IP-INTEGRA Technologies

Privacy policy related to EU General Data Protection Regulation (“GDPR”) (679/2016)

CONTROLLER

Name: Freund Elektronika d.o.o
Business ID: 202315050002
Address: Hamdije Kresevljakovica 18/2, 71 000 Sarajevo

In this Privacy Policy the controller may also be referred to as “we”.

DATA PROTECTION OFFICER

Name: Alem Kozic
Phone: 033 944 453
Email: [email protected]

THE CATEGORIES OF DATA SUBJECTS

Freund Elektronika Privacy Policy concerns the following categories of data subjects:

- persons who contact Freund Elektronika via email or through the service.

- persons who belong to Freund Elektronika customer, supplier, or partner registers.

- persons seek employment from Freund Elektronika

In this Privacy Policy data subjects may also be referred to as “you” and “them”.

THE CATEGORIES OF PERSONAL DATA

We may collect the following categories of personal data from the data subjects:

- basic and contact information, such as full name, address, phone numbers and e-mail addresses.

- possible other information gathered with the data subject’s consent.

- data about your device, such as information about the device you use, type of your device, your IP-address, and various diagnostic data.

- user information, such as username, password and other unique identification browsing, search information and other information concerning your use of our services.

- information regarding the customer relationship, such as billing and payment information, product-, service- and ordering information, information regarding customer feedback, contacts, and cancellation.

- nationality, age, gender, title or profession and mother tongue.

- work background and photo.

PURPOSE OF THE PROCESSING OF PERSONAL DATA

Personal data of the data subjects can be handled for following purposes:

- customer service.

- improving our user experience.

- analysis and statistics.

- to enable us to comply with our legal and regulatory obligations.

- management and development of the customer relationship.

- marketing, market surveys and studies.

- exchanging contact information with the consent of the data subject

- management and development of the jobseeker relationships

Personal data can also be processed by Freund Elektronika affiliate companies, if any, in accordance with the GDPR and the EU Data Protection Act.

LEGAL BASIS FOR PROCESSING

The controller has the right to process the personal data of the data subjects based on the:

- consent received from the data subjects.

- performance of a contract in which the data subject acts as the contact person of the organizer.

- legal obligation to which the controller is subject.

REGULAR SOURCES OF INFORMATION

Information regarding the data subjects is regularly gathered:

- from data subjects themselves via phone, internet, e-mail or in other similar fashion.

- with cookies and other similar tech.

- CV’s and applikation letters;

PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

The controller shall not store the personal data longer than is necessary, taking into consideration the purpose for the processing of personal data.

- Customer and contact person data will be stored until they are no longer useful, or the data subject asks for its removal.

- Open job applications and cover letters are stored for 6 months, after which they are removed from the Freund Elektronika Careers email.

The controller inspects the necessity of the personal data stored monthly.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The recipients of personal data may consist of the following categories:

- Freund Elektronika affiliate companies.

- Third parties who offer cloud services.

- Third parties offering accounting, recruiting, marketing, and auditing services.

- Third parties who help Freund Elektronika to fulfill its legal obligations.

Information concerning data subjects may be disclosed with the data subject’s consent for marketing purposes in accordance with the EU Data Protection Act and the GDPR.

Contact information concerning data subjects may be disclosed with the data subject’s consent to third parties in accordance with the EU Data Protection Act and the GDPR.

REGULAR DISCLOSURE OF DATA AND INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA

Information may be transferred and stored to a server outside of EU or the European Economic Area to be processed by the Controller or Controller’s affiliate on Controller’s behalf in accordance with the GDPR and the EU Data Protection Act.

DATA SUBJECTS’ RIGHTS

The data subject has a right to use all the below-mentioned rights.

In all matters relating to the processing of personal data and in cases involving the exercise of their rights, the data subject should contact the controller and the controller’s contact person for data protection matters. To exercise the rights, the data subject must be reliably identified by the data controller.

Right to inspect

Having presented the adequate and necessary information, the data subject has the right to know what, if any, data the controller has stored of her/him. While providing the requested information to the data subject, the controller must also inform the data subject of the regular sources of information, to which purposes the personal data is used for and to whom it is regularly disclosed to.

Right to rectify and erasure

The data subject has a right to request the controller to rectify the inaccurate and incomplete personal data concerning the data subject.

The data subject can request the controller to erase the personal data concerning the data subject, if:

- Personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

- The data subject withdraws consent on which the processing is based on.

- The personal data has been unlawfully processed or

- Personal data must be erased for compliance with a legal obligation in EU or Member State law to which the controller is subject to.

If the controller does not accept the data subject’s request to rectify or erase the personal data, it must give a decision of the matter to the data subject in a written form. The decision must include the reasons for which the request was not granted. The data subject may then refer the matter to the relevant authorities (Data Protection Ombudsman).

The controller must inform the party to whom the controller has disclosed the personal data to or has received the personal data from of the rectification or erasure of personal data. However, there is no such obligation where the fulfilment of the obligation would be practically impossible or otherwise unreasonable.

Right to restriction of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject where one of the following applies:

- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or

- The controller no longer needs the personal data for the purposes of the processing, but the personal data is required by the data subject for the establishment, exercise, or defense of legal claims.

If the controller has based the restriction of the processing of personal data on the abovementioned criteria, the controller shall give a notification to the data subject before removing the restriction.

Right to object the processing of personal data

Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided.

Right to withdraw consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.

MERGERS AND ACQUISITIONS

In connection with mergers, acquisitions, or divestiture of all parts of Freund Elektronika business, the acquiring entity, as well as its business partners will obtain access to data managed by Freund Elektronika, and this may include personal data. In the case, such external parties will enter into a non-disclosure agreement with Freund Elektronika, which covers the potential disclosure of personal data.

DATA PROTECTION PRINCIPLES

Freund Elektronika uses all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect personal information from unauthorized or inappropriate access, but Freund Elektronika notes that the Internet is not always a secure medium Freund Elektronika restricts access to information about data subjects only to the personnel of Freund Elektronika that need to know the information e.g. for responding to inquiries or requests made by the data subjects.

RESPONSINILITY LIMITATION

Freund Elektronika is not responsible to leakage on our systems developed physically on customers local network and cloud owned by customers also due inappropriate setup, loosing access codes, missing system security updates or physical leakage from customer insiders.