The purpose of this document is to inform Website Users and Notification Subscribers concerning the personal data that is collected via the websites of the Controller “Fondacija Registar nacionalnog internet domena Srbije” (the Serbian National Internet Domain Registry Foundation), with registered place of business at Žorža Klemansoa no. 18a, Belgrade-Stari Grad, corporate ID: 17680544 (hereinafter: RNIDS), located at the domains rnids.rs, domen.rs, dids.rs and rsnog.rs, the purpose for and basis on which it is processed, the rights of Website Users and Notification Subscribers, procedures in the event of an incident, consent, and other relevant facts concerning the processing of the personal data of Website Users and Notification Subscribers.
MEANING OF TERMS
Registrant, Administrative and Technical Contacts, Website User, Event Participant and Notification Subscriber shall collectively be referred to by the term Data Subjects.
DATA COLLECTED AND PROCESSED
RNIDS shall collect and process some of the following data, and specifically the following data of Registrants and Administrative and Technical Contacts, in all respects pursuant to Article 8 of the General Terms:
- name and surname;
- address of residence;
- email address;
- telephone number.
RNIDS shall collect and process some of the following data, and specifically the following data of Website Users and Notification Subscribers:
- IP address;
- email address.
RNIDS shall collect and process some of the following data, and specifically the following data of Event Participants:
- name and surname;
- email address;
- video recordings and photographs of participants;
- other necessary data which does not fall under the category of special personal data.
Depending on whether the subject is a Registrant, Administrative or Technical Contact, Website User, Notification Subscriber or Event Participant, RNIDS shall process individual data for each of the categories as laid down in Article 4 of the Rules.
RNIDS does not intentionally collect the personal data of persons younger than 18 years of age. Should RNIDS determine that it holds the personal data of such persons, it will seek parental permission without delay.
BASIS FOR AND PURPOSE OF PROCESSING
A detailed description of the purpose of and legal basis for the processing of each of the individual categories of personal data can be found in Article 5 of the Rules.
In addition to meeting contractual obligations, meeting legal obligations and legitimate interests, RNIDS shall also process personal data on the basis of consent.
Consent given by the Data Subject may be given on a separate form with the clear and emphasised title “Consent”, the content of which is described in the aforementioned Article in an informed, transparent, understandable and accessible manner, using clear and simple language in the manner prescribed by the Law.
The Data Subject shall have the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out before the withdrawal. Before giving consent, the person to which the data relates must be informed of their right to withdrawal and of the effect of withdrawal. Withdrawal of consent must be as simple as giving consent.
RIGHTS UNDER PERSONAL DATA PROTECTION
The Data Subject has the following rights under applicable regulations:
The right to be informed
Every Data Subject who has supplied personal data to RNIDS shall have the right to information on and access to the data kept on him/her and processed by RNIDS.
Right to rectification of personal data
Every Data Subject who has supplied personal data to RNIDS shall have the right to make corrections to incorrect data kept on him/her and processed by RNIDS.
Right to erasure of personal data
Every Data Subject who has supplied personal data to RNIDS shall have the right to request the erasure of personal data kept on him/her and processed by RNIDS, where the legal requirements have been met for this.
Right to restriction of processing
Every Data Subject who has supplied personal data to RNIDS shall have the right to request the restriction of processing of all personal data kept on him/her and processed by RNIDS, where legal requirements have been met for this.
The right to information relating to rectification or erasure of personal data or restriction of processing
RNIDS must inform the Data Subject of measures undertaken relating to his/her request for rectification, erasure or restriction of processing of personal data.
Right to personal data portability
Every Data Subject who has supplied personal data to RNIDS shall have the right to request that RNIDS facilitate the transfer of data to another controller in an electronic, easily portable format.
Right to lodge a complaint
STORAGE OF PERSONAL DATA
Data of Registrants and Administrative and Technical contacts as defined in Article 4.2 of the Rules shall be stored in electronic form by RNIDS in the manner defined by the Rules.
Website User, Notification Subscriber and Event Participant data shall be kept in electronic form by RNIDS and secured according to appropriate security standards.
PROCESSORS, JOINT CONTROLLERS AND THIRD PARTIES
RNIDS warrants that the Processor shall use all techniques and organisational and staffing measures necessary to ensure that processing is conducted in accordance with the Law and that adequate protection is ensured for the personal data of the Controller’s Service Users/Website Visitors/Notification Subscribers.
RNIDS shall collect and process the data of Registrants/Administrative and Technical Contacts jointly with the Accredited Registrar solely for the purposes of registering national Internet domain names.
When determining the required level of personal data security, RNIDS shall take into account and monitor current advances in technology, the costs of their implementation and the nature, scope, circumstances and purpose of the data processing and shall on the basis of those parameters evaluate the probability of a risk arising, that is the level of risk to the rights and liberties of the Data Subject.
RNIDS shall have appropriate rules and procedures in place to safeguard personal data from unauthorised access, loss, misuse, alteration or destruction. Nevertheless, security from all potential threats cannot be completely guaranteed. According to RNIDS’ rules, personal data may only be accessed by those persons who need to know this data for the purposes of performing their work and must keep this data confidential.
In the event of an incident, RNIDS shall have a reaction and reporting policy and an incident team which shall immediately take appropriate steps and undertake the procedure prescribed for the event of an incident.
DATA RETENTION PERIOD AND ERASURE
The data of the Registrant/Administrative and Technical Contact shall be kept for ten years after the day of expiry of the registration. Personal data collected in other cases shall be kept for as long as there is a need for it to be processed, and there is consent from the Data Subject.
Data retention periods for other categories of personal data shall be defined in the Rules.
CONTACT DETAILS OF CONTROLLER