loader image
Contact

Privacy policy

1. INTRODUCTORY PROVISIONS

1.1. This Privacy Policy regulates what personal data of visitors to the website https://millenniumteam.rs/ are collected and processed, how long they are retained, and provides information on the rights of the data subjects whose data are processed, all as further defined herein.

1.2. The company MILLENNIUM TEAM DOO BEOGRAD, with its registered seat at Žanke Stokić 39, Belgrade, company registration number: 17511068 (hereinafter: the Controller), as the author of the content on the Website referred to in Article 1.1, undertakes to safeguard the privacy of all visitors, to collect only the data necessary for the fulfillment of the purpose of the Website, all in accordance with good business practices, this Privacy Policy and the Law, acting in the capacity of the data controller.

1.3. Prior to using and reading the content of the Website, visitors confirm that they have read, understood, and accepted this Privacy Policy available at https://millenniumteam.rs, as well as that they have consented to the collection, processing, and retention of their personal data, as prescribed by this Privacy Policy.

1.4. This Privacy Policy has been drafted in accordance with the provisions of the Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of the Republic of Serbia” No. 87/2018) (hereinafter: the Law).

 

2. DEFINITIONS

2.1. Terms used in this Privacy Policy shall have the following meanings:

  • Controller means a natural or legal person, or public authority, which alone or jointly with others determines the purposes and means of the processing, and for the purposes of this Privacy Policy, the company MILLENNIUM TEAM DOO BEOGRAD.
  • Website means the website available at https://millenniumteam.rs/
  • Visitor means a data subject whose personal data are processed and who visits the Website https://millenniumteam.rs/ for the purposes of: obtaining information and contact via message through the open contact form.
  • Candidate means a data subject whose personal data are processed and who visits the Website https://millenniumteam.rs/ for the purpose of applying to open job postings for employment or other engagement.
  • Law – Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of the Republic of Serbia” No. 87/2018);
  • GDPR – General Data Protection Regulation of the European Union (2016/679);
  • Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them;
  • Personal data means any information relating to a natural person whose identity is determined or determinable, directly, or indirectly, in particular on the basis of an identifier such as a name and identification number, location data, identifiers in electronic communications networks, or one or more factors specific to their physical, physiological, genetic, mental, economic, professional and career identity, as well as cultural and social identity;
  • Processing of personal data means any operation or set of operations which is performed, whether by automated or non-automated means, on personal data or on sets of personal data, such as collection, recording, classification, grouping, i.e. structuring, storage, alignment or alteration, disclosure, access, use, disclosure by transmission, i.e. delivery, duplication, dissemination or otherwise making available, comparison, restriction, erasure or destruction;
  • Processor means a natural or legal person engaged by the Controller to process personal data on its behalf and for its account.
  • Third party means a natural or legal person, or public authority, other than the Visitor, the Controller, or the Processor;
  • Competent authorities mean public authorities competent for the prevention, investigation, and detection of criminal offences, as well as for the prosecution of perpetrators of criminal offences or the execution of criminal sanctions, including the protection of public and national security, as well as legal entities authorized by law to perform the aforementioned activities.
  • Commissioner or Supervisory Authority means an independent and autonomous public authority appointed pursuant to the Law, competent for supervising the implementation of personal data protection regulations;
  • Personal data breach means a breach of security of personal data leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
  • Data Protection Officer appointed by the Controller in accordance with the Law is Jelena Vidanović, contact details: email: jelena.vidanovic@millenniumteam.rs, telephone +381 11 313 95 25.

 

3. METHOD OF COLLECTION OF PERSONAL DATA

3.1. Personal data, through the access of the Visitor/Candidate to the Website, are collected in the following ways:

3.1.1. Directly from the data subject, when the Visitor provides their personal data, namely when the Visitor contacts the Controller via electronic mail or through the open contact form, as well as when the Candidate applies for open positions advertised on the Website and submits their CV through the open contact form;

3.1.2. Automatically, when using the website, in which case the Controller uses cookies for the adequate display of content and monitoring of the volume of visits and movement on the Website, and similar (hereinafter: “cookie”), in accordance with this Privacy Policy and the Cookie Policy available on the Website https://millenniumteam.rs/polisa-kolacica/.

 

4. VISITOR DATA COLLECTED, PROCESSED AND RETAINED

4.1. The personal data that we collect, process, and retain are as follows:

  • First and last name
  • Email address
  • Telephone number
  • Address of residence
  • Education
  • Work experience
  • Potential results of Candidate testing for the purpose of employment with the Controller
  • Other data that the Visitor/Candidate voluntarily provides via the contact form or by submitting their CV
  • Information collected through cookies (described in more detail in the Cookie Policy).

 

5. PURPOSE AND LEGAL BASIS OF COLLECTION, PROCESSING AND RETENTION OF DATA

5.1. Personal data are collected, processed, and retained for the following purposes:

5.1.1. For fulfilling the legitimate interests of the Visitor/Candidate or the Controller, who, by visiting the Website and selecting pages for reading and obtaining information, have demonstrated an interest in and need for the information offered on the Website, within the meaning of Article 12, paragraph 1, item 6 of the Law;

5.1.2. To respond to questions, requests, or any other type of inquiry that the Visitor/Candidate has addressed to the Controller through the open contact form;

5.1.3. For the purpose of reviewing and selecting Candidates who have submitted applications for employment engagement with the Controller to available job advertisements published on the Controller’s Website, through the available application form for a specific advertisement, in which the data subjects participate voluntarily, as well as for the consideration of potential Candidates, or other forms of engagement in the future, who submit their personal data to the Controller without a specifically organized recruitment process, to the email address available on the Website (posao@millenniumteam.rs). The Controller collects and further processes data from the Candidate’s biography and cover letter, where applicable, for the purpose of taking steps prior to the potential conclusion of an employment contract. For Candidates who have entered shortlist selection rounds, the Controller may also collect data based on testing in accordance with the requirements of the specific position, based on its legitimate interest to conduct an adequate selection of Candidates. Data and CVs of Candidates collected in this manner shall be used exclusively for the purpose of screening Candidate biographies in accordance with open positions, contacting Candidates regarding job interviews or potential employment with the Controller, with which the Candidates are informed and in agreement.

5.1.4. Other purposes for which the consent of the Visitor/Candidate has been given, unless the consent has been withdrawn in accordance with the Law and this Privacy Policy;

5.1.5. Other purposes in accordance with the Law.

5.2. The Controller is obliged, through the continuous application of appropriate technical, organizational and personnel measures, to ensure that only those personal data necessary for achieving each individual purpose of processing are always processed, which applies in relation to the amount of data collected, the scope of their processing, the period of their storage and their availability.

 

6. LEGAL BASIS FOR PROCESSING OF PERSONAL DATA

6.1. In accordance with the principle of lawfulness, the Controller processes personal data on the basis of various legal grounds prescribed by the Law, such as the following:

6.1.1 Consent

Personal data of Visitors/Candidates obtained based on the consent of the Visitor/Candidate shall be processed and retained in the Controller’s database for as long as the consent of the data subject exists, i.e. until such consent is potentially withdrawn. Consent for the collection, processing and use of personal data may be withdrawn at any time by sending an electronic request to the email address: office@millenniumteam.rs. Withdrawal of consent shall not affect the lawfulness of processing of personal data carried out prior to the withdrawal.

6.1.2 Legitimate interest

Processing is necessary for the purposes of the legitimate business interests of the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Visitor requiring protection of personal data – for example, when the Visitor/Candidate is informed about employment engagement opportunities with the Controller, based on applications submitted to the email address available on the Website.

 

7. RECIPIENT AND THIRD PARTIES

7.1. The Controller is authorized to disclose personal data to its employees or otherwise contractually engaged persons, public authorities, as well as its associates and persons who, solely due to the nature of the work they perform, must have access to such data. In the event of a merger, acquisition or other status change of the Controller, personal data may be transferred to third parties participating in the merger or acquisition process.

 

8. RIGHTS OF THE VISITOR REGARDING PERSONAL DATA PROTECTION

8.1. The right to be informed and the right of access to information, whereby the Visitor/Candidate shall, upon request, be informed in a concise, transparent, intelligible and easily accessible manner, using clear and plain language, about the Controller, the purpose of processing, the legal basis of processing, the existence of legitimate interest, potential third parties granted access to the data, the data retention period, and the existence of the right of access, rectification, erasure, restriction of processing, the right to data portability, the right to object and the right to lodge a complaint. The Controller must respond to such request within 30 days, or within 90 days in accordance with the Law where grounds for extension exist.

8.2. The right to rectification, where the data held by the Controller are inaccurate.

8.3. The right to erasure where legal conditions are met regarding cessation of necessity of data possession for fulfillment of the purpose, withdrawal of consent, submission of objection to processing, where erasure is mandated by the Law, or where processing was unlawful.

8.4. The right to restriction of processing – as in the case of erasure, Visitors/Candidates may request restriction of processing.

8.5. The right to data portability to another Controller where processing is based on consent or contract, where technically feasible and where, based on assessment, the required standard of security of personal data transfer is ensured;

8.6. The right to object to the Controller, in accordance with the Law, where the Controller must cease processing unless there are legal grounds for processing which override the interests, rights or freedoms of that Visitor/Candidate or are related to the establishment, exercise or defense of legal claims. The Visitor/Candidate may submit an objection via email to office@millenniumteam.rs, stating in the subject line: Objection to Processing, and explaining in the message the reason for the objection and the request.

8.7. The right to lodge a complaint with the competent authority (Commissioner for Information of Public Importance and Personal Data Protection) (hereinafter: the Commissioner);

8.8. All other rights in accordance with the Law on Personal Data Protection.

 

9. DATA RETENTION PERIOD

9.1. Personal data of Visitors/Candidates shall be retained based on legitimate interest for as long as necessary to ensure the purpose for which the personal data were collected, in line with legal provisions and internal procedures.

9.2. The retention period of personal data of Visitors/Candidates shall be determined in accordance with the following criteria:

  • the period during which the personal data of the Visitor/Candidate are necessary for the Controller to act upon various inquiries or applications for employment;
  • whether there is a legal, contractual, or similar obligation to retain the personal data of the Visitor/Candidate;
  • after the purpose has been fulfilled, i.e. upon expiry of the legally prescribed retention period for personal data, the personal data shall be permanently erased.

 

10. DATA SECURITY

10.1. The Controller shall adequately protect the personal data of Visitors/Candidates whose personal data are subject to processing from misuse, destruction, loss, unauthorized alteration or access, and shall undertake all necessary technical, personnel and organizational data protection measures, in accordance with established standards and procedures, required to protect the data from loss, destruction, unauthorized access, alteration, disclosure and any other misuse, as well as to establish the obligation of persons engaged in processing to maintain data confidentiality.

 

11. PROCEDURE IN CASE OF PERSONAL DATA BREACH

11.1. In the event of a threat to personal data or security referred to in the above Article 10, the Controller shall undertake the necessary measures prescribed by the Law, in terms of notifying the Commissioner and the Visitor/Candidate where applicable, as well as protection measures.

11.2. In the event of a personal data breach, the Controller shall notify the Commissioner of a breach of personal data protection rights that may pose a risk to the rights of the Visitor immediately, or no later than within 72 hours from becoming aware of the breach. In case of failure to act within the said period, the Controller shall provide reasons for the delay.

11.3. The Controller’s notification to the Commissioner and the Visitor shall contain all information in accordance with the Law.

11.4. The Controller shall not be obliged to provide the notification referred to in Article 11.3 in the event of circumstances defined by the Law.

 

12. COMMISSIONER / SUPERVISORY AUTHORITY

12.1. The Supervisory Authority for personal data protection in the Republic of Serbia is the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia. You may contact the Authority at Bulevar kralja Aleksandra 15, 11000 Belgrade, Republic of Serbia, by email at office@poverenik.rs or by telephone at +381 11 3408 900.

12.2. The Controller cooperates with the Commissioner in the exercise of its powers, in accordance with obligations prescribed by the Law.

 

13. FINAL PROVISIONS

13.1. All amendments to the Privacy Policy shall be publicly available in the designated place on the Controller’s Website, at the address https://millenniumteam.rs/

 

14. APPLICABLE LAW AND JURISDICTION

14.1. The substantive law applicable to the processing of personal data of the Visitor, in relation to processing performed by the Controller, shall be the law of the Republic of Serbia, the Law on Personal Data Protection, as well as the GDPR where applicable.

14.2. For administrative and court proceedings, the competent authorities and courts of the Republic of Serbia shall have territorial jurisdiction, in accordance with the positive legislation of that state.

 

Contact

If you have questions regarding the processing of your data or wish to exercise your rights, you may contact us at:

 

Millennium Team d.o.o.
Address: Žanke Stokić 39, 11000 Belgrade, Serbia
Email: office@millenniumteam.rs
Telephone: +381 11 313 95 25

 

Contact
Linkedin Instagram Facebook Youtube