Privacy Policy

Introduction

The trust of our customers is our top priority. For this reason, we process their information carefully and take appropriate security measures to protect their data. This Privacy Notice is important to inform and raise awareness of how we collect, use, access or otherwise process personal data at this website. This Privacy Notice does not apply to data processing that occurs on other websites. The owner of this website (‘we’, ‘us’, ‘our’) is:

FAZI DOO,

Ustanicka 170V, lokal L2/I,

11000 Belgrade, Serbia

This Privacy Notice provides information about what kind of personal data is processed, how and for what purpose we need this personal data, ensures the equal and secure treatment of personal data, informs about the rights of data subjects and contributes to our accountability in terms of data protection.

 

Key explanations

In order for us to comply with our legal and contractual obligations, to conduct our business safely and efficiently, and for other specific purposes described in this Privacy Notice, we need to process certain personal data. Personal data means any information that relates to an identified or identifiable living individual. Various information that, when collected or combined with other information, may lead to the identification of a specific individual is also personal data.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

When personal data of the website users are processed, the users are considered data subjects and are entitled to exercise the rights guaranteed by the relevant data protection laws, which are explained in this Privacy Notice. Since we determine the purposes and means of the processing of personal data, we are legally considered to be the controller of personal data.

 

Types of personal data we process and purpose of processing

We may process various categories of personal data to enable our users to use the services available on this website, but also to improve the user experience, develop our services and ensure and maintain the regular functionality of the website. For more information about the types of data we process and the purposes for which we process it, please see below.

Personal Identifiable Information (PII) – When a user creates an account on this website, we process the user’s email address, username, and user ID, which is assigned by our system.

PII is processed so that we are able to distinguish users on this website. The email address is processed not only to communicate with users, but also as an access authorization in combination with the setup password.

Electronic Identification Data – When a user logs in to our website, we process the IP address of the device used, the type and version of the browser and operating system, the time of login, the screen resolution, and data on the web technologies supported by the browser.

We process electronic identification data to enable communication between users’ devices and our servers, for analytics purposes (for more information on how we process your data for analytics purposes, see our Cookie Policy ), and to ensure that the content available on our website is accessible to users. We may also need this data to resolve technical issues if they arise.

 

How we protect personal data

We take all steps that are reasonable in the circumstances to apply our practices, procedures and systems relating to personal data to ensure that we comply with applicable laws, including the GDPR. We do not collect and store personal data for longer than is necessary for the purposes explained above. When the purpose of processing personal data expires, we irrevocably delete the data.

We implement technical and organizational measures in accordance with good industry practice to ensure the appropriate security of personal data against accidental or unlawful loss, alteration, theft, unauthorized disclosure or access, unauthorized use and all other unlawful forms of processing.

We may share personal data with third parties to provide our services on a regular basis and/or to develop our services. We will take all measures vis-à-vis the recipients of personal data to ensure an adequate level of protection and appropriate safeguards as set out in applicable data protection laws and in particular in GDPR. Therefore, we will enter into data protection agreements with the recipients of your data where necessary and ensure that appropriate safeguards are in place.

 

Data subject rights

The applicable laws, including the GDPR, provide the following rights to data subjects:

  • Right of access – Data subjects may request information about the personal data we process, the legal basis and purposes of the processing, the categories of recipients of stored personal data and other information about personal data;
  • Right to rectification – Data subject may request us to rectify or complete their personal data if they consider that data is incomplete or inaccurate;
  • Right to erasure – Data subject have the right to request the erasure of personal data concerning them to be deleted if there is no other legal basis justifying further retention;
  • Data portability – Data subjects have the right to request that their personal data be transferred to another organization;
  • Right to object – Data subjects have the right to object to the processing of personal data in a situation where such processing is based on tasks carried out in the public interest or based on a legitimate interest;
  • Right to restriction of processing – Data subjects have the right to request that the personal data not be processed for the period of deciding about his/her complaint, when the lawfulness of the data processing is challenged, punctuality of the data is challenged, when the legitimate interest overrides the rights of data subjects and in situations where data subjects want their data to be kept for possible legal claims;
  • Data subjects have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Commissioner for Information of Public Importance and Personal Data Protection of Republic of Serbia.

Please note that for the purpose of providing services on this website, we do not use profiling tools or fully automatic decision-making processes.

We must emphasize that there are exceptions/restrictions to these rights. For instance, access to personal information may be denied in certain circumstances where providing the information would reveal personal information about another person or where we are prevented by law from disclosing such information.

If you have any questions about the processing of your personal data as explained in this Privacy Notice or would like to exercise any of your rights listed above, please send us an email at legal@fazi.rs.

 

Endnotes

We reserve the right to change this Privacy Notice at any time. If we change the material content of the Privacy Notice, we will notify our users through our services, or by other means and provide them with an opportunity to review the changes before they become effective.

This Privacy Notice is effective from the 1st of September 2023.