Корзина

0 товара (ов)

Итого: 0 товара (ов)

0

Без учета доставки

Askona West 65 mall

5.0 Stars

    
RU
EN RS RU
+38163660075
0
Корзина

0 RSD

1

Askona West 65 mall

Позвонить

Изменить язык

Rs Ru En


Effective from 15.04.2025



PRIVACY POLICY OF THE COMPANY ASKONA D.O.O. UGRINOVCI


Introduction

First and foremost, we would like to bring to your attention that we, the company ASKONA d.o.o. Ugrinovci, with registered seat at the address Nova 9, br: 8, Zemun – Ugrinovci, Republic of Serbia, company number: 22021842, TIN: 114424110 (hereinafter: the “Controller”), collect, process, and use personal data that you provide to us.

Through this document (hereinafter: “Privacy Policy”), Users of the website https://askona.rs named Askona.rs (hereinafter: the “Website”), as well as Users of services at our stores and retail shops (hereinafter: the “Retail Places”), are informed about which personal data is collected by the Website or at our Retail places, the purpose and basis of its processing, the retention period, guidance on Users’ rights, incident procedures, and the Users' consent allowing the Website or our personnel at Retail Places to collect, process, and store their personal data.

The Controller via Website or by processing at Retail Places, uses Users’ data in accordance with this Privacy Policy and is committed to protecting the privacy of all Users, collecting only the necessary basic data about Users, i.e., data essential for service operations, fulfillment of contractual obligations, informing Users in line with good business practices, and providing quality service.

By using the services on the Website, or by receiving any document of the Controller such as agreement, receipt, proforma or regular invoice, purchase order or bill of lading, without limitation, to which this Privacy Policy is attached (either as separate appendix or by reference to the appropriate page of the Website on which the Privacy Policy is published), the User declares that they have read, understood, and accepted this Privacy Policy and thereby agrees to the collection, processing, and retention of data as prescribed by the Privacy Policy.

The User declares that before accepting the Privacy Policy, they have read, understood, and accepted the terms of the document “Terms and Conditions of Askona”, available at https://askona.rs/about/info/policy.php (hereinafter: the “Terms and Conditions”)

This Privacy Policy is prepared in accordance with the rules prescribed by the Personal Data Protection Act of the Republic of Serbia (“Off. Gazette of RS”, no. 87/2018, hereinafter referred to as the “Law”). Any matters not covered by the Privacy Policy will be governed by the provisions of the Law, with the Law taking precedence in cases of conflict.

Definition of Terms We Use

The terms used in this Privacy Policy have the following meanings:

  • GDPR – General Data Protection Regulation of the European Union (2016/679);

  • Candidate – a person applying for and interested in a job position with the Controller, work outside of employment, an internship, or another form of learning opportunity;

  • User – a collective term for Customer, Customer Declaring a Complaint,  Website Visitor, Notification Recipient, and Follower on Social Networks;

  • Customer – an adult who is the user of purchasing Service at the Website of the Controller, or the potential or real buyer of the Controller's products at the Retail Place;

  • Customer Declaring a Complaint – an adult who sent the complaint request to the Controller, and which previously purchased the products from the Controller; 

  • Competent Authorities – authorities responsible for preventing, investigating, and detecting criminal offenses, prosecuting offenders, enforcing criminal sanctions, including protecting and preventing threats to public and national security, and any legal entity authorized by law to perform these activities;

  • Processing of personal data – every act or set of acts performed automatically or non-automatically with the personal data of the User, such as collecting, recording, organizing, grouping, or structuring, storing, adapting or altering, disclosing, consulting, using, revealing by transmission, submitting, duplicating, disseminating or otherwise making available, comparing, limiting, deleting or destroying;

  • Processor – a natural person or legal entity engaged by the Controller to process Users' Personal Data on its behalf;

  • Terms and Conditions – the document regulating the contractual relationship between the Controller and Customer, or User, which Customers and Users have accepted by agreeing to these Terms; and

  • Personal Data – any information related to an identified or identifiable natural person, directly or indirectly, particularly based on identity markers, such as name and identification number, location data, electronic communication network identifiers, or one or more characteristics of their physical, physiological, genetic, mental, economic, cultural, or social identity;

  • Visitor – a natural person using the Website and/or Internet shop therein, who is not a Customer, Customer Declaring a Complaint, Follower on Social Networks or Notification Recipient;

  • Commissioner or Supervisory Authority – an independent authority established by law, responsible for overseeing the implementation of the Law and performing other duties prescribed by the Law;

  • Follower on Social Networks – a natural person following official page/profile of the Controller on the social network Facebook, Instagram, TikTok, Meta, YouTube, LinkedIn;

  • Notification Recipient – an adult who has given explicit consent to receive notifications in the form of newsletters or updates about news and products offered by the Controller (hereinafter “Newsletter”);

  • Consent – any voluntary, definite, informed and unequivocal expression of the will of the User, by which he/she, by a statement or a clear affirmative action, gives his consent to the processing of his/her personal data;

  • Controller – the company mentioned in Article 1.1 above;

  • Third Party – a natural or legal person, or authority, who is not a User, Visitor, Controller, or Processor, nor authorized to process Personal Data under the direct supervision of the Controller or Processor;

  • Terms of Usage – a document regulating a contractual relationship between the Controller and Customer/User, and which envisages conditions and rules of usage of the Website, as well as rights and obligations of the Customer/User with regard to the Website, and services it provides, and which the Customers/User accepted by agreement to the Terms of Usage;

  • Service – a service provided via Internet shop, or a service of online sale of products and goods of the Controller, which include Beds, mattresses, furniture, massagers, bedding, sofas, as well as all other products published at the Website and within the Internet shop;

  • Law – Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of RS,” No. 87/2018).


Who is the Controller of Your Data?

Before discussing personal data of the Users, let us first introduce ourselves as the Controller:

  • Business Name: ASKONA d.o.o. Ugrinovci

  • Registered Seat: Nova 9, no. 8, Zemun – Ugrinovci, Republic of Serbia

  • Company Number: 22021842

  • TIN: 114424110


The company mentioned in Article 3.1 above, in its capacity as Controller, is responsible for the personal data collected from Users in the manner and to the extent specified by this document and by the Law.

The Controller implements necessary technical, organizational, and personnel measures to ensure that processing is conducted in accordance with the Law and can demonstrate compliance to Users, taking into account the nature, scope, circumstances, and purpose of processing, as well as the likelihood and level of risk to Users' rights and freedoms.

To ensure a secure environment for the processing of Users' personal data, the Controller affirms that this is supported by a reliable SSL certificate and application of appropriate technical and physical protection methods (as explained in Articles 9.1. and 9.2., as well as Article 12 below).

Information about which employees or other persons engaged by the Controller have access to personal data, and who administers such data, is contained in the Record of Processing Activities from Article 15.

Data We Collect and Process

To fulfill the rights and obligations established by the Terms of Usage and Terms and Conditions, as well as to comply with legal obligations, legitimate interests, and reasons for improvement, efficiency, and lawful operation of the Controller, or based on the User's consent, which is further explained below, the Controller collects and processes Users' personal data.

The Controller may collect and process some of the following personal data of the Customer:

  • first and last name;

  • phone number;

  • home address or address of residence (country/region, city, street and home number, postal number);

  • email address;

  • any personal data entered in the “notes to the order” section or provided voluntarily by the Customer in communication or correspondence with the Controller.


The Controller may collect and process all personal data of the Visitor that is usually collected and processed with respect to the Customer (from Article 4.2 above), with addition of the following data:

  • IP Address and data collected from the Visitor's internet browser.


The Controller may collect and process all personal data of the Customer Declaring a Complaint that is usually collected and processed with respect to the Customer (from Article 4.2 above), with addition of the following data:

  • product name and code;

  • purchase date of the product;

  • invoice number;

  • Customers bank account number;

  • name of the retail location and website

  • date of the complaint receipt and date of the complaint receipt confirmation

  • complaint receipt confirmation number

  • quantity and price of the products

  • decision on the customer response and the date the response was delivered;

  • contracted appropriate term for resolution or details of any extension, along with the manner and date of complaint resolution;

  • description and reason for the complaint; and

  • handwritten signature.


The Controller may collect and process all personal data of the Notification Recipient that is usually collected and processed with respect to the Customer (from Article 4.2 above), with addition of the following data:

  • date of birth (day, month and year); and

  • data collected from the internet browser.


If Candidates submit their applications to the Controller, the Controller may request that they deliver all personal data that is usually collected and processed with respect to the Customer (from Article 4.2 above), with addition of the following data:

  • Resume (i.e., CV); and

  • Personal Photograph.


The Controller may also obtain Candidate data from third parties, specifically:


  • Employment agencies – e.g. when an employment agency contacts us to identify you as a potential candidate;

  • From publicly available online sources – e.g. from your current employer's website or professional social networks such as LinkedIn; and

  • Through written or verbal recommendations – e.g. from a former employee/employer or a person you listed as a reference.


The Controller may collect and process some of the following personal data of the Follower on Social Networks:

https://www.facebook.com/askonaserbia/

https://www.instagram.com/askona_serbia/

Special Categories of Personal Data

The Controller does not process data related to racial or ethnic origin, political opinions, philosophical beliefs, genetic data, biometric data for the unique identification of individuals, data on gender, sexual life, or sexual orientation of natural persons.

Data obtained from the User’s internet browser – Cookies

To enhance the service on our Website, improve the User's browsing experience, as well as to personalize content and ads, and analyze internet traffic on our site, the Controller collects data from the User's internet browser, specifically Cookies.

Information on the type of specific cookie, name, provider, purpose of collection, type and retention time of data, and other relevant data for data storage in Article 4.5.1. by the Controller can be found at: https://askona.rs/about/info/policy.php

For What Purpose and on What Basis are We Processing Your Data?

The Controller processes the data from Article 4 based on:

  • the need to fulfill contractual rights and obligations between the Controller and the User, and to meet obligations and rights under the Terms and Conditions and Terms of Usage, as well as to take pre-contractual actions with Candidates, as prescribed by the Terms and Conditions, Terms for Usage and the Law, in accordance with Article 12, paragraph 1, item 2 of the Law;

  • the Controller’s legal obligation, in accordance with Article 12, paragraph 1, item 3 of the Law and Article 55 of the Consumer Protection Act;

  • explicit consent given by the User, Customer, or Candidate, which has a separate form and is considered given upon acceptance, in accordance with Article 12, paragraph 1, item 1 of the Law;

  • the legitimate interest of the Controller, in accordance with Article 12, paragraph 1, item 6 of the Law; and

  • other legal conditions/bases that require the Controller to collect, store, and process User data.


The Controller processes the data from Article 4 for the following purposes:

  • to fulfil contractual obligations of the Controller and User, including those from Terms and Conditions (data from Article 4.2.);


  • for the purpose of making a decision regarding the complaint claim submitted by the Customer Declaring a Complaint (data from Article 4.4.);


  • for purpose of conducting out-of-court disputes in accordance with the Consumer Protection Act and all other applicable laws in the Republic of Serbia, in connection with the out-of-court dispute initiated by the Customer Declaring a Complaint and whose complaint request was rejected; 


  • to conduct Candidate selection processes, verifying if the Candidate’s qualifications, experience, and education match the open positions with the Controller and determining if the Candidate is the best fit for the company (data from Article 4.6.);


  • to enable contact with the Controller via messages in the “Contact” section (technical data processed through the website) or in other appropriate manner (sharing personal data at the Retail Place, etc.);


  • to inform the Notification Recipient, who has given its explicit consent to receive newsletters, and for purpose of receiving promotional offers and other information regarding the Controller’s products (data from Article 4.5.);


  • to improve the User experience while visiting the Website, where Users may contact us by phone or email. We will collect relevant data to provide swift and effective assistance in the future and enhance our services (data from Articles 4.3. and 4.7.);


  • for other purposes consented to by the User, unless consent is withdrawn in accordance with the Law and this Privacy Policy; and 


  • for other purposes in accordance with the Law.


The legal basis and purpose of processing for each category of data are specified in the Controller’s record of processing activities, maintained pursuant to the obligations prescribed by the Law.

Processing for direct marketing purposes

The Controller processes Notification Recipients’ data to subscribe to the Newsletter for notifications about the Controller’s services and products.

Data collected for these purposes are based on the explicit consent of the Notification Recipient, by filling in a separate field – checkbox on the Website.

Giving consent for receiving marketing notifications is not mandatory, and if given, the Notification Recipient has the right to withdraw consent at any time, including unsubscribing from receiving notifications about services and Products offered by the Controller.

Processing for other purposes

If the purpose of processing differs from the purpose for which the data was collected and is not based on the law or the data subject’s consent, the Controller, with appropriate security measures, assesses whether the new purpose is compatible with the initial purpose, especially taking into account:

  • whether there is a connection between the purpose for which the data was collected and the intended secondary purpose;

  • the circumstances in which the data was collected, including the relationship between the Controller and the User;

  • the nature of the data; and

  • the potential consequences of further processing for the User.


The Controller is obligated to continually apply appropriate technical, organizational, and personnel measures to ensure that only the personal data necessary for each specific processing purpose is processed. This applies to the quantity of data collected, the scope of processing, the retention period, and data accessibility.

Consenting to data processing

Consent given by the User is provided in a separate written form with a clear and prominent title “Consent,” or another title, or through other active action, such as selecting a specific checkbox on the Website or by sending a confirmation email. This action must clearly indicate consent to the processing of personal data, with its contents presented in an informed, transparent, understandable, and accessible manner, using clear and simple language, as required by the Law.

The User is not required to provide consent to receive services or parts of services for which consent is not necessary. Such consent is therefore considered voluntary, unless the processing for which consent is requested is essential for enabling the Users to exercise their rights or for the Controller to fulfill its obligations (whether based on a contract, Terms and Conditions or Terms of Usage). 

The User have the right to withdraw consent at any time. Withdrawal of consent does not affect the legality of processing conducted based on consent before its withdrawal. Before providing consent, the data subject must be informed about the right to withdraw consent and the effect of such withdrawal. The process for withdrawing consent must be as simple as giving consent.

Consent under Article 6.1 may also be given electronically, allowing Users to read the consent text while using the Controller’s Website and decide, per Article 6, whether to accept it by clicking a designated field, continuing to use the Website, or sending an appropriate email.

Notifications and Newsletter

The Controller sends notifications to Notification Recipients via newsletters, informing them about news and products of the Controller, based on the Notification Recipient’s explicit consent.

With the Notification Recipient’s explicit consent, the Controller provides information on new products, promotions, and services through email notifications or SMS messages, allowing interested parties (Notification Recipients) to be the first to learn about the Controller’s new products and benefits.

The Notification Recipient has the right to unsubscribe from further notifications at any time by submitting a request to stop receiving notifications via the unsubscribe link. Unsubscribing does not affect the legality of processing conducted before the unsubscribe request. In each notification sent by the Controller, the Notification Recipient is clearly offered the option to unsubscribe from further notifications at any time. The unsubscribe option is prominently provided as a link in each new notification email or SMS text message the Recipient receives to its phone number.

In accordance with Article 7.2, the Notification Recipient, who has consented to receive updates on news and products, can withdraw consent by clicking the unsubscribe link included in each notification email or SMS text message. Alternatively, consent may be withdrawn by submitting a written request to the email address: [email protected]


Your Rights as a User Under Personal Data Protection

Right to be informed and right to access information:

The Controller is required to provide the User, upon request and in a concise, transparent, understandable, and easily accessible manner, with clear and simple language, with the following information about:

  • the identity and contact details of the Controller and the person employed or otherwise engaged by the Controller who is responsible for data processing;

  • the purpose of the intended processing and the legal basis for processing;

  • the existence of a legitimate interest of the Controller or a third party, if processing is based on legitimate interest;

  • the recipient or categories of recipients of personal data, if any;

  • any intention of the Controller to transfer personal data to another country or international organization;

  • the retention period for personal data, or if this is not possible, the criteria used to determine that period;

  • the existence of the right to request access, correction, or deletion of personal data, as well as the right to restrict processing, the right to object, and the right to data portability;

  • the existence of the right to withdraw consent at any time and that such withdrawal does not affect the legality of processing based on consent before its withdrawal;

  • the right to file a complaint with the Commissioner;

  • whether providing personal data is a legal or contractual requirement or a necessary condition for entering into a contract, and whether the data subject is obliged to provide personal data and the possible consequences of not doing so; and

  • the existence of automated decision-making, including profiling, if the Controller engages in such processing.


The right to be informed is also fulfilled through the publication, reading, and acceptance of this Privacy Policy.

Individuals whose data is processed have the right to access their data processed by the Controller.

Right to rectification and supplementation

The User has the right to have their inaccurate personal data corrected without undue delay, if possible. Depending on the purpose of processing, the User has the right to supplement their incomplete personal data, including by providing an additional statement.

If possible, the User will make the correction by modifying, deleting, or entering different data themselves, as specified in Article 8.2.1.

If the User is unable to make corrections and additions as outlined in Article 8.2.2, they should submit a request to the Controller.

Right to deletion

Where the legal conditions are met, the Controller is obliged, upon the User's request, to delete personal data from Article 4 without undue delay in the following cases:

  • personal data is no longer necessary for the purpose for which it was collected or otherwise processed;

  • the User has withdrawn consent on which processing was based, in accordance with the Law, and there is no other legal basis for processing;

  • the User has objected to processing in accordance with the Law, and there is no other legal basis for processing that overrides the legitimate interest, rights, or freedoms of the data subject;

  • personal data has been unlawfully processed;

  • personal data must be deleted to comply with the Controller's legal obligations; and

  • personal data was collected in connection with the use of information society services under the Law.


Paragraph 8.3.1 of this Article does not apply to the extent that processing is necessary for:

  • exercising the right to freedom of expression and information;

  • compliance with a legal obligation that requires processing by the Controller or for tasks performed in the public interest or in the exercise of official authority vested in the Controller;

  • public interest purposes in the field of public health, in accordance with the Law;

  • archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with the Law; and

  • the submission, exercise, or defense of legal claims.


Right to restrict processing

Individuals whose data is processed have the right to request the Controller to restrict the processing of their data if processing is unlawful, if there is a claim of data inaccuracy, if an objection to processing has been submitted under the Law, if the Controller no longer needs the personal data, but the data subject has requested it for the purpose of establishing, exercising, or defending a legal claim, or if the data subject has objected to processing and an assessment is ongoing to determine whether the Controller’s interests outweigh the data subject’s interests, as well as for other legal reasons.

The right to restrict processing does not apply to processing carried out by competent authorities for specific purposes.

Right to object

Depending on the specific case and if deemed justified, the User has the right to object at any time to the Controller regarding the processing of their personal data based on consent and legitimate interest, and the Controller is obligated to cease processing the data of the User who has raised an objection.

The Controller is not required to cease processing as outlined in Article 8.5.1 if it has demonstrated to the User that there are legal reasons for processing that override the User’s interests, rights, or freedoms or are related to the submission, exercise, or defense of legal claims.

The right to object applies only to processing based on consent or legitimate interest.

Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them.

This right from Article 8.5. can be exercised when the processing is based on the legal authority or legitimate interest, if such processing methods are prescribed by the Privacy Policy.  

Right to data portability

If applicable, the data subject has the right to receive their personal data, previously provided to the Controller, in a structured, commonly used, and machine-readable format, and has the right to transfer this data to another controller without interference from the Controller to whom the data was provided, provided the following conditions are cumulatively met:

  • the processing is based on consent or the performance of a contractual obligation; and

  • the processing is carried out automatically.


The data subject’s right in Article 8.6.1 also includes the right to have their personal data transferred directly from one Controller to another if technically feasible.

Controller’s Response

The Controller must respond to requests from individuals about exercising their rights herein within 30 days, which may be extended by an additional 60 days if necessary, considering the complexity and number of requests. The Controller is required to inform the data subject of the extension and the reasons for it within 30 days of receiving the initial request. If the data subject submitted the request electronically, the response should also be provided electronically, if possible.

Storage of User Personal Data

Personal data collected from Users via the Website is stored electronically on the servers of the company ASKONA d.o.o. Beograd, Ugrinovci, Nova Ulica 9 br. 8 

MB: 22021842 PIB: 114424110. This data is secured by an SSL certificate and regular daily backups. Access to the database on this server is available to the Controller and employees of the Controller authorized by the Controller, as well as to the server holder acting as Processor. 


Personal data collected from Customers in written form at Retail Places, are stored physically in Controller’s archives at its seat, as well as electronically within relevant programs for storing of data at personal computers of the Controller, secured by password and accessible only to the persons working for the Controller, and who are explicitly authorized by the Controller to process this data. 

To optimize the functionality of the Website, the Controller uses Google Analytics, through which User data outlined in Article 4 is collected. This data is protected according to the security policy implemented by Google LLC, which can be read in more detail at the following link (English language): https://support.google.com/analytics/answer/7318509?hl=en.

In the event of a change in the data storage location specified in Articles 9.1. and 9.2., the Controller will update and amend the Privacy Policy, displaying the revised version on the Website.


Access to Data by Third Parties / Personal Data Processors

The Controller is authorized to use the services of accounting agencies, developers, IT consultants, and other external and internal associates for fulfilling contractual obligations, obligations under the Terms and Conditions, obligations under the Terms of Usage, payment transactions, legal requirements, service maintenance, and improvement of its functionality. The Controller is responsible for the work and results of these associates in accordance with the Law.

The Controller guarantees that the Processor will implement the necessary technical, organizational, and personnel measures to ensure that processing is conducted in compliance with the Law and provides adequate protection of Users’ personal data.

To ensure the conditions from Article 10.2, the Controller and the Processor may enter into a data processing agreement (if required under the Law), which will be an integral or supplementary part of the main agreement and will contain all necessary elements as prescribed by the Law.


In case of a complaint claim prescribed by the Terms of Usage, the Controller is entitled, upon the bank’s request, to provide details on the disputed transaction raised by the Customer Declaring a Complaint or their bank that issued the payment card, within the shortest possible time frame.

International Transfer of Personal Data

The Controller will generally not export your personal data outside the Republic of Serbia unless third parties engaged for processing your personal data provide and perform such services outside the Republic of Serbia. We may export your personal data to European Union countries and other countries whose data protection laws may be less comprehensive than those in the Republic of Serbia and the EU.

When the Controller exports personal data outside the Republic of Serbia, whether to affiliated entities or third parties, it only transfers such personal data to:

  • countries that are members of the Council of Europe Convention for the Protection of Individuals with regard to automatic processing of personal data, or to countries deemed by the EU to provide an adequate level of data protection; or

  • companies with a valid and up-to-date EU-U.S. Privacy Shield certification, guaranteeing certain data protection standards for the category of personal data being exported; or

  • where an appropriate data export mechanism, such as standard contractual clauses, has been implemented to ensure the adequate protection of your personal data.


If none of these criteria are met, the Controller may still export your personal data outside the Republic of Serbia with your explicit consent or if such export is legally necessary.

Access to your personal data is restricted to individuals who need to know the data for the purposes described in this Privacy Policy.

You may request a copy of any export mechanism used as a basis for exporting any personal data outside the European Union by using the contact details in Article 16.

Data Security

In assessing the required level of personal data security, the Controller takes into account and monitors the level of technological advancements, the cost of implementation, the nature, scope, circumstances, and purpose of processing, and, based on these parameters, assesses the likelihood and potential level of risk to the rights and freedoms of the Users.

In relation to the circumstances in Article 12.1, the Controller implements appropriate technical, organizational, and personnel measures to achieve the required level of protection relative to the risk.

When transmitting data to Processors or receiving/processing data from Processors, the Controller is required to ensure a secure communication channel for data transmission or receipt and to verify that data is securely stored with appropriate security standards.

All User data is strictly safeguarded and accessible only to authorized individuals within the Controller and Processors who need the data for their work, with the Controller responsible for adhering to privacy protection principles in accordance with the Privacy Policy.

Data stored over the Website in electronic form is kept on the server of the company ASKONA d.o.o., which provides server hosting services in compliance with its security policy.

Data on Visitors collected through the Website is secured with an SSL certificate, and access to the database is available to the Controller.

Personal data collected from Customers in written form at Retail Places, are stored physically in Controller’s archives at its seat, as well as electronically within relevant programs for storing of data at personal computers of the Controller, accessible only by authorized personnel of the Controller. 

Procedure in Case of Data Security Breach

If there is a security breach affecting data outlined in Article 4 or security measures in Article 12, the Controller, together with the Processor, will take all necessary notification and protection measures as required by the Law, including notifying the competent Supervisory Authority and the Users if the conditions set forth by the Privacy Policy and the Law are met.

In the event of a data breach, the Controller must notify the Supervisory Authority of the personal data protection breach that could pose a risk to the Users’ rights without undue delay, or no later than 72 hours after becoming aware of the breach. If this deadline is not met, the Controller will explain the reasons for the delay.

The Controller’s notification to the Supervisory Authority under Article 13.2 must include at least the following information:

  • a description of the nature of the personal data protection breach, including the types of data and an approximate number of Users affected, as well as an approximate number of personal data records affected;

  • the name and contact details of the person from whom further information about the breach can be obtained;

  • a description of the possible consequences of the breach; and

  • a description of measures taken or proposed by the Controller and/or Processor in response to the breach, including any measures taken to mitigate adverse effects.


In the event of a personal data protection breach that could pose a risk to the rights and freedoms of individuals, the Controller is obligated to notify the Users.

The notification to the User under Article 13.4 must clearly and understandably describe the nature of the data breach and provide the information listed in Article 13.3.

The Controller is not required to notify the User in the situation described in Article 13.4 if:

  • appropriate technical and organizational security measures were applied to the personal data affected by the breach;

  • subsequent measures were taken to ensure that the data breach no longer poses a high risk to the rights and freedoms of the affected individual; or

  • notifying the affected individual would involve a disproportionate use of time and resources, in which case the Controller must notify the affected individuals through a public announcement or other effective means.


If the User becomes aware of any incident that has led or may lead to a breach of their own or third-party personal data, they are obliged to notify the Controller without delay using the contact details provided in this Privacy Policy.

Retention Period and Deletion of Your Data

Data outlined in Article 4, collected on all other bases (e.g., legal requirements, contractual relationships, legitimate interests) except on the basis of consent, is retained for as long as necessary for the purpose for which it is processed and as long as required by the Controller’s legal obligations.

In cases covered by Article 14.1, where the basis for collecting User data from Article 4 is their consent, this data will be retained until the consent is withdrawn, in accordance with Article 6.3, but in any case not longer than one year after receipt of data.

As an exception to Article 14.2, the Website will retain data for Users who have given explicit consent for processing and storing their data for the purposes of receiving notifications about news and promotional offers, or for receiving the Newsletter.

Regardless of the above, data on Candidates from Article 4.6 will be deleted no later than four weeks after the Candidate’s application or submission of data to the Controller, unless the Candidate gives explicit consent for the data to remain in the Controller’s database to be informed of future job openings. In such cases, we will retain Candidate data for a maximum of one year from the date of receipt.

The retention period for each specific category of personal data in Article 4 is detailed in the Controller’s record of personal data processing activities, as outlined in Article 15.

Record of User Personal Data Processing Activities by the Controller

The Controller maintains a record of personal data processing activities for User data as outlined in Article 4 of this Privacy Policy.

This record includes, in addition to the Controller's name and business information, the following details: categories of individuals whose data is processed, categories of personal data, purpose of processing, third parties to whom the data is disclosed, data retention periods, a description of security measures, and the format in which the data is stored.

The record outlined in Article 15.1 is kept in electronic form and stored permanently, in accordance with the Law.

Commissioner / Supervisory Authority

The Supervisory Authority for personal data protection in the Republic of Serbia is the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia. You can contact the Authority at Bulevar kralja Aleksandra 15, 11000 Belgrade, Republic of Serbia, via email at [email protected], or by phone at +381 11 3408 900.

The Controller cooperates with the Commissioner in exercising its authority, in accordance with the obligations prescribed by the Law.

Controller's Contact Information

If Users need assistance interpreting the provisions of the Privacy Policy, exercising their rights under Articles 4 or 8, or addressing other issues provided by law, they may contact the Controller at the following:

  • Controller's Business Name: ASKONA d.o.o. Ugrinovci;

  • Address: Nova 9, br: 8, Zemun – Ugrinovci, Republic of Serbia;

  • Controller's Phone: [ +381 636 600 75]

  • Working hours:  Mon.–Sun.: 10:00–20:00




Miscellaneous

By accepting the Privacy Policy or accessing the Website, the User confirms that they have read and understood this Privacy Policy and agrees to the grounds and purposes of data processing as specified in this document.

Any changes to the Privacy Policy will be publicly available in a designated location on the Website, and Users will be notified through the same communication channels, allowing them to review the new document or text.

Governing Law and Jurisdiction

The applicable law for the processing of Users' personal data by the Controller is the law of the Republic of Serbia, specifically the Law on Personal Data Protection, as well as the GDPR where applicable.

For administrative and judicial proceedings, the competent authorities and courts of the Republic of Serbia have jurisdiction in accordance with the positive legislation of this country.