ZS Tax & Consulting doo Beograd-Stari Grad, based in Belgrade, st. Makedonska 30, registration number: 21161918, TIN: 109324126 (hereinafter: “Data Controller“), which has the status of Data Controller in terms of the Law on Personal Data Protection (“Official Gazette”, No. 87/2018, hereinafter: LPDP), i.e. as an entity which organizes and is responsible for the processing of personal data, hereby informs the visitors of the website http://www.zslaw.rs/, whose data are processed (hereinafter: Visitors), on all important aspects processing of personal data in accordance with applicable regulations:
- Terms used within this Policy have the meanings prescribed by the current Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018, hereinafter: LPDP), and if necessary, other laws governing specific relations, occurrences, concepts and their meaning.
- The mentioned electronic record (log) will be considered legally valid and sufficient proof of the given consent, in the sense of Article 15, paragraph 1 of the LPDP.
1. WHAT DATA DO WE COLLECT AND PROCESS?
The Data Controller may collect different categories of personal data, which are used for different purposes and with different legal bases. Usually, it is a set of data that allows the identification of the person whose data are processed, communication with the person whose data are processed or which are necessary to provide a specific service at the request of that person, or to meet the statutory obligations of the Data Controller, which include:
- Name, surname and e-mail address left by the site visitor within the section “Contact” in order to establish business contact with the Data Controller;
- Data on the contact person / persons of the company that the site visitor leaves within the section “Inquiry for the offer” in order to receive a non-binding calculation of the monthly price of the offer;
- Data collected electronically on visitor identification (IP address, etc.);
Personal data is collected only to the extent necessary to achieve a specific purpose.
2. WHAT IS THE LEGAL BASIS OF PROCESSING
Processing can be performed in order to fulfill the obligations from the contractual relationship, i.e. to prepare for the conclusion of the contract. The Data Controller, as a contracting party, offers different types of services to legal entities, entrepreneurs, individuals, etc. In the procedure of concluding and performing obligations from the contractual relationship, the Data Controller processes personal data. Also, in order to exercise his rights, based on the services he provides, as well as to establish a business relationship, the Data Controller collects and processes certain personal data. This especially refers to the data submitted via the page https://www.zstax.rs/ by the site visitor in order to establish business contact with the Data Controller and to receive a non-binding calculation of the monthly price.
In special situations, the collection and processing of personal data may be necessary in order to pursue the legitimate interests of the Data Controller, or a third party, under the conditions and in accordance with Article 15 paragraph 6 of the LPDP. Before collecting and processing personal data of data subjects based on the legitimate interests of the Data Controller, or a third party, if any, in accordance with Article 15 paragraph 6 of the LPDP, the Data Controller will conduct an assessment of legitimate interest based on a tripartite test:
- Purpose test (identification of legitimate interest);
- Necessity test (whether data processing is necessary);
- Balancing test (measuring the legitimate interests of the controller and the data subject).
Also, in exceptional situations, processing may be based on the obligation to perform the legal obligations of the Data Controller. The Data Controller falls under the obligations of laws and other regulations that more closely regulate consulting and accounting services. When collecting data for the purpose of fulfilling legal obligations, the Data Controller does so exclusively to the extent necessary, and access to the data is provided only to authorized persons and competent state bodies, in accordance with the law.
3. FOR WHAT PURPOSES DO WE USE THE DATA?
The Data Controller uses the data for various purposes that are always closely related to the legal basis of the processing. Thus, the main purpose of direct collection and processing of personal data of data subjects is to establish communication with persons interested in establishing business contact, at their request. The Data Controller processes personal data for the purpose of fulfilling obligations under the law and other regulations, for the purpose of providing various types of services, for the purpose of fulfilling contractual obligations, for maintaining personal and business contact with its clients, as well as for analyzing business results and archiving, in accordance with the law. For all additional processing purposes for which there is a need, the data subject will be informed of all necessary information, before starting such processing operations, and the processing itself will be based on the appropriate legal basis, in accordance with the law.
4. WHO HAS ACCESS TO DATA?
Depending on the legal basis and the specific purpose, the following categories of persons may have access:
- Authorized employees within the ZS Tax & Consulting doo Beograd-Stari Grad in accordance with their work duties and authorizations, i.e. associates with whom a special agreement on cooperation, a contract on professional training, etc. has been concluded. All persons are obliged to act in accordance with all provisions of the LPDP regarding the security of personal data processing;
- Competent state bodies (Tax Administration, Ministry of Interior, inspection and other administrative bodies, authorized control and regulatory state bodies, competent courts and prosecutor’s offices, etc.), if they have the appropriate authorization for access or other type of data processing in accordance with the law, namely only to the extent provided by law;
- Persons who are in a contractual relationship with the Data Controller (Data Processors) and who are entrusted with certain data processing activities, in accordance with the legally prescribed conditions relating to information security, confidentiality and contractual regulation of rights and obligations.
5. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROTECTION OF YOUR DATA WHICH ZS TAX & CONSULTING DOO BEOGRAD-STARI GRAD, AS A DATA CONTROLLER, PROCESS?
You have the right to:
- request access to your personal information,
- request the correction or deletion of your personal data or the restriction of processing, to object to the processing of your data,
- to object to processing of your data,
- to have your data transferred to other Controllers,
- to contact the competent authority – the Commissioner for Access to Information of Public Importance and Personal Data Protection, in case you suspect that there is illegal processing,
- other rights prescribed by applicable regulations.
Certain rights (e.g. the right to delete), in certain situations may be subject to statutory restrictions, and their use may cause various legal consequences, in accordance with the law (e.g. inability to continue to provide certain services, the obligation to compensate for damage, etc.).
6. HOW IS YOUR DATA PROTECTED?
Within his business organization, the Data Controller strives to apply the highest possible standards in the field of personal data protection, and applies all necessary organizational, technical and personnel measures, including, but not limited to:
- technical protection measures,
- control of physical access to the system where personal data is stored,
- data access control,
- data transfer control,
- data entry control,
- data availability control,
- other information security measures,
- all other measures necessary for the protection of personal data.
All processors and/or other recipients of personal data are also obliged to apply all prescribed protection measures, in accordance with the signed contract with the Data Controller and the standards and obligations prescribed by law.
7. HOW LONG IS YOUR DATA KEPT?
8. WHO CAN YOU CONTACT FOR MORE INFORMATION?
Regarding all questions related to the processing of personal data, you can get via e-mail: firstname.lastname@example.org and / or by sending an inquiry to the address ZS Tax & Consulting doo Beograd-Stari Grad, st. Makedonska 30, 11000 Belgrade.
We will respond to your inquiry as soon as possible, depending on the complexity of the inquiry itself, but each within 30 days from the date of addressing the data subject, with the possibility of extending the deadline in special situations and with an explanation, in accordance with law.
9. ADDITIONAL INFORMATION
Personal data collected through the website https://www.zstax.rs/, are not taken out of the Republic of Serbia, except during the possible use of third party cookies, for which ZS Tax & Consulting doo Beograd-Stari Grad cannot be held responsible. The servers used for data transfer are located within EEA countries where an adequate level of personal data protection is provided. If in exceptional cases the data transfer is performed via a server outside the EEA, such data transfer will be performed with the application of appropriate protection measures, in accordance with the law.
In case of need to transfer personal data to another country, i.e. outside the territory of the Republic of Serbia, the transfer will be made in accordance with all rules prescribed by the applicable LPDP, and in accordance with the situation and need, standard contractual clauses prescribed by the Commissioner for Access to Information of Public Importance and Personal Data Protection will apply.
The provision of data by the data subject is not a legal or contractual obligation, when using the possibilities provided by the website. Failure to provide the requested information as a consequence can only lead to the impossibility of establishing the requested contact, necessary for further communication in this way, i.e. the impossibility of using the services available through the website https://www.zslaw.rs/. When processing the data collected through the website, ZS Tax & Consulting doo Beograd-Stari Grad, as the Data Controller, does not use any automated decision-making, nor profiling of the persons to whom the data relates.
The Controller’s website uses the WordFence script to protect the integrity of the network and the information contained on the website. In the event that the Controller ‘s website is the object of an attempt to access the website too many times from the same IP address, or attempts to access the website in order to compromise its integrity and in another illegal way with an illegal purpose, the script collects certain data that can be considered personal data of the person who is trying to access the site illegally. This data includes IP address, geolocation data, hostmail and access attempt time. The legal basis for this type of data processing is the legitimate interest of the Operator, ie the protection of the Operator’s website and the data contained on it, and the purpose of processing is to prevent and prevent further attacks on the stability and integrity of the website. The collected data may also be forwarded to the competent state bodies for the purpose of performing tasks within their competence. WordFence does not collect personal information from users who use the website in the usual way. For more information on how WordFence works, you can view the available documents at: https://www.wordfence.com/. The person whose data were collected retains the rights guaranteed by the applicable LPDP and this policy, with regards that, having in mind the purpose of personal data processing, certain rights may be limited in accordance with the law.