Privacy Policy
Welcome to the website https://www.silbo.rs (hereinafter: the Website), which is owned by SILBO d.o.o., company registration number: 07752016 (hereinafter: SILBO or the Company).
The purpose of this Privacy Policy is to inform you about which personal data we collect and process, and for what purposes. Here you can also read about the rights you have as a data subject and how to exercise them.
If you have any questions, you can contact us at: kontakt@silbo.rs.
Contents of the Privacy Policy
- Key terms and scope of application of the Privacy Policy
- How we collect your data
- For which purposes we process your data and on what legal basis
- Use of cookies on the Website
- With whom we share your data
- International data transfer
- Data protection
- Data retention periods and criteria for determining them
- Your rights
- Changes to the Privacy Policy
Key Terms and Scope of Application of the Privacy Policy
The Privacy Policy governs the processing of personal data by the Company as the data controller.
- By personal data we mean any information relating to a natural person whose identity is known or can be determined, directly or indirectly. Identity may be determined based on a name, identification number, location data, or another attribute of physical, cultural, social, or other identity. Data about companies, organizations, and other legal entities are not considered personal data. However, data about their representatives or employees may constitute personal data (e.g., an email address such as firstname.lastname@companyname.com). Anonymized data are not personal data, and this Privacy Policy does not apply to them.
- By processing of personal data we mean one or more operations performed on personal data, with or without automated means, such as collection, recording, classification, grouping, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, dissemination, or otherwise making accessible, alignment or combination, restriction, erasure, or destruction of data.
- As for the data subjects, this Privacy Policy applies to:
- visitors to the Website,
- natural persons who contact us via email or social media.
Please note that the Website and the Company’s activities are not intended for persons under 15 years of age, and by sharing your data with us you confirm that you are at least 15 years old. If you believe that the Company has collected personal data of a person under 15 years of age, please inform us without delay. Upon notification or discovery of such an error in the collection of personal data, we will promptly delete those data.
How We Collect Your Data
We may collect your personal data:
- directly from you (e.g., when you complete a membership application),
- from publicly available sources (e.g., social networks), and
- from other sources (e.g., the entity you represent or via referrals).
If we do not collect data directly from you, we will inform you of the source that made your personal data available to us, unless one of the exceptions in Article 24(5) of the Personal Data Protection Act applies (for example, you already possess that information).
Purposes of and Legal Basis for Processing Your Data
Every processing of personal data we carry out is performed for a specific, legitimate, and lawful purpose. With that purpose in mind, we limit processing to the data that are adequate, relevant, and necessary to achieve it.
A detailed overview of the data we process, the purpose, and the legal basis for processing is provided in the table below.
| Categories of data subjects | Data we process | Purpose and legal basis for processing |
|---|---|---|
| Website visitor | Data collected via statistical, marketing and/or other cookies that are not strictly necessary for the operation of the Website. | Processing of personal data via non-essential cookies is based on the consent of the data subject and is explained in detail in the cookie‐settings banner. |
| Natural person who contacts us via email or social media | Message content and email address/name, depending on the communication channel. | Processing is necessary for the legitimate interests of the Company—namely promoting its work, achieving its objectives and increasing membership—by responding to inquiries and providing all necessary information. |
| Individuals attending events organized by the Company | Photograph or video recording | We process these data for the legitimate interests of the Company, which consist of promoting the Company’s work on social media and the Website and contributing to the achievement of the Company’s objectives. Please note that if processing is based on legitimate interest, you have the right to object to such processing and to prevent further processing of your data. |
| Individuals subscribed to our newsletter | Email address | Processing is based on your consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. |
| Representatives of legal‐entity service providers |
Name and surname Email address Company name |
Processing is carried out for the legitimate interests of the Company, namely performing the contract with service providers and maintaining business relationships with their representatives. |
Unless it is explicitly indicated in the table that providing certain data is optional, you must share the above data with us. Failure to provide the data will mean that we will not be able to respond to your inquiry or membership application, newsletter subscription, or similar requests.
When processing your data, the Company does not engage in automated decision-making.
Use of Cookies on the Website
A cookie is a text file downloaded to a visitor’s computer or phone when they access a website. It allows the visitor’s device to be recognized and stores information about their preferences or activities on the site.
The Company has implemented certain cookies (and similar technologies such as beacon, pixel, etc.) on the Website through which it can process your data. These are optional cookies that are not necessary for the operation of the Website and will not be activated without your consent.
You can adjust them via the cookie banner or your browser settings.
With Whom We Share Your Data
The Company may use the services of third parties, such as legal, accounting, and marketing services, IT support, or event organization, which may require those third parties to access your personal data to the extent necessary to provide those services. For example, if you are a regular member of the Company as an individual, we will share the necessary data with our accountants for the purpose of maintaining our business records. These third parties act as data processors.
When selecting processors, we ensure they guarantee the implementation of appropriate technical, organizational, and personnel measures to ensure that the processing of your personal data is carried out in accordance with the law and that the rights of data subjects are protected. Accordingly, all aforementioned categories of potential recipients of your data are required to process your data solely in accordance with the Company’s instructions and for the stated purposes, based on the data processing agreements we have concluded with them.
We may also share your data when we have a legal or administrative obligation to do so (e.g., in response to a court order), or in the event of a change in the Company’s corporate status, in accordance with the law.
International Data Transfer
The Company uses servers located in Serbia.
The Company does not transfer personal data to another country or international organization, except for data of Website visitors who have given their consent via optional cookies and data of newsletter subscribers. With respect to those data, we do perform international transfers. This means we may transfer your data to EU or EEA member states, to other countries that provide an adequate level of personal data protection, and even to countries that do not provide such protection, provided we implement appropriate safeguards. For more information about our transfer safeguards, please contact us at: info@sibo.rs.
Data Protection
We always ensure that the processing of your data is carried out in a way that guarantees their security, confidentiality, integrity, and availability, and we implement various security measures in accordance with the state of the art and good data protection practices. We pay special attention to the nature and scope of the personal data we process, the likelihood of any risks arising, and the level of risk that our processing may pose to data subjects. In addition, we consider the costs and effectiveness of the personnel, technical, and organizational security measures we implement.
Because the transmission of data over the internet carries certain risks, we cannot guarantee 100% protection against unauthorized access to data during such transmission. However, to minimize these risks, we have implemented the following measures:
- Physical access control measures – security doors, locking of rooms where confidential data is stored, and automatic locking of computers after a period of inactivity;
- Virtual access control measures – installation and maintenance of antivirus solutions, firewalls, encryption (SSL/TLS), pseudonymization, backup system maintenance, and similar security measures;
- Behavioral policies – data within the Company is shared only among individuals who strictly need access, who are bound to maintain confidentiality, and in compliance with a clear-desk policy.
Data Retention Periods and Criteria for Determining Them
We retain your data only for as long as necessary to fulfill the purpose for which it was collected (as described in the “Purposes and legal basis for processing” section), in accordance with local standards and practices, unless we are legally required to keep it longer.
In general, we keep your data while there is a contractual relationship between you and the Company and for any additional period required by accounting, commercial, archival, or other applicable laws and regulations. We may also retain your data if we have a legitimate interest in processing it to defend against potential legal claims in court, administrative, or similar proceedings. Data processed on the basis of our legitimate interest are retained as long as that interest exists and outweighs your interests or fundamental rights and freedoms.
Data processed on the basis of your consent are retained until you withdraw that consent, which you may do at any time. For example, if you subscribe to our newsletter, we will keep your email address until you unsubscribe. You may unsubscribe by following the instructions in any email we send you or by contacting us directly.
Once the purpose for which your data were collected has been fulfilled or the legal retention period has expired, your data will be securely destroyed.
Your Rights
Under the Personal Data Protection Act, you have certain rights vis-à-vis the entity that processes your personal data, which in this case is the Company. Those rights include:
- access to your data
- rectification and completion of your data
- erasure of your data
- restriction of processing
- data portability
- objection to processing
- rights related to automated processing
- withdrawal of consent
- lodging a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (hereinafter: the Commissioner)
Below you can read what each right entails. To exercise any of these rights under applicable law, please contact us at: info@silbo.rs.
Right of access means you have the right to request information about whether we are processing your personal data, and if so, to be informed about the details of that processing (purpose, categories of data, recipients, retention period or criteria for its determination, your rights, source of the data, existence of automated decision-making, and safeguards in case of cross-border transfer) and to receive a copy of the data we process.
Right to rectification and completion means you have the right to have inaccurate data corrected without undue delay and to have incomplete data completed, including by providing an additional statement when that is appropriate.
Right to erasure (“right to be forgotten”) means you have the right to have your data erased by the Company in the following cases: (i) data are no longer necessary for the purpose for which they were collected or processed, (ii) you have withdrawn your consent and there is no other legal basis for processing, (iii) you have objected to processing under the law and there is no overriding legal basis, (iv) data have been unlawfully processed, (v) erasure is required to comply with a legal obligation, or (vi) data have been collected in relation to a minor. This right may be limited to protect freedom of expression and information, the establishment, exercise or defence of legal claims, and in other cases provided by law.
Right to restriction of processing means you have the right to request that we suspend processing of your personal data if: (i) you contest their accuracy pending verification, (ii) processing is unlawful but you oppose erasure and request restriction, (iii) we no longer need the data but you require them for the establishment, exercise or defence of legal claims, or (iv) you have objected to processing pending verification of whether our grounds override yours.
Right to data portability means you have the right to receive the personal data you have provided to the Company in a structured, commonly used, machine-readable format, and to transmit those data to another controller without hindrance from the Company, provided that processing is based on your consent or on a contract and is carried out by automated means.
Right to object means you have the right to object at any time to processing of your personal data carried out for our legitimate interests. We must then stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. This right is absolute when processing is for direct marketing purposes.
Rights related to automated processing mean you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this right does not apply if the decision is necessary for entering into or performing a contract with you, is authorized by law with appropriate safeguards, or is based on your explicit consent.
Right to withdraw consent means you have the right to withdraw your consent to processing of certain personal data at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint with the Commissioner means you have the right to file a complaint with the competent supervisory authority if you believe that processing of your personal data infringes applicable law. This does not affect your right to seek administrative or judicial remedies. You can find the Commissioner’s contact details here:
Changes to the Privacy Policy
The Company reserves the right to update and revise this Privacy Policy at any time in accordance with new Website features, the development of its activities, and future legal standards, so please review it from time to time. All changes come into effect on the date they are posted, unless otherwise specified.
If you continue to use the Website after the revised Privacy Policy comes into force, you will be deemed to have accepted the changes. If you do not wish to accept the changes, please refrain from accessing or using the Website.