The regulation on the protection of personal data of users of the website (hereinafter: the regulation) refers to services provided through the website www.oldfisherman.rs (hereinafter: the site) owned by the company STRIX DOO BEOGRAD-SURČIN (hereinafter: STRIX d.o.o.), MB 21401307, PIB 110914244, Belgrade, Zorana Radmilovića 1. The rules on the protection of personal data set out in this policy describe what types of data are processed and for what purposes , as well as the rights of users related to such processing.
Personal data is any data relating to a natural person whose identity is determined or determinable, directly or indirectly, in particular on the basis of an identity mark, such as a name and identification number, location data, an identifier in electronic communication networks or one or more features of his physical, physiological, genetic, mental, economic, cultural and social identity. User within the meaning of the regulations is considered a natural person who uses the services, to whom personal data relate. STRIX d.o.o. protects personal data and user privacy in accordance with the positive regulations of the Republic of Serbia and with the highest degree of attention.
Purpose of processing and data collected
STRIX d.o.o. as the controller of personal data, processes data for the following purposes:
- opening user accounts on the website and / or membership profiles in loyalty card issuing programs;
- processing of orders through the online store and delivery / delivery of ordered products to the address indicated by the user;
- providing various benefits to members of loyalty programs;
- advertising of products and services via e-mail, mobile phone and courier service;
- providing answers to questions and complaints from users;
- development of various reports / statistics on how to use the website and the services offered;
- resolve any disputes or objections relating to the activity of the website.
STRIX d.o.o. as the controller of personal data, processes the following categories of personal data:
- contact and identification information necessary for the creation of a user account on the website and / or membership in loyalty programs;
- contact and identification information necessary for ordering products and their delivery/delivery;
- purchase information: purchased products, amount of invoice, frequency of purchase;
- data from the correspondence of the user with the data controller.
The data collected from the user are: name and surname, e-mail address, place and address of residence, telephone number.
Legal basis of processing
Personal data is processed on the basis of the user’s consent. Consent is any voluntary, determined, informed and unambiguous expression of the will of the user by which the user, by a statement or a clear affirmative action, gives consent to the processing of personal data relating to him. The use of the services by the user is considered to constitute a clear affirmative action by which the user has given consent to the processing of personal data. For the purpose of removing any doubt, by using the services, the user confirms that he was previously acquainted with and agrees with the regulations prescribed here, which was available, readable and understandable to him. The legal basis for the processing of personal data can also be a contractual relationship with the user, as well as compliance with the legal obligations of STRIX d.o.o. The legal basis for data processing may also be the protection of the vital interests of the user or other natural person. It is noted that the processing may also be necessary for the purpose of pursuing the legitimate interests of STRIX d.o.o.. or third parties, unless those interests are overridden by the interests or Fundamental Rights and freedoms of the user who require the protection of personal data. STRIX d.o.o. does not collect and use personal data of minors, except with the express consent of the parent or other legal representative of the minor. For example, the legitimate interests of STRIX d.o.o. may be:
- better understanding of the user and user experience;
- business protection and customer support;
- testing and developing new services or improving existing ones;
- identifying and protecting users and websites from illegal activities;
Processing of personal data
Persons who process personal data are those persons who are employed in STRIX d.o.o., as well as all bodies of the Republic of Serbia that exercise the right to process data on the basis of legal provisions and decisions of the competent court. The type of processing actions that are carried out are the collection of personal data, use, recording, copying and searching. STRIX d.o.o., for the purpose of tracking its traffic and optimizing services, may use Google Analytics, a platform of analytical services provided by Google, LLC (hereinafter: Google). Google Analytics uses technologies that make it easier for STRIX d.o.o. to analyze how users access it. The information collected in this way is transmitted and stored on Google servers located in the United States of America. Google, using appropriate safeguards, processes information regarding website activity and internet use. Google may forward this information to third parties in situations where the law requires it, or when said third parties process the above-mentioned data on behalf of Google. by using the services, the user agrees that Google processes the data, in the manner described here and for the above-mentioned purposes, and it is stated that Google is a processor of personal data. For the purpose of performing delivery tasks, STRIX d.o.o. can also engage courier services on behalf of STRIX d.o.o. process the user’s personal data necessary for the performance of their contractual obligations.
Transfer of data to third parties
STRIX d.o.o. undertakes not to transmit and disclose the data collected on the internet station without the user’s consent, except in cases prescribed by law and in cases where this is necessary for the performance of legal obligations or public interest. The legal basis for data processing may also be the protection of the vital interests of the user or other natural person. Persons authorized to process personal data on behalf of and for the account of STRIX d.o.o., i.e. associates or suppliers necessary for the provision and maintenance of services provided through these websites (e.g. service providers for the development and maintenance of websites, service providers for delivery of ordered products or promotional materials, suppliers in the preparation of marketing campaigns, etc., associates or service providers who can best answer your questions, etc.)
Breach of personal data security
STRIX d.o.o. implements appropriate technical, physical and organizational security measures to protect personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure (including remote access) or access and from all other forms of unlawful processing, including unnecessary collection or further processing. These measures shall ensure a level of security appropriate to the risk of data breaches taking into account the state, costs of implementation and the nature, scope, context and purpose of the processing of personal data. Despite all the measures taken, the possibility of a breach of personal data security is not excluded. In the event of a personal data security breach, STRIX d.o.o., in accordance with the law, takes adequate remediation measures and eliminates harmful consequences in a timely manner and provides the user and the competent authorities with all significant information that may be required in connection with the personal data security breach.
The user has the following rights:
- The right to transparent, truthful and timely information regarding the processing of personal data;
- Right of requests from STRIX d.o.o. information on whether their personal data is being processed;
- The right to correct or supplement inaccurate personal data concerning him;
- The right to have your personal data deleted;
- The right to revoke consent to the processing of personal data;
- The right to receive the collected personal data in a structured, commonly used and electronically readable form, including the unimpeded transfer of the data to another controller;
- The right to object to the processing of his personal data by STRIX d.o.o. at any time, if the processing is necessary for the realization of the legitimate interests of STRIX d.o.o. and also if the personal data is processed for the purposes of direct advertising;
- The right to the Commissioner for information of public importance and protection of personal data to file a complaint against the actions of STRIX d.o.o. on the processing of their personal data.
Data retention period
The user’s personal data will never be processed more than necessary. Personal data will be processed until the revocation of consent, except in situations where there is some other basis for processing. This includes processing that constitutes a necessary and proportionate measure in a democratic society for the protection of constitutional rights and Freedoms, which includes the exercise of the legitimate interests of STRIX d.o.o. in civil and other matters.
Application of the law and entry into force
For all other issues in the field of personal data protection, the law on personal data protection will apply (“Official Gazette of RS”, no. 87/2018). This rule came into force on 30.06.2023.
All information regarding this policy can be obtained by sending an e – mail to the address email@example.com. STRIX d.o.o. reserves the right to ignore any irrelevant enquiry or enquiry that is not addressed to the address listed here.