Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – GDPR, regulates all important aspects of the data processing activities of the Data Controllers and Data Processors in EU, as well as for data processing activities of the Data Controllers and Data Processors in non-EU countries when the data processing operations are related to:
- the offering of goods or services to the data subjects in EU, irrespective of whether a payment of the data subject is required (e.g. e-commerce services, touristic services etc.);
- the monitoring of behaviour of data subjects in EU as far as their behaviour takes place within the Union.
BIRN Hub, with the registered seat at Branilaca Sarajeva 14/1, Sarajevo Bosnia and Herzegovina, collect, process and use the particular data from the data subjects, as Data Controller within the meaning of the Article 4 Paragraph 1 Point 7 of the GDPR, in order to send them the media content produced by BIRN Hub and its affiliates and transfer organizations.
Serbian data protection regulatory framework is compliant with GDPR requirements, so BIRN Hub can assure their data subjects the highest level of protection of their personal data by obeying Serbian laws and GDPR standards of data protection.
TYPE OF PERSONAL DATA THAT ARE PROCESSING
BIRN Hub collects, uses and in other manner processes the following personal data of the data subjects:
- name and family name;
- e-mail of the data subject;
- username and password of the data subject.
- the data that is relevant depending on the concrete GET HELP section on the website www.bird.tools.
Legal basis for the processing of the above-mentioned data is mainly performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (the concrete rights and obligations will depend on concrete GET HELP section), pursuant to the Article 6 Paragraph 1 Point b) of GDPR.
LEGAL BASIS OF DATA PROCESSING AND PURPOSE OF PROCESSING
BIRN Hub also collects and uses the personal data of the data subject for the purpose of sending the Newsletter, other media content produced by BIRN Hub or its affiliates and partners, and for the purpose of monitoring incidents and giving help to data subject via the GET HELP section on www.bird.tools website.
DATA PROCESSING ACTIVITIES
BIRN Hub performs the following data processing activities:
- adaptation or alteration;
- disclosure by transmission, dissemination or otherwise making available to the authorized persons;
- alignment or combination;
- erasure or destruction;
- other processing activities which are necessary for the purpose defined in Point 2 of this Privacy Notice.
CATEGORIES OF SUBJECTS THAT HAS ACCESS TO PERSONAL DATA
Beside BIRN Hub, the following categories of subjects have access to personal data:
- BIRN Network members;
- BIRN partner Share Foundation
- Companies that install and maintain the ICT system of BIRN Hub;
- Companies that perform the security services to BIRN Hub;
The above-mentioned subjects have access and in another manner process the data only within the purpose described in Point 3 of this Privacy Notice, and are not authorized to process data in the manner that exceeds such purpose.
The above mentioned subjects will be obliged to implement the data protection standards and requirements of GDPR. BIRN Hub concluded the data processing agreements (DPA) in order to ensure compliance with such requirements.
The above mentioned subjects will be obliged to implement the encryption or pseudonymisation measures whenever it is technically feasible.
DATA SUBJECTS RIGHTS
The data subject has the following rights in relation to the above processing activities:
- Right to access the personal data: data subject can at any time request the information from the BIRN Hub whether or not his/her personal data are being processed, and for what purpose. In the case of such request, BIRN Hub will deliver required information and the copy of the personal data which is processed in electronic form and free of charge, if such request for a copy is made by the data subject;
- Right to rectification: data subject can at any time obtain the rectification of his/her inaccurate personal data without undue delay, in cases when his/her personal data is inaccurate;
- Right to be forgotten: data subject can at any time request the erasure of the personal data if certain conditions are met, i.e, personal data is no longer necessary for achieving the purpose or when the data subject withdraws his/her consent on data processing.
- Right to restriction of processing: the data subject has the right to request the restriction of processing if specific conditions are met e.g, BIRN Hub doesn’t need data subjects personal data anymore, but they are required by the data subject for the establishment, exercise or defence of legal claims regarded to GET HELP section;
- Right on data portability: the data subject has the right to request to receive his/her personal data, which he or she has provided to BIRN Hub, in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller, if specific conditions are met;
- Right to object: the data subject has the right to object at any time to the processing of his/her personal data based on legitimate interest. In case of objection, BIRN Hub as a data controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
- Rights in relation to the automated individual decision-making, including profiling: the data subject has the right not to be subject to a decision based solely on automatic processing;
- Right to be informed in case of a data breach: the data subject has the right to be informed about data breach with no further delay if specific conditions are met;
- Right to address the data protection authority.
BIRN Hub within its organization implements all the necessary organizational, technical and personnel measures in order to ensure the highest possible protection of the personal data, including but not limited to:
- Technical measures of protection;
- Control of the physical access to the system where the personal data is stored;
- Control of the data transfer;
- Control of the personal data entry;
- Personal data access control;
- Applicable information security measures;
- All other measures necessary to ensure the adequate level of data protection.
For the sake of clarity, the subjects from Point 4 of this Privacy Notice are also obliged to implement the above-mentioned measures.
BIRN Hub stores the personal data, as long as they are needed in order to fulfil the purpose from the Point 3 of this Privacy Notice.
If the data subject doesn’t want to receive Newsletter and other media content materials anymore, it can send notice via the following email address: firstname.lastname@example.org. After the cancellation, the BIRN Hub will erase all the stored personal data of the data subject, as soon as possible but not later than 10 days from the day of the cancellation.
Personal data which is processed in context of the agreement with BIRN Hub, including for the purpose of provision of the services under GET HELP section, will be stored until the agreement is on force, and after it’s determination BIRN Hub has right to keep personal data which can be useful in case of legal dispute, taking into account applicable statutes of limitation but with observance on obsolescence deadlines.
Personal data which is collected during the monitoring of digital rights and freedoms in the targeted countries will be stored for 5 years.
For all additional questions, comments and information in relation to the exercising of the data subjects rights you may address the BIRN Hub via telephone +387 33 266 615, or via following email address: email@example.com.
This Privacy Notice shall enter into force on March 1, 2020.