Dear website visitors, company premises visitors, and our clients,
DELTA DISTRICT DOO Belgrade hereby informs website visitors, company premises visitors, and clients/potential clients of the Company, or any other person (hereinafter collectively referred to as: "Client") whose personal data is collected by the Company (hereinafter: "Personal Data"), about all significant aspects of the collection and processing of their Personal Data, fully respecting their privacy. The collection and storage of Personal Data are conducted in accordance with the Law on Personal Data Protection (“Official Gazette of the Republic of Serbia” no. 87/2018 – hereinafter: “Law”), as well as the EU General Data Protection Regulation (EU 2016/679, hereinafter: "GDPR"), where applicable. In cases where Personal Data of Clients who are citizens of EU member states is processed, the Company will also apply GDPR provisions to the extent applicable.
The Company has published this Privacy Policy to protect the privacy of each Client and to inform the Client about which Personal Data the Company collects, the purpose and legal basis for processing it, how the Data is protected and collected, as well as the Client's rights concerning their Personal Data.
For all questions regarding personal data protection, you can contact the Company at the email address: gdpr@deltaholding.rs
Key definitions from the law on personal data protection of the Republic of Serbia
- “Personal Data” means any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier; - “Processing of Personal Data” means any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction; - “Sensitive Data” refers to data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual life or sexual orientation, genetic information, criminal record, and biometric data used for unique identification purposes. The Company does not collect sensitive data from the Client unless the Client voluntarily provides it or if the Company is required to do so by applicable regulations. - “Personal Data of Children” refers to individuals under the age of 18. The Company does not collect data from children under 18 and requires the Client to confirm they are 18 or older. Legal representatives (parents or legal guardians) should not allow children to provide their Personal Data without consent and supervision.
Personal data collected and processed by the company includes:
1. Name and surname;
2. Contact phone number;
3. Email address;
4. Client's comment text in free form.
Methods of collecting personal data
- Personal Data is collected directly from the Client or from other sources.
1. Direct collection of personal data from the client
a) Service provision to the client
To timely provide the service for which the Client engaged the Company, the following Personal Data is required: Name and surname, contact phone number, email address. The Company processes the Personal Data of the Client's legal representative/contact person/authorized person based on multiple grounds. Providing Personal Data is a contractual obligation necessary for concluding/executing the contract. Additionally, if an invoice is issued to the Company containing the Personal Data of the Client's legal representative/authorized person, the Company will store it to fulfill legal obligations (tax and accounting regulations). Such data is stored for five years. When processed based on a contract, Personal Data is kept for five years. When processed based on consent, it is kept until the consent is withdrawn.
b) Visits to company premises
Personal Data is processed to protect property and general security of persons in the Company's premises. Personal Data - Name, contact phone, email address - is stored for one year unless an event triggers legal action, in which case it is kept until the final conclusion of the procedure.
c) Marketing and promotional activities
During product promotions and other activities, the Company may collect Personal Data such as name, contact phone, and email address to inform the Client about news and benefits. This data is stored until the consent is withdrawn.
d) Website visits and use – www.deltadistrict.rs
Personal Data is collected via cookies. More information is available in the Cookie Policy.
e) Newsletter subscription
By subscribing to the newsletter, the Client consents to the collection of their name and email address. The purpose is to send notifications about special offers, news, and events. Data is stored until consent is withdrawn.
f) Contacting company employees
When the Client contacts employees via phone, website, or social media, they consent to the collection of their name, email, phone number, and comment text for communication purposes.
2. Personal data provided by third parties
In cases where the Client provides Personal Data of third parties, the Company assumes that the Client is authorized to do so. The Company is not responsible for processing such third-party data.
Purpose of data collection
The purpose includes:
- Compliance with legal obligations;
- Conclusion and execution of contracts and pre-contractual actions;
- Protection of property and general safety;
- Invitations to events, maintaining communication, and cooperation.
Legal basis for data processing and collection methods
The legal basis includes:
- Client consent
Personal Data collected based on consent is processed and stored until consent is withdrawn. Withdrawal does not affect the legality of prior processing.
- Contract execution
Personal Data necessary for contract conclusion and execution. Without it, the Company cannot process the Client's request or conclude a contract.
- Legitimate interest
Processing for the Company's legitimate interests, particularly property protection and general safety.
- Legal obligations
Processing to fulfill legal obligations, stored within legal timeframes.
Recipients and third parties
Personal Data is disclosed to certain recipients, such as affiliated entities, employees, security services, legal service providers, IT service providers, external auditors, accounting and bookkeeping agencies. Data will not be shared with other recipients or transferred to other countries.
Data retention periods
- Data collected by law is stored for the legally specified time.
- Data collected under contract is stored for five years.
- Data processed solely based on consent is stored until consent is withdrawn.
- Data processed for legitimate interests is stored permanently or for 30 days in cases of
incidents, extended if legal action is initiated.
Client rights regarding personal data processing
Clients have the right to:
- Request information on data processing and access to their data;
- Request correction, addition, or deletion of their data and object to processing;
- File a complaint with the Commissioner for Information of Public Importance and
Personal Data Protection;
- Ensure inaccurate data is corrected without delay and complete incomplete data;
- Restrict data processing if certain conditions are met;
- Be informed about data recipients regarding corrections, deletions, or restrictions;
- Receive their data in a structured format and transfer it to another controller;
- Object to data processing based on their specific situation;
- Not be subject to decisions based solely on automated processing, including profiling.
Procedure in case of data breach
If a data breach poses a high risk to rights and freedoms, the Company must notify the affected individual without undue delay, in accordance with the Law. In case of a risk to Client rights and freedoms, the Company must inform the Commissioner within 72 hours of becoming aware of the breach.
Transfer of personal data to other countries
Data transfer without prior approval is allowed if the receiving country/organization ensures an adequate level of protection as determined by the Decision on the list of countries ensuring adequate protection (“Official Gazette RS”, no. 55/2019). However, no such transfers occur in this case.
Links to third-party websites and services
The Company's website may contain links to third-party websites. Clients should be aware that the Company is not responsible for the collection, use, maintenance, sharing, or disclosure of data and information by third parties. If the Client provides information on third-party sites and uses those sites, the privacy policies and terms of use of those third parties will apply. The Company always recommends that Clients read the privacy policies of websites they visit before submitting Personal Data.
By clicking the LinkedIn, X, Facebook, Instagram, TikTok, or YouTube buttons on the Company's website, the Client accepts the possibility that data about their visit to the Company's website may be processed by these social networks if they have an account on them. To avoid this situation, the Company advises the Client to log out of their user accounts on the respective social networks before clicking on the link on the Company's website to visit the pages of these social networks.
Data confidentiality and transparency
Client's personal data will be treated as confidential information, and the Company will take appropriate measures to protect them in accordance with the Law. Access to the data will only be granted to individuals who, based on their job description, need to be familiar with the Personal Data and only to the extent necessary to perform their duties.
This Privacy Policy is available on the website www.deltadistrict.rs.
If we decide to change our Privacy Policy, the changes will be posted and published on the website www.deltadistrict.rs.
This Privacy Policy is issued by the Company's director, who has the right to make amendments and supplements to the Privacy Policy when necessary. The Company's Privacy Policy is binding from the date of issuance.
If you have any questions or suggestions regarding the processing of your personal data, please do not hesitate to contact the Company at email: gdpr@deltaholding.rs.
