- For data processing of Serbian citizens or residents: https://www.poverenik.rs/en/
- For data processing of European citizens or residents: https://autoriteitpersoonsgegevens.nl/en
- For data processing of British citizens or residents: https://ico.org.uk/
- Party responsible for processing personal data: Brightmarbles Doo Novi Sad, with its registered address at Bulevar oslobodjenja 62 Novi Sad, Serbia, and Company Registration Number 21199931, represented by Naq Cyber B.V. for its European data processing activities (hereinafter: “the controller”).
- Data Protection Authority: Autoriteit Persoonsgegevens Netherlands; Poverenik Serbia; Information Commissioner UK.
- Data Protection laws:
- The EU GDPR 2018;
- The EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation);
- The Serbian Law on Protection of Personal Data 2019; Rulebook on the Manner of Prior Review of Personal Data Processing; Decree on the Form for and Manner of Keeping Records of Personal Data Processing; Rulebook on the Form and Manner of Keeping Record of the Data Protection Officer; Rulebook on the Form of Notification on Personal Data Breach and Manner of Notifying the Commissioner for Information of Public Importance and Protection of Personal Data on Personal Data Breach; Rulebook on the Complaint Form; Decision on the List of Types of Personal Data Processing Operations for Which an Assessment of the Impact on the Personal Data Protection Must be Performed and the Opinion of the Commissioner for Information of Public Importance and Personal Data Protection Must be Sought.
Collection of data
- Your personal data will be collected by Brightmarbles and its data processors.
- Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
- An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
|Customer Identification Information||Consent||Customer management, work planning, direct marketing, administration|
|Employee Identification Information||Consent||Employee management, work planning, administration|
|Supplier or partner Identification Information||Consent||Supplier management, Work planning, administration|
|Customer Financial Information||Consent||Customer management, administration|
|Employee Financial Information||Consent||Employee management, administration|
|Supplier or partner Financial Information||Consent||Supplier management, administration|
|Employee employment or educational history||Legitimate interest/ consent||Employee management|
|Contracts with employees, customers, and suppliers||Legitimate interest/consent||Employee, customer or supplier management, administration|
|Copies of ID||Legitimate interest/consent||Employee management, administration|
How we collect, store, or otherwise process your data
|Description of processing||Type||Third-party recipients|
|Website: cookies; contact form; subscription to the newsletter||Customer identification information||SBB d.o.o. Beograd (hosting)|
|Email: Corresponding with customers, suppliers, and partners||Customer Identification Information, Supplier or partner Identification Information, Customer Financial Information, Supplier or partner Financial Information, Contracts, Copies of ID|
|Administrative activities: Invoicing and collecting payments, keeping business administration||Customer Identification Information, Supplier or partner Identification Information, Customer Financial Information, Supplier or partner Financial Information, Contracts,||Accountancy firm: “AKTIVA SISTEM” doo, Novi Sad|
|Using cloud services for storing and exchanging documents and work planning||Customer Identification Information, Supplier or partner Identification Information, Customer Financial Information, Supplier or partner Financial Information, Contracts||Google; Slack; Skype; JIRA|
Storage and protection of data
Your data is protected by Brightmarbles and its processors in pursuance of all legal requirements set by the relevant data processing laws. Brightmarbles has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. Brightmarbles has signed processing agreements with its processors to ensure an adequate level of data protection.
Your rights regarding information
- Pursuant to Article 13 paragraph 2 sub b GDPR each data subject has the right to information on and access to, and rectification, erasure, and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability.
- You can exercise these rights by contacting us at one of the following email addresses:
- For European and British data subjects: GDPR@naqcyber.com.
- For Serbian data subjects: firstname.lastname@example.org
- Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. Ensure that you write “GDPR request” in the subject line of your email.
- Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
- Depending on the complexity and the number of requests, this period may be extended to two months.
- You may receive commercial offers from Brightmarbles. If you do not wish to receive them (anymore), please send us an email to the following address: email@example.com, and ensure that you write “GDPR opt-out” in the subject line of your email.
- Your personal data will not be used by our partners for commercial purposes.
- If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use, or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Brightmarbles account, system, or other data processing medium in accordance with the process described above.
These conditions are governed by Serbian, British and European law. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.