1. Introduction

With this Privacy Policy (hereinafter: “Privacy Policy”) we intend to inform you about the scope and purpose of the personal data that is being collected, used and processed in connection with website https://comtradeintegration.com (hereinafter: “Website”) and also about your rights as a visitor of this Website, job applicant and/or attendee of the events and/or webinars which may be organized in regards to the processing of the personal data under applicable data protection law.

COMTRADE SYSTEM INTEGRATION D.O.O. BEOGRAD, with its registered seat at No. 7 Savski nasip Street, 11070 Belgrade, Serbia, ID number: 17335847, TIN: 100181280, is the Controller of personal data for visitors of this Website, job applicants and/or attendees of the events and/or webinars in the Republic of Serbia in accordance with the Law on personal data protection (“Official Herald of RS”, No. 87/2018) (hereinafter: LPDP of RS) whose contact details are as follows:

Comtrade System Integration d.o.o. Beograd

Address: No. 7 Savski Nasip Street, 11070 Belgrade, Serbia

e-mail: info.rs@comtrade.com

Having in mind that Comtrade System Integration d.o.o. Beograd, here the Controller, Comtrade System Integration d.o.o. Sarajevo, with its registered seat at No. 179 Džemala Bijedića Street, 71000 Sarajevo, Bosnia and Herzegovina, ID number: 65-01-1251-09, JIB: 201204010005 and Comtrade Si Sistemske Integracije d.o.o., with its registered seat at No. 29b Letališka cesta Street, 1000 Ljubljana, Slovenia, Registration No.: 8371741000, VAT ID No.: SI 60227818, represent a part of Comtrade Group, Comtrade System Integration Adriatic Group, it may  happen that Comtrade System Integration d.o.o. Sarajevo may be looking for job applicants or may organize event(s) and/or webinar(s) in Republic of Bosnia and Herzegovina in which case following Privacy policy for job positions created and events and/or webinars organized by Comtrade System Integration d.o.o. Sarajevo shall be applicable for job applicants and attendees of the webinars that apply for them as well as there may come the time that Comtrade Si Sistemske Integracije d.o.o. may be looking for job applicants or may organize webinar(s) in Republic of Slovenia in which case following Privacy policy for job positions created and events and/or webinars organized by Comtrade SI Sistemske Integacije d.o.o. shall be applicable for job applicants and attendees of the webinars that apply for them.

Certain terms in this Privacy Policy shall have the following meaning:

  • “We”, “us” and “our” shall mean the legal entity that is part of the Comtrade Group with which you have established a relationship;
  • “You” and “your” shall mean you, a person who interacts with us, does business with us, registers for our events or services or visits our Website.

By visiting this Website, applying for open job positions, registering for webinars which may be organized, cooperating with us, registering for our services or otherwise interacting with us, we may collect or process your personal data. We are strongly committed to protecting and keeping confidential any information collected in this way, and to always abide by the applicable laws.

2. Data protection officer (DPO)

Comtrade System Integration d.o.o. Beograd has designated Data protection officer (DPO):

Danijel Stošić, DPO

Address: No. 7 Savski nasip Street, 11070 Belgrade, Serbia

Phone number: + 381 11 201 5600

Mobile number: +381 65 314 0552

Email: danijel.stosic@comtrade.com

dpo@comtrade.com

3. Legal ground for the processing of personal data, purposes of processing and personal data we may collect

We may collect and process the personal data that you have personally provided us with, that we have collected from third parties with whom we work closely or from publicly available sources.

3.1.Legal ground for the processing of personal data

We process you personal data on the following legal grounds defined by LPDP of RS:

  • the performance of a contract with you in compliance with Article 12(1)(2) of LPDP of RS when processing is necessary for the performance of a contract to which the natural person/data subject is party or in order to take steps at the request of the natural person/data subject prior to entering into a contract;
  • our legitimate interest in compliance with Article 12(1)(6) of LPDP of RS;
  • processing is necessary in order to protect the vital interests of the natural person/data subject or of another natural person, in compliance with Article 12(1)(4) of LPDP of RS;
  • your consent in compliance with Article 12(1)(1) of LPDP of RS when the natural person/data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • to comply with a legal obligation to which we are subject in compliance with Article 12(1)(3) or 12(1)(5) of LPDP of RS.

Legal grounds for the processing of personal data of data subjects situated in EU defined by GDPR:

  • the performance of a contract with you in compliance with Article 6(1)(b) of GDPR when processing is necessary for the performance of a contract to which the natural person/data subject is party or in order to take steps at the request of the natural person/data subject prior to entering into a contract;
  • our legitimate interest in compliance with Article 6(1)(f) of GDPR;
  • processing is necessary in order to protect the vital interests of the natural person/data subject or of another natural person, in compliance with Article 6(1)(d) of GDPR;
  • your consent in compliance with Article 6(1)(a) of GDPR when the natural person/data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • to comply with a legal obligation to which we are subject in compliance with Article 6(1)(c) or 6(1)(e) of GDPR.

3.2. Purposes of processing

We collect and process your personal data to:

  • Provide you with the information or services that you have requested from us – this information may include your name, address, e-mail address, telephone number and other relevant information;
  • Keep in touch with you as our business partners and to keep you informed about our business activities and events in a timely manner – this information may include your name, address, e-mail address, telephone number, position, company name and other relevant information;
  • Fulfill our contractual obligations towards you – this information may include your name, address, e-mail address, telephone number, position, place of work, company name and type of cooperation with us;
  • Improve our Website – this information may include your IP address, geographical location, information about your device, type of browser, the source from which you accessed the page, the duration of the visit, operating system, number of page views, which pages you viewed and similar information. For more information on cookies, please see Article 11 below;
  • Comply with or abide by legal obligations or requirements;
  • Send you promotional messages about our activities, including invitations to other events – this information may include your name, address, e-mail address, telephone number, position, company name and other relevant information;
  • Recruit new employees – this information may include your name, address, e-mail address, telephone number, date of birth, education profile and work experience, CV, a photo and other relevant information;
  • Successfully and efficiently organise our events, which includes promotional activities and publishing event-related audio, video and photo documentation – this information may include your name, position, company name, e-mail address, telephone number, short biography with a picture (for speakers/performers) and event-related audio, video and photographic documentation.

3.3 Data collection and processing

3.3.1 Data collection and processing when visiting this Website

If you only use this Website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the data your browser sends our server (’’server log files’’). This Website collects a range of general data and information each time you access it or an automated system. General data and information are stored in the server's log files and may be collected such as:

  1. the browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system accesses this Website (called a referrer),
  4. the sub-pages accessed via an accessing system on this Website,
  5. the date and time this Website is accessed,
  6. an internet protocol address (IP address)
  7. a truncated internet protocol address (anonymised IP address) and
  8. the accessing system's internet service provider.

No conclusions are drawn about you when using this general data and information and this  information is needed to fulfill the following purposes:

  1. properly deliver content of this Website,
  2. to optimize the content of this Website as well as to advertise it,
  3. to ensure the continued functioning of our information technology systems and this Website's technology,
  4. to provide the information necessary for law enforcement authorities to prosecute in the event of a cyber-attack.

This collected data and information is therefore statistically analysed and further analysed by us to increase data protection and data security within the company to ultimately ensure an optimum level of protection for the personal data being processed by us. The data from the server log files are stored separately from all personal data provided by a natural person/data subject.

The legal basis for processing of personal data when visiting this Website is Article 12(1)(6) of LPDP of RS and for when data subjects situated in EU are visiting this Website is Article 6(1)(f) of GDPR whereas our legitimate interest is based on the purposes listed above for the collection of data.

3.3.2. Data collection and processing when contacting us/filling contact form

Personal data is collected when you contact us (e.g. using our contact form on our Website or by email). If you use a contact form to get in touch with us, the contact form you use will indicate the data being collected. This data is stored and used exclusively for the purpose of responding to your query or establishing contact and the associated technical administration.

The legal basis for data processing is our legitimate interest in responding to your request pursuant to Article 12(1)(6) of LPDP of RS. The legal basis for data processing of data subjects situated in EU is our legitimate interest in responding to request of such data subject pursuant to Article 6(1)(f) of GDPR.

If you are contacting us in order to conclude a contract, processing is also legally based on Article 12(1)(2) of LPDP of RS. If data subjects situated in EU is contacting us in order to conclude a contract, processing is also legally based on Article 6(1)(b) of GDPR.

Your data will be erased once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified conclusively and there are no statutory retention obligations in place that prevent its erasure.

3.3.3. Data collection and processing when applying for job

We collect and process the personal data of job applicants to carry out the application process. Processing may also be carried out electronically. That is particularly the case if an applicant submits corresponding application documents to us electronically, for example by email or via a web form on the Website. If we conclude an employment contract with an applicant, the data transmitted will be stored to process the employment relationship in compliance with the statutory provisions.

The legal basis for data processing is the fulfillment of contractual obligations as stated in Article 12(1)(2) of LPDP of RS and for the data subjects situated in EU the legal basis for data processing is the fulfillment of contractual obligations as stated in Article 6(1)(b) of GDPR. Data is being processed for the preparation of an employment contract. Recipients of said personal data are Human Resources employees for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures) as well as managers involved in the decision-making process. Your data may be passed on to service providers who act as order processors for us, e.g. IT support. All service providers are contractually bound and in particular obliged to treat your personal data confidentially. Personal data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations.

As part of the application process, you must provide the personal data required for the initiation, implementation and termination of the contractual relationship and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will generally not be able to consider you appropriately in the decision-making process for filling the position.

If you have agreed that we are allowed to process you personal data for the purpose of using them in future job recruiting processes, personal data shall be processed in accordance with Article 12(1)(1) of LPDP of RS and for the data subjects situated in EU the legal basis for data processing is the fulfillment of contractual obligations as stated in Article 6(1)(a) of GDPR and for the maximum period defined in section 8 of this Privacy policy. We inform you that in accordance with legislation you have rights related to giving consent as described in section 10 of this Privacy policy. Personal data shall only be stored for as long as necessary to achieve the purpose for which they were collected or further processed but in no case longer than period defined in section 8 of this Privacy policy.

3.3.4. Data collection and processing when making webinar recordings

When planning, organizing and performing the webinars, we shall process your data for the purpose of realisation of the webinars. We shall use your data to contact you regarding your attendance at the webinar and for this purpose, we shall store your data, given to us by you through the application form, in our database. Webinars shall be recorded and may be shared with other companies members of the Comtrade Group as well as other companies outside Comtrade Group.

We process your data in accordance with Article 12(1)(1) of LPDP of RS and for the data subjects situated in EU we process data of such data subjects in accordance with Article 6(1)(a) of GDPR.

Without providing your information, it is not possible for you to attend to webinars. You can withdraw your consent at any time but it shall have no effect on the lawfulness of processing based on consent before the consent was withdrawn.

If further information is obtained in the course of contact, this will also be processed in our database and used for subsequent conversations regarding your attendance at webinar. The legal basis for this is our legitimate interest in organizing and attending the webinars in accordance with Article 12(1)(6) of LPDP of RS and for the data subjects situated in EU the legal basis for this is our legitimate interest in organizing and attending the webinars in accordance with Article 6(1)(f) GDPR.

The data in our database of interested parties may be passed on to the company member of the Comtrade Group responsible for the respective region. Data will only be passed on to third countries if the sales organisation responsible for the customer is based in a third country. If the organization of the webinar is sponsored by partner companies, for example Microsoft, we will pass on the details of the attendees to them. We process and store your personal data if this is necessary for the fulfillment of our contractual and legal obligations.

3.3.5.  Newsletter

If you have provided us with your email address, we reserve the right to send you regular emails, newsletters, with offers on products or services from our collection similar to those you have already purchased or been interested in.

The sole basis for the data processing is our legitimate interest in personalised direct marketing in accordance with Article 12(1)(6) of LPDP of RS and for the data subjects situated in EU the legal basis for the data processing is our legitimate interest in personalised direct marketing in accordance with Article 6(1)(f) GDPR.

We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data Controller listed in the opening of this Privacy Policy. After receipt of your objection, your email address will immediately be removed for marketing purposes.

4. Processing of personal data of data subjects under 15 years of age

Except in those cases where Controller organizes educational events specifically designed for children, we do not intentionally collect the personal data of individuals under 15 years. If you are under 15 years please do not send us your personal data e.g. your name, address and email address. If you wish to contact Controller in a way that requires you to submit your personal data (such as for education or similar events) please get your parent, exercising parental rights or your legal guardian to do so on your behalf.

5. Disclosure of personal data

Following the purposes of the processing, we may disclose/transmit your personal data to the following subjects:

  • our affiliated companies within the Comtrade group;
  • contractual data processors, who might process personal data in our name and in accordance with our written instructions and for the purposes as stated above;
  • to other recipients, if obliged to do so subject to a court order or order issued by other governement authority or valid law.

6. Transfers of personal data to other countries and international organizations

We may transfer your personal data to the recipients in third countries or international organisations, located outside of the Republic of Serbia depending namely to our affiliated companies and contractual data processors. Such transfers take place under the safeguard measures as defined in LPDP of RS or GDPR depending on the country where natural person/data subject resides, if and to the extent that is possible.

  • transfer of personal data to recipients located outside the Republic of Serbia, i.e. to our affiliated companies and data processors takes place using the following security measures:
  • The Government of Republic of Serbia has adopted the Decision on the List of States, parts of their territories or one or more economic sectors in those states and international organisations considered to exercise an adequate level of personal data protection, namely member states and international organisations that have signed the Council of Europe Convention on the Protection of individuals with regard to the automatic processing of Personal Data and states, parts of their territories or one or more economic sectors in those states and international organisations that the European Union considers to provide an appropriate level of protection.
  • The Commissioner for information of public importance and the protection of personal data has adopted Standard Contractual Clauses that shall be applied when your personal data needs to be transferred outside Republic of Serbia to countries not designated as having an adequate level of personal data protection in accordance with the Decision on the List of States, parts of their territories or one or more economic sectors in those states and international organisations considered to exercise an adequate level of personal data protection. Standard contractual clauses of the Commissioner for information of public importance and the protection of personal data are available in Serbian language at the following link: https://www.poverenik.rs/sr/%D0%BF%D0%BE%D0%B4%D0%B7%D0%B0%D0%BA%D0%BE%D0%BD%D1%81%D0%BA%D0%B8-%D0%B0%D0%BA%D1%82%D0%B84/3251-%D0%BE%D0%B4%D0%BB%D1%83%D0%BAa-%D0%BE-%D1%83%D1%82%D0%B2%D1%80%D1%92%D0%B8%D0%B2%D0%B0%D1%9A%D1%83-%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D0%B4%D0%BD%D0%B8%D1%85-%D1%83%D0%B3%D0%BE%D0%B2%D0%BE%D1%80%D0%BD%D0%B8%D1%85-%D0%BA%D0%BB%D0%B0%D1%83%D0%B7%D1%83%D0%BB%D0%B0.html
  • transfer of personal data of data subjects located in EU to recipients located outside the EU, i.e. to our affiliated companies and data processors takes place using the following security measures:
  • The European Commission has the power to determine, on the basis of Article 45 of GDPR whether a country outside the EU offers an adequate level of data protection. At any time, the European Parliament and the Council may request the European Commission to maintain, amend or withdraw the adequacy decision on the grounds that its act exceeds the implementing powers provided for in the regulation.
  • The effect of such a decision is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary. Transfers to the country in question will be assimilated to intra-EU transmissions of data.
  • The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland , the United Kingdom under the GDPR and the LED, and Uruguay as providing adequate protection.
  • The Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the Commission on 4th June 2021 which can be found on website of the European Commission https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en.

7. The social media platforms

The social media platforms include, Facebook, Youtube, Instagram, LinkedIn etc.  Facebook, Youtube, Instagram and LinkedIn are independent personal data processors, who will process your personal data following their privacy policies, such as https://www.facebook.com/policy.php, https://policies.google.com/privacy?hl=en-US, https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect, https://www.linkedin.com/legal/privacy-policy.

a. Third party’ services (Google)

Google is independent personal data controller and services provider (ex. Google Maps, Google Analytics), who processes your personal data following their own privacy policy: https://policies.google.com/privacy?hl=en-US.

b. Links to other websites

This Website may contain links to third parties websites. We disclaim any control over, relationship with, or endorsement of these sites and shall not be liable for data protection while visiting such websites. Links to other websites are provided only as a convenience and we encourage you to read these third-party websites’ terms of use and privacy policies.

c. Transfer of personal data to USA

WARNING:

While using this Website, your personal data could be transferred and processed in the USA or another third country or it is not possible to prevent the such transfer and further process by social media platforms. In such cases, it is possible that the level of data protection does not attain the levels of data protection, as defined in LPDP of RS.

Transfer of personal data to USA/cessation of Privacy Shield application:

According to the Court of Justice of the European Union decision No. C-311/18, dated 16th July 2020, the s.c. Privacy Shield, which had previously and in certain circumstances confirmed an adequate data protection level, no longer represents a valid legal basis for the transfer of personal data from the EU to the USA.

What can the personal data transfer to the USA mean for you as a user and what are the potential risks thereof?

The risks derived from the powers and functions of American intelligence agencies and the legal situation in the USA, which, according to the Court of Justice of the European Union, no longer ensures an adequate level of personal data protection.

The Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Law on personal data protection (“Official Herald of RS”, No. 87/2018) and Decision on establishing Standard Contractual Clauses (“Official Gazette of RS”, No. 5/2020) shall serve as a valid ground for data transfer.

What measures are we taking to ensure the legal transfer of data to the USA?

Whenever American providers offer such options, we opt for personal data processing on servers within the EU. In this way, American intelligence agencies do not have access to personal data thereon.

In case of further use of tools, originating from the USA, we adopt the following measures:

The risks, related to the transfer of personal data to the USA, are defined above.

We aim to conclude the standard contractual clauses with the suppliers from the USA.

8. Storage period

We retain the personal information of data subject(s) to the extent reasonably necessary to fulfil the purposes for which we collected or obtained it or to comply with legal requirements/obligations.

We retain the personal data of unsuccessful applicants for at least six months but no longer than two years after the recruitment process or assessment has been completed. Information may be held for a longer period where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for legal or regulatory purposes). If the applicant is successful in his/hers application, the personal data gathered through the recruitment process will be retained in line with the Privacy Notice for the employees.

Where the legal basis for the processing your personal data is your consent, we shall keep your personal data until you withdraw your consent.

9. Protection and Security

We take precautions to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. We have taken appropriate technical and organisational measures to protect the information systems on which we store your personal data and require our data processors, on a contractual basis, to protect your personal data.

10. The rights of data subjects

Rights of the natual persons/data subjects which reside in Republic of Serbia have the following rights according to the LPDP of RS:

The natural persons/data subjects to whom the personal data apply have the following rights, which shall be enforced free of charge. Before ensuring the individual's rights, the Controller shall verify its identity. An individual shall make a request on a written form, sent to the Controller via email or post as stated below.

The Controller shall fulfill such request within one month, except when the complexity of the request or numerous requests require a longer time. In the latter case, this period can be prolonged for another two months. The Controller shall inform the individual about the such extension, as well as about the reasons thereof.

  1. The withdrawal of consent to the processing of personal data at any time, which will not affect the lawfulness of the processing carried out before the revocation (Article 15 of LPDP of RS),
  2. The right to transparency and information regarding the exercise of rights and the manner of data collection (Article 21 and Article 23 of LPDP of RS),
  3. The right to request from the Controller access to the collected personal data (Article 26 of LPDP of RS),
  4. The right to request from the Controller the correction and supplementation of the collected personal data (Article 29 of LPDP of RS),
  5. The right to request from the Controller the deletion of the collected personal data (Article 30 of LPDP of RS),
  6. The right to request from the Controller the limitation of the processing of the collected personal data (Article 31 of LPDP of RS),
  7. The right to data portability, i.e. the right to receive data previously submitted to the Controller from the Controller in a structured, commonly used and electronically readable form and/or for the data to be transferred by the Controller to another Controller without interference (Article 36 of LPDP of RS),
  8. The right to submit a complaint to the Controller on the processing of the collected personal data (Article 37 of LPDP of RS),
  9. The right not be the subject to a decision made solely on the basis of automated processing, including profiling, if that decision produces legal consequences for you or if that decision significantly affects your position (Article 38 of LPDP of RS),
  10. The right to lodge a complaint with the Commissioner for information of public importance and personal data protection regarding personal data processing (Article 82 of LPDP of RS),
  11. The right to file a lawsuit with the competent court in connection with the processing of personal data (Article 84 of LPDP of RS).

Rights of the natual persons/data subjects which reside in EU have the following rights according to the GDPR:

a) Right of access by the data subject: subject to request, data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and Article 22(4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Upon request, the Controller shall make a copy of all personal data that is being processed and present it to the data subject.

b) Right to rectification: The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to erasure or the right to be forgotten: The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based and no other legal ground for processing exists;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in the Union.

d) Right to restriction of processing: The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

e) Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, under the conditions set out in Article 20 of GDPR.

f) Right to object: Subject to conditions, set out in Article 21 of GDPR, the data subject has the right to object the processing of personal data, concerning him or her.

g) The withdrawal of consent: When the processing is based on the individual's consent, he or she has the right to withdraw this consent at any time. Such withdrawal has no impact on the lawfulness of processing based on consent before the consent was withdrawn.

Natural person/data subject shall file a complaint or make a request regarding the processing of his or hers personal data through email dpo@comtrade.com.

Natural person/data subject also has the right to lodge a complaint with the competent supervisory authority. Contact information: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, 11120 Beograd, phone: +38111 3408 900, email: office@poverenik.rs.

11. Cookies 

We use cookies and similar technologies to ensure that you get the most out of our Website. We may also use cookies to collect information about how you use our Website and your online behavior. The types of data that we collect in this way may include your previous destination, the type of browser, the operating system, the browser used, as well as the duration of your visit to the Website. For more information on how we use cookies and similar technologies and how you can control them, please see our Cookie Policy published at the bottom of the Website.

For more information on how to disable email tracking, please go to the following link

(https://www.wikihow.com/Stop-Email-Trackinghttps://nordvpn.com/blog/how-to-block-email-tracking/https://www.hongkiat.com/blog/detect-disable-email-tracking/), or to the documentation within your e-mail application (if you use it) or your e-mail service provider (if you use an Internet browser to read e-mail).

12. Links to other websites

This Website may contain links to third parties websites. We disclaim any control over, relationship with, or endorsement of these sites and shall not be liable for data protection while visiting such websites. Links to other websites are provided only as a convenience and we encourage you to read these third-party websites’ terms of use and privacy policies.

13. Changes to this Privacy Policy 

We may update our Privacy Policy from time to time. An updated Privacy Policy will be posted on the relevant websites or will be provided to you upon request.