Pursuant to the Law on Personal Data Protection (Official Gazette of the Republic of Serbia, No. 87/2018), NDF SHOP DOO BEOGRAD, Bulevar Arsenija Carnojevica 59b, Company registration number: 21895857, TIN: 113592842 (hereinafter: Company), on 11 April 2023 issues
- Preliminary provisions
1.2 The Rulebook on Personal Data Protection regulates the Company’s obligations regarding the collection and processing of personal data. These Privacy Rules further govern the privacy and protection of your personal data, and provide you with information in accordance with Article 23 and 24 of the Law on Protection of Personal Data (Official Gazette of the Republic of Serbia, No.87/2018) (hereinafter: Law). The company has the position of controller of the processing of your personal data.
1.5 In case of any questions or requests regarding the processing or protection of your personal data, you can contact us at the e-mail address: firstname.lastname@example.org
- you visit our website https://shop.novakdjokovicfoundation.org (hereinafter: “Website“)
- you visit our profiles on social network sites;
- you communicate with us by phone, through the contact center, through the contact form, by e-mail or in another way;
- you buy products from us, including remote shopping/online shopping;
- your requests are resolved, including complaints about purchased products;
- you provide your goods or services, systems or applications;
- you communicate with us in any other way or by any other means.
2.2 Personal data processing is any action or set of actions that is performed automatically or non-automated with personal data or their sets, such as collecting, recording, copying, sorting, grouping, i.e. structuring, separating, combining, storing, matching or changing, disclosure, inspection, use, search, disclosure by transmission, i.e. delivery, copying, duplication, dissemination or otherwise making available, comparing, limiting, deleting or destroying, securing, using, organizing, storing, adapting.
2.3 It is mandatory to submit only those personal data that we collect for the fulfilment of certain legal obligations. Submission of personal data on all other legal grounds is voluntary, but please note that if you deny us some data, in certain situations we may not be able to provide you with certain services (such as for example in the case of online purchases, home delivery of products).
- Which of your personal data do we process and why?
3.1 Personal data of business partners and customers:
3.1.1 We process personal data which, depending on the specific business need, includes: name (of the business company, entrepreneur, agricultural holding, natural person, institution, organization or establishment that the person represents or comes from), first and last name, city and address of residence and/or place of residence, communication data (email address, phone number, etc.); data on activity, workplace, function, type and scope of authorization for representation, type and scope of business, as well as all other personal data necessary for the needs of business and the execution of the contract concluded with a business partner/customer/consumer, etc., that is, all other personal data that we obtain in the framework of or in connection with the performance of activities.
3.1.2 The data listed here can be processed for the purpose of preparing the conclusion of the contract, which precedes the contractual relationship, for the purpose of fulfilling obligations after the conclusion of the contract, as well as for the purpose of complying with our legal obligations, all in accordance with Article 12, paragraph 1 item 2) and 3) of the Data Protection Act about personality.
3.2 Personal data of visitors to our website:
3.2.1 When visiting the website https://shop.novakdjokovicfoundation.org/, the browser you use on your device will automatically and without your activity send to the server of our website: the IP address of the device from which the request was sent and which has Internet access, the date and time of access, name and URL of the downloaded file, the website/application accessed from (referrer URL), the browser you use and, if necessary, the operating system of the computer that supports the Internet, as well as the name of your provider. The server temporarily saves the above data in a so-called log file for the following purposes: ensuring the establishment of an unhindered connection, ensuring the comfortable use of our website/application and assessing the security and stability of the system. The data is stored temporarily during the visit to the page, and then it is automatically deleted.
3.2.2 The legal basis for IP address processing is Article 12, paragraph 1 item 6) of the Personal Data Protection Law (legitimate interest), which derives from the above-mentioned purpose of data processing.
3.2.3 If in your browser, in the operating system or in other settings of your device, you have accepted the so-called geolocation, we use this feature to tailor services to you based on your current location (for example, currency or shipping cost). We process data about your location exclusively for the stated purpose with your consent.
3.2.4 Additional personal data is collected solely on the basis of the consent of the person, for example in the case of registering a user account, signing up for a newsletter, direct marketing, surveys, via the contact form, via phone or e-mail, competition or contract execution, in accordance with the established purpose, i.e. for the purpose of answering an inquiry, sending a newsletter and other marketing material, executing a contract or other obligation, i.e. with the consent of the person, and as described in more detail in the rest of this document.
3.2.5 If you have given your consent to receive the newsletter via e-mail, SMS, Viber, and/or to receive other marketing material that contains information about current offers and promotions, we use your e-mail address, i.e., phone number and possibly name to send information about products, promotions, sweepstakes/contests, news and offers. If, when signing up for the newsletter, you choose the option to receive messages that are more tailored to your interests, and for this purpose you provide us with information about your gender and age, the Company will process said data in order to filter content that is tailored to your interests, that is, how we would offer you products that have been determined to be preferred by users of the same gender and age, all with the aim of facilitating the search of our offer.
3.2.6 We store and process this data for the purpose of sending newsletters and/or other marketing material, which includes promotions as well as products and services. With your consent, we record your behaviour as a user of our website, mobile applications, and newsletter. The assessment of user behaviour includes, first of all, data about the sections you stay on and the links you use, for example. by adding a specific product to the basket or by analyzing the history of online purchases. In this way, we create personalized user profiles with your personal data and/or with information about your e-mail address in order to enable the creation of our advertising offer in the form of newsletters, on-site advertising and printed material, adapted to your personal interest and thereby improve our offer. The consequence of using profiling can be, for example, reminders of unfinished purchases or sending product suggestions that may correspond to the interests or wishes of a particular person.
3.2.7 The legal basis for data processing when sending newsletters and/or other marketing material is your consent in accordance with Article 12, paragraph 1 item 1) of the Personal Data Protection Law. You can revoke your consent to receive newsletters/marketing materials or create personalized user profiles at any time. Revocation of consent does not affect the admissibility of processing that was carried out on the basis of consent before the revocation. You can do this by e.g., unsubscribe from the newsletter reception list on our website. You can find the unsubscribe link on our website or at the end of each newsletter or directly via the Viber application or SMS message, if you have given your consent for this type of notification. If you withdraw your consent, we will delete your data. We inform you that in the case of sending newsletters/Viber/SMS, we can engage external partners in order to perform these services so that your data can be transferred to those persons (data on e-mail address and phone number).
3.2.8 The company does not collect or disclose personal data of minors under the age of 18. We recommend the representatives of minors to properly supervise minors under their custody while searching the Internet, especially when it is possible to leave personal data. If you believe that you have inadvertently submitted personal data, please have your parents or legal guardians notify us and we will delete your personal data.
3.2.9 By submitting personal information in accordance with this item 3, the website visitor understands and agrees with the fact that the security, integrity and privacy of his data cannot be 100% guaranteed, despite the fact that the Company constantly takes all optimal measures to protect them.
3.3 Personal data of customers who make online purchases through the Company’s website
3.3.1 The company processes personal data for the exercise of rights and obligations from concluded sales contracts via web pages (further: Online shopping).
3.3.2 The personal data we collect from you are: first and last name, email address, address (street, house number, postal code, town, country), telephone number. We receive all your personal data directly from you.
3.3.3 We process your data for the purpose of enabling and executing your online purchase through our website. When using the online shopping service, the Company processes your personal data for the purpose of:
- realization of the order and delivery of information about the status of the order (e.g. notifying the customer about the delivery time, responding to possible requests regarding the order, etc.);
- enabling customers to submit complaints and returns;
- storing any list of wish lists, which users of the web pages can create;
- detecting and/or preventing abuse or fraud.
3.3.4 You can use our website as a “Registered User” or “Unregistered User”. To register and open a user profile, we need the following personal data: Name and surname, e-mail address, phone number, address and place of residence, postal code, gender. The Company does not have access to passwords, so the user is solely responsible for protecting their password. Each user is responsible for the accuracy and truthfulness of all the information he has provided and guarantees that he will manage his profile personally, that is, through a person they authorize.
3.3.5 The company keeps data until the profile is revoked or unregistered in accordance with the legislation of the Republic of Serbia. The user can unsubscribe at any time, by sending a written notice of appropriate content in electronic form to the e-mail address email@example.com, with the e-mail must be sent from the e-mail address from which the user registered as a registered user, or by sending a letter to the address of the controller’s headquarters. After deactivation, the Company will keep your data within 6 months from the day of deregistration, in order to resolve any complaints from the previous period.
3.3.6 In order to successfully process the order from the “Unregistered User”, we need the following personal data: first and last name, e-mail address, address and place of residence or delivery address, postal code and contact telephone number. If you do not provide the requested information, the Company will probably not be able to process your order and deliver the ordered goods to you. Each user is responsible for the accuracy of the data they have entered.
3.3.7 We share the personal data of the person, name and surname, delivery address, e-mail address and phone number, obtained by confirming the order by the user, with our logistics partners in order to prepare the products from your order and deliver them to the address according to your request. Our business partners are authorized to use this data and contact you exclusively for the purpose of delivering individual shipments.
3.3.8 When paying for your order with a payment card online, you will be redirected to the Chipcard page. Card data is entered on the Bank’s secure website and transmitted over the Internet in a protected (encrypted) form using the SSL protocol and the PKI system. Payment card information is not available to our system at any time.
3.3.9 Also, the Company is obliged, based on the regulations governing the field of consumer protection, to provide customers with the possibility of filing complaints on purchased products. In that case, when filing a complaint, we can collect data from you as a customer about your name and surname, phone number, e-mail address and/or home address, if necessary, e.g. sending goods, but also other data depending on the way of ending the complaint procedure, but also other data if they are necessary for the fulfilment of the Company’s obligations in connection with the complaint resolution procedure, which obligations arise from financial and/or tax regulations. We use the data collected in this way exclusively for the purpose of solving and responding to your complaints.
3.3.10 The legal basis for the processing of this data is Article 12, paragraph 1, items 2) and 3) of the Law, taking into account the performance of contractual obligations or legal obligations.
3.4 Other personal data that you have given us:
3.4.1 We process the personal data that you gave us when making the initial contact, during subsequent communication (e.g. through a phone call, e-mail, questionnaires, etc.), when visiting the website or profiles on social networks, as well as the personal data that have resulted from our business cooperation, which include your identification data (name and surname), your communication data (contact phone, e-mail, address…), your additional data necessary for the realization of our business relationship (data on purchased products , ID number…).
3.4.2 We process your data in accordance with the defined purpose, and in order to respond to your inquiry. The legal basis for data processing is Article 12, paragraph 1 item 6) of the Personal Data Protection Act (legitimate interest). Our, and at the same time, your (legitimate) interest in this kind of data processing stems from the need to answer your questions, to solve existing problems, if necessary, and to thereby ensure your satisfaction as our customer or as a user of our website.
3.4.3 If you participate in one of our surveys, such participation is voluntary. With anonymous surveys, we do not store data that enables us to determine who the survey participant is. We only store the date and time of your participation. We consider any personal data that you have given us through the survey as given voluntarily, and we store it in accordance with the provisions of the Law.
3.4.4 In case you have given your consent to conduct the survey, the legal basis for data processing is based on your consent in accordance with Article 12, paragraph 1, item 1) of the Personal Data Protection Law. In that case, you have the right to withdraw your consent at any time. Revocation of consent does not affect the admissibility of processing that was carried out on the basis of consent before the revocation.
3.5 Pursuant to the Law, we will not process data related to:
- racial or ethnic origin;
- political opinion;
- religious or philosophical belief;
- membership in trade unions;
- genetic functions;
- health; sex life;
- criminal judgments or related security measures;
- biometric data;
- genetic data.
If there is a need to process some of the mentioned personal data, we will always need your express consent.
4.Who has access to your personal data?
4.1 We consider your personal data a business secret and protect them accordingly, in accordance with applicable legal regulations and best practices.
4.2 Within our company, only those organizational units or employees who need them to fulfil the purpose for which the personal data was collected have access to the data you have provided us. We will process your personal data ourselves, while third parties have the right to access and process your personal data only in the situations described below:
4.2.1 Our trusted partners or legal entities with whom we cooperate and who help us in our regular business activities. These may be entities that develop and maintain IT solutions and platforms, servers, logistics partners, as well as entities that provide services to you on behalf of the Company, such as for marketing, financial or advertising purposes, for payment processing, delivery. In this case, these service providers are obliged, in accordance with concluded contracts, to use the data entrusted to them exclusively in accordance with our instructions, strictly for the purpose we have identified, and to adequately protect your data and keep it confidential;
4.2.2 Entities with whom we cooperate in business when we assess that it is necessary to protect certain of our legitimate interests. For example, tax advisers, accountants, insurance companies, lawyers, and other advisers. In this case, these entities process your personal data solely for our needs;
4.2.3 Competent authorities in the conduct of supervision over the legality of business operations and actions, as well as other legal entities when necessary to perform our legal obligations, such as auditors. In this case, these legal entities process your personal data for the purpose assigned to them by law;
4.2.4 Other parties in connection with business transactions, such as the sale of the company or part of the company, reorganization, merger, joint venture, or any other type of disposal of our company, assets, or stocks (including bankruptcy or similar proceedings);
4.2.5 There may be a need to forward part of your confidential inquiries to contractual partners (e.g., suppliers for inquiries related to specific products, etc.) for the purpose of processing your inquiry. However, in these cases, the inquiry is anonymized beforehand so that the third party cannot link it to you in any way. If, in individual cases, it is necessary to forward your personal data, we will inform you in advance and ask for your consent.
4.2.6. The Company was founded by the Novak Djokovic Foundation from Belgrade, Bul. Mihajla Pupina 6, 16th floor, registration number 17702041, TIN 105377699, solely for the purpose of generating profit that would be used to achieve the statutory goals of the Novak Djokovic Foundation. For this reason, the Company shares the collected data with the Foundation, solely for the purpose of creating a database of potential donors and contacting them for possible cooperation with the Foundation.
4.3 Third parties are limited in their ability to use your personal data for any other purpose than those stated, and they are obliged to protect and process your personal data in accordance with legal, regulatory, and contractual obligations.
4.4 All legal entities with whom we collaborate are selected very carefully and are contractually obligated to keep personal data confidential in accordance with Article 45 of the Law on Personal Data Protection, as required by law.
- Personal data transfer abroad?
5.1 In some cases, we may share your personal data, i.e., transfer them to other companies in accordance with the Law. When we do this, we transfer your data to servers located in the EU or in a country that provides an adequate level of protection in accordance with the legislation of the Republic of Serbia. Access will be allowed only to a limited number of persons, i.e., authorized persons, exclusively for maintaining the functionality of the server.
- How do we protect your personal data?
6.1 Protecting your personal data is extremely important to us. Some of the protective measures we implement are as follows:
6.1.1 Implementation of database anonymization whenever possible;
6.1.2 Application of modern methods of protection and control of access to data sources containing personal data;
6.1.3 Restriction of access to sensitive data as well as restriction of user accounts that have access to certain data, introducing a system of roles and authorizations that will ensure that only certain employees who need access to data for the performance of work tasks can have insight and process the relevant data;
6.1.4 Continuous monitoring of all resources (physical spaces where your data is stored) that are used to process personal data.
6.2 The purpose of implementing these measures is to prevent the risk of destruction, loss, alteration, unauthorized disclosure, or access to your personal data.
6.3 We also require implementation of appropriate protection measures in relation to your personal data from third parties who have the right to access and process your personal data, as stated in Article 4.3.
- Personal data storage period
7.1 Personal data is stored for as long as is necessary to ensure the purpose for which the personal data was collected, namely:
7.1.1 for data with a legally defined storage period, the Company stores the data for that period and deletes them within an additional period of one year;
7.1.2 for data without a legally defined storage period, The Company stores the data during the validity period of the contract in connection with which the data is processed, and after the termination of the contract, the Company deletes the data within an additional period of one year after the expiration of the statute of limitations for the corresponding obligations, e.g.
- contracts for the sale of goods and supply of services with legal entities 3+1 year;
- contracts for sale of goods and supply of services with other entities 10+1 year;
7.1.3 the Company stores the data processed on the basis of legitimate interest as long as there is a legitimate interest, and deletes them within a period of 2 years from the termination of the legitimate interest;
7.1.4 the Company stores the data it processes on the basis of consent as long as it has consent, and in case of withdrawal of consent, it deletes the data in the shortest reasonable time;
7.1.5 the Company stores data on job candidates for a period of 5 years for the purpose of subsequent assessment of the need for hiring candidates;
7.1.6 data submitted for a query/question via website, social networks or via e-mail or telephone are deleted or anonymized no later than one year after providing the final answer;
7.2 after the purpose has been fulfilled, i.e., the expiration of the legally prescribed period for storing personal data, the personal data is permanently deleted.
7.3 the above-mentioned personal data storage period is defined based on the following criteria:
7.3.1 the period during which we use your personal data in order to be able to provide you with our services;
7.3.2 whether there is a legal, contractual, or similar obligation to store your personal data.
- Which regulations apply?
8.1 The protection of your personal data is regulated by the Law on the Protection of Personal Data (“Official Gazette of RS”, No. 87/2018).
- Your rights
9.1 Should you decide to exercise one or more of your rights listed below, we reserve the right to verify your identity, all for the purpose of protecting personal data.
9.2 You can exercise your rights free of charge. With the exception of your request being obviously unfounded or excessive (ex. asking for personal information that you already possess), and especially if the same request repeats often, we reserve the right to collect necessary costs of acting on your request or to refuse to act on your request.
9.3 Please submit all questions and requests related to your rights from item 9.4-9.8 in writing and signed to the address firstname.lastname@example.org. We will respond to your request immediately, or within one month at the latest, unless the exceptional complexity of the individual case requires an extension of the specified deadline. In order to protect you as the holder of personal data, you need to properly identify yourself as the requester, which will serve as a guarantee to the Company that it is providing personal data to its owner.
9.4 Access to your personal data
You have the right to ask us for information on whether we process your personal data, access to that data, as well as information on processing in accordance with Article 26 of the Law.
9.5 Correction of inaccurate personal data, supplementation, erasure or limitation of personal data use
You have the right to request the correction of your inaccurate personal data, as well as the right to supplement, delete and limit the use of your personal data.
9.6 Transferability of personal data
You have the right to download and request the transfer of your personal data.
9.7 Right to revoke consent and request deletion of personal data
You have the right to revoke your consent to the processing of personal data as well as to request the permanent deletion of your personal data that we processed based on your consent.
9.8 Objection to personal data processing or use
You have the right to object to the processing of your personal data, as well as to our way of handling your personal data in general. Send your request to us via e-mail to the address email@example.com, stating in the Subject of the message Objection against processing, and in the body of the message itself you explain the reason for the objection and your request.
9.9 Right to complain to the Commissioner for Information of Public Importance and Protection of Personal Data
At any moment you reserve the right to submit a lawsuit to the competent authority for the protection of personal data – Commissioner for Information of Public Importance and Protection of Personal Data (https://www.poverenik.rs/).
- Data Controller information
Responsibility for personal data processing as Data Controller is borne by:
NDF shop LLC Belgrade
Bulevar Arsenija Carnojevica 59b
Company Registration Number: 21895857
Activity code: 4791- Retail trade by mail or via the Internet
Contact number: +381691550252
Email address: firstname.lastname@example.org