DR&G Data Protection Policy
DR&G Data Protection Policy
Doklestic Repic & Gajin z.a.k., with registered seat at address Bulevar oslobodjenja no. 203, 11000 Belgrade, Republic of Serbia (hereinafter: “DR&G”) while providing legal services is fully committed to respecting all the laws, bylaws as well as international conventions relating to protection of personal data and privacy.
Any and all information that DR&G finds out will generally be used by protecting the privacy of the individuals that they relate to and only to the extent and in the manner required and permitted by applicable regulations.
In securing protection and respect of personal data DR&G has certain obligations according to the Law on Protection of Personal Data of Republic of Serbia (hereinafter: the “Law”) in terms of reporting and obtaining specific consent from the Commissioner for Information of Public Importance and Personal Data Protection (hereinafter “Commissioner”).
Personal data protection is provided to every individual, irrespective of nationality and place of residence, race, age, gender, language, religion, political and other belief, nationality, social origin and status, property status, birth, education, social status or other personal characteristics.
Personal data is every information relating to the individual, regardless of the form in which is expressed and of the information carrier (paper, tape, film, electronic media, etc.), on whose request, on whose behalf or for whose account information was stored, the date of occurrence of information, the place of storing the information, the manner of finding out information (immediately, through listening, watching, etc., or indirectly , through the insight of the document in which the information is contained, etc.), or whatever other characteristics of the information (hereinafter: the “Information”).
An individual is a person to whom the Information relates, whose identity is determined or determinable based on personal name, identification number, address code, or other characteristics of its physical, psychological, spiritual, economic, cultural or social identity (hereinafter: the “Person”).
Information Processing is any action taken in connection with the Information, such as: collecting, recording, transcribing, duplication, copying, uploading, searching, sorting, storage, separation, crossing, merging, changing, provision, using, putting on insight, discovery, disclosure, dissemination, recording, organization, storage, adaptation, disclosure by transmission, or otherwise making available, concealment, transfer and otherwise making unavailable, as well as implementation of other actions in connection with the specified Information, whether it is performed automatically, semi-automatically or otherwise (hereinafter: the “Processing”).
Information Operator is a natural person or a legal entity, or authority that processes the Information (hereinafter: the “Operator“).
Information User is a natural person or a legal entity, or authority, which is, by law or by consent of the Person, authorized to use the Information (hereinafter: the “User”).
Information Processor is a natural person or a legal entity, or authority, to which the Operator on the basis of the Law or contract entrusts certain activities related to the Processing (hereinafter: the “Processor”).
Information Processing is not allowed if: (i) the Person did not provide consent to the Processing, or if the Processing is performed without legal authority, (ii) it is performed for the purposes other than those for which it has been approved, regardless of whether it is done on the basis of the consent of the persons or the legal authority to process without consent, unless it is done for the purpose of raising funds for humanitarian purposes, (iii) the purpose of the Processing is not clearly defined, if it is modified, illegal or already accomplished, (iv) the Person to whom the Information refers is determined or determinable even after achieving the purpose of the Processing, (v) the method of Processing is not allowed, (vi) the Information that is being processed is unnecessary or unsuitable for achieving the purposes of Processing, (vii) the number or type of the processed Information is not proportional to the purpose of Processing, and (viii) the Information is false and incomplete, or when it is not based on a valid source or is out of date.
In principle, Information Processing is only possible with the consent of the Person. Valid consent person can give in writing or orally on the record. Consent may be given through an authorized person. Power of attorney must be notarized, unless otherwise provided by law. Consent can be revoked.
Exceptionally, the Processing without consent is permitted: (i) to achieve or protect the vitally important interests of the Person or other individuals, and especially life, health and physical integrity, (ii) for the purpose of execution of duties specified by law, by an act passed in accordance with the law or the contract concluded between the Person and the Operator, as well as preparation of conclusion of the contract, (iii) for the purpose of raising funds for humanitarian purposes, (iv) in other cases defined by the Law on Personal Data Protection, to achieve justifiable interests of the Person, the Operator or the User.
Operator that collects the Information from the Person related to, or of other person, before collecting, will inform the Person to whom the data relate to, or other person about: (i) its identity, or name and address or the firm, or the identity of another person who is responsible for data processing in accordance with the law, (ii) the purpose of the collection and further processing of the Data, (iii) the way how to use Data , (iv) the identity of the person or the type of entities that are using the Data, (v) liabilities and legal basis, i.e. voluntary contributions of Data and processing, (vi) the right to revoke the consent to the Processing, as well as the legal consequences in case of a recall, (vii) the rights which belong to the Person in the case of the illegal Processing, (viii) other circumstances in which the Information non-disclosure to the Person on which the Information relate to, or any other person would be opposite to acting diligently.
Information relating to nationality, race, sex, language, religion, political party affiliation, union membership, health, receiving social assistance, victim of violence, conviction for a crime and sex life may be processed on the basis of freely given consent of the Person, except when the law does not allow processing even with consent. Consent for the Processing of particularly sensitive Information is provided in written form, which contains tag information that is being processed, the purpose of processing and the manner of its use.
The Operator is obliged, before starting the Processing and/or establishing the data base, to deliver to the Commissioner a notice of intention of establishing the data base along with the data specified in the Law, as well as of any further Processing, before undertaking the Processing not later than 15 (fifteen) days prior to the establishment of the data base or the Processing.
Transfer of Information Abroad
The Information can be carried out from Republic of Serbia into the member states of the Convention on Protection of Individuals with regard to Automatic Processing of Personal Data of the Council of Europe (hereinafter: the “Convention”). The Information can be carried out from Republic of Serbia in a country which is not a member of the Convention, or the international organization, if in that country or international organization, is provided same degree of data protection in accordance with the Convention on the basis of its regulation or data transfer agreement. When transferring Information in a country which is not a member of the Convention or an international organization, the Commissioner shall determine whether the conditions are being met and measures of data protection have been implemented and grants permission for the transfer.
This Policy on Data Protection is binding for all employees, attorneys, lawyers, associates, agents and consultants of DR&G, who are obliged to respect and adhere to it.
Violation of this Policy is a legitimate reason for DR&G to cease co-operation with the person responsible for violation of its provisions. Also, DR&G will, in accordance with its legal obligations, report such behavior to the competent authorities.
This Policy on Data Protection is effective and becomes applicable as of 01 May 2016.