Privacy Policy - RePol

This is the Privacy Policy for RePol, owned and maintained by the University of Belgrade Computer Centre. The University of Belgrade Computer Centre is dedicated to safeguarding personal data subject to processing, as well as to developing and applying data protection solutions that are effective, fit for purpose and demonstrate an understanding of, and appreciation for the General Data Protection Regulation 2016/679 (GDPR) and applicable national data protection legislation.

We are committed to ensuring ongoing and continued compliance with data protection legislation and guidance provided by the supervisor of our general work and practices and all of our service offerings, to protecting any personal data, limiting any collection to what is strictly necessary by legal obligation and legitimate interest and complying with the GDPR and national legislation.

This Privacy Policy concerns the processing of your personal data for which the University of Belgrade Computer Centre is the Data Controller or Data Processor, in other words, the University of Belgrade Computer Centre collects personal data directly or indirectly from you and describes personal data that is needed to provide you with the service, the purposes for which your personal data is being collected, how it is stored, shared and how long it will be retained.

Considering the significance of this responsibility, the University of Belgrade Computer Centre works daily to put in place adequate measures and controls to protect your personal data and ensure that you can exercise your rights at any time.

Personal identification information from the users is collected through:

  • main service
  • other

Reasons for data collection

  • service operation or usage monitoring
  • technical support
  • enhancement of service experience

Methods of data collection

The following tools are used to collect user and usage data:

Main service

Whenever a user visits the service, the following information is automatically collected and stored:

  • IP address
  • date and time
  • pages visited

Other

If you request technical support or enhancement of service experience via email or by other means, we may ask you for your IP address so that we could monitor and analyse the operation of the service during your access and usage. Your email address and exchanged messages will be preserved in our email archives.

Data storage and retention periods

All data is stored in Serbia. The website and services are running on a server in Serbia. Data stored by third parties is covered by appropriate data processing agreements.

Your personal information is stored for the duration of your use of the service provided. We keep this data to deal with any queries that may arise following your use of our service.

Personal data is only stored as long as it is necessary to provide a requested service dependent on this data.

No identifiable IP addresses are stored. The University of Belgrade Computer Centre does not have legal means of obtaining sufficient additional data to link an IP address to a person's real-world identity.

In certain circumstances, data may be retained longer for archiving in the public interest, scientific or historical research purposes, and in the context of long-term preservation.

Security of personal data

The University of Belgrade Computer Centre takes the confidentiality, integrity and availability of your personal data very seriously. We take appropriate security precautions to protect your personal data from loss, misuse or unauthorised access, disclosure, alteration and destruction. When you access RePol, the University of Belgrade Computer Centre will provide adequate security controls to keep your personal data safe depending on the type of data collected from you.

Although we endeavour to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:

  • There are security and privacy limitations on the Internet which are beyond our control.
  • The confidentiality, integrity and availability of any information exchanged using these services cannot be 100% guaranteed.
  • We cannot be held accountable for activities that result from your own neglect to safeguard the security of your login credentials and equipment that may lead to compromising your personal data.

When and how personal information is shared with others

We will disclose personal data in the following circumstances:

  • if we are required or permitted to do so by law, regulatory or other legal processes
  • to protect our rights, reputation, property or the safety of us and others
  • to defend or enforce our rights or your obligations

We do not sell personal information to anyone or share it with third parties who are facilitating the delivery of other services.

Transferring personal data

RePol is located in Serbia. Personal data we collect about you will generally be processed in its locations. The University of Belgrade Computer Centre endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only within the authorisation you have given and the practices described in this Privacy Policy.

The University of Belgrade Computer Centre also minimises the risk to your rights and freedoms by not collecting or storing any sensitive information about you without your explicit consent.

Data subject rights

The General Data Protection Regulation (GDPR) establishes several rights for individuals concerning their personal data, such as:

  • to know about what personal data is kept
  • to request access to your data
  • to ask us to rectify your personal data
  • to ask us to erase your personal information
  • to object to your data being processed by us

You also have the right to inquire what personal data we hold about you, and to present a complaint to the relevant Supervisory Authority about our personal data processing activities if you feel your personal data is not being managed as described here.

Please note that submitting a Data Subject Access Request might be connected with providing information confirming your identity and the legal basis for this processing is compliance with a legal obligation (ensuring data subject access request).

Access to personal data

You may submit a Subject Access Request to the University of Belgrade Computer Centre. The response will include a description of your data, any recipients of it, as well as a copy of your data. Any request regarding Data Subject Rights will be responded to within 10 working days.

Right to rectification and erasure

You have the right to correct any inaccurate personal data held by the University of Belgrade Computer Centre. You also have the right to request the erasure of any data that is no longer necessary for the purpose for which it was collected.

Right to restriction of processing and withdrawal of consent

You have the right to restrict the processing of your personal data or object to the processing of your data. You also have the right to withdraw previously given consent to process personal data.

Rights to data portability

You have the right to receive your personal data that the University of Belgrade Computer Centre holds by consent in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the University of Belgrade Computer Centre.

National legislation

Serbian Law on Personal Data Protection ("Official Gazette of RS" No. 87/2018) is similar to the GDPR. It establishes several rights for individuals concerning their personal data, such as:

  • Data subject rights
    • Whether their personal data is processed and, if so, which processing operations are performed;
    • Which data are being processed;
    • The source of the data;
    • The purposes of data processing
    • The legal grounds for data processing, etc.
  • Access to personal data
    • Data subjects have the right to access, review and read collected personal data, as well as to make notes and obtain copies of their personal data.
  • Right to rectification and erasure
    • Data subjects have the right to require the University of Belgrade Computer Centre to correct, modify, update or delete data, as well as to suspend processing.

The Serbian data protection authority is the Commissioner for Information of Public Importance and Protection of Personal Data (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti). Its website is https://www.poverenik.rs/en/. Also, see “Supervisory authority”.

Contacts

Data Protection Officer - contact for questions regarding personal data and privacy

The University of Belgrade Computer Centre, as the owner and data controller of RePol, has appointed a Data Protection Officer (DPO), for you to contact if you have any questions or concerns about the way the University of Belgrade Computer Centre is processing your personal data. Together, the DPO and RePol service team are working to provide you with accurate information and implement measures to protect your privacy.

For questions, comments or complaints regarding personal data and privacy, this Privacy Policy and how the University of Belgrade Computer Centre processes your personal, and to exercise data subject rights, please contact the Data Protection Officer:

Name: Lice za zaštitu podataka o ličnosti
Organisation: University of Belgrade
Address: Kumanovska 7
Country: Serbia
Email: dpo@rect.bg.ac.rs
Telephone: +381 11 3031 257

Supervisory authority

Should you wish to report a complaint about the University of Belgrade Computer Centre’s data processing that has not been addressed adequately, you may contact:

Name: Nadzor nad zaštitom podataka kod rukovaoca iz oblasti obrazovanja
Organisation: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti
Address: Bulevar kralja Aleksandra 15, Beograd 11120
Country: Serbia
Email: office@poverenik.rs
Telephone: +381 11 3408 900

Changes and updates to the Privacy Policy

This service may change from time to time and this Privacy Policy will be updated appropriately. We reserve the right to amend the Privacy Policy at any time – in such case, an updated version of the Privacy Policy will be posted at this location and we encourage you to check it from time to time.

The University of Belgrade Computer Centre keeps this Privacy Policy under regular review; the last update was on (yyyy-mm-dd): 2022-03-25

Created by RePol (https://repol.ni4os.eu) version 3.0, source code at GitHub under EUPL-1.2-or-later, on 2022-03-25 01:36UTC