Privacy policy

  1. INTRODUCTORY PROVISIONS


  1. This Privacy Policy regulates which personal data of visitors to the website ettorelaw.rs (hereinafter: the Site) is collected, processed, how long it is stored, instructions on the rights of the person whose data is processed, as well as procedures in case of incidents, and all as further defined in the text.


  1. This privacy policy does not apply to the activities of the Operator, its clients, or the personal data of users of the operator’s legal assistance. This act applies exclusively to Site Visitors from Article 2.1. point 3.


  1. The author of the content on the site ettorelaw.rs undertakes to protect the privacy of all visitors, to collect only the data necessary to fulfill the purpose of the site, and all in accordance with good business practices, this privacy policy, and the Law, which appears in the capacity of data Operator.


  1. Before using and reading the content of the website, the visitor declares that he has read, understood, and accepted this Privacy Policy, which can be found at the internet address ettorelaw.rs/privacy-policy, as well as that he has agreed to the collection, processing and length of data storage, as stated in the Privacy Policy prescribed.


  1. The author of the content on the website is the “EttoreLaw” law office from Novi Sad.


  1. The privacy policy was created in accordance with the rules of the Personal Data Protection Act of the Republic of Serbia, and the rules of this document will be applied to everything that is not regulated by this Privacy Policy, and in case of different solutions, the provisions of the said Act take precedence.


  1. The website visitor is warned and instructed to visit, read and accept the terms of use of the website, which can be found at ettorelaw.rs/terms-of-use


  1. MEANING OF TERMS


  1. The terms used in this Privacy Policy have the following meanings:


  1. Operator – Law office “EttoreLaw”

  2. Website – Internet presentation ettorelaw.rs

  3. Visitor – a person who visits the site ettorelaw.rs, for the purposes of information, reading the blog, as well as viewing the contact information of the EttoreLaw law office

  4. Law – Law on Personal Data Protection of the Republic of Serbia (Official Gazette of the Republic of Serbia No. 87 of November 13, 2018);

  5. GDPR – General Data Protection Regulation of the European Union (2016/679);

  6. Consent – any expression of the will of the Visitor, which voluntarily and clearly gives consent to the processing of personal data relating to him;

  7. Personal data – any data related to a natural person whose identity is determined or can be determined, either directly or indirectly, based on an identity marker, such as name, surname, social security number, location data, or some feature of physical, physiological, genetic, mental, economic, cultural and social identity of a person.

  8. Personal data processing – any action or set of actions performed on the Visitor’s personal data, which is based on collection, sorting, depositing, disclosure, transmission, duplication, deletion, changes, as well as dissemination in another way.

  9. Processor – a natural or legal person engaged by the Operator to process personal data of the Visitor on his behalf and for his account.

  10. A third party – a natural or legal person, i.e. a government body, which is not a Visitor, Operator or Processor.

  11. Competent authorities – authorities that are responsible for the prevention, investigation and detection of criminal acts, as well as the prosecution of perpetrators of criminal acts or the execution of criminal sanctions, including the protection of public and national security, as well as a legal entity authorized by law for the enumerated tasks;

  12. The Commissioner or Supervisory Authority – an independent and autonomous authority appointed under the Law, which is responsible for supervising the implementation of regulations on the protection of personal data.


  1. WHO IS THE OPERATOR OF PERSONAL DATA?


  1. The data Operator is the Law Office “EttoreLaw” – attorney at law Stefan Ettore, Vojvode Mišića no. 14, 21000 Novi Sad


  1. The Operator from Article 3.1. is responsible for the personal data collected from the Visitor, in the manner and to the extent prescribed by the Privacy Policy and the Law


  1. The Operator undertakes the necessary technical, organizational and personnel measures to ensure that the processing is carried out in accordance with the Law and to be able to present it to the Visitor, taking into account the nature, scope, circumstances and purpose of the processing, as well as the probability of occurrence of risk and the level risks for the rights and freedoms of the Visitor.


  1. VISITORS’ DATA COLLECTED AND PROCESSED


  1. The Operator collects and processes the following data of the Visitor, only those related to the necessary use of the Google Analytics and WordPress services


  1. The Operator does not process special categories of personal data related to racial or ethnic origin, political opinion, philosophical belief, as well as processing genetic data, biometric data for the purpose of unique identification of a person, data on the sexual life or sexual orientation of a natural person.


  1. The Operator collects data from the Internet browser of the Site visitors – Cookie (Cookie), namely: WordPress cookies: wp-settings-time-1, wp-settings-1, wordpress_sec_073498699cf06a5a0cd9844fc9836569, wordpress_logged_in_073498699cf06a5a0cd9844fc9836569, pll_language, cookieyes-consent; Google Analytics: _ga_G6ETWS92KX, _ga with the aim of improving the website and providing better service to users.


  1. PURPOSE AND BASIS OF PROCESSING


  1. Data from Article 4, the Operator processes:


  • on the basis of the need to realize the legitimate interests of the Visitor or Operator, in the sense of Article 12, paragraph 1, point 6 of the Law;

  • according to other conditions stipulated by the Law, according to which the Operator is obliged to collect, store and process the data of the Visitor.


  1. Data processing from Article 4 is carried out by the Operator for the following purposes:


  • Fulfilling the legitimate interests of the Visitor, who by coming to the website and selecting the pages for reading and information, have shown an interest and need for the information offered on the website;

  • For other purposes for which the Visitor’s consent was given, unless the consent is withdrawn in accordance with the Law and this Privacy Policy;

  • For other purposes in accordance with the Law.


  1. The operator is obliged to ensure, through the constant application of appropriate technical, organizational and personnel measures, that only those personal data that are necessary for the achievement of each individual processing purpose are always processed, which is applied in relation to the number of data collected, the extent of their processing, the term of their storage and their availability.


  1. CONSENT


  1. If there is a need to process data whose basis is Consent, it will be given by the Visitor in a separate form, with a clear and prominent title “Consent”, and the content will also be described in an informed, transparent, understandable, accessible manner, using clear and simple words in the manner prescribed by the Law.


  1. Visitors have the right to revoke their consent at any time, provided that such withdrawal does not affect the admissibility of prior processing.


  1. VISITORS’ RIGHTS ON THE BASIS OF THE PROTECTION OF PERSONAL DATA


  1. The right to be informed and the right to access information so that the Visitor will be informed in a concise, transparent, comprehensible and easily accessible manner, using clear and simple words, at their request about the Operator, the purpose of the processing, the basis of the processing, the existence of a legitimate interest, third parties to whom access to data, possible export of data to a third country, data storage period, existence of right of access, correction, deletion, restriction of processing, right to portability, right to object and right to complain. The Operator must respond to this request within 30 days, or within 90 days in accordance with the law if there are reasons for an extension.


  1. The right to correction if the information provided by the Operator is incorrect.


  1. The right to erasure if the legal requirements regarding the termination of the necessity of possessing the data for the fulfillment of the purpose, revocation of consent, submission of an objection to the processing, erasure is required by law or if the processing was illegal.

  2. Right to restriction of processing – as in the case of deletion, Visitors may request restriction of processing.


  1. The right to transfer data to another Operator if the processing is based on consent or contract.


  1. The right to object to the Operator, in accordance with the law, when the Operator must suspend the processing unless there are legal reasons for the processing that prevail over the interests, rights or freedoms of that Visitor or are related to the submission, exercise or defense of legal claims.


  1. STORAGE OF VISITORS’ PERSONAL DATA


  1. Personal data of the Visitor specified in Article 4 will be stored in accordance with the policy of the Google Analytics and Wordrpess service.


  1. DATA SECURITY


  1.  When assessing the necessary level of established personal data security, the Operator considers and monitors the level of technological achievements as well as the costs of their application, then the nature, scope, circumstances, and purpose of data processing and based on these parameters assesses the probability of the occurrence of risk, i.e. the potential level of risk for rights and freedom of the Visitor.


  1.  In relation to the circumstances from Article 11.1. The operator implements appropriate technical, organizational and personnel measures to reach the required level of organization in relation to the risk.


  1.  The website is secured with an SSL certificate and is placed on the shared hosting platform of the hosting company SBB DOO BEOGRAD hosting.


  1. PROCEDURE IN CASE OF DATA PROTECTION THREATS


  1.  If data from Article 4, security from Article 9 are compromised, the Operator will take the necessary measures required by law in terms of notifying the Trustee and the Visitor, if applicable, as well as protection


  1.  In the event of a data breach, the Operator is obliged to inform the Commissioner immediately or no later than 72 hours after becoming aware of the breach. In case of failure to act within the relevant deadline, the Manager will explain the reasons for the delay.


  1.  The Manager’s notification to the Trustee and the Visitor must contain at least a description of the injury, the type and number of data that are compromised, as well as the approximate number of Visitors whose data is exposed, the name and contact of the person from whom information can be obtained, a description of the possible consequences and security measures taken.


  1.  The operator is not obliged to provide notifications from Article 10.3. if he has already taken protective measures, if the notification would represent a disproportionately large cost of time and money, but if he made the notification through other means of information, including the website.


  1. DATA STORAGE TIME AND ITS DELETE


  1.  Data from Article 4 are stored in accordance with the policy of the Google Analytics and Facebook platforms, as long as there is a Visitor account from Article 4.2


  1. COMMISSIONER / SUPERVISORY AUTHORITY


  1.  The supervisory authority for the protection of personal data in the Republic of Serbia is the Commissioner for Information of Public Importance and Protection of Personal Data of the Republic of Serbia. You can contact the authority at Bulevar kralja Aleksandra 15, 11000 Belgrade, Republic of Serbia, by email at office@poverenik.rs or by phone at +381 11 3408 900.


  1.  The operator cooperates with the Commissioner in the exercise of his powers, in accordance with the obligations prescribed by the Law


  1. CONTACT INFORMATION OF THE OPERATOR


  1.  In the event of the need to interpret the provisions of the Privacy Policy, exercise the rights of Visitors from Article 4, as well as other issues provided by the Law, Visitors can contact the Manager at the email address office@ettorelaw.rs


  1. FINAL PROVISIONS


  1.  All changes to the Privacy Policy will be publicly available at the designated place on the Operator’s website, at the address www.ettorelaw.rs/privacy-policy


  1. APPLICABLE LAW AND JURISDICTION


  1.  The material law that applies to the processing of personal data of the Visitor, and in connection with the processing by the Operator, is the law of the Republic of Serbia, the Personal Data Protection Act as well as the GDPR where applicable.


  1.  For administrative and judicial proceedings, the local competent authorities and competent courts of the Republic of Serbia are in accordance with the positive legislation of that country.


EttoreLaw law office in Novi Sad

01.03.2024. years