Privacy Policy
Last updated: May 17, 2021
CT Legal is committed to protecting your privacy. Please read the following policy to understand how we treat your information.
1. Scope
This Privacy Policy applies to the personal information we collect related to our website www.ctlegal.rs (hereinafter referred to as: Website) and legal services we provide to our clients, natural persons.
This Privacy Policy applies to:
- all individuals who access our website at www.ctlegal.rs,
- send us inquiries via the website,
- engage our legal services,
- participate in our recruitment activities.
2. The information we collect
We may collect information directly, as well as from third parties related to the use of our website and services.
Information collected directly
We may collect personal information about you, such as your name, address, telephone number, e-mail address, etc., directly from you. For example, personal information may be collected when you fill out a ‘Contact Us’ form, send us your CV or otherwise provide us personal information through the website or performed services. Generally, the information we collect includes your:
- basic and contact data, such as the name, the company a person works for, title or position, postal address, email address and phone number(s),
- financial and payment data, including your bank account and other data necessary for processing payments,
- KYC information provided by a client or collected as part of our business acceptance processes,
- personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data,
- any other information which any person may provide to us.
Information received from third parties
We may collect or receive information about individuals from service providers and other third parties, such as our clients, representatives and professional advisers, government authorities, public sources and records.
3. Purpose of processing
We use the personal information we collect in order to respond to your request or inquiry and in the ordinary course of conducting our business. Generally, we use the personal information that we collect as follows:
- Providing services
To operate our website, provide our services, process your payments, communicate with you, and for similar service and support purposes.
- Responding to your requests
To respond to your inquiries and otherwise consider or process your request.
- Protect legal rights and prevent misuse
To protect the website, services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of us or any person or third party, or violations of our agreements.
- Comply with legal and ethical obligations
In order to respond to legal process, or where otherwise required by law or our legal, regulatory or ethical obligations.
- General business operations
Where necessary, for the administration of our general business, accounting, recordkeeping.
- Recruitment purposes
Such processing is necessary to take action upon request from person to whom data relates to, prior to the conclusion of the contract as well as for the purpose of contacting them in case of need for work engagement.
4. Legal basis
We use personal information on the following basis:
- to perform a contract or to take steps prior to entering into a contract,
- to comply with legal and regulatory obligations,
- for legitimate interest (such as for ensuring network and IT security, for the establishment, exercise or defence of legal claims or proceedings, or for the provision of information about our services),
- on the basis of consent of the individual.
5. Special notification on processing
Given the specificity of the purpose that the collection and processing of data should achieve and in relation to the legal basis, we shall, as appropriate, in relation to such processing, inform the persons to whom data relates to of all its specificities (Special Notice). Such notice and this General Notice / Privacy Policy will apply to such processing.
6. Security measures
In relation to personal data, we apply all necessary organizational, technical and personnel protection measures, including but not limited to:
- restriction of physical access to the system where the personal data is stored, which in particular implies that the server on which the data is stored is protected by a “rack”, which is kept only by authorized persons;
- control of access to data, physical and electronic access is only for authorized persons, on the principle Need to Know – only those persons whose jobs require access to records. In addition, as far as electronic access is concerned, it is only possible for authorized persons, and only with the knowledge of a password that changes periodically;
- control of data entry, which implies that only the authorized person collects personal data and stores them in the records;
- control of data transmission, which implies that the transfer to any authorized person (for example, the Processor) is done only by the usual protected forms of communication;
- other information security measures, in line with best industry practice;
- all other measures necessary to protect personal data.
7. With whom we share personal information?
Personal information may be shared with reliable third parties in accordance with the contractual arrangement, such as our IT service providers and suppliers, including translation services, subject to appropriate safeguards being implemented.
Personal information may also be shared with regulatory authorities, courts, government agencies and law enforcement agencies for the reasons listed in this policy, or in other necessary situations. In certain situations, although it is unlikely, we may be required to disclose personal information due to compliance with legal or regulatory requirements. If the situation arises, we will reasonably notify the data subject before disclosing personal information, unless we are legally restricted from doing so.
8. How long do we keep your data?
We will keep your personal data only as long as we need in order to fulfil the purpose for which it was collected, or no longer then we have your permission to keep it.
If you have submitted your application for a job position the data is stored until the expiration of a period of two years since our last contact, unless you become one of our team members.
9. Your rights
As a data subject whose personal information we hold, you have the following rights:
- the right to request processing information (articles 23 and 24 of Personal Data Protection Law, hereinafter referred to as: the Law);
- the right to request access to personal data from the Controller (article 26 of the Law);
- the right to request the correction, supplementation or deletion of personal data, as well as the limitation of processing (article 29, 30, 31 and 33 of the Law);
- the right to data transferability (article 36 of the Law);
- the right to process complaints (articles 37-39 of the Law);
- the right to file a complaint with the Commissioner for access to information of public importance and protection of personal data, the right to judicial protection, as well as the right to compensation for damages in cases of unlawful processing (articles 82, 84 and 86 of the Law);
- other rights guaranteed by the Law.
In relation to the exercise of your rights, we shall provide the person whose data is being processed with all necessary assistance, all in accordance with the conditions and in the manner prescribed by the Law.
To exercise these rights, please contact us at office@ctlegal.rs
10. Additional information on personal data processing
Any additional questions regarding the processing of personal data can be directed to the e-mail address: office@ctlegal.rs. We will respond to all inquiries within 5 working days at the latest.
11. Changes of Privacy Policy
This Privacy Policy may be updated periodically, but so that the level of privacy protection achieved will not be diminished.