Privacy Policy

Based on the Law on the Protection of Personal Data ("Official Gazette of the RS", number 87/2018) and Article 198, paragraph 4 of the Law on Business Companies ("Official Gazette of the RS", number 36/2011 ,99/2011,83/2014, - other laws, /2015 and 44/2018) Company: Balkan Roads d.o.o. Belgrade - Vračar, ul. Katanićeva br, 1, registration number: 21599662, Tax ID: 112060732, on 20.07.2020. issued the Rulebook on Personal Data Protection

PURPOSE AND OBJECTIVE OF THE RULES

Article 1.

The Rulebook on Personal Data Protection (hereinafter: the Rulebook) is a general act, i.e. the main document that was adopted for the purpose of more closely regulating the protection of personal data of individuals who are within organization of the Company, or in a specific connection with it (primarily, employees, associates, consultants and individuals engaged in other ways by the Company, as well as individuals with whom the Company has established a certain type of business cooperation, and whose data the Company processes, e.g. users and clients), and in accordance with the Law on Personal Data Protection of the Republic of Serbia ("Official Gazette of RS", No. 87/2018).

BALKAN ROADS DOO BELGRADE-VRACAR, ul. Katanićeva br, 1, ID number: 21599662, PIB: 112060732 (hereinafter: Controller) undertakes to guarantee the confidentiality of personal data within the scope of providing services within the activities of travel agencies, organizing excursions and mediating and selling tourist trips, as well as other tourist services in accordance with the Personal Data Protection Act (hereinafter: the Act). Also, the Controller guarantees security and privacy on the internet platform it uses, which is located at the web address www.belgradewalkingtours.com

The aim of adopting the Rulebook is to ensure legal certainty and transparency regarding the processing of personal data of individuals referred to in paragraph 1 of this article, as well as to determine the legal basis, purpose of processing, types of the data being processed, the rights of individuals regarding the processing of personal data, data protection measures, etc. The Rulebook also establishes the obligations of employees regarding the protection of personal data of individuals, in accordance with the law.

The term "employee" includes, except for employees in the sense of the Labor Law, and individuals engaged on the basis of work contracts, copyright contracts, contracts on the provision of consulting services, and the like, and which contracts contain a clause obliging the person engaged by the Company to comply with the provisions of this Rulebook, the text of which is an attachment and an integral part of each individual contract.

II TERMS AND ABBREVIATIONS

Article 2.

III PERSONAL DATA PROCESSED BY THE HANDLER

Article 3

The company can process the following personal data of employees:

The company does not process a larger number or other type of personal data than is necessary to fulfill the stated purpose. If the processing of special types of data is carried out on the basis of the person's consent (for example, in order to adapt the training conditions to the health condition of the participants), that consent must be given in writing, which includes detailed information about the type of data being processed, the purpose of the processing and the method of processing data.

The Company may process the following user/customer personal data:

The Company may process the following personal data of job candidates:

When announcing a job vacancy, the Company does not determine the format of the work resume, but the candidate is left to determine it himself. In this sense, the Company can come into possession of a larger volume of data than presented, at the will of the job candidate. All collected data is stored for a period of up to 1 year for the purpose of subsequent assessment of the need to hire job candidates.

IV SOURCES OF PERSONAL DATA

Article 4

The company collects (electronically, in writing or verbally) personal data directly from the person to whom the data relates: an employee, user or client.

The Company may collect data on employees and job candidates from other sources, primarily former employers, provided that the data is relevant for employment. All data, which are not necessary for processing for the presented purposes, will be permanently deleted.

FOR THE PURPOSE OF DATA PROCESSING

Article 5

The company processes personal data for the purposes specified in the provisions of Articles 6-9 of this Rulebook.

No more data or a wider range of data is processed than is necessary to achieve the stated purposes.

VI RECRUITMENT AND HUMAN RESOURCE MANAGEMENT

Article 6

The Company processes personal data for the purposes of establishing and implementing an employment relationship, including other contractual relationships on the basis of which the Company hires associates and consultants, such as data for the purposes of determining adequacy and qualifications of candidates for certain jobs, for managing working hours and absences, for calculating wages, travel expenses and daily allowances, for determining benefits based on sick leave and other forms of absence from the workplace, for evaluating the progress of employees, for providing additional training and education and for disciplinary procedures.

VII BUSINESS ACTIVITIES

Article 7

The company is engaged in the activity of travel agencies, organization of excursions and mediation in the sale of tourist arrangements in the country and abroad.The company processes personal data for the purposes of organizing tourist arrangements, that is, for the needs accommodation, transportation and accompanying travel documentation. Data during registration is collected directly from the parties in our premises, via e-mail or through an intermediary. Also, if the parties are from another city or country, the data is received by e-mail.

When booking accommodation, the following information is used: name, surname and date of birth, passport or identity card number, phone number, email address, and in some cases a copy of the first page of the passport is also taken. In a situation where we act as an intermediary in the visa application process, we also take information about employment and marital status from the passenger.

Other data such as e-mail and mobile phone are used for the purposes of communication with customers and sending notifications about the time of departure for a trip, notifications about new offers, etc.

Data is stored in our database.

When making a travel insurance policy, we enter the data into the system of the insurance company, where all the mentioned data are entered and the policy is issued from their system.

In accordance with the Law on Tourism, we store all documentation on sold tourist trips, which include travel contracts with individuals and their data, in our reservation system for two years, after which we delete the data from the system .

The data is not used for other purposes, nor is it sent to third parties.

VIII COMMUNICATIONS, INFORMATION TECHNOLOGIES AND INFORMATION SECURITY

Article 8

The company processes personal data for the purpose of managing and maintaining the functioning of the communication and information network, and maintaining information security.

IX COMPLIANCE OF BUSINESS WITH RELEVANT REGULATIONS

Article 9

The company processes personal data for the purpose of fulfilling legal obligations and harmonizing operations with relevant legal regulations, primarily in the domain of labor and tax legislation.

X ACCESS AND TRANSFER OF PERSONAL DATA

Article 10

Only the Controller and employees of the Controller have access to personal data.

Personal data will be accessible to third parties outside the Controllers only in the following cases:

Processors of personal data do not have the right to process personal data submitted to them for other purposes, except for the performance of tasks assigned to them by the Controller, based on the Agreement. Processors are obliged to comply with all written instructions of the Controller. The Controller undertakes all necessary measures to ensure that the engaged processors strictly comply with the Personal Data Protection Act and the written instructions of the Controller, as well as that they have taken appropriate technical, organizational and personnel measures for protection personal data.

The controller also collects personal data from travelers, i.e. clients from other countries for the purpose of implementing the Travel Agreement. 

The controller transfers personal data to other countries and international organizations for the purpose of implementing the Travel Agreement.

The controller processes personal data in the Republic of Serbia.

XI DATA STORAGE PERIOD

Article 11.

Personal data will not be kept longer than it is necessary to achieve the purpose for which they were processed. If the period of storage of personal data is prescribed by law, the Company will keep the data within the given legal period. After the purpose has been fulfilled, i.e. the expiration of the legally prescribed period for data storage, the data will be permanently deleted.

In accordance with the Law on Tourism, we store all documentation on sold tourist trips, which include travel contracts with individuals and their data, in our reservation system for two years, after which we delete the data from the system .

The data is not used for other purposes, nor is it sent to third parties.

In certain cases, personal data may be stored for a longer period of time, for the purposes of fulfilling legal obligations or to establish, exercise or defend a legal claim, in accordance with applicable laws.

Personal data about employees as well as former employees are stored permanently in the Company's personnel records in accordance with the Law on records in the field of work.

XII THE RIGHTS OF PERSONS WITH REGARD TO THE PROTECTION OF PERSONAL DATA

Article 12

The data subject has the right to object to the processing of personal data for the purpose of direct marketing and to request the restriction of processing in some other cases.

In the event that the person to whom the data refers is not satisfied with the Company's response to the request for the fulfillment of rights regarding the protection of personal data, he has the right to file a complaint with the Commissioner for Information of Public Importance and Protection personal data (https://www.poverenik.rs/sr/).

XIII EMPLOYEE OBLIGATIONS

Article 13

Employees are obliged to provide their personal data, which are necessary for the Company to fulfill its legal obligations, as well as to carry out current business.

Employees are obliged to respect and protect the personal data they process during work, in accordance with personnel, technical and organizational measures prescribed by the Manager, i.e. the employer, with the aim of protecting the integrity of personal data and the rights of the individuals to whom the data refer.

Employees can process only those data to which they are allowed access, in accordance with the tasks they perform.

XIV MANUAL AND PERSONAL DATA PROTECTION PERSONALITY

Article 14

Controller:

Controller contact information:

Name of controller: BALKAN ROADS DOO BELGRADE-VRAČAR
Address: ul. Katanićeva no. 1, Vračar
Contact phone: 0112040331
Mail: office@belgradewalkingtours.com

Person designated for the protection of personal data

Interested individuals whose data is subject to processing by the Controller can exercise their rights regarding the protection of personal data as well as all questions and dilemmas regarding their rights to the protection of personal data in contact with the person for the protection of personal data.

The person designated for the protection of personal data for the Controller is:

Name and surname:  Miloš Janković, ul. Vidikovački venac 77
Contact phone 0658585851
Mail: office@belgradewalkingtours.com

According to Article 58 of the ZZPL, the obligations of person designated for the protection of personal data are:

The controller informed the Commissioner about the person designated for the protection of personal data on the prescribed Form and to the required email address licezazastitu@poverenik.rs.

XV TRANSITIONAL AND FINAL PROVISIONS

Article 15.

This rulebook applies from 07/20/2020. i.e. from the date of commencement of the Law on the Protection of Personal Data.