What kind of personal data does the Agency collect?
While performing the entrusted tasks based on public authorization, the Agency collects the following type of data: first and last name, address of residence, unique master citizen number, date of birth, sex, IP address, email address, telephone number.
On what legal grounds does the Agency collect and process personal data?
The legal grounds for collection and processing of personal data performd by the Agency, as defined in the LPDP, can be the folowing: consent of the data subject (Article 12, paragraph 1), performance of contractual obligations or taking steps prior to entering into a contract (Article 12, paragraph 2), compliance with legal obligations to which the Controller is subject (Article 12, paragraph 3) and performance of tasks carried out in the public interest or in the exercise of official authority vested in the Controller (Article 12, paragraph 5).
For what purposes does the Agency collect personal data?
How does the Agency collect your data?
During the visit to our website, the browser you are using on your device will automatically send the following data to our website server: chosen language and font size, IP address of the device the request was sent from, date and time of the access, name and URL of the downloaded database, web page from which the access was made (referrer URL), the browser you are using and, if necessary, the operating system installed on your device, along with the name of your Internet access provider. These data will be stored temporarily (for approximately one month) in a log database, for the following purposes: establishment of a smooth connection, easy and comfortable use of our website and assessment of system security and stability.
While performing public authorizations entrusted to it pursuant to the laws applicable to its activities, the Agency decides on complaints and requests, and during this process it handles personal data of the submitters. In performing the tasks within its competence, the Agency will only collect personal data it needs to act accordingly and resolve the submitter’s complaint or request, during which a separate record is kept for each single file. In the process, the Agency shall collect the following personal data: first and last name, address, e-mail address, city, IP address from which the complaint/request was sent.
Definition of terms:
- “personal data” means any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- „data subject“ means any natural person whose personal data are being processed
- „controller“ means the natural or legal person, or public authority which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- „processor“ means a natural or legal person, or public authority which processes personal data on behalf of the controller;
- „processing of personal data“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (hereinafter: processing);
- „cookies“ are text files stored locally in the user’s browser, exchanged between the website and user’s device as a short-term memory of user’s activity on the website.
How does the Agency protect personal data?
- technical protection measures,
- physical access control to the system where personal data are stored,
- data access control,
- data entry control,
- data availability control,
- other cyber security measures,
- all other necessary measures of personal data protection.
For how long does the Agency store its users’ personal data?
The Agency, as a legal person entrusted with public authorizations, is obligated to store documents and data contained in it, within the set time limits defined in the applicable laws and bylaws.
Personal data recipients and processors
Personal data recipients can include:
- State authorities – administrative bodies and judicial organs, independent authorities (Commissioner, Ombudsman), organizations entrusted with public authorizations, regulatory bodies and operators when submitting data pertaining to complaints or requests before the competent court or to the administrative body, independent authority, organization entrusted with public authorizations, regulatory body, operator of electronic communications or postal service provider, during the complaint handling by the Agency;
- Other legally authorized entities (such as public enforcement officers, administrative receivers etc.);
- Data Processors – based on special agreements or other legally binding acts made in compliance with Article 45 of the LPDP, the Agency is entitled to hire data processors that will process personal data at the request and on behalf of the Agency (such as independent auditors, IT companies, accounting agencies and similar).
The Agency shall not transmit users’ personal data to other countries or international organizations.
What are the rights of persons whose personal data are processed by the Agency?
Right of access
The data subject shall have the right to obtain from the Agency confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored or the criteria used to determine that period; the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority (the Commissioner); where the personal data are not collected from the data subject, any available information as to their source; and the existence of automated decision-making. (Article 26 of the LPDP)
Right of rectification and completion
The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. (Article 29 of the LPDP)
Right to erasure of personal data
Right to restriction of processing
The data subject shall have the right to obtain restriction of processing, if one of the requirements under Article 31, paragraph 1 of the LPDP has been fulfilled.
Right to object
If deemed legitimate, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, to the Agency (Palmotićeva 2, 11000 Belgrade).
Right to data portability
- charge a reasonable fee based on administrative costs, i.e. acting on the request;
- refuse to act on the request.
Automated decision-making and profiling
The Agency does not employ automated decision-making nor does it perform any kind of profiling on this site.
Cookie categories used on this site
How to delete cookies?
„Cookies“ can be deleted or disabled from your Internet browser. Here are the links containing detailed instructions as to how to delete cookies from some of the most used browsers:
If you are using another browser, please follow the instructions of the relevant provider.
All subsequent changes will be timely published on the Agency’s official website www.ratel.rs.
How to contact us?
Headquarters address: Regulatory Agency for Electronic Communications and Postal Services, Palmotićeva 2, 11000 Belgrade.
The monitoring of the LPDP application is carried out by the Commissioner for Information of Public Importance and Personal Data Protection.
If you feel your right to personal data protection has been violated by the Agency, you are entitled, pursuant to Article 82, paragraph 1 of the LPDP, to lodge a complaint with the Commissioner at: firstname.lastname@example.org, or to: the Commissioner for Information of Public Importance and Personal Data Protection, Bulevar Kralja Aleksandra 15, 11000 Belgrade.
The complaint form is available on the website of the Commissioner www.poverenik.rs, in the section data protection/forms.