Privacy policy

Dear Website Visitors, Visitors to the Company’s Premises, and Clients,

The Company DELTA DISTRICT DOO Beograd hereby informs website visitors, visitors to the Company’s premises, and Clients/potential Clients of the Company, as well as any other individuals (hereinafter collectively referred to as: “Clients“) whose Personal Data the Company collects (hereinafter referred to as: “Personal Data“), about all relevant aspects of the collection and processing of their Personal Data, with the utmost respect for their privacy. The collection and storage of Personal Data are performed in accordance with the Law on Personal Data Protection (“Official Gazette of the Republic of Serbia” No. 87/2018 – hereinafter referred to as: “Law”), as well as with the EU General Data Protection Regulation (EU 2016/679, hereinafter referred to as: GDPR), where applicable. In the event of processing the Personal Data of Clients who are citizens of any EU member state, the Company will also apply the provisions of the GDPR to the extent that it is applicable.

The Company has published this Privacy Policy to protect the privacy of each Client and to inform the Client about which Personal Data the Company collects, for what purpose, and on what basis they are processed, how the Data is protected and collected, and what rights the Client has regarding their Personal Data.

You can contact the Company regarding any questions concerning the protection of Personal Data at the following email address: gdpr@deltaholding.rs

Key Definitions of Terms from the Law on Personal Data Protection of the Republic of Serbia

“Personal Data” refers to any information relating to a natural person whose identity is determined or determinable, directly or indirectly, in particular, based on an identity tag;

“Processing of Personal Data” refers to any action or set of actions performed automatically or manually on Personal Data or sets of Personal Data, such as collection, recording, sorting, grouping, structuring, storing, adapting or altering, disclosing, accessing, using, transmitting or providing, duplicating, disseminating, or otherwise making available, comparing, restricting, deleting, or destroying.

“Sensitive Data” refers to data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, health, sexual life or sexual orientation, genetic information, criminal records, and biometric data used for the purpose of unique identification.

The Company does not collect the Client’s Sensitive Data unless the Client voluntarily provides it or if the Company is required to do so by applicable regulations.

“Personal Data of Children” refers to individuals under the age of 18.

The Company does not collect data from individuals under the age of 18 and requires confirmation from the Client that they are 18 years of age or older. The legal representative (parent or legal guardian) should not allow children to make their Personal Data available without their permission and consent.

The Personal Data of the Client that are collected and processed by the Company includes:

1. Full name;
2. Phone number;
3. E-mail address;
4. The text of the Client’s comment written in free form.

Methods of Collecting Personal Data

Personal Data is collected directly from the Client, as the individual whose data is being processed, or from other individuals.

1. Direct collection of Personal Data from the Client whose data is being processed.

A) Providing services to the Client

To ensure the timely provision of the service for which the Client has engaged the Company, it is essential for the Company to possess the following Personal Data of the Client: Name, phone number, e-mail address.

The Company processes the Personal Data of the Client’s legal representative/contact person/authorized person on several grounds.

The Company processes the Client’s Personal Data based on the conclusion and performance of the contract or for taking actions at the Client’s request prior to the conclusion of the contract. The provision of Personal Data of the legal representative/contact person/authorized person is a contractual obligation for the Client, meaning that the provision of Personal Data is a necessary condition for the conclusion/performance of the contract. Therefore, the legal representative/contact person/authorized person of the Client is obligated to disclose the Personal Data to the employees of the Company. Otherwise, the Company will not be able to conclude and perform the specific contract.

Additionally, in the event that an invoice is issued to the Company, the received invoice, which may contain the Personal Data of the legal representative/authorized person of the Client, will be stored in the Company’s databases for the purpose of fulfilling legal obligations (tax and accounting regulations). For clarification, in this event, the Personal Data on invoices is not processed separately, while the invoices are kept in the Company’s databases for a period of five years.

When Personal Data is processed based on the conclusion and performance of a contract or for the execution of an action that is part of the pre-contractual phase, the purpose of processing Personal Data is the conclusion of the specific contract or the performance of the contract. Actions related to the execution of a contract often involve making Personal Data available to third parties in order to fully fulfil the contract.

When Personal Data is processed based on the fulfilment of obligations, the Company will use such data solely for the purpose of issuing a proforma invoice or an invoice in accordance with the relevant regulations of the Republic of Serbia.

Furthermore, when we process Personal Data based on the Client’s consent, the Company will use the Personal Data exclusively to maintain communication and invite to events, including the period after the termination of the specific contract. In this event, since the legal basis for processing is the Client’s consent for the stated purposes, please be aware that you can withdraw your consent at any time by sending a request to the following e-mail address: gdpr@deltaholding.rs. The withdrawal of consent does not affect the lawfulness of processing that was performed based on consent before its withdrawal.

When the Company processes the Client’s Personal Data based on a concluded Contract, the Personal Data is stored in its databases for a period of five years. On the other hand, when processing Personal Data based on consent, the Company retains the Personal Data in its databases until the consent is withdrawn.

The Personal Data processed by the Company in order to fulfill legal obligations is stored in its databases for the period defined by the Law (five years from the date of issuance of the invoice or proforma invoice).

b) Client visits to the business premises of the Company

The Company processes the Client’s Personal Data to protect property and ensure the general safety of individuals present in the Company’s premises, as well as for the personal safety of the Client during their visit to our offices, or for the purpose of collecting data in the event of emergencies (such as theft, property damage, etc.).

Accordingly, the Company processes the Client’s Personal Data based on a legitimate interest, which consists of preserving the safety of property and individuals present on the Company’s premises, as well as preventing emergencies or collecting data in the event of such incidents.

The Company retains Personal Data – name, full name, phone number, and e-mail address – in its database for a period of one year unless an event occurs that initiates a legal proceeding, in which event the data is retained until the legal procedure is concluded with finality or until the statute of limitations applies, in accordance with the Law.

After the expiration of the specified periods, the data will be deleted or destroyed.

c) Marketing and other promotional activities of the Company

During the promotion of the Company’s products and other promotional activities, the Company may collect the following Personal Data of the Client: Full name, contact phone number, and e-mail address, in order to inform the Client about all the news and benefits that the Company prepared.

The purpose of processing the aforementioned Personal Data is the promotion and marketing of the Company, as well as surveying of Clients who purchase products and services.

The Personal Data stated above are stored in the Company’s database as long as the Client does not revoke their consent.

d) Access and use of the website – www.deltadistrict.rs

When the Client accesses and uses the Company’s website, Personal Data are collected through cookies, as detailed in the Cookie Policy.

e)Subscription to the newsletter

When subscribing to the newsletter, the Client gives consent to the Company to collect the following Personal Data: Full name and e-mail address. 

The purpose of processing the mentioned Personal Data is to send notifications about special and personalized offers, news, and events organized by the Company, online promotions, and other promotional activities. 

The Personal Data stated above are stored in the Company’s database as long as the Client does not revoke their consent.

f) Contacting Company employees

In situations where the Client contacts (by phone, through our website, or social media) the employees of the Company to respond to various inquiries regarding the Company’s products and services or leaves a specific comment in the form of free text, they are giving consent to the Company to collect the following Personal Data: Full name, e-mail address, phone number, as well as the content of the Client’s comment written in free form.

The purpose of processing the mentioned Personal Data is to establish communication with the Client in order to respond to inquiries or to clarify requests. Providing the stated Personal Data is a necessary condition for establishing communication between the Client and the Company. Otherwise, the Company would not be able to respond to the Client’s inquiries.

2. Personal Data provided by other persons

There could be cases where the Client may provide the Company with the Personal Data of a third person, in which case the Company will consider that the Client was authorized by such a person to act in this manner, and under no circumstances will the Company be held responsible for the processing of Personal Data of the third person.

Purpose of Data Collection

The purposes of collecting data are:

Inviting to events, establishing and/or maintaining communication and cooperation.

Compliance with legal obligations of the Company (laws and by-laws);

Conclusion of contracts and execution of concluded contracts, as well as taking actions prior to the conclusion of contracts;

Protection of property and general safety of individuals;

Legal Basis for Data Processing and Data Collection Methods

The legal bases for data processing are:

• The Client’s consent

The Client’s Personal Data obtained by the Company based on the Client’s consent will be processed and stored as long as the Client’s consent remains valid, or until the consent is eventually revoked by the Client. The Client can withdraw their consent for the collection, processing, and use of their data at any time by sending an electronic request to the following e-mail address: gdpr@deltaholding.rs

The withdrawal of consent does not affect the lawfulness of the processing of Personal Data performed based on the Client’s consent before the withdrawal.

• Execution of Contractual Obligations

The Company collects Personal Data that is necessary for the conclusion and execution of the contract with the Client and for fulfilling pre-contractual obligations. If the Client does not provide the necessary Personal Data, the Company will not be able to process the Client’s request or conclude a contract with them.

• Legitimate Interest

The Company processes Personal Data to protect its legitimate interests. The legitimate interests of the Company particularly include the protection of property and the general safety of individuals.

• Compliance with Legal Obligations

To the extent that the processing of the Client’s Personal Data is necessary for fulfilling the legal obligations of the Company, or obligations defined by various laws, the Company processes and stores the Client’s Personal Data within the legal deadlines.

Recipient and Third Party

The Company discloses Personal Data to certain recipients, i.e., third parties, as follows: related entities in the territory of the Republic of Serbia, employees, companies providing security services for premises, property, and individuals, legal service providers, IT service providers, external auditors, and accounting and bookkeeping agencies.

The Company will not make the Client’s Personal Data available to other recipients or third parties, except in the event specified in this Privacy Policy, nor will personal data be transferred to other countries.

Retention Period of Personal Data

• Personal Data collected by the Company based on legal grounds must be kept for the period determined by the relevant law or other applicable regulations.
• Personal Data collected by the Company based on a contractual relationship are kept for a period of five (5) years.
• Personal Data processed solely based on the Client’s consent are kept until the consent is revoked.
• Personal data processed by the Company due to legitimate interest are kept permanently or for a period of 30 days. – Data on extraordinary events are kept unless an event occurs that initiates legal proceedings, in which case they are kept until the final resolution of the proceeding or until the statute of limitations expires in accordance with the law.

Client’s Rights Regarding the Processing of Personal Data

Individual to whom the Personal Data relates has the following rights:

• To request information from the Company about whether it processes their Personal Data and access to those data;
• To request from the Company the correction, amendment, or deletion of their Personal Data and the right to object to the processing of such data;
• To file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection;
• To have his inaccurate Personal Data corrected without undue delay. Depending on the purpose of processing, the Client has the right to complete their incomplete Personal Data, which may include providing an additional statement;
• To restrict the processing of Personal Data by the Company if one of the following conditions is met:
• The individual to whom the Personal Data relates disputes the accuracy of the Personal Data, within a period that allows the Company to verify the accuracy of the Personal Data;
• The processing is unlawful, and the individual to whom the data relates objects to the deletion of the Personal Data and instead requests the restriction of the use of the Personal Data;
• The Company no longer needs the Personal Data for the purposes of processing, but the individual to whom the data relates has requested it for submitting, exercising, or defending a legal claim;
• The individual to whom the data relates has filed an objection to the processing in accordance with Article 37, paragraph 1. of the Law, and an assessment is ongoing to determine whether the legal basis for processing outweighs the interests of the individual.

The Company is required to inform all recipients to whom Personal Data has been disclosed about any correction, amendment, deletion of Personal Data, or restriction of their processing in accordance with the Law unless that is impossible or would require excessive time and resources. The Company is obliged to inform the person to whom the data relates, at his request, about all recipients.

The person to whom the data relates has the right to receive their personal data previously provided to the Company in a structured, commonly used, and electronically readable format, and has the right to transfer this data to another controller without hindrance from the controller to whom the data was provided, in accordance with the Law.

If the Client believes it is justified based on their specific situation, they have the right to object at any time to the processing of their Personal Data by the Company, in accordance with the Law.

The Client to whom the data pertains has the right not to be subject to a decision based solely on automated processing, including profiling, if such a decision has legal consequences for them or significantly affects their position.

Procedure in the Event of Personal Data Breach

If a Personal Data breach may result in a high risk to the rights and freedoms of individuals, the Company is obligated to inform the person to whom the data relates of the breach without undue delay, in accordance with the Law.

In the event of a Personal Data breach that may pose a risk to the rights and freedoms of Clients, the Company is obligated to notify the Commissioner for Information of Public Importance and Personal Data Protection without undue delay, or, if possible, within 72 hours of becoming aware of the breach. The notification provided to the competent authority contains all the information in accordance with the Law.

Transfer of Personal Data to Other Countries

The transfer of Personal Data to another country or international organization without prior approval can be performed if it is determined that the other country/international organization provides an adequate level of protection for Personal Data. In this regard, the Decision on the List of Countries, Parts of Their Territories, or One or More Sectors of Specific Activities in Those Countries, and International Organizations in Which it is Considered That an Adequate Level of Protection of Personal Data is Ensured (“Official Gazette of the Republic of Serbia”, No. 55/2019)( hereinafter referred to as: “Decision”) has established where an adequate level of protection of Personal Data is considered to be ensured. However, in this specific case, there is no transfer of data to other countries.

Links to Third-Party Websites and Services

The Company’s website may contain links to third-party websites. The Client should be aware that the Company is not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by third parties. If the Client provides information on third-party websites and uses those websites, the privacy policies and terms of use of those third parties will apply. The Company always recommends that the Client read the privacy policies of the websites they visit before submitting Personal Data.

By clicking on the LinkedIn, X, Facebook, Instagram, TikTok, or YouTube buttons on the Company’s website, the Client accepts the possibility that data regarding their visit to the Company’s website may be processed by the mentioned social networks if they have an user account on them. To avoid this situation, the Company advises the Client to log out of their user accounts on the respective social networks before clicking on the links on the Company’s website to visit the pages of the mentioned social networks.

 Data Confidentiality and Transparency

The Client’s Personal Data will be treated as confidential information, and the Company will take appropriate necessary measures to protect them in accordance with the Law. Only individuals who, due to the nature of their job, need to be familiar with the Personal Data will have access to them, and only to the extent necessary for the performance of their duties.

This Privacy Policy is available on the website www.deltadistrict.rs.

If we decide to amend our Privacy Policy, the changes will be posted and published on the website www.deltadistrict.rs.

This Privacy Policy is adopted by the Company’s Director, who has the right to make amendments to the Privacy Policy whenever necessary. The Privacy Policy is binding for the Company from the date of its adoption.

If you have any questions or suggestions regarding the processing of your Personal Data, do not hesitate to contact the Company at the e-mail: gdpr@deltaholding.rs