General information on data protection

Information on the processing of personal data

Euro Trag D.O.O. and Euro Trag Studio (hereinafter referred to as the Agency), as the data controller, have prepared a notice for the Agency’s clients (hereinafter referred to as data subjects) in the document “General Information on Data Protection,” with the aim of ensuring transparent data processing. This notice provides basic information regarding the processing of personal data, the protection of personal data, and the rights of the data subjects.

In its operations, the Agency applies the highest business standards while strictly adhering to the obligations prescribed by the laws of the Republic of Serbia.

Data controller

The data controller is Euro Trag D.O.O., Kneza Miloša 79, 11000 Belgrade, MB20152745,
The data controller is PR Goran Marković Euro Trag Studio, Dečanska 4, 11000 Belgrade, MB67577353,
Contact person for personal data protection email: eurotrag@vizezanemacku.rs, phone: 0638171370

Categories of data processed by the agency

The categories of data processed by the Agency depend on the type of products and services for which the data subjects are applying. The Agency processes personal data collected from data subjects during the establishment of a business relationship, as well as throughout the course of business cooperation.

The categories of personal data processed by the Agency include: personal information (e.g. full name, date and place of birth, nationality, personal ID number, passport number, etc.), contact information (e.g. residential address, mailing address, phone number, email address, etc.), identification details from personal documents (e.g. type and number of the ID document, issuing authority, date and place of issuance, etc.), as well as information regarding the activity and professional background of the data subject (e.g. occupation, employment status, company name, etc.).

In addition, processing may include: information necessary for filling out the Videx form (e.g. marital status, number of household members, etc.), data regarding products and services in use, data relevant for marketing activities, video, audio, and photographic recordings (for the purpose of video identification or telephone conversation recordings), electronic records and identification data, or any data obtained by the Agency during the visa application process itself.

Legal basis and purpose of processing personal data

The legal basis and purpose of processing personal data largely depend on the type of products and services the individuals to whom the data relates are applying for.

The agency processes personal data in accordance with the provisions of the Personal Data Protection Law and other regulations of the Republic of Serbia.

The agency collects and processes personal data for the purpose of establishing a business relationship and processing the entire visa application process for the individuals to whom the data relates, and this is done to the extent necessary for:

Applying for a specific type of visa

The agency collects and processes personal data for the purpose of completing certain applications, requests, and forms related to obtaining a visa.

Processing based on the client's consent

The processing of personal data may be based on the consent of the individual to whom the data relates, or your consent, and only in cases where you have explicitly consented to the processing of data for a specific purpose (e.g., offers sent via email or post, mandatory insurance offers). The data will be processed only in accordance with the scope and purpose defined and agreed upon in the consent. This consent can be revoked at any time, with legal effect from the moment of withdrawal. Consent may be given for:

Sending offers and promotional material to individuals and their employers involved in the visa process
Sending offers and handling the mandatory insurance process (to ensure clients do not face legal issues or penalties)
Sending data for creating informational offers for potential clients of the agency

All consents collected by the agency before the application of the Personal Data Protection Law (Official Gazette of RS, no. 87/2018) remain valid for creating offers and contacting clients regarding the agency's marketing activities, except when the client withdraws the given consent.

Protection of legitimate interests

In exceptional cases, data processing may be based on the protection of legitimate interests of the clients, the agency, or third parties.

In the following cases, data processing is carried out for the protection of legitimate interests:

Consultation and data exchange with the client's future employer, intermediaries working with the client, or assistants in any other form (e.g., language assistants, etc.)
Review and analysis to optimize client needs and offers
Notifications sent to clients if necessary for informing them about the service or product
Video surveillance to gather evidence in case of criminal offenses
Telephone conversation recordings (for quality control of services or in case of complaints)
Measures for protecting clients and employees, as well as securing agency property and preventing abuse
Measures for business control and further development of services and products
Data processing for law enforcement purposes
Protection of legal claims in legal disputes
Prevention and investigation of criminal offenses

Protection of legitimate interests when providing marketing services

The processing of your data for the purpose of:

Providing individual information and offers from the agency and legal entities listed below (whose products and services the agency organizes or provides)
Developing services and products that are also tailored to your interests and needs
Further improving the usability of our services

This is based on our legitimate interest in marketing our services, which may include sending greeting cards and invitations. Data for this purpose will only be processed if you have not objected to it.

The following data collected by the agency, or that you have provided or sent to the agency, will be subject to processing:

Personal Data: Name, surname, date of birth, country of birth, nationality, gender, occupation, employment status, marital status, education, employer, work conditions with the future employer, official data such as data from personal documents, income data, address and other contact details such as phone number or email address and address for receiving mail, geographical location data, pension and disability insurance data, data from the land registry, tax solution, certificates and statements from the future employer, household data (number of household members, number of children, their data and data of parents, spouse) data revealed during consultations.

Data related to services, communication: Data related to using the agency's services, such as email messages, messages via internet applications (Viber, WhatsApp, etc.)

Online applications and tracking their outcomes (for the purpose of notifying and uploading the application and documentation to facilitate clients)

Data on products and services of legal entities in contractual relationships with the agency: Data on products and services provided by the agency on behalf of legal entities that are business partners of the agency, such as Barmer insurance, Globos insurance in the country and abroad, etc.

These data include personal data and data related to products and due obligations.

Recipients of personal data

Within the agency, business units or employees, as well as affiliated legal entities, receive only the data that is necessary for them to fulfill their legal and statutory obligations or legitimate interests based on the "need to know" principle (only the information that is truly necessary). All employees who process personal data undergo training related to data protection and are required to apply the highest business standards in their daily operations.

Processors may also include individuals with whom the agency has concluded a service contract related to personal data processing, aimed at fulfilling services or supporting business processes. When selecting such service providers, the agency ensures their compliance with data protection standards, and those deemed to meet high standards are entrusted with the processing activities, with a data processing agreement that specifies high data protection standards.

In accordance with legal or regulatory obligations, state authorities and institutions, as well as the agency, may be recipients of personal data. In the event of data being provided to other entities, the agency is obligated to maintain confidentiality regarding all client-related information and facts entrusted or made available within the framework of business cooperation. The agency may disclose personal data if you have consented or if the agency is obligated to provide the data.

Recipients of personal data may include other affiliated legal entities. In such cases, only the data necessary for executing the business relationship is shared. Depending on the type of contract, recipients may include, for example, insurance companies, banks, etc.

Data from the agency's video surveillance may be used by relevant authorities or courts (for evidence in proceedings), security services (for security purposes), law enforcement, and others.

Data retention period

Personal data is kept until the purpose and legal basis for processing are fulfilled, meaning it is processed throughout the entire period of business cooperation, as well as after the termination of the business relationship, in accordance with the rules prescribed by internal acts and regulations, i.e., the legal obligation to retain data and documentation.

Rights of the individuals to whom the data relates

Individuals whose personal data is processed have the right to access, correct, supplement, delete, or restrict the processing of stored data, the right to object to the processing of data, and the right to data portability in accordance with the conditions outlined in the Personal Data Protection Law.

If, as a client, you believe that your rights regarding data protection have been violated, you can file a complaint with the agency regarding the processing of personal data.

Obligation to provide data and data security

In order to establish a business relationship, it is necessary for the client to provide the agency with all the information required for concluding and managing the business relationship, as well as the information that must be collected in accordance with the law. If the client does not provide the necessary information, the agency will not be able to conclude and carry out the process, nor will it be able to provide the existing service.

For the processing of data that is not essential for executing the process and service (e.g., direct marketing, offers, and insurance applications), clients are not obligated to give their consent.

All data processed by the agency is appropriately protected from misuse, destruction, loss, unauthorized changes, or access. As the data controller, the agency has undertaken technical, personnel-related, and organizational measures for data protection in accordance with established standards and procedures, which are necessary to protect the data from loss, destruction, unauthorized access, alteration, disclosure, and any other misuse. The agency has also established the obligation for employees involved in data processing to maintain data confidentiality.