Privacy Policy

EGT Group Ltd. Belgrade is the data controller for personal data and processes it in accordance with applicable regulations, specifically the Law on Personal Data Protection (“Official Gazette of RS”, no. 87/2018), as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (where applicable).

The data subject refers to any individual or representative of a legal entity whose personal data is processed.

 

Field of application

This privacy policy applies to all personal data we collect, use, or otherwise process, directly or through our partners or third parties. Personal data refers to any information relating to an identified or identifiable natural person, directly or indirectly (hereinafter referred to as “data” or “personal data”). Data processing includes any action performed on personal data, such as collection, recording, storage, use, transmission, and access to personal data.

This privacy policy applies to all services and products offered by EGT Group that involve the processing of any personal data.

The policy primarily applies to individuals and individuals representing legal entities who submit requests, use our services and products, or are interested in using our services and products.

The policy does not apply to anonymous data. Anonymous data is data that has been modified in such a way that it cannot be linked to a specific individual without disproportionate effort and is therefore not considered personal data in accordance with applicable regulations.

 

Processing of personal data

Lawfulness, transparency, and responsible behavior

We are committed to ensuring lawful, fair, and transparent processing of personal data by implementing the following measures:

a) providing clear and transparent information to data subjects regarding the purpose, manner, and type of processing of personal data at the time of data collection;

b) processing is necessary for the performance of a contract or agreement with the data subject (e.g., customers and clients, employees, potential clients) or is based on the prior consent of the data subject.

c) processing is necessary for compliance with a legal obligation applicable to EGT Group as the data controller (e.g., sharing personal data of employees with external institutions based on concluded employment contracts).

 

Purpose Limitation

EGT Group processes personal data for specific, explicit, justified, and lawful purposes and cannot process them in a manner that is inconsistent with those purposes or the terms you have accepted.

If personal data is intended to be processed for other purposes, the proposer of the new processing of personal data conducts a data protection impact assessment and, if necessary, obtains the consent of the data subjects.

 

Minimal Data Scope

Personal data about the data subject is collected only to the extent necessary to fulfill the purpose for which the data is processed.

Additional personal data is obtained with the consent of the data subjects for the purpose of fulfilling specific requirements.

 

Accuracy of Data

The accuracy of personal data is ensured through the implementation of automatic and manual controls, including the processing of personal data.

 

Data Retention Limitations

All data is stored within legally determined retention periods and within the timeframes necessary to achieve the purpose of processing.

In the case of processing personal data after the expiration of the retention period, for purposes such as statistical analysis, all data will be anonymized in a way that makes it impossible to identify the individual to whom the personal data relates.

 

How We Collect Personal Data

We collect personal data in the following ways:

· Primarily, we collect data directly from the data subjects, where they provide us with the information. The most common example of such data collection is when individuals submit requests for a particular service or product, either online or in person. In such cases, the data subject provides us with the necessary information and documents for identification purposes (e.g., name, address, identification document details, personal identification number, etc.). Additionally, we collect data during communication with the data subject via phone, website, social media, complaint resolution processes, etc.

· We collect data that is generated automatically when the data subjects use our services and/or products, including our website. For example, data such as IP address and user location is automatically collected on our server.

· We collect data from publicly available sources, such as data from the business register or data that you have made publicly accessible.

 

The prerequisite for collecting any personal data about the data subjects is the existence of an appropriate legal basis based on the law.

 

Types of Data We Collect

The personal data of the data subjects that we collect and protect include, among others, the following data:

a) Identity of the individual – name and surname, company name;

b) Address of the individual – IP address of the individual’s device;

c) Contact information of the individual – telephone number (landline and/or mobile), email address;

d) Social identity – /

e) Financial data – /

f) Business data of legal entities – in cases where the individual represents a legal entity.

 

Purposes of Using the Collected Data

We consider the personal data of the data subjects as their property, and we treat them accordingly. However, in order to provide the service to the data subject in accordance with the legal bases mentioned below, it is necessary to process a minimal set of data required for the quality provision of a specific service or product from our offer. Otherwise, if the data subject refuses to provide the requested set of data, we will not be able to provide the appropriate service. In accordance with the above, personal data is processed when one of the following conditions is met:

a) Processing is necessary for the performance of a contract in which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract. Depending on the service and data collection method, it is possible that the contract is automatically concluded by accepting the terms and privacy policy.

b) Processing is necessary for compliance with legal obligations when, for any reason, we are required to provide collected data about an individual, whether a natural person or a legal entity, to government institutions.

c) Processing is necessary for the legitimate interests pursued by EGT Group or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects. They require the protection of personal data, especially when it concerns a minor whose data is being processed. Under legitimate interest, we understand processing that serves to improve processes, product development, and business enhancement, ensure compliance of our company’s operations with international regulations of extraterritorial application, prevent unlawful actions or activities that may harm us, our clients, and/or third parties, modernize services, and offer products and services that are expected to facilitate business operations.

d) The data subject has given consent for the processing of their personal data for one or more specific purposes – the consent must be provable and voluntary, written in easily understandable language, and the data subject has the right to withdraw their consent at any time (withdrawal of consent must be as simple as giving consent).

e) Processing is necessary to protect the vital interests of the data subject or another natural or legal person.

f) Processing is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the data controller.

 

Automated Data Processing

Making decisions based on automated data processing is an integral part of every business and is carried out:

a) In accordance with applicable laws and regulations.

b) To ensure the security and reliability of the provided service.

c) If necessary for the conclusion or performance of a contract between the data subject and the data controller, which includes reducing business risks, improving operations, overnight processing as an integral part of IT systems, etc.

d) When the data subject has explicitly given their consent.

In accordance with the Law, EGT Group allows data subjects the right to object to automated, as well as manual, processing of data for the purposes of direct marketing, including profiling to the extent that it is related to direct marketing, both in relation to initial and further processing, at any time and free of charge.

 

Access to Data

Access to your personal data is limited to employees within our company who are familiar with the law on personal data protection and their responsibilities, as well as our collaborators who require the data for the performance of their job, i.e., where there is a “need to know” principle.

We may share collected personal data with data processors (vendors) with whom we have a proper contract, Group members, competent state authorities, and other individuals, in accordance with the law of the Republic of Serbia.

 

We protect personal data in the following ways

We protect your personal data from any breach, including unauthorized access, accidental loss, destruction, damage, and any other violation of personal data security.

In order to safeguard your personal data, we implement technical and organizational measures such as controlling access rights to all data and documents, ensuring confidentiality obligations are met by individuals with access to your personal data, employing access control methods (passwords, PINs, smart cards, etc.), monitoring access and activities in information systems, and applying software solutions to secure our information equipment and data.

 

Firstly, you have the right to access your personal data, which means you have the right to obtain information about whether we process your personal data. By accepting the terms of the privacy policy, you become acquainted with your rights and the ways in which data is used. Upon request, you can be informed about the purpose of processing personal data, the categories of personal data, recipients or categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, and the rights you can exercise.

 

Secondly, you have the right to rectify your personal data, meaning you have the right to request the correction of your inaccurate personal data and to supplement incomplete personal data, including by providing an additional statement if necessary.

 

Thirdly, you have the right to restrict the processing of your personal data in the following cases:

a) When you contest the accuracy of your personal data, we will restrict processing for a period that allows us to verify the accuracy of the personal data.

b) When the processing of your personal data is unlawful, and you oppose the erasure of the data and instead request the restriction of their processing.

c) When there is no longer a need for processing your personal data, but you require them for the establishment, exercise, or defense of legal claims.

d) When you object to the processing based on Article 37, paragraph 1, of the Law on Personal Data Protection, pending the verification whether our legitimate grounds override your interests, rights, and freedoms or whether the processing is related to the submission, exercise, or defense of legal claims.

 

Fourthly, you have the right to object, which means you have the right to object to the processing of personal data that is necessary for:

a) The performance of tasks carried out in the public interest or in the exercise of official authority vested in EGT Group.

b) The purposes of legitimate interests pursued by EGT Group or a third party, unless your interests, rights, and freedoms prevail, particularly if the data subject is a minor.

When you submit a complaint, we are no longer allowed to process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

 

In addition to the aforementioned rights of individuals whose personal data is being processed, we also inform you about the right to erasure (the “right to be forgotten”) and the right to data portability.

The right to erasure means that you have the right to have your personal data erased in the following cases:

 

a) when your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

b) when the data subject withdraws the consent on which the processing is based, in accordance with Article 12 (1)(1) or Article 17(2)(1) of the Law on Personal Data Protection, and there is no other legal basis for the processing;

c) when you object to the processing in accordance with Article 37(1) of this Law, and there is no other legal basis for the processing that overrides the legitimate interests, rights, or freedoms of the data subject, or in accordance with Article 37(2) of the Law on Personal Data Protection;

d) when your personal data has been unlawfully processed, and

e) when the personal data needs to be erased in order to comply with our legal obligations under the laws of the Republic of Serbia.

 

Furthermore, the right to data portability means that you have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us if the processing is based on consent or a contract.

 

How to exercise your rights:

By completing the form on the Contact page, your request will be processed as soon as possible.

Note: In addition to the basic information, the request form should include a field for selecting the purpose of the request:

– Request for access to personal data

– Request for correction and supplementation of personal data

– Request for erasure of personal data

– Request for restriction of personal data processing

– Request for data portability

– Request for withdrawal of consent for data processing

The form should also include the possibility for the requestor to add comments and information about the timeframes required for processing the request or notifying the requestor.

You can submit your request to the following email address: info@egt-bg.rs or call us at +381113011983.

 

Submitting a complaint to the Commissioner for Information of Public Importance and Personal Data Protection:

The supervisory authority for personal data protection in the Republic of Serbia is the Commissioner for Information of Public Importance and Personal Data Protection, Bulevar kralja Aleksandra 15, Belgrade (hereinafter referred to as the Commissioner).

We inform you that you can file a complaint with the Commissioner regarding our handling of your personal data.

 

Additional Information:

For any additional information regarding the exercise of rights related to the Law on Personal Data Protection or our privacy policy, you can request it by clicking here and completing the contact form, sending an inquiry to the email address info@egt-bg.rs, or calling +381113011983.

 

Terms of use and complaints:

You can familiarize yourself with the terms of use of the website and any copyright infringement by clicking here.