Terms of Use

Policy on the Security and Privacy of Personal Data of Users of the Taratours Website

Article 1

Čiča Gliša d.o.o. Bajina Bašta – Taratours Travel Agency, operating through www.taratours.rs (hereinafter: the Company), in its capacity as the controller of personal data, considers the trust of individuals who, in accordance with Article 4, paragraph 1, item (1) of the Serbian Law on Personal Data Protection (Official Gazette of the Republic of Serbia, No. 87 of 13 November 2018) (hereinafter: the Law), have provided their personal data (hereinafter: the Users) through the website available at www.taratours.rs (hereinafter: the Website) to be of exceptional importance and one of the fundamental ethical values of the Company’s business operations.

In this regard, the Company has undertaken all necessary measures and actions, in accordance with the Law, to protect and safeguard the privacy of the personal data entrusted to it, as further set out in this Policy, in accordance with Article 23 of the Law.

Personal Data Processed by the Company

Article 2

The Company collects and processes the following data from Website Users:

  • Identification data: first name, last name, email address, and contact telephone number (hereinafter: personal data);
  • Website login and user behaviour data (Cookies).

Legal Basis for the Processing of Personal Data

Article 3

Users’ personal data shall be processed exclusively on the basis of their explicit consent, in accordance with Article 15 of the Law. Any request for consent shall be presented in a manner that is clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language.

Cases in Which Personal Data Is Processed

Article 4

Users provide their personal data by entering it into the contact form available on the Website, as well as in connection with the presentation of employees (and other engaged persons), clients, and partners as references in sections of the Website such as Contact, and through the use and browsing of the Website via Cookies (hereinafter: Cookies).

Purpose of the Intended Processing of Personal Data

Article 5

The Company collects and processes Users’ personal data solely for the purpose of communication, namely for establishing and maintaining contact with persons interested in a particular type of business cooperation with the Company. This may relate in particular (but not exclusively) to internship and employment enquiries, requests for offers in relation to services provided by the Company, the presentation of data subjects as members of the team, and within the scope of providing services relating to the organisation of tourist travel and other tourism services, as well as presenting such persons as clients and/or partners, or for any other form of business communication.

Establishing and maintaining communication includes two-way communication with the persons referred to in paragraph 1 of this Article, particularly for informing such persons about their rights under the Law, as well as about all other relevant matters relating to the business cooperation they wish to establish or have established with the Company.

Persons who have consented to being contacted by the Company in connection with a particular form of business cooperation, as well as in other cases referred to in Articles 2 and 4 of this Policy, may withdraw such consent at any time in accordance with Article 15, paragraph 3 of the Law, which shall result in the cessation of the processing of the relevant personal data.

Rights of the Data Subject

Article 6

Data subjects have the right to transparent information on the manner in which they may exercise their rights, in accordance with Article 21 of the Law. This primarily includes the right to receive all information referred to in Articles 23 and 24 of the Law, as well as information regarding the exercise of rights under Articles 26, 29 to 31, 33, 36 to 38, and 53 of the Law, in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Such information shall be provided in writing or by other means, including electronic means where appropriate. If requested by the data subject, such information may also be provided orally, in accordance with Article 21, paragraph 1 of the Law.

The rights of the data subject referred to in Article 21 are also determined by the obligations of the personal data controller, and information on such rights may be provided in combination with standardised icons displayed electronically, so as to provide a meaningful overview of the intended processing in an easily visible, understandable and clearly recognisable manner, in accordance with the Law.

Article 7

In addition to the rights set out in Article 6 of this Policy, the data subject shall also have the following rights in accordance with the Law:

  1. Right of access: The data subject has the right to request from the controller information as to whether his or her personal data is being processed, access to such data, and other information in accordance with the Law.
  2. Right to rectification and completion: The data subject has the right to have inaccurate personal data corrected without undue delay. Depending on the purpose of the processing, the data subject also has the right to have incomplete personal data completed, including by providing a supplementary statement.
  3. Right to erasure of personal data: The data subject has the right to have his or her personal data erased by the controller, and the controller is obliged to erase such data without undue delay in cases prescribed by law.
  4. Right to restriction of processing: The data subject has the right to obtain restriction of processing of his or her personal data by the controller if one of the cases provided for by Article 31, paragraph 1 of the Law applies.
  5. Right to be informed about rectification, erasure, and restriction of processing: The controller is obliged to inform all recipients to whom the personal data has been disclosed of any rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. The controller is also obliged, at the request of the data subject, to provide information about all recipients to whom the personal data has been disclosed.
  6. Right to data portability: The data subject has the right to receive the personal data previously provided to the controller in a structured, commonly used, and machine-readable format, and has the right to transmit such data to another controller without hindrance from the controller to whom the data was provided, provided that the legal conditions are met. This right also includes the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  7. Right to object and rights related to automated decision-making: If the data subject considers it justified in relation to his or her particular situation, he or she has the right, at any time, to object to the processing of his or her personal data, including profiling, and the controller shall cease processing such data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defence of legal claims.
  8. Automated individual decision-making and profiling: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, where such decision produces legal effects concerning him or her or similarly significantly affects his or her position. The data subject may contact the Company in order to exercise the rights provided by the Law.

Recipients of Personal Data

Article 8

The personal data referred to in Article 2 of this Policy shall not be disclosed to anyone outside the Company’s organisation. Access to such data shall be granted only to the person within the Company responsible for responding to Website enquiries, as well as to the person or persons involved in deciding how such enquiries will be handled.

Method of Protection and Data Retention Period

Article 9

The Company protects your data during communication by using an SSL security certificate, whereby all data transmission is encrypted, as well as cookie management banners. Users’ personal data shall be retained primarily for the purpose of fulfilling the purpose of processing referred to in Article 5 of this Policy, in accordance with Article 5, paragraph 1, item (5) of the Law, namely for as long as there is a need to communicate with Users. After the expiry of the retention period, the personal data shall be deleted.

Cookies

Article 10

Cookies (hereinafter: Cookies) are text files placed on the computer of a person visiting the Website for the purpose of collecting standard information related to Website access and the behaviour of that person while using the Website, which may be sent to the internet browser used by that person. The Company may collect/process such information automatically through Cookies or similar technologies. For more information about Cookies, please visit www.allaboutcookies.org.

Users who are concerned about privacy and the use of Cookies may configure their internet browser to notify them when a Cookie is received, as well as to reject Cookies that other websites attempt to send.

Use of the Website is not conditional upon consent to the use of Cookies.

Data Privacy Rules of Other Websites

Article 11

The Website may contain external links leading to other websites. The provisions of this Policy on the security and privacy of personal data apply only to this Website, and the Company does not assume responsibility for the privacy practices of other websites.

Article 12

The provisions of this Policy shall apply from the date of publication on the Website. The Company reserves the exclusive right to amend this Policy unilaterally and to publish any such amendment in the manner provided for in paragraph 1 of this Article.

Prepared in English for website use.