Privacy Notice

Download the English-Serbian pdf version:

Privacy-notice-ENG-SRBDownload

1. About us

BLUE GRID DOO, with its seat at Mihajla Pupina Boulevard no. 10a, Belgrade-New Belgrade, registration number 21259128, e-mail [email protected] ("Blue Grid", "Company", "us", “we”) is a company for computer programming. In performing our activities, we process personal data. We process personal data, as a controller, in full compliance with the provisions and principles prescribed under the Law on Personal Data Protection ("Official Gazette of RS", No. 87/2018) ("Law"), other laws and bylaws, and existing standards in the field of personal data protection. Blue Grid as a data controller determines the purpose and manner of processing personal data.
As we are committed to the protection of personal data, we accordingly collect and process personal data in a fair and transparent manner, whereby personal data are collected and processed for specific, permitted purposes, and we are processing only personal data necessary to achieve the purpose for which they are collected and processed. We store personal data only to the extent necessary to achieve the purpose of processing and in accordance with regulations.

This Privacy Notice ("Notice"), in addition to fulfilling our statutory obligations, provides you with information regarding the purposes of personal data processing, the legal basis for the processing of personal data, your rights as data subjects, and other aspects of personal data protection. Please read this Notice in its entirety to learn more about the types of personal information we collect and process, the purposes for which your personal information is processed, your rights, and other information contained in this Notice.
In our business, we apply measures to ensure that personal data is accurate while ensuring the right to correct or delete inaccurate personal data. In the field of personal data protection, we implement measures to protect personal data from loss, destruction, and damage, as well as from unauthorized access or illegal processing of personal data by taking all necessary measures and respecting legal obligations and existing standards in this area.

2. The processed personal data, source of personal data, purpose, legal basis and retention period

In performing our activities and in order to fulfill numerous legal obligations, and to satisfy the interests of users of our services, fulfill contractual obligations, we process the personal data of persons with whom we are in contact regarding our business, such as name, IP addresses, e-mail addresses, telephone numbers, date of birth, residential address, education acquired and the like.
The purposes for which we collect, and process personal data are clearly defined during each collection and processing of personal data, and the same is done on the basis of prescribed grounds such as the consent of a person that can be quickly and easily withdrawn at any time, our legitimate interest, and for the purpose of concluding and executing the contract and fulfilling the legal obligations we have. The purposes for which we most often collect and process personal data are the conclusion and execution of contracts, contact with potential candidates for employment in the Blue Grid, the offer of our products, and the like.

2.1. Our website

In our business, like most companies, we use a website that can be accessed at https://bluegrid.io/, through which we introduce you to our activities, open positions in the Blue Grid, and the like.

We do not directly identify you when using our website. A visit to our website collects the following information, which may be personal information such as IP, the type of device you use to access our website, the date and time of your visit to the website, the browser you used to access it, and the operating system of your device.

We collect and process the aforementioned data for statistical and analytical purposes in order to determine the number of visits to our website, as well as for the security purposes of our website, in order to prevent abuse and potentially identify the person responsible for abuse in cooperation with government agencies. The basis for this data processing is our legitimate interest, which consists in ensuring the functionality of our website, improving it, and preventing potential abuse, while this data is stored as long as necessary to achieve this purpose, and exceptionally longer if necessary for the purpose of fulfilling our legal obligations or for the purpose of filing, realizing or defending a legal claim.

Additionally, through our website, we collect and process your name and e-mail address, as well as other personal information that may be provided in your message or is required to be provided when you contact us via the contact form available on our website or use chat forms that you can access on our website. If you do not provide us with the above information via the contact form on our website, we will not be able to respond to you. We need this personal information in order to respond to your message sent to us via the contact form and we process it based on our legitimate interest in communicating with you at your request. We store personal data collected in this way and for the stated purpose until the purpose is achieved.

On our website, you may use chat forums in order to comment on certain content published on our website, whereby you determine the content of comments you provide through this form. We collect the aforementioned personal data in order to enable this functionality of our website for you. Third-party that we use for the provision of this functionality, provides us with access to the comments so that we may act as moderators on our website, and meet our obligations under applicable laws. The comments may include personal data such as e-mail address, username, and IP address which we process for the purpose of moderating our website and, as the case may be, to detect and eliminate errors and technical problems that may arise in connection with the use of our website and to prevent possible abuse, which includes removal of inappropriate content. These personal data are kept as long as necessary to achieve this purpose, and exceptionally longer if necessary for the purpose of fulfilling our legal obligations or for the purpose of filing, realizing, or defending a legal claim.

Our website uses cookies, which you can find out more about here (https://bluegrid.io/cookie-policy/).

On our website, there is a possibility that there are links to third-party websites that have their own rules regarding the protection of personal data that you can get familiar with on third-party websites, so Blue Grid is not responsible for them.

2.2. Blue Grid business activity

When conducting business activities, Blue Grid collects and processes personal data of individuals who are related to our business partners, as well as when the individuals themselves are our business partners. As part of these processes, we process personal data such as name and surname, e-mail address, and telephone number. The stated personal data are processed for the purpose of establishing a business relationship with our business partners and the realization of the agreed business cooperation. The basis for the processing of personal data for this purpose is to take action before concluding the contract as well as the execution of contracts that we have concluded with our business partners. Personal data that are processed for the stated purpose, are stored and processed until the stated purpose is achieved, but also longer in accordance with the mandatory regulations relating to our business.

2.3. Selection and hiring

As a company that is continuously looking for the best staff on the market to achieve our mission and goals, we constantly need to hire new associates, which is why we carry out the process of selecting potential associates for open positions in the Blue Grid.

In the process of selecting candidates for open positions in Blue Grid, we collect and process personal data that you provide us, such as name and surname, e-mail address, telephone number, place and address, date of birth, photo, information about acquired education, experience, and skills.

The personal data that you provide to us when applying for certain open positions in Blue Grid, we process only for the purpose of potential employment with Blue Grid. We process personal data for this purpose on the basis of Article 12, paragraph 1, item 2 of the Law, because it is necessary in order to take action before concluding the contract. Personal data processed for the stated purpose are used for the duration of the candidate's election, which time period may differ, and if there is no engagement, personal data are deleted after the completion of the candidate selection procedure.

In addition, the personal data you have submitted to us may be processed longer than the duration of the selection procedure for a specific position, if you give us consent for such processing of personal data, which is the basis for this processing of personal data. When applying for open positions or expressing interest in engaging in Blue Grid, you have the opportunity to allow us with your consent to store and process personal data, if you want us to contact you regarding engagement in Blue Grid for open positions that may suit you. We keep personal data for this purpose for 10 years.

Your consent to such processing of personal data is the legal basis for such processing of personal data. Once you have given your consent, you can always withdraw it by sending an e-mail to [email protected]. If you revoke the consent, we will not process your personal data and we will delete it within 30 days from the day when you have revoked the consent.

In the process of searching for suitable candidates, we may collect some of the above data through third parties, and not directly from you, for example through websites and platforms on which you have left your data. The purpose for which we use the personal information we collect in this way is solely to establish contact for employment in Blue Grid, and the basis for this processing is our legitimate interest in hiring the best candidates for positions in our company. If we have collected personal data in this way, we will notify you of the processing no later than 30 days from the day we collected personal data in this way or at the latest when establishing the first communication, except when you are already familiar with the processing or if notification would be impossible or if it would involve a disproportionate expenditure of time and resources or when data collection is explicitly prescribed by law. We store your data collected in this way until the purpose for which it was collected is fulfilled, and of course, you have the right in accordance with the law to object to such processing, according to which possible complaint we will act in accordance with regulations and your rights.

2.4. Marketing activities

In order to present what we do, our products, and our services, we may from time to time inform you about existing and new services, products, and news in the industry in which we operate. We can notify you via email in order to achieve the stated purpose, for which we need personal data such as e-mail, name, and surname which we process for this purpose. We process the personnel for this purpose solely on the basis of your consent, which is the legal basis for this processing.

If you do not wish to receive notifications from us, you can revoke your consent at any time by sending an e-mail to [email protected]. If you revoke your consent for this processing of personal data, we will stop sending you the above notice and stop processing personal data collected for this purpose within 30 days from the date of revocation of consent due to technical requirements that must be met in order to the change has taken place.

Personal data collected in this manner is stored and processed until you revoke your consent, exceptionally longer if it is necessary to fulfill our legal obligations.

3. Data processing based on our legitimate interest

We may from time to time process personal data for the purpose of achieving our goals based on our legitimate interest and only if our legitimate interest outweighs your interests, rights, and freedoms.

We process personal data based on our legitimate interest due to:

• business improvement, upgrading, and development of new and existing services and products;
• business protection;
• prevention of fraud;
• ensuring data security;
• securing our users and preventing abuse.

1. Data Processors
   In carrying out our activities, we may cooperate with third parties to whom we may provide personal data for processing. Before cooperating with the processors, we ensure that these are persons who meet the requirements in terms of appropriate technical, organizational, and personnel measures so that they meet the requirements that data processing is performed in accordance with regulations and that personal data is secure. If we hire processors, we conclude contracts with processors in accordance with the regulations, and they are obliged to act only according to our instructions, taking into account the purposes of processing that we determine.
2. Recipients
   In order to achieve the purposes of processing personal data, and to meet contractual and legal obligations, personal data can be shared with different recipients, which can be:

• our employees;
• accounting agencies;
  -auditors;
• lawyers;
• state bodies and organizations.

Recipients receive personal data under the conditions of prescribed organizational and technical measures and procedures, where they are obliged by agreements on confidentiality and data protection, except when such obligations arise from mandatory legal provisions.

6. Personal data transfer outside the Republic of Serbia
   During business activities conduct, personal data may be transferred to other countries. If there is a transfer of personal data to other countries, such transfer is made only to countries that have been determined to provide an appropriate level of protection in accordance with the regulations of the Republic of Serbia and the decisions of the competent authorities.
7. Your rights
   In accordance with the Law, you have numerous rights when it comes to your personal data. The following of this Notice lists your rights that you have in accordance with the Law, and we will always assist you in exercising your rights in accordance with the Law.
   7.1 Right to access

You have the right at any time to ask us for information on whether we process your personal data, access to that data, as well as information:
1) on the purpose of the processing;
2) on the types of personal data that we process;
3) the recipient or types of recipients to whom personal data have been or will be disclosed, in particular to recipients in other countries or international organizations;
4) on the envisaged period of keeping personal data, or if that is not possible, on the criteria for determining that period;
5) the existence of the right to request from us the correction or deletion of personal data, the right to limit processing, and the right to object to processing;
6) on the right to submit a complaint to the Commissioner for Information of Public Importance and Personal Data Protection ("Commissioner");
7) the source of personal data, if personal data have not been collected from you;
8) on the existence of an automated decision-making procedure, including the profiling referred to in Article 38, para. 1 and 4 of the Law, and, at least in those cases, relevant information on the logic used, as well as on the significance and expected consequences of that processing.

If personal data are transferred to another state or international organization, you have the right to be informed of the appropriate protection measures related to the transfer, in accordance with Article 65 of the Law.

7.2. Right to correct

You have the right to ask us to correct your incorrect personal data without undue delay. Depending on the purpose of the processing, you can supplement your incomplete personal data, which includes giving an additional statement.

In the event of a correction, we will notify all recipients to whom personal data have been disclosed of each correction unless this is impossible or requires an excessive expenditure of time and resources, and notify you about this, as well as on all recipients at your request.

7.3. Right of deletion

You have the right to ask us to delete your personal data, and we will delete such personal data without undue delay in the following situations:
1) personal data are no longer necessary to achieve the purpose for which they were collected or otherwise processed;
2) you have revoked the consent on the basis of which the processing was performed, and there is no other legal basis for processing;
3) you have filed an objection to processing in accordance with:

a) Article 37, paragraph 1 of the Law, and there is no other legal basis for processing that prevails over your legitimate interest, right, or freedom,
b) Article 37, paragraph 2 of the Law;

4) personal data have been processed illegally;
5) personal data must be deleted in order to fulfill our legal obligations;
6) personal data are collected in connection with the use of information society services referred to in Article 16, paragraph 1 of the Law.

If we have publicly disclosed the personal data that deletion you request, we will take all reasonable measures, including technical measures, in accordance with available technologies and taking into account the possibility of bearing the costs of their use, in order to inform other controllers that you have submitted a request for deletion in accordance with the Law of all copies of these data and references, i.e. electronic links to these data.

We will notify all recipients to whom your personal information has been disclosed of any deletion unless this is impossible or requires an excessive expenditure of time and resources and will notify you about this, as well as all recipients at your request.

7.4. The right to limit processing

You have the right to require us to restrict the processing of personal data if one of the following conditions is met:
1) if you dispute the accuracy of personal data, within the period that allows us to check the accuracy of personal data;
2) the processing is illegal, and you oppose the deletion of personal data and instead of deleting you demand a restriction on the use of data;
3) We do not need personal data to achieve the purpose of processing, but you exercise this right to limit processing in order to file, exercise, or defend a legal claim;
4) you have filed an objection to the processing in accordance with Article 37, paragraph 1 of the Law, and the assessment of whether the legal basis for processing by the controller outweighs your interests is in progress.

In the event of exercising this right to limit processing, we will continue to process such personal data only on the basis of your consent to the processing unless it is stored or for the purpose of filing, exercising, or defending a legal claim or to protect the rights of another natural or legal person, legal persons or for the realization of significant public interests.

We will notify all recipients to whom personal information has been disclosed of any processing restrictions unless this is impossible or requires an excessive expenditure of time and resources, and notify you about this, as well as on all recipients at your request.

7.5. Right to transfer

You have the right, in accordance with the Law, to receive your personal data that you have previously provided to us from us in a structured, commonly used, and electronically readable form and you have the right to transfer this data to another controller without our interference, if at the same time following conditions are met:

1) processing is based on consent in accordance with Article 12, paragraph 1, item 1) or Article 17, paragraph 2, item 1) of the Law or on the basis of a contract, in accordance with Article 12, paragraph 1, item 2) of the Law;
2) processing is performed automatically.

Your right to transfer includes the right to have your personal data transferred directly to another controller, if technically feasible.

7.6. Right to object

If you believe that this is justified in relation to the special situation in which you find yourself (for example, in situations where you are in danger), you have the right to object to us at any time for the processing of your personal data, which is carried out in accordance with Article 12. paragraph 1 item and 6) of the Law, including profiling based on these provisions. We will discontinue the processing of data based on this complaint unless we show you that there are legal reasons for the processing that outweigh your interests, rights, or freedoms of the person or are related to the filing, realization, or defense of a legal claim.

You have the right to object at any time to the processing of your personal data for direct advertising purposes, including profiling, to the extent that it is related to direct advertising, and in that situation, we will not further process your personal data for those purposes.

7.7. Right to notification in case of a personal data breach

In the event of a personal data breach, we will notify you without undue delay of the violation, if the personal data breach may pose a high risk to your rights and freedoms, with such notification stating at least the name and contact details of the person for the protection of personal data in the Blue Grid or information on other means of obtaining information about the injury, a description of the possible consequences of the injury, a description of the measures we have taken or proposed to take in relation to the injury, including measures taken to mitigate harmful consequences.

7.8. Right to file a complaint

You have the right to lodge a complaint with the Commissioner in accordance with the Law.

8. Our contact details
   In connection with the exercise of your rights in accordance with the Law, you can contact us in writing at the address Bulevar Mihajla Pupina 10a, 11070 New Belgrade, Republic of Serbia, via the e-mail address [email protected]
9. Notice amendments
   We may from time to time amend and/or supplement this Notice which can be found on our website.