Privacy policy

Appendix 1 to the Data Processing Policy

INFORMATION ON INDIVIDUAL RIGHTS REGARDING PERSONAL DATA PROCESSING

CONTENT

INTRODUCTION

CHAPTER I – NAME OF THE ORGANIZATION PROCESSING THE DATA

CHAPTER II – NAMES OF ORGANIZATIONS PROCESSING THE DATA

  1. Our company's IT service provider

  2. Developer of our company's mapping system

CHAPTER III – ENSURING COMPLIANCE OF DATA PROCESSING WITH LAWS

  1. Data processing based on the consent of the person to whom the data pertains

  2. Data processing based on legal obligations

  3. Promoting the rights of data subjects

CHAPTER IV – HANDLING VISITOR DATA ON THE COMPANY'S WEBSITE – NOTICE ABOUT THE USE OF COOKIES

CHAPTER V – NOTICE ON THE RIGHTS OF PERSONS TO WHOM THE DATA PERTAINS

INTRODUCTION

Based on Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: the Regulation), which pertains to the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC, the Data Controller is required to take appropriate measures to ensure that the individual whose data is collected is provided with all necessary information regarding the processing of personal data in a concise, transparent, understandable, and accessible form. Additionally, the Data Controller must ensure the conditions for the exercise of the rights of the individual whose data is collected.

The duty of preliminary information provision regarding the right to informational self-determination and freedom of information is also transcribed by Act CXII of 2011.

The following text fulfills our obligations as required by the aforementioned laws and regulations.

The notice must be published on the company's website and sent to the individual whose data is being collected upon request.

CHAPTER I

NAME OF THE ORGANIZATION PROCESSING THE DATA

The issuer of this notice and the Data Controller:

Company Name: TRGOVINSKO PREDUZEĆE ŠURANJI COOP DOO, SENTA
Headquarters: Senta
Registration Number: 08521590
VAT Number: 101099622
Representative: Monika Horvat
Phone Number: 024/821-197
Email Address: otkup@sirak.rs
Website: sirak.mysellvio.com/

(hereinafter: the Company)

CHAPTER II

NAMES OF ORGANIZATIONS PROCESSING THE DATA

An entity processing the data: a natural or legal person, public authority, agency, or other body that processes data on behalf of the Data Controller; (Rule 4, Article 8)

The involvement of a data processor does not require the prior consent of the data subject, but the data subject must be informed. Accordingly, the following notice is provided:

  1. Our Company's IT Service Provider

To maintain and manage the company's website, the Data Controller utilizes the services of a data processor, providing IT services (hosting services) and within these services - in accordance with the contract concluded between the two parties - processes personal data that remains on the website, saving it on the server.

Name and Details of the Data Processor:

Company Name: ErdSoft doo
Headquarters: 24000 Subotica, Somborski put 33a, Serbia
Registration Number: 21354619
VAT Number: 110478829
Representative: Daniel Erdudac
Phone Number: +381 60 44 60 555
Fax: None
Email Address: daniel.erdudac@erdsoft.com
Website: erdsoft.com

CHAPTER III

ENSURING COMPLIANCE OF DATA PROCESSING WITH LAWS

  1. Data Processing Based on the Consent of the Person to Whom the Data Pertains

(1) If the Company wishes to process data based on consent, it is necessary to request the consent of the individual for the processing of their personal data on the form, the content of which is determined in the data processing policy.

(2) Consent is also considered to be given if the user checks the box indicating consent to data processing on the Company's website when availing of services related to the information society, performs the related technical settings, and any other statement or action that clearly indicates the data subject's consent to the intended processing of their personal data. Silence, pre-checked boxes, or inaction does not constitute consent.

(3) Consent applies to all processing activities carried out for the same purpose or purposes. If the data processing serves several different purposes, consent must be requested for all purposes related to the data processing.

(4) If the data subject provides consent in a written statement that also refers to other matters - e.g., conclusion of a sale, service contract - consent must be requested in a clear, simple, understandable, accessible manner, and distinctly separate from other matters. Parts of such statements that include consent and do not comply with the Regulation are not legally binding.

(5) The Company may not condition the conclusion or execution of a contract on the consent to the processing of personal data that is not necessary for the performance of the contract.

(6) The withdrawal of consent must be as simple as the provision of consent.

(7) If the personal data is recorded with the consent of the data subject, the Data Controller may use the recorded data for purposes other than statutory obligations and after the withdrawal of consent, without requiring further consent.

(8) The site does not explicitly collect data from minors (under 16 years of age). If minors' data is recorded, it will be deleted immediately upon discovery.

  1. Data Processing Based on Legal Obligations

(1) In the case of data processing based on legal obligations, the scope of the data, the purpose of the data processing, the duration of data storage, and the users of the data are determined by law.

(2) Data processing based on legal obligations does not depend on the consent of the data subject, as the data processing is determined by law. In this case, the data subject must be informed before data collection that data collection is mandatory and must be provided with detailed and clear information on all facts related to their data processing, especially the purpose and legal basis of the data processing, the person authorized to process the data, the duration of data processing, the personal data processed in accordance with legal provisions, and who has access to the data. The notice must also include the rights of the person and the possibilities for exercising rights related to the processing of personal data. In the case of mandatory data processing, the notice is also considered an invitation to publish any law containing the aforementioned information.

  1. Promoting the Rights of Data Subjects

The Company must ensure that the data subject can exercise their rights in all activities related to data processing.

Chapter IV: Processing of Visitor Data on the Company's Website – Notice on the Use of Cookies

  1. Visitors to the website must be informed about the use of cookies, and, with the exception of technically necessary session cookies, their consent must be obtained in all cases.

General Information About Cookies

2.1 A cookie is a piece of data sent by the website visited to the visitor’s browser (in the form of a value variable) for storage, and later, the same website can retrieve the content of the cookie. Cookies can be valid until the browser is closed or for an unlimited duration. Later, with every HTTP(S) request, the browser sends this information to the server, thereby altering the data on the user’s device.

2.2 The purpose of cookies is to tag and identify the user (e.g., upon entering the site), and manage the user accordingly in every subsequent instance. The risk lies in the fact that the user may not always know that cookies are identifying them, providing an opportunity for tracking by the site owner or other service providers whose content is embedded on the site (e.g., Facebook, Google Analytics). During tracking, a profile is created about the user, and in these cases, the content of the cookies is treated as personal data.

2.3 Types of Cookies:

2.3.1 Technically necessary session cookies: Without these, websites simply do not function. These cookies identify the user, track when they entered the site, and what they added to their cart, etc. In this case, generally, the session identifier is used, while other data is stored on the server, making it more secure. From a security perspective, if the session cookie value is not properly generated, there is a risk of session hijacking, so it is necessary to generate these values appropriately. Other terminologies refer to session cookies as any cookies that are deleted at the moment of exiting the browser (the session being the use of the browser from start to exit).

2.3.2 Cookies that facilitate usage: These include cookies that remember the user’s preferences, such as how they want to view the site. These cookies essentially mark the settings that are stored by the cookies.

2.3.3 Performance cookies: Although they have little to do with “performance,” this is the name given to cookies that collect information about user behavior, clicks, and time spent on the visited page. These are generally third-party applications (such as Google Analytics, AdWords, or Yandex.ru cookies). They are suitable for creating visitor profiles.

Learn more about Google Analytics cookies here: Analytics cookies

Learn more about Google AdWords cookies here: Google support

2.4 Accepting or allowing cookies is not mandatory. In the browser settings, it can be set to automatically reject all cookies or notify the browser when the system sends cookies. Most browsers automatically accept cookies by default, but the settings can usually be modified to prevent automatic acceptance and offer the user a choice to accept or reject cookies.

See the links below for cookie settings in the most popular browsers:

• Google Chrome: Chrome support

• Firefox: Firefox support

• Microsoft Internet Explorer 11: Microsoft support 

• Microsoft Internet Explorer 10: Microsoft support 

• Microsoft Internet Explorer 9: Microsoft support

• Microsoft Internet Explorer 8: Microsoft support

• Microsoft Edge: Microsoft support

• Safari: Apple support

 

 

However, it should be noted that certain functions of the site or service do not work properly without cookies.

3. Information About Cookies Used on the Company's Website and Data Collected During Visits

3.1. Data Processed During the Visit

Our company's website may record and manage the following information about the visitor or the device used by the visitor:

  • the visitor's IP address,
  • browser type,
  • characteristics of the operating system of the device used by the visitor (configured language),
  • time of visit,
  • (sub)websites, features, or services visited,
  • clicks.

These data are stored for a maximum of 90 days and are primarily used for testing security incidents.

3.2. Cookies Used on the Website

3.2.1. Technically Necessary Session Cookies

The purpose of data processing is to ensure the proper functioning of the website. These cookies are necessary for visitors to browse the website without problems and to fully utilize all features and services available through the website, including, in particular, remembering visitors on a given website or identifying the logged-in user during a visit. The duration of cookie management is limited to the visitor's current visit, and this type of cookie is automatically deleted from the user's computer at the end of the session or when the browser is closed.

The legal basis for processing these data is Section 13/A(3) of the 2001 Act CVIII on Electronic Commerce Services and on Information Society Services, which states that the service provider may process personal data that are technically necessary for providing the service. Under unchanged conditions, service providers should select and use tools for providing services related to the information society so that they process personal data only if it is absolutely necessary for providing the service and for achieving other necessary goals as defined in this Act, but even then only to the necessary extent and for the necessary duration.

3.2.2. Cookies That Facilitate Usage

These cookies remember the user's choices, such as how the user wants to view the site. This type of cookie essentially stores setting data.

The legal basis for processing these data is the consent of the visitors.

The purpose of data processing is to increase the efficiency of services, improve the user experience, and ensure the convenient use of the site.

These data are located on the user's computer, and the website only accesses them and recognizes the visitor based on these data.

3.2.3. Performance Cookies

This type of cookie collects information about user behavior, time spent, and clicks on the pages viewed by the user. These cookies are generally tracked by third-party applications (e.g., Google Analytics, AdWords).

The legal basis for data processing is the consent of the affected individual.

The purpose of data processing is to analyze the website and send promotional offers.

Chapter V: Notification of the Rights of Persons to Whom the Data Relates

I. Summary of the Rights of Persons to Whom the Data Relates

  1. Transparent information, communication, and means for exercising the rights of data subjects

  2. Right to prior information if personal data is collected from the data subject

  3. Information in case personal data is not obtained from the data subject

  4. Right of access by the data subject

  5. Right to rectification

  6. Right to erasure ("right to be forgotten")

  7. Right to restriction of processing

  8. Notification obligation regarding rectification or erasure of personal data or restriction of processing

  9. Right to data portability

  10. Right to object

  11. Right to automated individual decision-making, including profiling

  12. Restrictions

  13. Notification of personal data breach to the data subject

  14. Right to lodge a complaint with a supervisory authority

  15. Right to an effective judicial remedy against a supervisory authority

  16. Right to an effective judicial remedy against a controller or processor

II. Detailed Rights of Persons to Whom the Data Relates

  1. Transparent Information, Communication, and Means for Exercising the Rights of Data Subjects

1.1. The controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, particularly in the case of information addressed specifically to a child. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. Where requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

1.2. The operator shall facilitate the exercise of data subject rights.

1.3. The controller shall inform the data subject of actions taken without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

1.4. If the operator does not act on the request of the data subject, the operator shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

1.5. The information, communication, and actions taken are free of charge, but in some cases prescribed by the regulation, a fee may be charged.

Detailed rules can be found in Article 12 of the Regulation.

  1. Right to Prior Information When Personal Data Are Collected from the Data Subject

2.1. When personal data relating to a data subject are collected from the data subject, the controller shall, at the time of collecting the personal data, provide the data subject with all of the following information:

a) the identity and the contact details of the controller and, where applicable, of the controller's representative;

b) the contact details of the data protection officer, where applicable;

c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;

d) where the processing is based on the legitimate interests pursued by the controller or by a third party;

e) the recipients or categories of recipients of the personal data, if any;

f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organization.

2.2. In addition to the information referred to in paragraph 1, the controller shall, at the time of collecting the personal data, provide the data subject with the following further information necessary to ensure fair and transparent processing:

a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

c) where the processing is based on the data subject's consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

d) the right to lodge a complaint with a supervisory authority;

e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data;

f) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2.3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject before that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.

All additional rules concerning the right to prior information are found in Article 13 of the Regulation.

3. Notification When Personal Data Is Not Collected from the Data Subject

3.1. If the personal data is not obtained from the data subject, the operator must inform the data subject about the facts and information described in point 2 and about the category of personal data, no later than one month after obtaining the data, including the source of the personal data, or in certain cases, whether the data comes from publicly accessible sources. This must be done at the latest at the first communication with the data subject if the personal data is used for that person, or at the latest at the time of the first transfer if the data is to be shared with other users.

3.2. The facts and obligations mentioned in point 2 (Right to Prior Information) apply to other rules.

Detailed rules for this notification are contained in Article 14 of the regulation.

4. Right of Access by the Data Subject

4.1. The data subject has the right to request confirmation from the data controller as to whether personal data concerning them is being processed and, if such personal data is being processed, to access the personal data and the information mentioned in points 2 and 3 (Article 15 of the regulation).

4.2. If personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards concerning the transfer, in accordance with Article 46.

4.3. The data controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

Detailed rules on the rights of data subjects are contained in Article 15 of the regulation.

5. Right to Rectification

5.1. The data subject has the right to obtain from the operator the rectification of inaccurate personal data concerning them without undue delay.

5.2. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

These rules are contained in Article 16 of the regulation.

6. Right to Erasure ("Right to be Forgotten")

6.1. The data subject has the right to obtain from the operator the erasure of personal data concerning them without undue delay, and the operator has the obligation to erase personal data without undue delay if one of the following conditions applies:

a) The personal data is no longer necessary for the purposes for which they were collected or otherwise processed; b) The data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing; c) The data subject objects to the processing, and there are no overriding legitimate grounds for the processing; d) The personal data has been unlawfully processed; e) The personal data has to be erased for compliance with a legal obligation under Union or Member State law to which the operator is subject; f) The personal data has been collected in relation to the offer of information society services to a child.

6.2. The right to erasure does not apply to the extent that processing is necessary:

a) For exercising the right of freedom of expression and information; b) For compliance with a legal obligation which requires processing by Union or Member State law to which the operator is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the operator; c) For reasons of public interest in the area of public health; d) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) For the establishment, exercise, or defense of legal claims.

Detailed rules on the right to erasure are contained in Article 17 of the regulation.

7. Right to Restriction of Processing

7.1. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

7.2. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

a) The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or d) The data subject has objected to processing pending the verification of whether the legitimate grounds of the controller override those of the data subject.

7.3. A data subject who has obtained restriction of processing pursuant to point 7.2 shall be informed by the controller before the restriction of processing is lifted.

Detailed rules on the right to restriction of processing are contained in Article 18 of the regulation.

8. Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing

The operator shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The operator shall inform the data subject about those recipients if the data subject requests it.

Detailed rules on this obligation are contained in Article 19 of the regulation.

9. Right to Data Portability

9.1. The data subject shall have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:

a) The processing is based on consent or on a contract; and b) The processing is carried out by automated means.

9.2. In exercising their right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

9.3. The exercise of the right referred to in point 9.1 of this Article shall be without prejudice to Article 17 (Right to Erasure, "Right to be Forgotten"). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. It shall also not adversely affect the rights and freedoms of others.

Detailed rules on the right to data portability are contained in Article 20 of the regulation.

10. Right to Object

10.1. The data subject shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

10.2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

10.3. At the latest at the time of the first communication with the data subject, the right referred to in points 10.1 and 10.2 of this Article shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

10.4. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

10.5. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Detailed rules on the right to object are contained in Article 21 of the regulation.

11. Automated Individual Decision-Making, Including Profiling

11.1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

11.2. Point 11.1 shall not apply if the decision:

a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller; b) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or c) Is based on the data subject's explicit consent.

11.3. In the cases referred to in points 11.2(a) and 11.2(c), the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

Detailed rules on automated individual decision-making, including profiling, are contained in Article 22 of the regulation.

12. Restrictions

Union or Member State law to which the controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

a) National security; b) Defense; c) Public security; d) The prevention, investigation, detection, or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; e) Other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary, and taxation matters, public health, and social security; f) The protection of judicial independence and judicial proceedings; g) The prevention, investigation, detection, and prosecution of breaches of ethics for regulated professions; h) A monitoring, inspection, or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (g); i) The protection of the data subject or the rights and freedoms of others; or j) The enforcement of civil law claims.

Detailed rules on restrictions are contained in Article 23 of the regulation.

13. Communication of a Personal Data Breach to the Data Subject

13.1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

13.2. The communication to the data subject referred to in point 13.1 shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in Article 33(3)(b), (c), and (d).

13.3. The communication to the data subject referred to in point 13.1 shall not be required if any of the following conditions are met:

a) The controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular, those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption; b) The controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in point 13.1 is no longer likely to materialize; c) It would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

13.4. If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to in point 13.3 are met.

Detailed rules on the communication of a personal data breach to the data subject are contained in Article 34 of the regulation.

14. Right to Lodge a Complaint with a Supervisory Authority

14.1. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes this regulation.

14.2. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78.

Detailed rules on the right to lodge a complaint with a supervisory authority are contained in Article 77 of the regulation.

15. Right to an Effective Judicial Remedy Against a Supervisory Authority

15.1. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.

15.2. Without prejudice to any other administrative or non-judicial remedy, each data subject shall have the right to an effective judicial remedy where the competent supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 77.

15.3. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

15.4. Where proceedings are brought against a decision of a supervisory authority which was preceded by an opinion or decision of the Board in the consistency mechanism, the supervisory authority shall forward that opinion or decision to the court.

Detailed rules on the right to an effective judicial remedy against a supervisory authority are contained in Article 78 of the regulation.

16. Right to an Effective Judicial Remedy Against a Controller or Processor

16.1. Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where they consider that their rights under this regulation have been infringed as a result of the processing of their personal data in non-compliance with this regulation.

16.2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has their habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.

Detailed rules on the right to an effective judicial remedy against a controller or processor are contained in Article 79 of the regulation.

Cookie settings

We use cookies to personalise content and ads, to provide social media features and to analyse website traffic. You can read more by clicking on the "Settings" button.
We use cookies to personalise content and ads.

Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Your consent applies to the following domains sirak.rs

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistical cookies allow anonymous data collection to allow website owners to analyze website usage.

The purpose of marketing cookies is to track users through multiple websites. The goal is to be able to display ads to our users that are relevant and of interest to them, making them more valuable to publishers and third-party advertising providers.

  • XSRF-TOKEN
  • mysellvio_session
Cookie declaration last updated on 2020.09.04.