PRIVACY POLICY - GFA SOUTH EAST EUROPE D.O.O.

GFA South East Europe d.o.o., which operates this website, takes the protection of your personal data very seriously. This Privacy Policy describes how we process the personal data that we collect or that you provide to us when you use our website, in accordance with Articles 21, 23 and/or 24 of the Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of the Republic of Serbia”, no. 87/2018) (“DP Law”).

I. General information on data processing

1. Information on the data controller

GFA South East Europe d.o.o.

Resavska 28
11000 Belgrade, Serbia
Phone: +381 11 4055 697
E-mail: zoran.kapor@gfa-group.de
www.gfa-see.com

(“GFA SEE”, “data controller” or “we”)

2. Why we use data

In order to optimize the content of our website to better meet your demands, we need to identify which sections of our website are the most visited and on which the most time is spent. If you provide us with your personal data, we will use such information for the technical administration of the website, marketing and answering your inquiries, however, only to the extent that is necessary, pursuant to the DP Law. Each particular purpose of data processing is specified in the relevant section of this Privacy Policy.

3. Legal basis for data processing

The legal basis for each data processing activities may vary, depending on the purpose of data processing in a particular case. Therefore, the legal basis is always specified in the relevant sections of this Privacy Policy. In general, we use the following legal basis for the processing of your personal data on our website:

  • Article 12 paragraph 1 item 1) of the DP Law – consent of the data subject given to the processing of its personal data for one or more specific purposes; or
  • Article 12 paragraph 1 item 6) of the DP Law - processing is necessary for the purposes of the legitimate interests pursued by GFA SEE or by a third party, provided that our interests are not overridden by the interests or fundamental rights and freedoms of the data subject in question.

4. Data deletion and retention period

Your personal data will be deleted as soon as the purpose for which such information was processed no longer applies. However, storage beyond this period may be possible if this is a statutory requirement under the applicable law, to the maximum extent permitted by the applicable law.

5. Data transfer outside of the Republic of Serbia

GFA SEE may transfer your personal data outside of the Republic of Serbia, as described in the relevant sections of this Privacy Policy. In case of such data transfer, GFA SEE shall comply with the applicable requirements for data transfer abroad under the DP Law.

6. Individuals’ rights and how to exercise them

  • In relation to the processing of your personal data you have the following rights:
  • the right to access your personal data that we hold, pursuant to Article 27 of the DP Law;
  • the right to correct and/or update your personal data, pursuant to Article 29 of the DP Law;
  • the right to request deletion of your personal data, pursuant to Article 30 of the DP Law;
  • the right to restrict the processing of your personal data, pursuant to Article 31 of the DP Law;
  • the right to object the processing of your personal data, pursuant to Article 37 of the DP Law;
  • the right to data portability, pursuant to Article 36 of the DP Law; and
  • the right to withdraw your consent given for the processing of your personal data at any time, however, your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you want to exercise any of the above-mentioned rights, please send an e-mail to: zoran.kapor@gfa-group.de

We will endeavor to take the necessary measures as soon as possible. To that purpose, you will receive an access form to be completed, allowing you to indicate which rights you wish to exercise with regard to your personal data.

If you believe that the processing of your personal data violates the DP Law, you can lodge a complaint to the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia, at the address Bulevar kralja Aleksandra 15, 11000 Belgrade, Republic of Serbia or at the e-mail address: office@poverenik.rs. Further information in this respect can be found at https://www.poverenik.rs/sr/.

II. Provision of the website

GFA SEE uses certain services for the proper provision and function of the website (as specified in the relevant sections of this Privacy Policy below), which leads to processing of certain personal data (such as IP address).

Your provision of personal data is voluntary (in terms that you choose whether to access our website), but if you do so, certain personal data must be collected, and information must be stored in log files for the purposes of the website’s proper operation.

With respect to data processing in relation to the provision of the website, please refer to the relevant sub-sections in section I of this Privacy Policy above for the information on the data controller, data protection officer, and individuals’ rights and how to exercise them.

Personal data will be deleted as soon as they are no longer required for the purpose they were collected. Any information collected in order to provide the website will be deleted as soon as the respective session is terminated.

After that, personal data might be stored only for the period indicated by the applicable law or as long as you or we may assert any claims against each other.

1. Integration of Fast.Fonts fonts

1.1 Purpose of the data processing

GFA SEE uses the fonts from Monotype GmbH (fonts.com or fast.fonts.net) for the standardized and attractive presentation of our website content, and in order to display texts and fonts correctly on the website.

1.2 Categories of personal data

The only personal data GFA SEE processes with respect to the integration of the Fast.Fonts fonts is your IP address.

1.3 Legal basis for the data processing

The processing of your IP address with respect to the use of the Fast.Fonts fonts on our website is based on a legitimate interest within the meaning of Article 12 paragraph 1 item 6) of the DP Law.

1.4 Recipients of your personal data and their transfer outside of the Republic of Serbia

Your IP address is transmitted to Monotype when you call up the page, which may lead to the transfer of your personal data outside the Republic of Serbia, in which case, such data transfer will be based on Article 63-69 of the DP Law.

1.5 Further information on the Fast.Fonts fonts

Further information on these web fonts can be found at https://www.fonts.com/info/legal and in the privacy policy of Fonts.com: https://www.fonts.com/info/legal/privacy/ and in the privacy policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy.

2. Use of Google Fonts

2.1 Purpose of the data processing

GFA SEE uses Google Fonts provided by Google for the uniform display of fonts on the website and the uniform presentation of the type face on the website.

2.2 Categories of personal data

The only personal data GFA SEE processes with respect to the use of Google Fonts is your IP address.

2.3 Legal basis for the data processing

The processing of your IP address with respect to the use of Google Fonts on our website is based on a legitimate interest within the meaning of Article 12 paragraph 1 item 6) of the DP Law.

2.4 Recipients of your personal data and their transfer outside of the Republic of Serbia

When you call up a page, your browser loads the required fonts into the browser cache in order to display texts and fonts directly. For this purpose, the browser you are using must connect to Google’s servers which leads to transfer of your IP address to Google, which may lead to the transfer of your personal data outside the Republic of Serbia, in which case, such data transfer will be based on Article 63-69 of the DP Law

2.5 Further information on Google fonts

If your browser does not support Google Fonts, a standard font will be used by your computer. You can find more information about Google Fonts at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en.

3. Server log files

GFA SEE automatically collects and stores information in so-called server log files which your browser automatically transmits to us. This information includes:

  • Browser type/ browser version;
  • Operating system being used;
  • Referrer URL;
  • Host name of accessing computer; and
  • Time of server request.

The data thus collected cannot be connected to a specific person. The data is not merged or compared with data from other sources. We reserve the right to subsequently examine this data if concrete evidence of unlawful use is made known to us.

4. Cookies

We use small text files called "cookies" that are stored on your computer and saved by your browser. Cookies will not harm your computer and do not contain any viruses. Cookies are used to make our offer more user-friendly, effective and safe. You can find out more details regarding the use of cookies by referring to our Cookie policy (section III of this Privacy Policy below).

II. Cookie policy

Our website uses cookies – text files that are stored in or by an Internet browser on your computer system. Cookies contain a distinctive character string that enables the unique identification of the browser when the same website is accessed again.

We use the necessary cookies regardless of your consent. They are necessary for the website to function and cannot be switched off in our systems. Most of the cookies we use are "session cookies". Session cookies are automatically deleted at the end of your visit. Other cookies are stored on your computer until you delete them. These cookies make it possible for us to recognize your browser the next time you visit our website.

With respect to data processing in relation to the use of cookies, please refer to the relevant sub-sections in section I of this Privacy Policy above for the information on the data controller, data protection officer, and individuals’ rights and how to exercise them.

1. Types of cookies that we use

Cookies that we use can be divided into the following types: necessary, preference, statistics and marketing cookies.

1.1 Necessary cookies

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

1.2 Preference cookies

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

1.3 Statistics cookies

Statistics cookies help us to understand how visitors interact with websites by collecting and reporting information anonymously.

1.4 Marketing cookies

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

2. Purpose of the data processing

Cookies that are necessary for technical reasons are used to make the website easier and/or technically possible for users to use. In addition, we are using the cookies for a better performance of our website and for advertising purposes.

3. Legal basis for the data processing

The legal basis for the processing of personal information when using cookies is Article 12 paragraph 1, item 1) of the DP Law –consent of the website visitor, except for the necessary cookies, in which case we are relying on Article 12 paragraph 1, item 6) of the DP Law – legitimate interest of the data controller.

4. Retention period

Session cookies are automatically deleted at the end of your visit. Other cookies are stored on your computer until you delete them.

5. Adjusting the settings in relation to the cookies

You can disable or limit the transmission of cookies by adjusting the settings in your Internet browser, such as:

  • to be informed each time a cookie is used;
  • to allow such use on a case-by-case basis;
  • to prohibit the use of cookies in specific cases;
  • to prohibt the use of cookies in general; and
  • to delete cookies when you close your browser.

However, disabling cookies (such as necessary cookies) may limit the functionality of this website.

6. Data privacy regarding the use of Google Analytics

This website uses functions of the web analysis service, Google Analytics. The provider of that service is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses cookies providing us with the possibility to analyze the use of the website. Information concerning your use of the our website that is generated by Google Analytics cookies may be transferred to a Google server outside of the Republic of Serbia and stored there, in which case, such data transfer will be based on Article 63-69 of the DP Law.

By activating IP anonymization on this website, your IP address will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. The full IP address will be sent to a Google server and truncated there only in exceptional cases. Google will use this information on behalf of GFA SEE to evaluate your use of the website, to compile reports about web activity, and to provide GFA SEE with services associated with the use of this website and the Internet. The IP address transmitted within the context of Google analytics by your browser will not be merged with other data from Google.

You may refuse the use of cookies by adjusting your browser software. Please note that you may not be able to make full use of all the functions on this website after the browser adjustment. You can also prevent the data generated by the cookie from being recorded by Google (including your IP address) and prevent the data from being processed by Google by downloading and installing this browser plugin:

https://tools.google.com/dlpage/gaoptout?hl=en

III. Contact form

Our website provides a contact form that can be used to send us inquiries electronically, in which case we may process certain personal data you provide us with (e.g., name and surname, e-mail address, phone number, function, company, content of your message, etc.).

With respect to data processing in relation to the contact form, please refer to the relevant sub-sections in section I of this Privacy Policy above for the information on the data controller, data protection officer, and individuals’ rights and how to exercise them.

1. Purpose of the data processing

We process your personal data for the purposes of handling your inquiry, and eventually follow-up inquiries made via contract form on our website.

2. Legal basis for the data processing

The legal basis for processing personal data sent to us by contract form is Article 12 paragraph 1 item 1) of the DP Law – consent of the data subject.

3. Retention period

Personal data will be deleted as soon as they are no longer required for the purpose they were collected depending on the particular inquiry that is made. After that, personal data might be stored only for the period indicated by the applicable law or as long as you or we may assert any claims towards each other, in which case, we are relying on our legitimate interest as the legal basis for this type of data processing.

4. Recipients of your personal data and their transfer outside of the Republic of Serbia

Your personal data processed via contact form may be shared within GFA Group depending on the particular inquiry you have made. In the event your personal data need to be transferred outside of the Republic of Serbia, such data transfer will be made to GFA entity located in the country which provides an adequate level of data protection recognized by the Serbian Government (e.g., a member state of the EU) based on Article 64 of the DP Law.

5. Voluntary provision of personal data

You provide us with personal data via contact form on a voluntary basis. However, it is necessary for us to receive certain personal data (such as contact information) in order to be able to answer your inquiry.

IV. Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter.

Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below in this Section of the Privacy Policy.

With respect to data processing in relation to the newsletters, please refer to the relevant sub-sections in section I of this Privacy Policy above for the information on the data controller, data protection officer, and individuals’ rights and how to exercise them.

1. Purpose of the data processing

We process your personal data for the purpose of sending you newsletters.

2. Legal basis for the data processing

Legal basis for the data processing is Article 12 paragraph 1 item 1) of the DP Law – consent of the data subject by registering to receive our newsletters.

3. Further description of the data processing in relation to newsletters

GFA SEE currently engages the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (CleverReach). CleverReach processes your data on behalf of GFA SEE on secure servers within the EU. GFA Group and CleverReach have signed a data processing agreement in accordance with the GDPR.

Your personal data (first name, last name, gender and email address) are encrypted by CleverReach using SSL. The provision of your name and gender is voluntary and only used for the purpose of personal address. These data as well as your IP address are only stored and used for registration and for sending the GFA SEE newsletter. Such personal data will not be transferred to third parties (outside of CleverReach and GFA Group). Your e-mail address is encrypted by CleverReach SSL.

You can always unsubscribe from the newsletter or revoke your consent to the storage of your personal data provided at time of registering to the newsletters at any time. The revocation can be made via a link in the newsletter itself or by sending a message to the contact person listed in the imprint.

The report data will be stored by CleverReach for a maximum of six months. Your personal data will be stored until you unsubscribe from GFA SEE´s newsletter. After cancellation, your data will be stored for a period of two weeks. After that, your personal data might be stored only for the period indicated by the applicable law or as long as you or we may assert any claims towards each other, in which case, we are relying on our legitimate interest as the legal basis for this type of data processing.

For more details, please refer to the data protection provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz

V. Data privacy regarding the use of LinkedIn

Our website uses functions from the LinkedIn network. The provider of that service is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time a page of this website containing a LinkedIn function is called up, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our website using your IP address.

If you click the Recommend button from LinkedIn and are logged in to your LinkedIn account, LinkedIn is able to assign your visit to our website to your user account.

Please note that GFA SEE, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by LinkedIn.

Additional information can be found in the LinkedIn data privacy statement:

https://www.linkedin.com/legal/privacy-policy

Contact

  • GFA South East Europe d.o.o.
  • Resavska 28
  • 11000 Belgrade, Serbia
  • Phone: +381 11 4055 697
  • E-mail: zoran.kapor@gfa-group.de

Services