Website Privacy Notice — Benefiti.app

PRIVACY NOTICE

  1. Date of Issuance of the Privacy Notice
  2. This Privacy Notice (Notice) was issued on February 25, 2021.

  3. Purpose of Notification
  4. This Notice aims to provide you with clear and transparent information on how we process personal data of all individuals to whom the data relates, which categories of personal data are processed, and what rights individuals have regarding their data. We process your personal data to enable you to enjoy all the benefits of using the Benefiti.app website (Website) and the Benefiti.app software platform (Platform), through which we provide companies (Clients) with (i) "one-stop" shop services for the personalization of benefits within their budget, as well as (ii) to ensure personalized, flexible, and measurable benefits and incentives for their employees as end-users (End Users) within a predefined budget (Benefits).

    All personal data mentioned in this Notice is processed and protected in full compliance with the Serbian Law on Personal Data Protection (PDPL) and the General Data Protection Regulation (GDPR).

    We process personal data adhering to the following fundamental principles of data processing without exception: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality.

    A personal data means any information relating to an identified or identifiable natural person, such as a name, age, photograph, or location. Anonymized data is not considered personal data.

    Processing refers to any action or set of actions performed on personal data or sets of personal data (e.g., collection, storage, use, reproduction, disclosure, deletion, or destruction).

  5. Changes and Amendments
  6. This is the latest version of the Notice (April 15, 2021).

    If this Notice is changed or amended, we will enter the date of the latest version of the document. We will notify you promptly of any changes to the Notice.

  7. About Us
  8. In this Notice, "SBT", "we", and "Our" refer to Smart Benefit Technologies d.o.o. Belgrade, located at Takovska Street No. 12, Belgrade-Palilula, Republic of Serbia.

    SBT is, in certain cases, the controller of your personal data processing, in certain cases, a joint controller with its partners - companies that provide products and services offered through the Platform (Partners), while in certain cases, SBT is the processor of your personal data on behalf of the controller. This is explained in detail later in the Notice.

    1. Namely, SBT acts as a controller in the processing of personal data in the following situations:
      • When we process personal data of representatives (potential) Clients to enable Clients to contact us through our Website;
      • When we process personal data of Client representatives when we enter into a business relationship regarding the use of the Platform and enabling the delivery of Benefits to End Users;
      • When we process personal data of Partner representatives when we enter into a business relationship with them regarding the purchase of Benefits;
      • When we process personal data of all visitors to our Website based on data collected using "cookies" and other technologies utilized by the Website. This is described in detail in our Website Policy, which is prominently displayed on our Website, where you can find information about all personal data collected in this process;
      • When we process personal data for the purposes of development, direct advertising, or ensuring the security of our own business;
      • When we process personal data of our employees and individuals who wish to collaborate with us (job candidates). SBT has prepared separate privacy notices for its employees/job candidates, which is why the processing of those personal data is not the subject of this Notice.
    2. On the other hand, SBT acts as a joint controller in processing personal data with its Partners when we process personal data of End Users provided to us by Clients to enable the delivery of selected Benefits. In this case, SBT acts as a joint controller for a precisely defined and strictly limited time interval, which includes the period from the moment of purchasing Benefits from Partners to the moment when End Users contact the Partners regarding the immediate delivery of selected Benefits by the Partners. In this way, SBT enables its Clients to achieve the realization of Benefit delivery to End Users in the fastest and most efficient possible way.
    3. Finally, SBT acts solely as a processor in the following situations:
      • When, on behalf of Clients as controllers, we process personal data of their employees – End Users, which Clients and End Users leave on the Platform;
      • When, on behalf of Clients as controllers, we process data of End Users for the purpose of creating analytics related to the behavior of End Users on the Platform based on data from technologies used on the Platform.

    Clients are controllers in the processing of your personal data since they determine the purpose and manner in which your personal data is collected, used, and otherwise processed, while we provide services for using the Platform on their behalf. SBT has prepared a separate privacy notice when acting as a processor, which is available to End Users and Clients on the Platform.

    Questions, complaints, requests for the exercise of your rights, and additional information regarding this Notice and the protection of personal data at SBT can be obtained through the following email address: gdpr@benefiti.rs.


  9. Personal Data We Collect

  10. We collect the following personal data during your specified activities:

    SBT as Controller

    1. Popunjavanje kontakt forme na Vebsajtu

    2. Kada u svojstvu potencijalnog Klijenta želite da stupite u kontakt sa našom kompanijom putem našeg Vebsajta, prikupljamo sledeće podatke o ličnosti o predstavniku Vaše kompanije na osnovu popunjene kontakt forme koja je postavljena na našem Vebsajtu: ime i prezime predstavnika kompanije, naziv kompanije u kojoj predstavnik radi, funkcija predstavnika u kompaniji, poslovna imejl adresa predstavnika, poslovni broj telefona predstavnika.

      Navedene podatke o ličnosti obrađujemo kako bismo preduzeli radnje na zahtev potencijalnog Klijenta pre zaključenja ugovora o saradnji sa Klijentom.

    3. Poslovna saradnja sa Klijentima

    4. Obrađujemo neophodne podatke o ličnosti predstavnika Klijenata onda kada preduzimamo sve predugovorne radnje povodom zaključenja ugovora o poslovnoj saradnji, kao i potom kada stupimo u poslovni odnos sa Klijentima i kada preduzimamo radnje neophodne za izvršenje zaključenog ugovora o poslovnoj saradnji povodom korišćenja naše Platforme, odnosno zaključenog ugovora povodom omogućavanja isporučivanja Benefita Krajnjim korisnicima.

      Podaci o ličnosti koje u ovim slučajevima obrađujemo uključuju, ali se ne ograničavaju na:

      • podatke o ličnoj identifikaciji, kao što su ime i prezime, fotografija, pol, funkcija i titula;
      • poslovne kontakt podatke, kao što su poslovna imejl adresa, poslovni broj telefona, vebsajt;
      • podatke o ličnim brojevima i dokumentaciji koju izdaju državni organi, kao što su lična karta i pasoš.

      Navedene podatke o ličnosti obrađujemo kako bismo preduzeli neophodne predugovorne radnje, odnosno kako bismo preduzeli radnje neophodne za izvršenje ugovora zaključenog sa Klijenom povodom korišćenja Platforme.

    5. Poslovna saradnja sa Partnerima

    6. Obrađujemo neophodne podatke o ličnosti predstavnika Partnera onda kada preduzimamo sve predugovorne radnje povodom zaključenja ugovora o poslovnoj saradnji, kao i potom kada stupimo u poslovni odnos sa Partnerima i kada preduzimamo radnje neophodne za izvršenje zaključenog ugovora o poslovnoj saradnji povodom oglašavanja i kupovine Benefita.

      Podaci o ličnosti koje u ovim slučajevima obrađujemo uključuju, ali se ne ograničavaju na:

      • podatke o ličnoj identifikaciji, kao što su ime i prezime, fotografija, pol, funkcija i titula;
      • poslovne kontakt podatke, kao što su poslovna imejl adresa, poslovni broj telefona, vebsajt;
      • podatke o ličnim brojevima i dokumentaciji koju izdaju državni organi, kao što su lična karta i pasoš.

      Navedene podatke o ličnosti obrađujemo kako bismo preduzeli radnje pre zaključenja ugovora o saradnji sa Partnerom, odnosno kako bismo preduzeli radnje neophodne za izvršenje ugovora zaključenog sa Partnerom povodom kupovine Benefita.

    7. Poslovna korespodencija

    8. U cilju razvoja naših poslovnih aktivnosti povremeno možemo na poslovnu imejl adresu predstavnika Klijenata, odnosno Partnera da pošaljemo različite vrste sadržaja u vezi sa našim uslugama ili ponudama, što uključuje, ali se ne ograničava na direktno oglašavanje, biltene (newsletter), itd.

      Zadržavamo pravo da sačuvamo takvu prepisku i podatke iz nje kako bismo ih koristili da damo odgovore na upite Klijenata, odnosno Partnera, da nadalje obaveštavamo o našim uslugama ili za evidenciju zahteva Klijenata, odnosno Partnera i tome sličnog.

      Kao i uvek, ako želite da izbrišemo podatke o ličnosti dobijene od predstavnika Klijenata ili da se na drugi način uzdržimo od dalje poslovne komunikacije sa Vama, molimo Vas da nam se obratite putem sledeće imejl adrese: gdpr@benefiti.rs.

      SBT kao Zajednički rukovalac

    9. Omogućavanje isporučivanja Benefita Klijentima

    10. Kako bismo Klijentima mogli da omogućimo da Benefiti koje su odabrali budu direktno isporučeni Krajnjim korisnicima zajedno sa Partnerima obrađujemo podatke o ličnosti Krajnjih korisnika dostavljene od strane Klijenata koji se odnose i ograničavaju na sledeće kategorije podataka o ličnosti:


      • Podaci o ličnoj identifikaciji, kao što su: ime i prezime, datum rođenja, pol;
      • Kontakt podaci, kao što su: poslovna imejl adresa, privatna imejl adresa, broj poslovnog i privatnog fiksnog ili mobilnog telefona;
      • Podaci o radnom mestu: tačan naziv i pozicija koju Krajnji korisnik ima u kompaniji Klijenta, datum početka rada kod Klijenta, hijerarhijski nivo kod Klijenta (npr. Junior, Medior, Senior, itd), opseg prava koja Krajnji korisnik ima na Platformi u odnosu na svoju poziciju u kompaniji Klijenta (npr. Admin, HR, zaposleni), naziv tima u kome se Krajnji korisnik nalazi;
      • Podaci o aktivnom nalogu Krajnjeg korisnika na različitim elektronskim digitalnim servisima, na primer onda kada Krajnji korisnik odabere Benefite koje omogućavaju pružaoci usluga digitalnog servisa;

      Navedene podatke o ličnosti Krajnjih korisnika koje nam dostavljaju Klijenti obrađujemo zajedno sa svojim Partnerima kako bismo omogućili Klijentima da na najbrži i najefikasniji mogući način dođe do realizacije isporuke Benefita Krajnjim korisnicima.

      Naime, Partner preko našeg Softvera vrši internet oglašavanje Benefita, koji su kao takvi vidljivi na Softveru Klijentima i njihovim zaposlenima – Krajnjim korisnicima, koji mogu da ih samostalno odaberu u skladu sa svojim ličnim potrebama i preferencijama. Na osnovu odabira Benefita, SBT kupuje Benefite od Partnera i prenosi prava na njima Klijentu, nakon čega Partner u svoje ime zastupajući interese i poštujući poslovni ugled SBT-a isporučuje odabrane Benefite Klijentu tj. neposredno Krajnjim korisnicima. Upravo kako bi omogućio Klijentima da dođe do brze i efikasne isporuke Benefita, SBT dostavlja Partnerima spisak sa navedenim podacima Krajnjih korisnika dobijenih od strane Klijenata kada i dolazi do opisane obrade podataka o ličnosti.

      SBT kao zajednički rukovalac u obradi podataka o ličnosti Krajnjih korisnika posebno napominje i ističe da obrađuje podatke o ličnosti Krajnjih korisnika koji se odnose na aktivni korisnički nalog na različitim elektronskim digitalnim servisima isključivo i jedino nakon što su dostavljeni SBT-u od strane Klijenta u momentu kada je Krajnji korisnik lice zaposleno kod Klijenta. SBT ne snosi odgovornost za obradu ovakvih podataka ukoliko je do obrade došlo nakon što je lice na koje se podaci odnose prestalo da bude zaposleno u kompaniji Klijenta, budući da SBT ne može i nije dužan samostalno da proverava status lica na koje se podaci odnose u kompaniji Klijenta.


  11. Purpose of processing and legal basis for processing

  12. We process your personal data if such processing is necessary based on:


    • Contract

    • We process personal data of representatives of potential Client companies provided to us through the contact form on the Website to take action at the request of representatives of potential Clients to which the data relates, prior to concluding a contract for business cooperation.

      We process personal data to undertake necessary pre-contractual actions or to fulfill a business cooperation contract concluded with i) Clients regarding a) the use of our Platform and b) the delivery of selected Benefits to End Users; and with ii) Partners regarding the purchase of Benefits and advertising. This includes, but is not limited to: assessing whether concluded contracts can be amended and under what conditions, ensuring the accuracy and up-to-dateness of the data of Client and Partner representatives, and exercising our rights from concluded contracts, and similar.

    • Consent

    • We process your personal data based on the consent you have given us for a specific purpose.

      If you have given us consent for processing, you can withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on your consent before that moment. If you withdraw your consent, we will cease further processing of your personal data and delete that data within a maximum of 90 days from the day you sent the withdrawal of consent. The withdrawal of consent is free of charge, and you can send it to the following email address: gdpr@benefiti.rs.

    • Our legal obligations

    • We may process personal data of any of the mentioned persons to which the data relates when we process that data as a controller if required by the legislative framework of the Republic of Serbia.

    • Protection of your vital interests

    • We may also process personal data of any of the mentioned persons to which the data relates if the processing is necessary for the protection of the vital interests of the data subject or another natural person.

      If we process your personal data based on our legal obligations or for the purpose of protecting your vital interests, we will notify you of that.

    • Legitimate interest

    • We process personal data when it is in our legitimate business interest to develop our business, protect our employees, work processes, and physical premises, or to directly market our business activities.

      Without exception, we strictly process only those personal data that are necessary for the specific purpose and always strive to limit the processing of personal data to what is necessary for that purpose. We process and share personal data solely in a manner that is consistent with the purpose for which the personal data was collected or if you subsequently approved it.


  13. Legitimate interest of SBT as the controller

  14. In order to achieve our business purpose and enable you to use our services in a quality and safe manner, we process your personal data based on our legitimate interest as the controller or the legitimate interest of a third party. Of course, we do this only if your interests or your fundamental rights and freedoms do not outweigh our legitimate interest. We use legitimate interest to:


    • Created products and special services tailored to you, thus meeting your needs;
    • Maintained your user account, responded to your requests and possible complaints;
    • Conducted direct advertising to individuals engaged in professional or business activities related to that activity (business communication);
    • Protected the rights, property, or safety of SBT, our employees, or others;
    • Safeguarded our business and supported our Clients, Partners, and colleagues;
    • Identified and prevented fraud and other illegal activities;
    • Tested and developed new services or improved existing ones;
    • Evaluated your satisfaction with the services we provided;
    • In cases of filing, enforcing, or defending legal claims, regardless of whether they are in court, administrative, or any other extrajudicial proceedings.

    We can provide you with information in the form of emails, display on our Website or Platform, or through other communication methods.

    If you believe it is justified regarding your specific situation, at any time you can object to SBT, as the data controller, regarding this processing of your personal data based on our legitimate interest by sending an email to: gdpr@benefiti.rs. In this case, we will cease further processing of your personal data, unless we demonstrate that there are legal grounds for processing that outweigh the interests, rights, or freedoms of the data subjects or are related to the filing, exercising, or defense of legal claims.

    For more information about your rights, we refer you to the section "Your Rights" below this Notice.


  15. Recipients of Personal Data

  16. Your personal data is shared internally within our company and with Partners to enable Clients to deliver selected Benefits to End Users, for which Clients have also engaged us, as well as during the maintenance of the Website and Platform and the regular course of business. We may also share your personal data with the following recipients:

    • Subcontractors, external consultants, lawyers, accountants, commercial banks, and other third parties, such as:

      • Cloud services, hosting services, infrastructure, and support;
      • Chatbot;
      • Meeting scheduling services;
      • Providers of advertising and marketing services.
    • A newly established entity or an acquiring entity of ownership over SBT, if SBT is involved in a merger, acquisition, purchase, sale of shares, or other status change;
    • Any other recipient if we are obligated by law or a court order;
    • Any other recipient when reasonably necessary, e.g., in cases of danger to life, for the protection of the safety or property of SBT, our Clients, Partners, and other individuals. This includes sharing data with other companies and organizations for the purpose of fraud prevention and risk reduction in business.

    All recipients are required to take appropriate technical, organizational, and personnel measures to protect your personal data and your rights. SBT has signed data processing agreements with all recipients.


  17. Transfer of personal data to other countries

  18. Personal data may be transferred without any protective measures required for third countries when transferred to countries within the European Union (EU), countries that are signatories to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), and countries that the European Union has determined provide an adequate level of protection.

    If your personal data is transferred to a country outside the European Union or to a country that is not a signatory of Convention 108 or to a country that the European Union has not determined provides an adequate level of protection, SBT applies appropriate protective measures (e.g., signed standard contractual clauses).


  19. Retention period

  20. Our company retains your personal data for the duration of the business relationship with our Clients or Partners and thereafter for a certain period to allow Clients to recover their employees' user accounts as End Users, as well as for analyzing data for our own business purposes, and thereafter in accordance with the legally prescribed retention period or data retention obligation, and for the purpose of preparing, exercising, or defending against legal claims.

    On the other hand, when we process your personal data to enable Clients to deliver selected Benefits, SBT retains your personal data for a strictly limited period, which includes the period from the moment of purchasing Benefits from Partners until the moment when End Users contact Partners regarding the immediate delivery of selected Benefits by the Partners. After that, this data will be deleted or anonymized unless there is a legal obligation to retain the data.

    For more information about where and how long your personal data is stored, as well as for more information about your rights to deletion and data portability, please contact us at the following email address: gdpr@benefiti.rs.


  21. Integrity of personal data

  22. We will take reasonable steps to ensure that the personal data we process is reliable for its intended use, accurate, complete, and current. You are responsible for the accuracy of all personal data you provide to us. We will make reasonable efforts to maintain the accuracy and integrity of the personal data obtained and update it as necessary.


  23. Security of personal data

  24. Our company takes appropriate security measures to protect your personal data from unauthorized access and viewing as stated in this Notice, in accordance with the Data Protection Act and GDPR.

    We implement appropriate physical, procedural, technical, organizational, and personnel measures to achieve an adequate level of protection for the personal data we process. We apply the best industry standards in data protection. Protection relates to loss, use for unintended purposes, unauthorized access and viewing, alteration, and destruction of such personal data. However, no security measure can guarantee that personal data will be 100% protected, but SBT continuously improves all security measures to protect your personal data through its controlled processes and with a high level of responsibility.


  25. Your rights

  26. You can exercise certain rights against SBT concerning the personal data we process about you when we process it as a data controller. At any time, you can submit a request to exercise those rights.

    You have the following rights:

    • Information: the right to be informed about how we process your personal data (this right is fulfilled by providing this Privacy Notice for your review);
    • Access: the right to request access to all your personal data that we process. If you submit the request electronically, the information will be provided in a commonly used electronic format unless you request a different method of delivery;
    • Correction/Completion: the right to request that inaccurate or incomplete personal data about you be corrected without delay. Please inform us if you change such data or if you become aware that any personal data we hold is inaccurate or incomplete;
    • Deletion: the right to request the deletion of your personal data without delay (subject to legal limitations);
    • Restriction: the right to request the restriction of processing your personal data in certain situations;
    • Objection: the right to object to specific processing of personal data. This includes direct marketing, processing for scientific or historical research purposes, or for statistical purposes;
    • Portability: the right to request that we transfer this data to another company if the processing is based on consent or contract and the processing is carried out by automated means.

    You can exercise your rights at no additional cost by sending your request to the following email address: gdpr@benefiti.rs. We will respond to your request as soon as possible, but no later than 30 days from the date of receipt of the request. In case of complexity or a large number of requests, we may need additional time to respond to your request. This period cannot exceed 90 days, and we will inform you specifically about it. If, for any reason, access to your rights is denied, SBT will provide an explanation as to why this occurred.

    If you believe that any of the previously mentioned rights have been denied to you or that we are processing your personal data unlawfully in any way, please contact us at the following email address: gdpr@benefiti.rs. You can at any time file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection.


  27. Possible consequences if you fail to provide us with your personal data

  28. Providing your personal data is based on a legal basis for taking actions at your request before the conclusion of the contract, fulfilling the concluded contract, complying with our legal obligations, or a legitimate interest relating to (i) the protection of SBT's business, rights, property, or security, and (ii) identifying and preventing fraud and other unlawful acts (including legitimate interest of third parties), which constitutes a legal and contractual obligation necessary for the conclusion or fulfillment of the contract. If you refuse to provide certain data, SBT will not be able to fulfill its legal or contractual obligations, which will result in the inability to conclude or fulfill our obligations partially or entirely.

    Providing your personal data is based on a legal basis of (i) your consent to data processing and (ii) the legitimate interest of direct marketing, assessing your satisfaction, testing new services, or improving existing ones is not a legal or contractual obligation and is not a condition necessary for the conclusion or fulfillment of the contract. If you refuse to provide certain data for these purposes, it will not affect your ability to conclude or fulfill a contract with us.



    Your Smart Benefit Technologies