Privacy policy

THE LAW OFFICE SEKULOVIĆ

The Law Office Sekulović, seated at Kneza Miloša 90A, floor XVIII, apt. 115, Belgrade (hereinafter: LO Sekulović), which is the Personal Data Controller, in personal data processing, applies the provisions of the Law on Personal Data Protection (Official Gazette of the Republic of Serbia, No. 87/2018) (hereinafter: Law) and the provisions of other regulations governing Personal Data Protection. Aiming to apply the principles of lawful, fair, and transparent processing of personal data, LO Sekulović has prepared this Privacy Policy to provide you with relevant information related to personal data processing, all in one place.

I Definition of Terms:

‘Personal Data’ is any data relating to a natural person whose identity is determined or determinable, directly or indirectly, in particular, based on an identifier, such as name and identification number, location data, identifiers in electronic communication networks, or one i.e., more features of their physical, physiological, genetic, mental, economic, cultural and social identity;

‘Personal Data Processing’ is any action or set of them performed automatically or non-automated with personal data or personal data sets, such as collection, recording, sorting, grouping i.e., structuring, storing, matching, or changing, disclosure, inspection, use, disclosure by transmission i.e., delivery, duplication, dissemination or otherwise making available, comparison, restriction, deletion or destruction (hereinafter: processing);

‘Data Subject’ is a natural person whose personal data is processed;

‘Controller’ is a natural person or legal entity i.e., the authority that independently or together with others determines the purpose and method of processing – for this Privacy Policy, the Controller herein is LO SEKULOVIĆ;

‘Processor’ is a natural person or legal entity i.e., an authority that processes Personal Data on behalf of the Controller.

II Controller:

The Law Office Sekulović, seated at Kneza Miloša 90A, floor XVIII, apt. 115, Belgrade.

III Personal Data types and categories of natural persons whose Personal Data is processed:

LO SEKULOVIĆ processes the data of the following categories of natural persons:

Client Data

Clients or business associates may engage LO Sekulović as attorneys, as well as to provide other legal services. In the mentioned cases, LO Sekulović may collect and use the personal data of clients and potential clients to provide specific services when LO Sekulović has a valid business reason for doing so. You can review all services provided by LO Sekulović on the website https://sekulovic-law.rs/.

All personal data that LO Sekulović collects in the manner described in the previous paragraph to provide the services mentioned above, should be submitted to LO Sekulović on legal grounds. Data categories processible by LO Sekulović and those relative to LO Sekulović’s clients are as follows:

general information, such as full name, company the person works for, and position in the company;
contact information, such as a postal address, e-mail address, and telephone numbers;
financial information, such as payment information;
all other data related to a specific natural person that was submitted to LO Sekulović required in the provision of certain services by LO Sekulović.

LO Sekulović uses this data for the following purposes:

provision of attorney and other legal services;
to meet legal and regulatory obligations;
data may be processed to protect persons and property i.e., preventing the commission of criminal and other illegal acts and detecting the perpetrators of such acts.

Legal grounds for processing our client’s data:

contract performance;
compliance with the legal or regulatory obligations of LO Sekulović;
the legitimate interests of LO Sekulović.

In terms of the processing of data submitted to LO Sekulović by its clients, LO Sekulović may process said data as the Controller, in which case LO Sekulović determines the purposes of processing; however, there is the possibility that LO Sekulović may process submitted personal data as the Processor, meaning that it processes said data on behalf of the Controller i.e., the entity that submitted the data and determined the reason for its processing (purpose).

LO Sekulović may also process personal data on the grounds of consent provided by the Data Subject. Should a need arise, LO Sekulović shall obtain the consent of the Data Subject in the form envisaged under the Law on Personal Data Protection.

Job Applicants

LO Sekulović may collect information (which contains personal data) about candidates who intend to conclude an employment contract with LO Sekulović. Generally, the information LO Sekulović collects concerning job applicants includes CV documents, identification documents, academic records, work history, employment information, and references.

This information is forwarded to those involved in the recruitment process so that they may decide whether to call the job applicant in for an interview. LO Sekulović shall collect additional information if the job applicant is invited to participate in the interview stage (or for similar purposes) and more. Such information includes interview notes, evaluation results, feedback, and details of the employment offer.

LO Sekulović collects personal data concerning job applicants from the following sources:

Directly from the applicant – for example, a person who is interested in employment at LO Sekulović when applying for a job, directly through the website https://sekulovic-law.rs/, by submitting documentation by mail or in another way, directly or indirectly;
From an employment agency – for example, in cases when the employment agency contacts LO Sekulović by submitting the data of an interested person with the intention of said person concluding an employment contract with LO Sekulović;
Through publicly available online sources: for example, cases where they have professional profiles published online (for example, on the website of the current employer or the website of professional networking, such as LinkedIn), with the intention that LO Sekulović concludes an employment contract with a specific person.

LO Sekulović uses this data for the following purposes:

when concluding an employment contract, to harmonise the job applicant’s skills, experience, and education with specific jobs available at LO Sekulović;
assess employment suitability with LO Sekulović and its clientele.

Legal grounds for processing a job applicant’s data:

undertaking actions, at the request of the Data Subject, prior to contract conclusion, with the intent of concluding the aforementioned contract;
explicit consent of the Data Subject (in exceptional cases when the job applicant expresses the desire to have their data processed over a longer period for several job openings).

Suppliers

LO Sekulović may process personal data concerning its suppliers (including subcontractors and individuals associated with suppliers and contractors) to fulfil a contract and receive services from suppliers.

Personal data processed by LO Sekulović is mainly limited to contact data (name, employer’s name, telephone, e-mail, and other contact data) and financial data (payment information). Furthermore, LO Sekulović may use information about suppliers to check whether there is a conflict of interest or a limitation of audit independence when appointing suppliers. Prior to hiring a supplier, LO Sekulović investigates audit independence and performs other background checks required by law or other regulations, for example, negative media coverage, cases of bribery and corruption, and other financial crimes.

Legal grounds for processing suppliers’ data:

contract performance;
compliance with legal or regulatory obligations.

LO Sekulović Employees’ Data

Legal grounds for processing employees’ personal data are laws in the field of labour (Labour Law, Law on the Central Registry of Compulsory Social Insurance, Law on Records in the Field of Labour, Law on Mandatory Insurance, etc.) as well as the Employment Contract, while the purpose of processing employees’ data is meeting the rights and obligations which derive from the employment relationship, other possible rights envisaged under the employment contract, as well as the fulfilment of the employer’s legal obligations.

Categories of employees’ data that are subject to processing are as follows:

name and surname;
personal ID No. (JMBG);
date and place of birth (city/town, municipality, republic, country);
name of one parent;
place of residence and home address;
the day of the year on which a religious holiday falls, to exercise the right to a non-working day by law;
identity card number and issuer (passport number for foreigners);
citizenship;
type and degree of professional education;
occupation;
data on insured family members, in cases where the employee requests to insure a family member;
data on previous employment;
data on the use of rights during temporary incapacity to work;
current account number;
other data necessary to meet a specific processing purpose.

Employees’ personal data may be processed by the human resources administration software. If any technical issues arise, the Controller may engage a third party to eliminate said issues, under the supervision of an employee of the Controller. The Controller shall conclude a contract with said third party, which shall also regulate the issue of data protection. If there is a need to engage third parties as processors or data recipients, the Controller shall promptly inform all persons whose data shall be the subject of processing or inspection.

Personal Data that May Be Processed by LO Sekulović, as the Processor

LO Sekulović may act as the Processor when processing personal data on behalf of its clients and service users as the Controller, in line with a contract concluded between them.

The contract between the Controller and the Processor covers the subject and duration of processing, the nature and purpose, the types of personal data and the types of parties concerning whom data are processed, as well as mutual rights and obligations.

When LO Sekulović acts as a Processor, it is obliged to:

processes data by the Law and principles of processing;
apply organisational, technical, and personnel measures to protect personal data;
act in everything by the order issued by the Controller.

Data of Individuals Who Access Our Website

When you access the website: https://sekulovic-law.rs/ LO Sekulović may collect data, such as IP address, device type, device unique identification number, browser type, and geographic location (e.g., country or city location), information about how your device behaves on our website, including the pages you have accessed and the links you have clicked on.

Collecting this information allows LO Sekulović to understand visitors who visit our website, where they come from, and what content interests them.

This information is primarily collected using cookies and similar tracking technologies, as explained in our Cookie Policy, which is also available on our website: https://sekulovic-law.rs/.

Your data collected through third-party cookies may be stored on servers outside the Republic of Serbia.

If there is a need to transfer personal data to countries that are not members of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (CETS No. 108) i.e., countries that do not provide an appropriate level of protection by relevant regulations in the field of personal data protection of the Republic of Serbia, LO Sekulović and the third-party company shall take measures to protect personal data and shall act according to the procedure established by relevant regulations for the protection of personal data.

Data of participants in seminars organized by LO Sekulović

LO Sekulović collects certain personal data of seminar participants to organize and conduct seminars, as well as to provide services and information to participants.

LO Sekulović may collect personal data of seminar participants, such as the participant’s full name, email address, company/organization of employment, and the participant’s position at the company. This data is collected based on the consent of seminar participants or the basis of LO Sekulović’s legitimate interest. The collected data is used exclusively to organize and conduct seminars. The data will not be used for other purposes nor shared with third parties without the consent of seminar participants.

LO Sekulović will only retain the personal data of seminar participants for as long as necessary for the purposes for which they were collected or by legal obligations. After this period expires, the data will be deleted.

IV Personal Data Processing Principles:

LO Sekulović shall process personal data: lawfully, fairly, and transparently concerning the Data Subject; data shall be limited concerning the purpose of processing; data shall be appropriate, essential, and limited to what is necessary; the data shall be accurate and up-to-date, whereby the client has the right to request the correction of inaccurate data at any time; the data shall be stored for the period necessary to achieve the purpose of processing; the data shall be protected against unauthorised or illegal processing, as well as against loss, destruction or damage.

V Grounds for Processing Personal Data:

1) Consent-based Processing

The Data Subject has agreed to the processing of their data for one or more specifically determined purpose(s). The Data Subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the admissibility of data processing that was carried out based on consent before consent withdrawal. In case of consent withdrawal, data processing is possible if there is a contractual relationship between the client and LO Sekulović or some other grounds for processing (law or legitimate interest).

2) Processing for Contract Preparation, Conclusion and Performance

The processing of personal data on these grounds is performed in the case of executing a contract concluded with the Data Subject or to undertake activities prior to contract conclusion, at the request of the Data Subject.

3) Processing on the Grounds of the Law and Other Binding Regulations

LO Sekulović processes personal data on the grounds of the law or other regulations, aiming to adhere to the legal obligations of the Controller (for example, the Law on the Prevention of Money Laundering and Terrorist Financing prescribes that client data must be retained for a period of 10 years upon the expiry of the contractual relationship, and so on).

4) Legitimate Interests

Should a need arise, LO Sekulović may process personal data in the following cases, on the grounds of legitimate interests:

processing personal data after the expiry of the data retention period, in defence of LO Sekulović’s interests and to obtain certain forms of evidence in procedures performed before various government bodies (courts, inspectorates, and so on) in cases when there are certain indications that a need for this data shall arise;
processing personal data relative to the discovery of fraudulent/unlawful activities of parties, aiming to protect LO Sekulović from any potential losses or reputational risk;
to obtain a Certificate of No Criminal Conviction from persons during the employment process, aiming to protect LO Sekulović’s interests and reputation;
information concerning family members and the property of certain employees, aiming to mitigate conflicts of interest;
in other cases, when processing is necessary to achieve the legitimate interests of LO Sekulović or a third party unless these interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.

VI Personal Data Recipients:

LO Sekulović has the right to forward personal data and documentation relative to the Data Subject, as well as other information considered to be of a confidential nature (trade secret), and data concerning obligations arising under contracts concluded between LO Sekulović and the Data Subject, and the manner of their settlement and compliance with the contractual provisions, and to send said data to all other parties that must have access to said data due to the nature of their work, third parties with whom LO Sekulović has concluded a contract which regulates personal data protection in the handling of confidential information, third party cookie providers, and all other bodies and parties to whom LO Sekulović is obligated by law to submit such information.

VII Data Export from the Republic of Serbia:

Personal data may be exported from the Republic of Serbia to another country or international organisation exclusively according to the rules stipulated in the Law on Personal Data Processing and other regulations governing this area.

Data export implies the possibility of exporting personal data to other countries that are members of the European Union and/or, the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (CETS No. 108), in which there is an appropriate level of protection of personal data. Should LO Sekulović intend to export personal data to a country that does not belong to the countries mentioned above, the disclosure of such data shall be performed according to the Law on Personal Data Processing and in compliance with the prescribed standards of personal data protection and the timely notification of the Data Subject.

VIII Personal Data Retention Period:

LO Sekulović retains the personal data it has collected for the period necessary to achieve a specific, concrete processing purpose or, while there are grounds for use if a one-time purpose is not in question, and then the data is deleted or made unrecognisable (measures: anonymisation).

A specific retention period or criteria that make it possible to determine such a period depends on the purpose and the grounds under which personal data is processed. For example:

personal data collected to execute the rights and obligations stipulated under a specific contractual relationship shall be processed and retained by LO Sekulović for the entire duration of the contractual relationship, and after the fact, LO Sekulović shall no longer process the collected data for the mentioned purpose. Once the data has fulfilled the purpose for which it was collected, said data shall be deleted, unless there are other grounds for processing, such as the law (e.g., obligation to retain documentation for a specific period upon the expiry of the contract), the person’s consent or legitimate interests;
personal data processed by LO Sekulović to fulfil its lawful obligations is processed and retained until the expiry of periods envisaged under the law that prescribes the specific obligation of LO Sekulović;
personal data processed solely on the grounds of the Data Subject’s consent are processed in line with the purpose for which they have been collected to the fulfilment of this purpose and/or until such time that the Data Subject withdraws consent;
in cases when personal data are processed on the grounds of legitimate interest, data is collected and processed for the period for which legitimate interests last, upon which time said data shall be deleted or anonymised;
all data collected through the use of cookies shall be stored according to the terms and for the duration defined in the Cookies Policy;
if the client submits their data on their own initiative for a justified purpose, LO Sekulović shall process said data in the case of need and within a period corresponding to the purpose of processing such data. An example is the submittal of a CV or other documents to the published addresses of LO Sekulović and the submission of other documents, information, or data containing personal data, to the employees of LO Sekulović, through electronic channels, verbally or in any other manner.

In cases where certain persons uninvitedly submit personal data to LO Sekulović, and it is obvious that the mentioned data has no significance or use value for LO Sekulović, they shall bear the responsibility for the further fate of such data; however, LO Sekulović shall not contribute to the compromise of said data with their activities.

IX Data Subjects’ Rights Relative to Personal Data Processing

Data Subjects have the right to be informed of the collection and processing of personal data and have the right to access personal data processed by LO Sekulovic. Data Subjects have the right to request a correction (of incomplete or inaccurate data), update, or deletion of data (right to be forgotten), as well as to restrict processing. Data Subjects have the right to submit a complaint to LO Sekulović at any time concerning the processing of personal data that refers to them. Data Subjects have the right to withdraw consent to the processing of their personal data when such consent is grounds for processing.

In addition to the aforementioned rights, Data Subjects have the right to transfer personal data, that is, the right to receive data they previously sent to LO Sekulović, to transfer said data to the Controller, as well as the right to allow for the transfer of their information directly to another Controller on behalf of LO Sekulović, if technically possible, and if the required safety standards relative to personal data transfer have been met, according to the assessment of LO Sekulović.

Data Subjects have the right to file a complaint with the competent authority (Commissioner for Information of Public Importance and Protection of Personal Data) regarding the processing of personal data if they believe that their data has not been processed in accordance with the Law on Personal Data Protection, in the case that they do not receive a response within 30 days from the date of submission of the request to exercise their rights, or if they are dissatisfied with the reply they received.

X Automated Data Processing:

As part of the business relationship between LO Sekulović and the Data Subject and to exercise the rights and obligations arising from said relationship, LO Sekulović may process client data in whole or in part in an automated manner, to provide services that correspond to the specific needs of the Data Subject, as well as to improve LO Sekulović’s business relationship with its clients.

XI How Is Your Data Protected?

LO Sekulović strives to apply the highest possible personal data protection standards and applies all necessary organisational, technical, and personnel measures, including, but not limited to the following:

technical protection measures,
control of physical access to the system where personal data is stored,
data access control,
data transfer control,
data entry control,
data availability control,
other information security measures,
all other measures necessary to protect personal data.

All Processors and other recipients of personal data are also obliged to apply all prescribed protection measures in line with the signed contract with LO Sekulović and legally prescribed standards and obligations.

XII Who Can You Turn to for More Information?

For any questions related to personal data processing, contact us via e-mail at office@sekulovic-law.rs or by sending an inquiry to the address of LO Sekulović, Kneza Miloša 90A, floor XVIII, apt. 115, Belgrade.

We will respond to your inquiry as soon as possible, depending on its complexity, and no later than within 30 days from the date of submittal, with the option of extending this deadline under extraordinary circumstances along with the obligation to provide a reason for said extension, as stipulated by law.

XIII Other:

This Privacy Policy shall enter into force on the eighth day upon its publication on our website at https://sekulovic-law.rs/.

We reserve the right to update this Privacy Policy and to follow amendments to legislation and technical innovations. Such changes will in no way reduce the level of legal protection guaranteed to Data Subjects.

All changes enter into force on the eighth day from the date of publication on our website. We suggest you periodically review our Privacy Policy to keep up to date with possible changes.

In Belgrade, 3 February 2023