April 1, 2018
The intention of this notice is to inform you of the way LMS Digital Consulting d.o.o. works with personal data. It explains how we collect, store or otherwise process personal data for the purpose of engaging in a business partnership with organizations and individuals. This notice is in alignment with GDPR and the Personal Data Protection Act in Serbia.
We believe in the balance of control between individuals and the organizations that collect, process and use their personal data, and hence support individuals’ rights to control their data, regardless of their physical location.
Personal data means any information relating to an identified or identifiable natural person, such as a name, age, photograph, or a video.
Processing mean any operation or set of operations which is performed on personal data, or on sets of personal data, such as collection, recording, storage, adaptation or alteration, erasure or destruction.
The last version of this Notice is April 1, 2019.
Should this Privacy notice be updated or modified in a material way, we will update the Effective/Last change date of this notice. In addition, we will announce and provide the notice about the new version of the document both internally and externally.
In this Notice “LMS”, “we” and “our” refers to LMS Digital Consulting d.o.o. located at 7 Birčaninova St., 11000 Belgrade, Serbia.
During the course of regular business activities, we process the following types of personal data:
In alignment with our mission we want to do business with you, and thus we process your personal data for the purpose of entering into a business relationship with you and contract performance. There are several legal basis for processing of your personal data: when processing is necessary for the performance of a contract we have with you, or in order to take steps at your request prior to entering into a contract; when that processing is necessary for compliance with a legal obligation; when we have your consent; when processing is necessary in order to protect your vital interests; or when there is a legitimate interest to process your data.
When processing your data, we only process the data necessary for the purpose for which it was collected. Should we process your data for direct marketing, we will do that with either your consent, or by relying on our legitimate interest.
It is in our interest to develop our business and to provide our clients with the best possible service in a safe and secure way. We think that it is in our best interest, as well as legitimate interest, to let you know about the latest news about us, our services, the industry in which we do business, and other topics. We believe that this also is in the best interest for you as our prospective or current client as well, as it provides you with useful information for your business. We will do that using direct marketing, such as newsletters, and send you this information directly.
When we process your personal data for direct marketing based on our legitimate interest as Data Controllers, we do take into consideration your rights under GDPR and other Data Protection regulations. Our interest to process your personal data does not override your interests or fundamental rights and freedoms, unless we obtain your consent or we need to process your data in order to comply with a law.
Your personal data is shared internally during course of doing business. In addition, we share your personal data with the following:
All the recipients of your personal data need to have technical and organizational measures for data protection. Our data protection requirements are outlined in our contracts with the external entities.
We may share your personal data with third parties that may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as your country of residence. Therefore personal data may be sent to countries with different privacy laws than that of your country of residence. In such cases, we take measures to ensure that your personal data receives an adequate level of protection, which includes Standard Contractual Clauses. In addition, the personal data can flow without any further safeguards necessary to third countries based on the Convention 108, such as Albania, Bosnia and Hercegovina, Croatia, Bulgaria, Montenegro, Macedonia, Slovenia, and those third countries that have been recognized by the EU, as having adequate protections for personal data (e.g. Israel, Argentina, Canada, New Zealand) by complying with and/or being subject to the jurisdiction of the applicable laws and regulations of those countries for personal data that is transferred to those countries.
We store your data in a secure location for as long as we have a business relationship. After our contract with you is over, we will keep your data for 3 years, or until you withdraw your consent, or object to our legitimate interest. We believe that 3 years provides sufficient time for renewing a business relationship with us. After that, and should there be a mutual interest or should you give us a consent for it, we may process your data for longer than 3 years.
LMS Digital takes appropriate measures to ensure that personal data is protected from access and disclosure not authorized through application of this Privacy Notice.
We take reasonable physical, administrative, procedural and technical measures to protect personal data under our control from loss, misuse and unauthorized access, disclosure, alteration and destruction. Unfortunately, no security measures can be guaranteed to be 100-percent effective.
As a data subject you have the following rights:
In case you consider that any of these rights is not respected or that we act against the law, please contact us. You can also file a complaint with data protection authorities – the Commissioner for Information of Public Importance and Personal Data Protection.
We care about your privacy, LMS Digital Consulting