The goals of our Company*, as a personal data controller, are to process your personal data lawfully, fairly and in a transparent manner, providing appropriate personal data security, including protection from unauthorized and illegal processing, as well as assurance of data confidentiality, integrity and availability. To fulfil our goals, we commit ourselves to:
Process only collected personal data for which you gave explicit, informed and voluntary consent, or there is other legal basis to data processing lawfulness. Record all personal data processing activities within the registry that contains all mandatory information about processing activity, especially on data controller identity, the purposes of processing, juridical basis of processing legality, our legitimate interests if processing is based on them, intention to transfer data to third parties, and personal data retention time.
Inform you about all aspects of personal data processing and your rights guaranteed by applicable law and regulation. Vouch that your personal data are processed only in compliance with purposes stated in our records of processing activities; if it is necessary for fulfilment of this purpose, access to your data will be permitted only to authorized personnel of our Company or contractual data processor, who will process data strictly according to our instruction and under our supervision.
Anonymize all your personal data you requested to be deleted, if we intend to use them later for statistical analysis, and destroy them permanently upon expiration of data retention time, except in case that their further retention is required by law. Conduct periodic review of all personal data in our collections to check the applicability of data retention times regarding business requirements, personal data categories, processing purpose, and categories of data subjects. Yield to the perpetual security of your personal information by implementing and maintaining best practices of information security, as required by our Information Security Management System implemented and certified in compliance with international standard ISO 27001.
Data we collect will not be disclosed or transferred to third parties, except in cases where this is necessary to satisfy our legislative or contractual obligations, when necessary to protect your life or corporal integrity and you are not able to give explicit consent, or when needed to fulfil tasks undertaken in public interest.
Your personal data will not be transferred to, or processed by processors in countries other than those listed by European Commission as having an adequate level of information protection, and whose obligation and accountability for data protection are established through contractual agreements and in compliance with all applicable technical and organizational controls, and legislative documents, that regulate data protection.
Furthermore, care will be taken that all your requests, regarding your personal data processing, are answered to as soon as possible, and no later than is required by regulation, so you can exercise your guaranteed rights. For that purpose we appointed a Data Protection Officer.
To fulfil our obligations and ensure an adequate level of control and traceability needed to objectively make evident compliance with data processing requirements, we integrated data protection in all our processes. Data processing and protection terms are detailed in our Personal Data Processing and Protection Bylaw, which ensures that our processes are compliant with General Data Protection Regulation (GDPR), as well as other applicable laws and regulations regarding information security.
This policy is regularly checked for adequacy to the purpose and context of the Company, and current revision is always available on Internet.
Revision 7, 2024-08-26
Sendi Radić, Member of the KING ICT Management Board
* In the context of this policy, the Company consists of affiliated trading companies: KING ICT d.o.o., Zagreb (with branches: Osijek Service Center, Rijeka Service Center, Split Service Center); KING ICT d.o.o., Belgrade; KING ICT d.o.o., Sarajevo; KING ICT d.o.e.l., Skopje; Pametna energija d.o.o., Zagreb; Aktivis d.o.o., Zagreb.