ON ANIMOND PLATFORM
Društvo sa ograničenom odgovornošću AnimondFond Beograd – Zvezdara, corporate number: 21596094, TIN: 112043589, with its registered seat at the address Dimitrija Tucovića 45/18, Belgrade (hereinafter reffered to as: the „Company“), as a controller, processes personal data in accordance with the Law on Protection of Personal Data (“Official Gazette of the Republic of Serbia”, No. 87/2018, hereinafter referred to as: the Law), the General Data Protection Regulation (“GDPR”) and other regulations governing issues related to the processing of personal data. For the purpose of transparent processing of personal data, the Company adopts this Privacy policy and use of cookies (hereinafter reffered to as: the „Policy“) to regulate and provide basic information regarding the processing of personal data, personal data protection and data subject rights.
I MAIN TERMS
For the purposes of this Policy, these specific terms shall have the following meaning:
1) “personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2) “data subject” means a natural person whose personal data are processed;
3) “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (hereinafter referred to as: processing);
4) “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
5) “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
6) “pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
7) “filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
8) “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
9) “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
10) “recipient” means a natural or legal person, public authority to which the personal data are disclosed, whether a third party or not, unless it is a matter of authorities that, in accordance with the law, receive personal data within the framework of the investigation of a specific case and process this data in accordance with the rules on the protection of personal data related to the purpose of processing;
11) “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
12) “consent” of the person to whom the data refer is any voluntary, specific, informed and unequivocal expression of the will of that person, by which that person, by a statement or a clear affirmative action, gives consent to the processing of personal data relating to him;
13) “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
II CONTACT DETAILS OF THE COMPANY AS THE CONTROLLER AND CONTACT DETAILS OF THE PERSONAL DATA PROTECTION OFFICER
Controller’s contact details:
Business name: Društvo sa ograničenom odgovornošću AnimondFond Beograd – Zvezdara
Registered office: Republic of Serbia, 11 050, Belgrade-Zvezdara, 45 Dimitrija Tucovića Str., suite no. 18
Company ID number: 21596094
TIN: 112043589
Personal Data Protection Officer: Igor Mitrović, employed with the Company at the position director
The Company has appointed its Personal Data Protection Officer as a point of contact in connection with all issues related to the processing of personal data, as well as in connection with the exercise of rights prescribed by the Law, as follows:
- by sending an e-mail to: office@animond.co;
- by sending a letter to the address of the Company’s registered office: Republic of Serbia, 11 050, Belgrade-Zvezdara, 45 Dimitrija Tucovića Str., suite no. 18
- by handing over a letter directly to the premises of the Company’s registered office specifying that it is “for the Personal Data Protection Officer”.
III USE OF DATA – TYPE OF PERSONAL DATA TO BE COLLECTED AND PURPOSE OF PROCESSING OF PERSONAL DATA OF THE BENEFICIARY AND OF THE INVESTOR BY THE CONTROLLER
Use (browsing) of ANIMOND platform website
When you enter the website of our Animond platform, after you agree to the use of cookies, you will have the opportunity to search our website and register on our platform.
If you only visit our site, we do not collect or store your personal data.
Subscribe to the newsletter
When you subscribe to our newsletter (giving us consent), we use the e-mail address provided to inform you about our events, general development of Animond platform, the upcoming crowdinvesting campaign, as well as reports on progress of the funded projects.
In order to send you a newsletter, we will use your personal data, as follows: name and surname, e-mail address and telephone number.
We use your e-mail address even after you become project investor to inform you about the progress of the project, as well as to inform you about news related to our events, general development of Animond platform, upcoming crowd investing campaigns and progress reports of other campaigns by sending newsletters. The consent you gave us when subscribing to the newsletter shall form the legal basis for sending notices to you as an investor.
The recipient of this category of personal data is the newsletter provider: SendGrid, Inc. The provider is registered in the USA and has a Privacy Shield certificate.
Registration on the platform (Investment)
When you register on the platform and become potential Investor, we collect the following personal data about you:
- Name and surname
- IP address
- Address of residence
- Telephone number
- E-mail address
All data are stored on the EuroHost server. The provider is registered in Letonia and you can access its privacy policy via the following link: https://eurohost.com/pp.html.
IV COOKIES
Animond platform uses cookies, which are text files stored in a computer system via an Internet browser (hereinafter referred to as: “cookies”).
This platform uses the following types of cookies:
- Technical cookies
- Consent-based cookies (e.g. marketing)
1) Technical cookies
Technical cookies guarantee functionalities without which you cannot use our platform as intended. These cookies are used exclusively by us and they are therefore first-party cookies. This means that all information stored in cookies will be returned to our platform.
Technical cookies serve, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our platform and that, therefore, you do not have to re-enter your login details each time you access a new page.
Legal basis:
Article 12, paragraph 1, item 2 of the Law (contract performance / situation similar to the contract)
2) Consent-based cookies
Cookies that are neither technical cookies nor functionality or performance cookies will only be used after obtaining your express consent, for example marketing cookies.
We also reserve the right to use the information we obtain through cookies from the anonymous analysis of user behavior of visitors to our platform. We believe that you as a user benefit from this because we display ads or content that we think is relevant to your interests based on your search behavior.
Marketing cookies come from external marketing companies (third-party cookies) and are used to collect information about our websites visited by users in order to create targeted advertising for the user.
We store cookies on your device if they are strictly necessary for the operation of this platform. For all other types of cookies, we need your consent.
Disabling cookies
You can withdraw your consent to the use of cookies that are based on individual consent at any time with effect for the future, by adjusting the cookies settings.
Legal basis:
Article 12, paragraph 1, item 1 of the Law (consent)
Administering and deleting all cookies
You can set your web browser to generally prevent cookies from being stored on your device and / or to be asked each time if you agree to cookies being enabled. You can also delete re-enabled cookies at any time.
Necessary cookies (technical cookies) help make the site usable by enabling basic functions such as page navigation and access to secure areas of the platform. The platform cannot function properly without these cookies.
V LEGAL BASIS FOR PROCESSING PERSONAL DATA
Legal basis for processing of personal data prescribed by Article 12 of the Law.
Legal basis and purposes of processing on the basis of which the Company processes your personal data are:
- Your consent to the processing of your personal data for one or several specific purposes, which you can revoke at any time, in one of the following ways: by submitting a request to revoke the consent to the Company’s e-mail, by sending a letter to the Company’s registered office or by handing a letter directly in the premises of the Company specifying that it is intended “for the Personal Data Protection Officer”. The explicit consent is required to process specific types of personal data that are necessary to provide certain services or products. If you revoke your consent to the processing of personal data, we will not be able to provide you with the service desired;
- A situation when processing is necessary for the performance of the contract concluded with you or for taking action, at your request, before conclusion of the contract itself. Namely, data processing is necessary for the conclusion and performance of the contract for the use of the Company’s services or for the Company to take certain actions prior to the conclusion of the contract. If you refuse to provide the information required for this purpose, the Company will not be able to enter into any contract with you or provide you with the service requested;
- A situation when processing is necessary in order to comply with legally prescribed obligations of the controller (for example: compliance with legal obligations of the controller prescribed by the Law on Prevention of Money Laundering and Financing of Terrorism, in order to meet the requirements of competent state authorities, etc.). The processing of data that is necessary for the purpose of complying with the law and fulfilling prescribed legal obligations does not require any consent from the data subject;
- When processing is necessary in order to protect your vital interests or the vital interests of another natural person;
- A situation when processing is necessary for the purpose of performing activities in the public interest or performing legally prescribed powers of the controller;
- A situation where processing is necessary in order to achieve the legitimate interests of the controller or a third party. Namely, in certain cases, processing is necessary in order to achieve the legitimate interests of the Company or a third party, taking into account that the interests of the Company do not prevail over the interests or rights and freedoms of the data subject. The Company bases data processing on legitimate interest, for example, in the following situations: monitoring and maintaining security in the Company’s business premises (video surveillance of business premises, visitor records), monitoring and maintaining security of the Company’s IT systems and operations, initiating and conducting legal proceedings before the state authorities in order to exercise the rights and interests of the Company or other persons, recording telephone conversations, preventing fraud and more. The processing of data on the basis of a legitimate interest does not require any consent from the data subject, but data subject shall have the right to use legal mechanisms at any time to exercise their rights in the manner described in the Rights of the Data Subject section.
The purpose for which the Company processes data depends on the type of services you contract with us, whereby all data are processed to fulfill the purpose for which they are collected.
VI RECIPIENT OF YOUR PERSONAL DATA
The Company has the right to disclose personal data and documentation related to any person, and data related to the contracts concluded with any person, to third parties, as follows: banks, the
Beneficiary, and all other persons who due to the nature of their work require access to such data, persons the Company has concluded Confidentiality and Non-Disclosure Agreement with, as well as any other bodies and persons the Company is obliged by law to submit relevant data to, i.e. persons your data are disclosed to for the purpose of performance of the contract we have concluded with you, i.e. for providing the service you have hired us for.
VII TRANSFER OF PERSONAL DATA TO A FOREIGN COUNTRY OR INTERNATIONAL ORGANIZATION
The transfer of personal data to a foreign country, to a part of its territory, or to one or several sectors of certain activities in that country or to an international organization, without prior authorization, may be affected if such foreign country, part of its territory or one or several sectors of certain activities in that country or that international organization provides an adequate level of protection of personal data.
An adequate level of protection is considered to be provided in countries and international organizations that are members of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, i.e. in countries, parts of their territories or in one or several sectors of certain activities in such countries or international organizations that have been identified by the European Union to provide an adequate level of protection.
The controller or processor may transfer personal data to another country, to a part of its territory or to one or several sectors of certain activities in that country or to an international organization with no adequate level of protection according to the list referred to in Article 64, paragraph 7 of the Law on Protection of Personal Data, only if the controller or processor has provided adequate measures for the protection of these data and if the data subject is provided with the feasibility of their rights and effective legal protection.
VIII PERSONAL DATA RETENTION PERIOD
The Company processes personal data collected for the purpose of exercising the rights and obligations from the contractual relationship until the end of such relationship, except in cases where the Company is obliged to keep the data after the end of the contractual cooperation, and until the expiration of the statutory retention period, i.e. until there is a legitimate interest, valid agreement or consent.
The Company will not keep your personal data longer than the period required to realize the purpose they were collected for, or no longer than the period we have your consent for.
IX RIGHTS OF THE PERSONS TO WHOM THE DATA REFER
The persons to whom the data refer shall have the following rights:
- Right of access
The right of access shall mean that the person to whom the data refer may obtain from the Company information on whether their personal data are being processed and, if so, permission to access their personal data and obtain information on the processing. Upon request, the Company will provide a copy of the personal data it processes. For additional requests, the Company may charge a reasonable fee for administrative costs. If the request is submitted electronically and unless otherwise requested, the Company shall submit the information in electronic form.
- Right to rectification and erasure
At the request of the person to whom the data refer, the Company will rectify any personal data that are inaccurate or supplement any incomplete data.
At the request of the person to whom the data refer, the Company will delete their personal data if the requirements prescribed by the Law are met (e.g. if the purpose they were collected for was met, if the consent for processing was withdrawn and there is no legal basis for processing). The Company may not delete personal data: if the obligation to process them is prescribed by law or the processing is mandatory for reasons of public interest protection (e.g. acting on behalf of the state body) or is necessary to protect the Company’s interests such as initiating, filing or defending any legal claim (e.g. filing a lawsuit, etc.).
- Right to restriction of processing
At the request of the person to whom the data refer, the Company will restrict processing of their personal data in cases prescribed by the Law.
- Right to data portability
At the request of the person to whom the data refer, the Company shall provide personal data in a structured, commonly used and electronically readable form (e.g. on a computer) and allow them to be transmitted to another controller without interference by the Company if the following conditions are met: (a) processing is based on consent or is necessary for the performance of the contract and (b) processing is performed automatically. This right includes the possibility to require from the Company to transfer personal data directly to another controller if technically feasible.
- Right to withdraw consent
You have the right to revoke your consent to the processing of personal data at any time, however, please note that the revocation of consent does not affect the admissibility of processing on the basis of consent prior to your revocation.
You can revoke your consent by submitting a request to revoke the consent to the Company’s e-mail, by sending a letter to the address of the Company’s registered office or by sending a letter directly to the Company’s premises marked “for Personal Data Protection Officer”.
If you revoke your consent to the processing of personal data, we will not be able to provide you with the desired service.
- Right to object
At any time, the person to whom the data refer may file an objection with the Company to the processing of personal data based on a legitimate interest or which is necessary for the purpose of performing activities in the public interest or exercising legally prescribed powers of the Company. Upon filing the objection, the Company will suspend further processing of such data, unless there is a legal basis for processing that overrides the interests or freedoms of the data subject or if such processing is performed for the purpose of initiating, filing or defending any legal claim (e.g. filing a lawsuit, counterclaims and the like).
- Right to challenge the decision made in an automated decision-making process, including profiling
Within the business relationship between the Company and the person to whom the data refer, and in order to exercise the rights and obligations arising therefrom, the Company may process client data in whole or in part in an automated manner, in order to offer and provide services that meet the specific needs of the data subject, as well as in order to improve the Company’s business relationship with its clients.
If the person to whom the data refer considers that their rights have been violated by a decision made in an automated decision-making process, they shall have the right to challenge such decision, express their opinion and request that such decision should be reviewed with the participation of an authorized employee of the Company.
- The right to complain to the Commissioner for Information of Public Importance and Personal Data Protection
The person to whom the data refer shall have the right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection if they consider that the processing of their personal data is carried out contrary to the provisions of the Law or other applicable regulations.
- Obligation to provide data
Providing your personal data allows us to perform the service you hired us for. However, if you refuse to provide us with any requested information – we will not be able to perform the service you hired us for, nor will we establish any contractual relationship with you, i.e. we will have to terminate the already established contractual relationship.
X DATA SECURITY AND INTEGRITY
We protect your data by using data protection technology created by design in accordance with the needs of the Platform and by using tools such as firewalls and data encryption. All collected data are always transmitted via encrypted TLS protocol and SSL certificate. We also require that you use a personal username and password each time you access your account online. We restrict access to data in our offices so that access could only be allowed to web platform administrators and the data protection officer.
XI AMENDMENT TO THE POLICY
We reserve the right to periodically make changes to this Policy, in order to keep track of changes in legislation and technical innovations. All changes take effect at the time of publication on the Platform.
XII LINKS
Animond platform may contain links to other websites on the Internet. We are not responsible for the content of these websites or for any other privacy policies on these sites. Our Terms of Use and our Policy apply only to information we collect in accordance with this Policy.
XIII ENTRY INTO FORCE
This Policy shall enter into force on 12.04.2024.