Personal data processing policy
1. General Provisions
This Personal Data Processing Policy has been compiled in accordance with the requirements of the Law and defines the procedure for processing personal data and the measures to ensure the security of personal data taken by Buenos-Autos (hereinafter referred to as the Operator).
1.1. The Operator's primary goal is to respect the rights and freedoms of individuals and citizens when processing their personal data, including protecting the right to privacy, personal and family secrets.
1.2. This Policy applies to all information that the Operator may receive about visitors to the buenos-autos.com/ website.
2. Key Concepts Used in the Policy
2.1. Automated Processing of Personal Data — the processing of personal data using computer technology.
2.2. Blocking of Personal Data — the temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.3. The Website is a collection of graphic and informational materials, as well as computer programs and databases, making them available online at buenos-autos.com/.
2.4. Personal Data Information System is the collection of personal data contained in databases and the means for processing this data.
2.5. Anonymization of personal data is actions that make it impossible to determine the attribution of personal data to a specific subject without the use of additional information.
2.6. Personal Data Processing is any action or set of actions with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction. (Conforms to the definition in the Law.) ecoi.net+1
2.7. Operator is an individual or legal entity that, independently or jointly with others, determines the purposes and composition of personal data to be processed, as well as the actions (operations) performed with personal data. (Corresponds to the term "controller" in the Law) ecoi.net
2.8. Personal data — any information related to an identified or identifiable natural person (data subject). DLA Piper Data Protection+1
2.9. Personal data authorized for distribution by the subject — personal data to which the subject has granted consent for general access.
2.10. User — any visitor to the buenos-autos.com/ website.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Dissemination of personal data — actions aimed at disclosing personal data to an indefinite number of persons, or making it available to an indefinite number of persons.
2.13. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state or to a foreign person. (The Law provides for conditions and limitations) DLA Piper Data Protection+1
2.14. Destruction of personal data — any actions resulting in the irreversible destruction of personal data and the impossibility of subsequent recovery.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
— receive reliable information and/or documents containing personal data from the data subject;
— continue processing personal data without the data subject's consent, provided there are legal grounds stipulated by the Law;
— independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law.
3.2. The Operator is obliged to:
— provide the data subject, upon request, with information regarding the processing of their personal data; (see the rights of the data subject under the Law) Global Legal Post
— organize the processing of personal data in accordance with the legislation of the Republic of Serbia;
— respond to inquiries and requests from data subjects;
— publish or otherwise provide access to this Policy;
— take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, or other illegal actions; (principles of the Law) multilaw.com+1
— cease processing and destroy personal data in cases provided by law.
4. Basic Rights and Obligations of Personal Data Subjects
4.1. A personal data subject has the right to:
— receive information about the processing of their personal data, except in cases provided by law;
— demand that the operator clarify (update, amend), block, or destroy their personal data if it is incomplete, outdated, inaccurate, obtained illegally, or is not necessary for the stated purposes;
— require prior consent when processing personal data
data for the purpose of promoting goods, works, or services on the market;
— revoke consent to the processing of personal data;
— appeal the actions or inactions of the operator to the authorized body or in court;
— exercise other rights provided for by the legislation of the Republic of Serbia.
4.2. The subject is obliged to:
— provide the operator with accurate information about themselves;
— notify the operator of any clarification (update, change) of their personal data.
4.3. Persons who provide the operator with inaccurate information about themselves or information about another subject without consent are liable in accordance with the legislation of the Republic of Serbia.
5. Principles of Personal Data Processing
In accordance with the Law, the following principles apply: multilaw.com+1
5.1. Processing is carried out lawfully, fairly, and transparently.
5.2. Processing is limited to the achievement of specific, predetermined, and legitimate purposes.
5.3. Databases containing personal data processed for incompatible purposes shall not be combined.
5.4. Only personal data that meets the processing purposes shall be processed.
5.5. The content and volume of processed data correspond to the processing purposes; redundancy is not permitted.
5.6. Processing ensures the accuracy and currency of the data; where necessary, measures are taken to delete or clarify incomplete or inaccurate data.
5.7. Data shall be stored in a form that permits identification of the subject for no longer than required by the processing purposes; after achieving the purposes, the data shall be destroyed or anonymized, unless otherwise provided by law.
5.8. The integrity, confidentiality, and security of personal data shall be ensured.
5.9. The operator shall be responsible for compliance with the above principles (the principle of accountability).
6. Purposes of personal data processing
Example:
Purpose of processing: contacting the user for consultation
Personal data: last name, first name, patronymic; Telephone number
Legal basis: performance of the agreement concluded between the Operator and the personal data subject
Types of processing: collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data.
7. Terms of personal data processing
7.1. Processing is carried out with the consent of the subject to the processing of their personal data, or on another legal basis provided for by law.
7.2. Processing is necessary for the performance of an agreement to which the subject is a party or for concluding an agreement at the initiative of the subject.
7.3. Processing is necessary to pursue the legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the subject are not violated.
7.4. As well as other cases of processing without the consent of the subject, as provided for by law. (For example, legal obligations, protection of vital interests, etc.)
7.5. Processing of publicly available personal data - if the subject has made the data publicly available.
7.6. Processing of personal data subject to publication or mandatory disclosure in accordance with law.
8. Procedure for the collection, storage, transfer, and other processing of personal data
8.1. The Operator ensures the security of personal data and takes legal, organizational, and technical measures to prevent access by unauthorized persons.
8.2. The User's personal data will not be transferred to third parties without the subject's consent, except in cases provided by law.
8.3. If inaccuracies in the data are discovered, the User may update them by sending a notification to the Operator's email address.
8.4. The processing period is determined by the achievement of the objectives, unless otherwise provided by agreement or law.
8.5. Information collected by third-party services (payment systems, communication tools, etc.) is stored and processed by the specified parties (the operators of these services) in accordance with their privacy policies; the Operator is not responsible for the actions of third parties.
8.6. Prohibitions on the transfer or processing of personal data established by the subject do not apply in cases stipulated by law (e.g., protection of state interests).
8.7. The Operator ensures the confidentiality of personal data during processing.
8.8. Data is stored for no longer than required for the purposes of processing; upon achieving the purposes, the data is destroyed or anonymized.
8.9. Termination of processing may be the achievement of the purpose, the withdrawal of the subject's consent, a request to cease processing, or the detection of unlawful processing.
9. List of actions performed by the Operator with received personal data
9.1. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), retrieves, uses, transfers (disseminates, provides, accesses), anonymizes, blocks, deletes, and destroys personal data.
9.2. The Operator carries out automated processing of personal data
Data with or without the receipt and/or transmission of information via information and telecommunications networks.
10. Cross-Border Transfer of Personal Data
10.1. If the Operator intends to carry out a cross-border transfer of personal data, it is obliged to comply with the conditions stipulated by the Law. In particular, transfer is permitted only to countries or territories that ensure an adequate level of data protection, or based on other permitted mechanisms. DLA Piper Data Protection+1
10.2. The transfer of personal data to a foreign state may require permission from the relevant authorized body, unless otherwise provided by the Law.
11. Confidentiality of Personal Data
The Operator and other persons who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the data subject, unless otherwise provided by law.
12. Final Provisions
12.1. The Data Subject may obtain any clarification regarding the processing of their personal data by contacting the Operator by email at evgeniy.loznevoy@gmail.com.
12.2. This document will be updated if the terms of personal data processing by the Operator change or legislation changes.
12.3. The current version of the Policy is publicly available at buenos-autos.com/policy.
12.4. This Policy is valid indefinitely until replaced by a new version.
This Personal Data Processing Policy has been compiled in accordance with the requirements of the Law and defines the procedure for processing personal data and the measures to ensure the security of personal data taken by Buenos-Autos (hereinafter referred to as the Operator).
1.1. The Operator's primary goal is to respect the rights and freedoms of individuals and citizens when processing their personal data, including protecting the right to privacy, personal and family secrets.
1.2. This Policy applies to all information that the Operator may receive about visitors to the buenos-autos.com/ website.
2. Key Concepts Used in the Policy
2.1. Automated Processing of Personal Data — the processing of personal data using computer technology.
2.2. Blocking of Personal Data — the temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.3. The Website is a collection of graphic and informational materials, as well as computer programs and databases, making them available online at buenos-autos.com/.
2.4. Personal Data Information System is the collection of personal data contained in databases and the means for processing this data.
2.5. Anonymization of personal data is actions that make it impossible to determine the attribution of personal data to a specific subject without the use of additional information.
2.6. Personal Data Processing is any action or set of actions with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction. (Conforms to the definition in the Law.) ecoi.net+1
2.7. Operator is an individual or legal entity that, independently or jointly with others, determines the purposes and composition of personal data to be processed, as well as the actions (operations) performed with personal data. (Corresponds to the term "controller" in the Law) ecoi.net
2.8. Personal data — any information related to an identified or identifiable natural person (data subject). DLA Piper Data Protection+1
2.9. Personal data authorized for distribution by the subject — personal data to which the subject has granted consent for general access.
2.10. User — any visitor to the buenos-autos.com/ website.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Dissemination of personal data — actions aimed at disclosing personal data to an indefinite number of persons, or making it available to an indefinite number of persons.
2.13. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state or to a foreign person. (The Law provides for conditions and limitations) DLA Piper Data Protection+1
2.14. Destruction of personal data — any actions resulting in the irreversible destruction of personal data and the impossibility of subsequent recovery.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
— receive reliable information and/or documents containing personal data from the data subject;
— continue processing personal data without the data subject's consent, provided there are legal grounds stipulated by the Law;
— independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law.
3.2. The Operator is obliged to:
— provide the data subject, upon request, with information regarding the processing of their personal data; (see the rights of the data subject under the Law) Global Legal Post
— organize the processing of personal data in accordance with the legislation of the Republic of Serbia;
— respond to inquiries and requests from data subjects;
— publish or otherwise provide access to this Policy;
— take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, or other illegal actions; (principles of the Law) multilaw.com+1
— cease processing and destroy personal data in cases provided by law.
4. Basic Rights and Obligations of Personal Data Subjects
4.1. A personal data subject has the right to:
— receive information about the processing of their personal data, except in cases provided by law;
— demand that the operator clarify (update, amend), block, or destroy their personal data if it is incomplete, outdated, inaccurate, obtained illegally, or is not necessary for the stated purposes;
— require prior consent when processing personal data
data for the purpose of promoting goods, works, or services on the market;
— revoke consent to the processing of personal data;
— appeal the actions or inactions of the operator to the authorized body or in court;
— exercise other rights provided for by the legislation of the Republic of Serbia.
4.2. The subject is obliged to:
— provide the operator with accurate information about themselves;
— notify the operator of any clarification (update, change) of their personal data.
4.3. Persons who provide the operator with inaccurate information about themselves or information about another subject without consent are liable in accordance with the legislation of the Republic of Serbia.
5. Principles of Personal Data Processing
In accordance with the Law, the following principles apply: multilaw.com+1
5.1. Processing is carried out lawfully, fairly, and transparently.
5.2. Processing is limited to the achievement of specific, predetermined, and legitimate purposes.
5.3. Databases containing personal data processed for incompatible purposes shall not be combined.
5.4. Only personal data that meets the processing purposes shall be processed.
5.5. The content and volume of processed data correspond to the processing purposes; redundancy is not permitted.
5.6. Processing ensures the accuracy and currency of the data; where necessary, measures are taken to delete or clarify incomplete or inaccurate data.
5.7. Data shall be stored in a form that permits identification of the subject for no longer than required by the processing purposes; after achieving the purposes, the data shall be destroyed or anonymized, unless otherwise provided by law.
5.8. The integrity, confidentiality, and security of personal data shall be ensured.
5.9. The operator shall be responsible for compliance with the above principles (the principle of accountability).
6. Purposes of personal data processing
Example:
Purpose of processing: contacting the user for consultation
Personal data: last name, first name, patronymic; Telephone number
Legal basis: performance of the agreement concluded between the Operator and the personal data subject
Types of processing: collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data.
7. Terms of personal data processing
7.1. Processing is carried out with the consent of the subject to the processing of their personal data, or on another legal basis provided for by law.
7.2. Processing is necessary for the performance of an agreement to which the subject is a party or for concluding an agreement at the initiative of the subject.
7.3. Processing is necessary to pursue the legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the subject are not violated.
7.4. As well as other cases of processing without the consent of the subject, as provided for by law. (For example, legal obligations, protection of vital interests, etc.)
7.5. Processing of publicly available personal data - if the subject has made the data publicly available.
7.6. Processing of personal data subject to publication or mandatory disclosure in accordance with law.
8. Procedure for the collection, storage, transfer, and other processing of personal data
8.1. The Operator ensures the security of personal data and takes legal, organizational, and technical measures to prevent access by unauthorized persons.
8.2. The User's personal data will not be transferred to third parties without the subject's consent, except in cases provided by law.
8.3. If inaccuracies in the data are discovered, the User may update them by sending a notification to the Operator's email address.
8.4. The processing period is determined by the achievement of the objectives, unless otherwise provided by agreement or law.
8.5. Information collected by third-party services (payment systems, communication tools, etc.) is stored and processed by the specified parties (the operators of these services) in accordance with their privacy policies; the Operator is not responsible for the actions of third parties.
8.6. Prohibitions on the transfer or processing of personal data established by the subject do not apply in cases stipulated by law (e.g., protection of state interests).
8.7. The Operator ensures the confidentiality of personal data during processing.
8.8. Data is stored for no longer than required for the purposes of processing; upon achieving the purposes, the data is destroyed or anonymized.
8.9. Termination of processing may be the achievement of the purpose, the withdrawal of the subject's consent, a request to cease processing, or the detection of unlawful processing.
9. List of actions performed by the Operator with received personal data
9.1. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), retrieves, uses, transfers (disseminates, provides, accesses), anonymizes, blocks, deletes, and destroys personal data.
9.2. The Operator carries out automated processing of personal data
Data with or without the receipt and/or transmission of information via information and telecommunications networks.
10. Cross-Border Transfer of Personal Data
10.1. If the Operator intends to carry out a cross-border transfer of personal data, it is obliged to comply with the conditions stipulated by the Law. In particular, transfer is permitted only to countries or territories that ensure an adequate level of data protection, or based on other permitted mechanisms. DLA Piper Data Protection+1
10.2. The transfer of personal data to a foreign state may require permission from the relevant authorized body, unless otherwise provided by the Law.
11. Confidentiality of Personal Data
The Operator and other persons who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the data subject, unless otherwise provided by law.
12. Final Provisions
12.1. The Data Subject may obtain any clarification regarding the processing of their personal data by contacting the Operator by email at evgeniy.loznevoy@gmail.com.
12.2. This document will be updated if the terms of personal data processing by the Operator change or legislation changes.
12.3. The current version of the Policy is publicly available at buenos-autos.com/policy.
12.4. This Policy is valid indefinitely until replaced by a new version.
