another legal representative of a minor, and to process them with their explicit consent.
During the processing of personal data, HBIS GROUP Serbia is guided by the principles established under the Law on Personal Data Protection, specifically: of legality and ethics, fairness and transparency, restrictions related to purpose, data minimization, accuracy, retention restrictions, and integrity and confidentiality.
With the goal of protection of safety and health of all persons who are on the business premises of our Company, measures of safety protection have been established including the video surveillance with the application of regulations which are related to security and video surveillance. When entering the Company’s business premises and on all other places inside the business premises, on visible places, notices indicating that the business premises are under video surveillance are displayed. The recorded surveillance videos are kept in a secured place and they are accessed as needed (e.g. for the purpose of reviewing an incident that occurred). Videos are automatically deleted after a certain period of time, unless there is a different request by authorized persons (such as provision of evidence for the conducting proceedings in case of alienation of property, etc.)
Regarding a possible intention to process your data with the purpose which is different from the purpose for which the data have been collected, we are obligated to provide you with information about that other purpose prior to starting further processing.
Your personal data will be treated as confidential information. Only the persons, who, considering the description of a job they perform, need to be acquainted with your personal data, will have access to them, and that will be only in the extent necessary for the performance of their jobs.
During the processing of personal data all the necessary technical and organizational measures of data protection have been undertaken, in accordance with the established standards and procedures, and they are necessary in order to protect personal data against loss, destruction, unauthorized access, change of publishing, or access to unauthorized third parties, and other misuse.
HBIS GROUP Serbia shall regularly review the compliance of this Notification and update it if necessary. All the alterations will be published on this page.
DATA PROCESSING NOTIFICATION RELATED TO BUSINESS PARTNERS (CUSTOMERS, SUPPLIERS, CONTRACTORS, SUBCONTRACTORS, VISITORS) AND THEIR EMPLOYEES
For the purpose of conclusion, i.e., the performance of a contract or realization of pre-contract obligations, (such as, e.g.: delivery and acceptance of an offer), both in the process of sale and purchase of goods and services and in the process of establishing other types of cooperation with you as our customer, supplier, service provider, contractor, subcontractor, visitor or associate, processing of personal data concerning you and which you, as a business partner, have submitted to us, is based on the activities for the conclusion and / or performance of the contract in which you are a contracting party or an employed person in the capacity of an authorized representative of our business partner, and it is performed at your request.
The Purpose of Collecting and Processing Personal Data
We process the personal data of business partners and/or their employees and of potential business partners for the following purposes:
Business Communication: when you contact us or interact with us, e.g. by e-mail or by a certain application or contact form on our website and when you address us with a specific request we shall process the data you have provided to us in order to contact you and act upon your request, or in order to carry out certain activities necessary prior to the conclusion of a contract or the establishing of another form of cooperation;
Execution of contractual and legal obligations: to the extent necessary, personal data shall be processed for the purpose of fulfilling contractual obligations and realization of our rights (related to the delivery of goods, receipt of goods, performance of works, resolution of claims, and other requests, sending notifications) and for the purpose of fulfilling legal obligations related to the keeping and storing business records, financial statements, and other accounting documents and records, of fulfilling obligations in compliance with tax regulations, for the purpose of internal or financial audit, for the purpose of reporting to state authorities in accordance with the valid regulations, for the purpose of controlling and / or responding to requests from the state authorities.
Quality control and improvement: we can ask for you for feedback on your satisfaction with our products or the services rendered by our employees.
Realization of legal requests we have towards you or the defense from your requests. We may also use your personal information to realize our rights towards you, or to defend against your requests arising out of or in connection with our business relationship.
Types of Personal Data We Collect
We collect only those personal data which are necessary to us for the realization of the stated purposes. Depending on the circumstances, that can include the following data:
Personal contact data such as: name and last name, address, electronic mail, phone number;
Data on business contacts such as: addresses of business entities, business electronic addresses and phone number;
Personal data such as: gender, date of birth and unique personal identification number, the takeover and photocopying of your documents (not for all persons, and not all the stated data),
Information on payment such as: the number of bank account and of request for compensation of costs and payments and similar for the purpose of a contract execution;
Information on the function you perform such as: jobs you do, a department, seat and competencies, in case you appear in the function of a person authorized for the signing of a contract or its execution, and other personal data which are necessary for us for the execution of our contractual obligations.
Data can be used only by the persons who have been engaged with the controller on the jobs systematized within the organizational units under whose competence is the establishment of business cooperation with business partners and who have special authorizations and access to these data, as well as the persons who make decisions on business cooperation.
Processing Sensitive Personal Data
We shall perform the processing of certain personal data which are considered as sensitive, in cases prescribed by the valid laws (such as: the occurrence of an incident for the purpose of provision of the necessary medical or other assistance, as well as in the procedure of conducting activities regarding risk and liability insurance), out of the reasons which are strictly related to the proper execution of obligations we have, in the manner and to the extent it is prescribed by the valid laws.
The Sources We Collect Personal Data From
We can collect your personal data from the following sources:
Directly from you (through forms, e-mail, phone, a cell phone, personally through a conversation with you);
From other persons (e.g. persons who are employed or in some other manner engaged by your employer with whom we have a concluded contract). In such cases, we trust that the persons who provide us with your personal data or give instructions for their processing are also authorized for that, and that they have given you all the necessary notifications, that is, obtained your approval if it is necessary;
From publicly accessible sources (e.g. the Business Registers Agency, the Real Estate Cadaster, and other publicly accessible information).
In case when you give us personal data of other persons, it is your responsibility to ensure that the person whose information you have provided to us is aware of that and that he/she accepts the manner we use those personal data.
Data Retention Period
HBIS GROUP Serbia keeps all your personal data until the expiration of the statutory retention period, that is, until the expiration of deadline necessary for the execution of the contract or until there is a legitimate interest for that, that is, a valid consent or assent. HBIS GROUP Serbia shall not keep your personal data any longer than it is necessary and legal, because it shall process them exclusively for the purposes for which it has collected the stated data.
Marketing Notifications
HBIS may also send notifications for the purpose of direct marketing.
We send such notifications only to those recipients who, considering the business relation with us, can justifiably expect a full receipt of such notifications, therefore, we have a legitimate interest for such a type of communication with you. We believe that our business partners can reasonably expect that we inform them about different events, certain novelties and/or changes and similar circumstances which might impact their business operation or they can be of some interest to them in another manner.
Also, we may contact you for the purpose of organizing entertainment and conducting certain events, surveys, market analyses and other promotional activities.
In no case shall we forward your personal data to third parties for advertising purposes or marketing needs without your assent.
Collecting Data Online
We collect only those personal data which you voluntarily give to us as visitors through the internet.
Visitors of Our Business Area
Security measures have been established in our business area, including video surveillance and access control systems for office buildings.
Notices have been displayed in visible places in our business area that the business area is under video surveillance. The recorded surveillance videos are kept in a secured place and they are accessed as needed (e.g. for the purpose of reviewing an incident that occurred). Videos are automatically deleted after a certain period of time, unless there is a different request by authorized persons (such as provision of evidence for the conducting of court and other proceedings in case of alienation of property, etc.)
The visitors and contractors check in at the “Protocol“ reception office, and the suppliers check in at the entrance gate. We keep records on all visits for a certain period of time and they are kept in a secured place and accessed as needed (e.g. for the purpose of reviewing an incident that occurred). We rely on our legitimate interest, which is to provide protection and safety of employees and of other persons in our business space.
If you have given your consent to us, you are entitled to withdraw that consent at any moment, for one or for all the previously stated processing, without stating the reason, by a written request.
Rights Related to the Protection of Your Personal Data:
Right to revoke assent – A person to whom the data refer is entitled to revoke assent at any moment. The revocation of assent does not affect the admissibility of processing which has been performed on the basis of the assent prior to the revocation. Prior to giving assent, a person to whom the data refer has to be informed about the right to revocation, as well as about the effect of the revocation. Revoking an assent has to be simple, as well as giving an assent.
Right to Access – A person to whom the data refer is entitled to request from the controller information about whether it processes its personal data and access to those data, that is, a review of those data, as well as the pieces of information regarding the purpose of processing, the types of personal data that are being processed, about the recipient or types of recipients to whom personal data have been disclosed or will be disclosed, about the stipulated personal data retention period, or if that is not possible, about the criteria for the determination of that period, on the existence of a right to request from the controller a correction or erasure of its personal data, the right to restriction of processing and the right to a complaint on processing, the right to a copy, the right to file a complaint to the Commissioner, and about the existence of a procedure of automated decision making, including profiling.
The Right to Correction and Supplement – A person to whom the data refer has an unconditional right to a correction of incorrect and supplement of the incomplete personal data.
The Right to Erasure – A person to whom the data refer has the right to request that his/her personal data be erased by the controller. The controller is obligated to delete the collected data without undue delay within the established time limit and in cases where personal data are no longer necessary for the realization of the purpose for which they have been collected or otherwise processed.
The Controller is obligated to notify all the recipients to whom personal data have been disclosed, of any correction or deletion of personal data or restriction of their processing in accordance with the law, unless this is impossible or requires excessive consumption of time and resources.
The Right to Processing Restriction – A person to whom the data refer is entitled to have its personal data processing restricted by the controller if the person to whom the data refer disputes the accuracy of the personal data, within a deadline which enables the controller to check the accuracy of personal data, if the processing is illegal, and the person to whom data refer opposes the erasure of the personal data and instead of erasure it demands the restriction of data usage, if the controller no longer needs personal data for the realization of the processing purpose, but the person to whom the data refer has requested them for the purpose of filing, realizing or defending a legal request, if a person to whom data refer has filed an objection to be processed and the estimation about whether the legal basis for processing by the controller prevails over the interests of that person is ongoing.
The Right to Data Portability – – A person to whom the data refer is entitled to receive from the controller his/her data which he/she has previously delivered to the controller in a structured, usually used and electronically readable form and is entitled to transfer these data to another controller without obstructions by the controller to whom those data have been delivered, if the processing is based on the assent or on the basis of a contract and if the processing is performed in an automated manner. This right also includes the right of a person that his/her data are directly transferred to another controller by the controller to whom these data have been previously delivered, if that is technically feasible.
The Right to A Complaint – if he/she believes it is justified in relation to a special situation he/she is in, a person to whom the data refer is entitled to submit, at any moment, a complaint to the controller regarding the processing of his/her personal data. The controller is obligated to suspend the processing of the data of the complainant, unless he/she has indicated that there are legal reasons for the processing that prevail over the interests, rights, or freedoms of the persons to whom the data refer or are related to the submission, realization, or defense of the legal request. A person to whom the data refer is entitled to submit, at any moment, a complaint to the processing of his/her personal data which are being processed for the needs of direct marketing, including profiling, to that extent in which he/she has been connected with the direct marketing. If a person to whom the data refer submits a complaint on the processing for the needs of the direct marketing, personal data cannot be further processed for such purposes. A person to whom the data refer is entitled to file a complaint to the Commissioner he/she is not pleased with the controller`s response upon the submitted complaint or if he/she thinks that his/her personal data processing is not in compliance with the Law.
Also, if we process your personal data on the basis of your consent, you have the right to withdraw that consent at any moment, provided that that withdrawal does not affect the lawfulness of the processing performed before the withdrawal. In the case of withdrawal of consent, we will cease to process your personal data for the processing of which the legal basis was a withdrawn consent, unless there is another legal basis for the specific processing.
NOTIFICATION ON PERSONAL DATA PROTECTION DURING THE SUBMISSION OF A CANDIDATE`S EMPLOYMENT APPLICATION
Our company, HBIS GROUP Serbia, is a responsible controller during the processing of all personal data. That particularly refers to the personal data of the candidates as employment applicants.
Personal data, in terms of this notification, is every information related to the employment applicant as a natural person whose identity is determined or determinable on the basis of identity marks, such as: name, address, date and place of birth, email address, information about a computer, including even where the IP address is accessible, phone number, pieces of information that are in the CV, cover letter and certificates (type and level of education, data about the skills and competencies for the performance of certain jobs, a CV, and other), and other pieces of information which are, in the cases defined by the law, delivered in accordance with requests for the performance of certain jobs (such as data related to disability, health or results of tests).
As the data controller, we process them exclusively in the process of recruitment and selection of candidates for employment and on the basis of the submitted application for certain jobs. The controller processes personal data in the scope necessary for the fulfillment of the stated purpose.
Personal data processing is every action or set of actions performed automatically or non-automatically with the personal data, such as: collecting, recording, sorting, grouping, storing, reviewing, usage, detecting by transfer, i.e., by delivering, comparing, deletion or destroying.
We can collect your personal data in various manners:
By the delivery of an application for employment:
- Via an email or in writing, in which case all records on the performed correspondence will be kept.
- Via an official recruiter, in which case in the first step only anonymized data from an anonymized CV are processed. In the further selection process, personal data processing is performed on the basis of the pieces of information delivered by a candidate or a recruiter.
By the delivery of information directly from you through a participation in an interview for a job you applied for, by filling out a test and assessment of a result or in phone contact with us.
The delivery of personal data, in any of the stated manners, is voluntary and, by the fact that you are applying for a published advertisement as a candidate for the first time and delivering the requested personal data, it is also considered that you are concordant with their processing, and by the delivery of the data to the recruiter it is considered that you, as a candidate, agree that the recruiter delivers them to the Employer on whose behalf and for whose account he/she has been engaged.
General Information
As a person to whom the data refer, you have the following rights related to the protection of your data:
Right to revoke assent – A person to whom the data refer is entitled to revoke assent at any moment. The revocation of assent does not affect the admissibility of processing which has been performed on the basis of the assent prior to the revocation. Prior to giving consent, a person to whom the data refer has to be informed about the right to revocation, as well as about the effect of the revocation. Revoking a consent has to be simple, as well as giving a consent.
Right to Access – A person to whom the data refer is entitled to request from the controller information about whether it processes its personal data and access to those data, that is, review of those data, as well as the pieces of information regarding the purpose of processing, the types of personal data that are being processed, about the recipient and types of recipients to whom personal data have been disclosed or will be disclosed, about the stipulated personal data retention period, or if that is not possible, about the criteria for the determination of that period, on the existence of a right to request from the controller a correction or erasure of his/her personal data, the right to restriction of processing and the right to a complaint on processing, the right to a copy, the right to file a complaint to the Commissioner, and about the existence of a procedure of automatized decision making, including profiling.
The Right to Correction and Supplement – A person to whom the data refer has an unconditional right to the correction of incorrect and to the supplement of the incomplete personal data.
The Right to Erasure – A person to whom the data refer has the right to request that his/her personal data be erased by the controller. The controller is obligated to delete the collected data without undue delay within the established time limit and in cases where personal data are no longer necessary for the realization of the purpose for which they have been collected or otherwise processed.
The Controller is obligated to notify all the recipients to whom personal data have been disclosed of any correction or deletion of personal data or restriction of their processing in accordance with the law, unless this is impossible or requires excessive consumption of time and resources.
The Right to Processing Restriction – A person to whom the data refer is entitled to have its personal data processing restricted by the controller if the person to whom the data refer disputes the accuracy of the personal data, within a deadline which enables the controller to check the accuracy of personal data, if the processing was illegal, and the person to whom the data refer opposes to the erasure of the personal data and instead of erasure it demands the restriction of data usage, if the controller no longer needs personal data for the realization of the processing purpose, but the person to whom the data refer has requested them for the purpose of filing, realizing or defending a legal request, if a person to whom data refer has filed an objection to be processed and the estimation about whether the legal basis for processing by the controller prevails over the interests of that person is ongoing.
The Right to Data Portability – – A person to whom the data refer is entitled to receive from the controller his/her data which he/she has previously delivered to the controller in a structured, usually used and electronically readable form and is entitled to transfer these data to another controller without obstructions by the controller to whom those data have been delivered, if the processing is based on the assent or on the basis of a contract and if the processing is performed in an automated manner. This right also includes the right of a person that his/her data are directly transferred to another controller by the controller to whom these data have been previously delivered, if that is technically feasible.
The Right to A Complaint – If he/she believes it is justified in relation to a special situation he/she is in, a person to whom the data refer is entitled to submit, at any moment, a complaint to the controller regarding the processing of his/her personal data. The controller is obligated to suspend the processing of the data of the complainant, unless he/she has indicated that there are legal reasons for the processing that prevail over the interests, rights or freedoms of the persons to whom the data refer or are related to the submission, realization or defense of the legal request. A person to whom the data refer is entitled to submit, at any moment, a complaint to the processing of his/her personal data which are being processed for the needs of direct marketing, including profiling, to that extent in which he/she has been connected with the direct marketing. If a person to whom the data refer submits a complaint on the processing for the needs of the direct marketing, personal data cannot be further processed for such purposes. A person to whom the data refer is entitled to file a complaint to the commissioner if he/she is not pleased with the controller`s response upon the submitted complaint or if he/she thinks that his/her personal data processing is not in compliance with the Law.
Also, if we process your personal data on the basis of your consent, you have the right to withdraw that consent at any moment, provided that that withdrawal does not affect the lawfulness of the processing performed before the withdrawal. In the case of withdrawal of consent, we will cease to process your personal data for the processing of which the legal basis was a withdrawn consent, unless there is another legal basis for the specific processing.
Data Retention Period: If no employment relationship is established with a candidate, the candidate’s personal data shall be deleted after the notification that he/she is not the selected candidate for employment and the accomplishment of the purpose for which the data have been provided or after the revocation of the consent for personal data processing.
Exceptionally, we may retain information even after the withdrawal of the assent or the fulfillment of the purpose, in situations when this is necessary for the execution of our legal obligation or for filing, exercising or defending a legal claim.
The collected personal data are protected from misuse, destruction, loss, unauthorized changes and access. HBIS GROUP Serbia, as the controller and data processor, undertakes the necessary technical, personnel and organizational measures of protection of data, in accordance with the established standards and procedures, which are needed in order to protect data from the loss, destruction, unauthorized access, change, publishing, and any other misuse. As needed, we use encryption and other protective measures which can help to secure and protect the data you provide to us.
The data are also safeguarded in the computer database which can be accessed only by the employees who possess an adequate access code and who are authorized to process a candidates’ personal data. The data are kept in special registers which can be accessed only by the employees authorized to use the collected data.
Data can be used only by the persons who have been engaged at the controller`s company on the jobs of recruitment and selection and have special authorizations and access to these data, as well as the persons who make decisions on possible engagement of some of the candidates. We do not share your personal data with third parties and we shall not make them available to any third parties without your prior consent.
If you have any questions or you would like to use any of your rights, you may contact us via:
email: hbisbusinessoffice@hbisserbia.rs
On 11/13/2020