Legal and Privacy

PRIVACY POLICY 

1. Introduction

With this Privacy Policy (hereinafter: “Privacy Policy”) we as Comtrade Gaming, by which we mean Comtrade programske  rešitve d.o.o. from Ljubljana, Republic of Slovenia, Comtrade Gaming d.o.o. Beograd from Belgrade, Republic of Serbia and Comtrade Solutions Engineering d.o.o. from Banja Luka, Republic of Bosnia and Herzegovina, intend to inform you about the scope and the purpose of collection, usage, processing of the personal data and your rights as a visitor of the website https://www.comtradegaming.com (hereinafter: “Website”), as a job applicant for the employment / recruitment opportunities or as an attendee of the events and/or webinars created by us under applicable national personal data protection law. 

Comtrade programske rešitve d.o.o., with its registered seat at Letališka cesta 29b, 1000 Ljubljana, Slovenia.
ID number: 3281841000, TIN: SI 96513624, is the Controller of personal data for visitors of the Website, job applicants and/or attendees of the events with following contact details:

Comtrade programske rešitve d.o.o.

Address: Letališka cesta 29b, 1000 Ljubljana, Republic of Slovenia

e-mail: info@comtradegaming.com

 

Other Comtrade Gaming companies referred to in this Website are as follows:

Comtrade Gaming d.o.o. Beograd, with its registered seat at Savski nasip 7, 11070 Belgrade, ID number: 21637076, TIN: 112258488 whose contact details are as follows:

Comtrade Gaming d.o.o. Beograd

Address: Savski Nasip 7, 11070 Belgrade, Republic of Serbia

Comtrade Solutions Engineering d.o.o., with its registered seat at Ulica I krajiskog korpusa 39, Banja Luka, BIH, MBS: 57-01-0211-20, JIB: 4404613020002 whose contact details are as follows:

Comtrade Solutions Engineering d.o.o.

Address: Ulica I krajiskog korpusa 39, Banja Luka, BIH

 

Certain terms in this Privacy Policy shall have the following meaning:

·        “We”, “us” and “our” shall mean the legal entity that is part of the Comtrade Gaming with which you have established a relationship;

·        “You” and “your” shall mean you, a person who interacts with us, does business with us, registers for our events or services or visits our Website.

By visiting the Website, applying for open job positions, registering for events and/or webinars which may be organized, cooperating with us, registering for our services or otherwise interacting with us, we may collect or process your personal information. We are strongly committed to protecting and keeping confidential any information collected in this way, and to always abide by the applicable laws.

 

2. Legal ground for the processing of personal data, purposes of processing and personal data we may collect

We may collect and process the personal data that you have provided to us, that we have collected from third parties with whom we work closely or from publicly available sources.

 

2.1. Legal ground for the processing of personal data

We process you personal data on the following legal grounds defined by GDPR, ZVOP-2, LPDP of RS and LPPD of BiH, depending on the country from which natural person/data subject is contacting us:

-         the performance of a contract with you in compliance with Article 6(1)(b) of GDPR, Article 12(1)(2) of LPDP of RS and Article 6(1)(b) of LPPD of BiH when processing is necessary for the performance of a contract to which the natural person/data subject is party or in order to take steps at the request of the natural person/data subject prior to entering into a contract;

-         our legitimate interest in compliance with Article 6(1)(f) of GDPR and Article 12(1)(6) of LPDP of RS or if it is necessary to protect the legal rights and interests exercised by the Controller or a third party, and if this processing of personal data does not conflict with the right of the natural person/data subject to protect its own private and personal life as stated in Article 6(1)(e) of LPPD of BiH;

-         processing is necessary in order to protect the vital interests of the natural person/data subject or of another natural person, in compliance with Article 6(1)(d) of GDPR, Article 12(1)(4) of LPDP of RS and Article 6(1)(c) of LPPD of BiH;

-         your consent in compliance with Article 6(1)(a) of GDPR, Article 12(1)(1) of LPDP of RS and Article 5(1) of LPPD of BiH when the natural person/data subject has given consent to the processing of his or her personal data for one or more specific purposes;

-         to comply with a legal obligation to which we are subject in compliance with Article 6(1)(c) or 6(1)(e) of GDPR, Article 12(1)(3) or 12(1)(5) of LPDP of RS and Article 6(1)(a) and/or 6(1)(d) of LPPD of BiH.

 

2.2. Purposes of processing

We may collect and process your personal data that you have provided to us, that we have obtained from third parties we work closely with or from publicly accessible sources. 

We collect and process your personal data to:

·        Provide you with the information or services that you have requested from us – such personal data may include your name, address, e-mail address, telephone number and other relevant information;

·        Keep in touch with you as our business partner and to keep you informed about our business activities and events in a timely manner – such personal data may include your name, address,  e-mail address, telephone number, position, company name and other relevant information;

·        Fulfill our contractual obligations towards you – such personal data may include your name, address, e-mail address, telephone number, position, place of work, company name and type of cooperation with us;

·        Improve our website – such personal data may include your IP address, geographical location, information about your device, type of browser, the source from which you accessed the page, the duration of the visit, operating system, number of page views, which pages you viewed and similar information. For more information on cookies, please see Article 10 below;

·        Comply with or abide by legal obligations or requirements;

·        Send you promotional messages about our activities, including invitations to other events – such personal data may include your name, address, e-mail address, telephone number, position, company name and other relevant information;

·        Recruit new employees either for specific employment vacancies or for general future employment possibilities – such personal data may include your name, address, e-mail address, phone number, date of birth, education profile and work experience, CV, a photo and other relevant information;

·        Successfully and efficiently organise our events, which includes promotional activities and publishing event-related audio, video and photo documentation – this information may include your name, position, company name, e-mail address, telephone number, short biography with a picture (for speakers/performers) and event-related audio, video and photographic documentation.

 

2.3. Data collection and processing

2.3.1. Data collection and processing when visiting this Website

If you only use the Website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data your browser sends our server (’’server log files’’). The Website collects a range of general data and information each time you access it or an automated system. General data and information is stored in the server's log files and may be collected such as:

1.      the browser types and versions used,

2.      the operating system used by the accessing system,

3.      the website from which an accessing system accesses the website (called a referrer),

4.      the sub-pages accessed via an accessing system on the website,

5.      the date and time the website is accessed,

6.      an internet protocol address (IP address)

7.      a truncated internet protocol address (anonymised IP address) and

8.      the accessing system's internet service provider.

 

No conclusions are drawn about you when using this general data and information and these  information is needed to fulfill the following purposes:

1.      properly deliver content of the website,

2.      to optimise the content of the website as well as to advertise it,

3.      to ensure the continued functioning of our information technology systems and the website's technology,

4.      to provide the information necessary for law enforcement authorities to prosecute in the event of a cyber-attack.

 

This collected data and information is therefore statistically analysed and further analysed by us with the aim of increasing data protection and data security within the company to ultimately ensure an optimum level of protection for the personal data being processed by us. The data from the server log files is stored separately from all personal data provided by a natural person/data subject.

Depending on the country from which natural person/data subject is approaching the Website the legal basis for processing of personal data when visiting the Website is Article 6(1)(f) of GDPR, Article 12(1)(6) of LPDP of RS and Article 6(1)(e) of LPPD of BiH whereas our legitimate interest is based on the purposes listed above for the collection of data.

 

2.3.2. Data collection and processing when contacting us

Personal data is collected when you contact us by email. If you contact us by email to get in touch with us, data you send is stored and used exclusively for the purpose of responding to your query or establishing contact and the associated technical administration.

Depending on the country from which natural person/data subject is contacting us the legal basis for data processing is our legitimate interest in responding to your request pursuant to Article 6(1)(f) GDPR, Article 12(1)(6) of LPDP of RS and Article 6(1)(e) of LPPD of BiH.

If you are contacting us in order to conclude a contract, processing is also legally based on Article 6(1)(b) GDPR, Article 12(1)(2) of LPDP of RS and Article 6(1)(b) of LPPD of BiH.

Your data will be erased once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no statutory retention obligations in place that prevent its erasure.

 

2.3.3. Data collection and processing when applying for job

We collect and process the personal data of job applicants for the purpose of carrying out the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by email or via a web form on the Website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

Depending on the country from which natural person/data subject is contacting us the legal basis for data processing is fulfillment of contractual obligations as stated in Article 6(1)(b) of GDPR, Article 12(1)(2) of LPDP of RS and Article 6(1)(b) of LLPD of BiH. Data is being processed for the preparation of an employment contract. Recipients of said personal data are Human Resources employees for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures) as well as managers involved in the decision-making process. Your data may be passed on to service providers who act as order processors for us, e.g. IT support. All service providers are contractually bound and in particular obliged to treat your personal data confidentially. Personal data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations.

As part of the application process, you must provide those personal data that are required for the initiation, implementation and termination of the contractual relationship and for the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will generally not be able to consider you appropriately in the decision-making process for filling the position.

If you have agreed that we are allowed to process you personal data for the purpose of using them in future job recruiting processes, personal data shall be processed in accordance with Article 6(1)(a) of GDPR, Article 12(1)(1) of LPDP of RS and Article 5(1) of LLPD of BiH and for the maximum period defined in section 7 of this Privacy policy. We inform you that in accordance with legislation you have rights related to giving consent as described in section 9 of this Privacy policy. Personal data shall only be stored for as long as necessary to achieve the purpose for which they were collected or further processed but in no case longer than period defined in section 7 of this Privacy policy.

 

2.3.4. Data collection and processing when creating events and webinar recordings

When planning, organizing and performing events and webinars, we shall process your data for the purpose of realisation of events and webinars. We shall use your data to contact you regarding your attendance to events and webinars and for this purpose, we shall store your data, given to us by you through application form, in our database. Events and webinars shall be recorded and shared with other companies of the Comtrade Gaming and Comtrade group.

We process your data in accordance with Article 6(1)(a) of GDPR, Article 12(1)(1) of LPDP of RS and  Article 5(1) of LPPD of BiH depending on the country from which natural person/data subject is attending events and webinars.

Without providing your information, it is not possible for you to attend events and webinars. You can withdraw your consent at any time but it shall have no effect on the lawfulness of processing based on consent before the consent was withdrawn.

If further information is obtained in the course of contact, this will also be processed in our database and used for subsequent conversations regarding your attendance to events and webinars. The legal basis for this is our legitimate interest in organizing and attending events and webinars Article 6(1)(f) GDPR, Article 12(1)(6) of LPDP of RS and Article 6(1)(e) of LPPD of BiH, depending on the country from which natural person/data subject is attending events and webinars.

The data in our database of interested parties may be passed on to the company within the Comtrade Gaming and Comtrade group responsible for the respective region. Data will only be passed on to third countries if the sales organisation responsible for the customer is based in a third country. If the organization of events and/or webinars is sponsored by partner companies, for example Microsoft, we shall pass on the details of the attendees to them. We process and store your personal data if this is necessary for the fulfillment of our contractual and legal obligations.

 

2.3.5. Newsletter

If you have provided us with your email address, we reserve the right to send you regular emails, newsletters, with offers on products or services from our collection similar to those you have already purchased.

The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with Article 6(1)(f) of GDPR, Article 12(1)(6) of LPDP of RS and Article 6(1)(e) of LPPD of BiH, depending on the on the country where natural person/data subject resides.

We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this Privacy policy. After receipt of your objection, your email address will immediately be removed for marketing purposes.

 

3.      Processing of personal data of data subjects under 15 years of age

Except in those cases where we organize educational events specifically designed for children, we do not intentionally collect personal data of individuals under 15 years. If you are under 15 years please do not send us your personal data e.g. your name, address and email address. If you wish to contact us in a way that requires you to submit your personal data (such as for education or similar events) please get your parent, exercising parental rights, or your legal guardian to do so on your behalf.

 

4. Disclosure of personal data

Following the purposes of the processing, we may disclose/transmit your personal data to the following subjects:

-         our affiliated companies within Comtrade Group;

-         contractual data processors, who shall process personal data in our name and in accordance with our written instructions and for the purposes as stated above;

-         to other recipients, if obliged to do so subject to a court order or order issued by other government authority or valid law.

 

5. Transfers of personal data to third countries

We may transfer your personal data to the recipients in third countries or international organisations, e.g. located outside the EU/EEA when it comes to data subjects who are situated in the EU, located outside of the Republic of Serbia when it comes to data subjects who are situated in Republic of Serbia or located outside of the Republic of Bosnia and Herzegovina when it comes to data subjects who are situated in Bosnia and Herzegovina, namely to our affiliated companies and contractual data processors. Such transfers take place under the safeguard measures as defined in GDPR, LPDP of RS and LPPD of BiH, depending on the country where natural person/data subject resides, if and to the extent that is possible.   

When it comes to natural person/data subject that resides in EU transfer of your personal data to recipients located outside the EU, i.e. to our affiliated companies and data processors takes place using the following security measures:

-         The European Commission has the power to determine, on the basis of Article 45 of GDPR whether a country outside the EU offers an adequate level of data protection. At any time, the European Parliament and the Council may request the European Commission to maintain, amend or withdraw the adequacy decision on the grounds that its act exceeds the implementing powers provided for in the regulation.

·        The effect of such a decision is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary. Transfers to the country in question will be assimilated to intra-EU transmissions of data.

·        The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland , the United Kingdom under the GDPR and the LED, and Uruguay as providing adequate protection.

-         The Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the Commission on 4th June 2021 which can be found on website of the European Commission https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en.

When it comes to natural person/data subject that resides in Republic of Serbia transfer of your personal data to recipients located outside the Republic of Serbia, i.e. to our affiliated companies and data processors takes place using the following security measures:

–       The Government of Republic of Serbia has adopted the Decision on the List of States, parts of their territories or one or more economic sectors in those states and international organisations considered to exercise an adequate level of personal data protection, namely member states and international organisations that have signed the Council of Europe Convention on the Protection of individuals with regard to the automatic processing of Personal Data and states, parts of their territories or one or more economic sectors in those states and international organisations that the European Union considers to provide an appropriate level of protection.

-         The Commissioner for information of public importance and the protection of personal data has adopted Standard Contractual Clauses that shall be applied when your personal data needs to be transferred outside Republic of Serbia to countries not designated as having an adequate level of personal data protection in accordance with the Decision on the List of States, parts of their territories or one or more economic sectors in those states and international organisations considered to exercise an adequate level of personal data protection. Standard contractual clauses of the Commissioner for information of public importance and the protection of personal data are available in Serbian language at the following link: https://www.poverenik.rs/sr/%D0%BF%D0%BE%D0%B4%D0%B7%D0%B0%D0%BA%D0%BE%D0%BD%D1%81%D0%BA%D0%B8-%D0%B0%D0%BA%D1%82%D0%B84/3251-%D0%BE%D0%B4%D0%BB%D1%83%D0%BAa-%D0%BE-%D1%83%D1%82%D0%B2%D1%80%D1%92%D0%B8%D0%B2%D0%B0%D1%9A%D1%83-%D1%81%D1%82%D0%B0%D0%BD%D0%B4%D0%B0%D1%80%D0%B4%D0%BD%D0%B8%D1%85-%D1%83%D0%B3%D0%BE%D0%B2%D0%BE%D1%80%D0%BD%D0%B8%D1%85-%D0%BA%D0%BB%D0%B0%D1%83%D0%B7%D1%83%D0%BB%D0%B0.html

When it comes to natural person/data subject that resides in Republic of Bosnia and Herzegovina transfer of your personal data to recipients located outside the Republic of Bosnia and Herzegovina, i.e. to our affiliated companies and data processors takes place using the following security measures:

-         transfer of personal data is possible if the country to which the data is exported applies adequate personal data protection measures prescribed by the LPPD of BiH. We may transfer your personal data to another country that does not provide adequate protection measures prescribed by the Personal Data Protection Act, in accordance with Article 18(3) of the LPPD of BiH, if:

·        the presentation of personal data is prescribed by a special law or an international agreement that binds Bosnia and Herzegovina;

·        prior consent has been obtained from the person whose data is being disclosed and the person has been informed of the possible purposes of the disclosure of data;

·        the presentation of personal data is necessary for the performance of the contract between the data subject and the controller or the fulfillment of pre-contractual obligations undertaken at the request of the person whose data is being processed;

·        disclosure of personal data is necessary to save the lives of the persons to whom the data refer or when it is in their vital interest;

·        personal data are taken from the register or records that are, in accordance with the law or other regulations, available to the public;

·        the transfer of personal data is necessary to achieve the public interest;

·        the transfer of personal data is necessary for concluding or fulfilling a contract between the controller and a third party, when the contract is in the interest of the data subject whose data is being processed.

In other cases, we may transfer your personal data to third countries based on your explicit consent in compliance with Article 49(1)(a) of GDPR, Article 69(1)(1) of LPDP of RS and Article 18(3)(b) of LPPD of BiH after you have been informed of the possible risks for you in regard with transfers of your personal data to third countries due to the absence of an adequacy decision and appropriate safeguards.

 

6. The social media platforms

The social media platforms include Facebook, Youtube, Instagram, LinkedIn etc.  Facebook, Youtube, Instagram and LinkedIn are independent personal data processors, who will process your personal data following their privacy policies, such as https://www.facebook.com/policy.php, https://policies.google.com/privacy?hl=en-US, https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect, https://www.linkedin.com/legal/privacy-policy.

a.      Third party' services (Google)

Google is independent personal data controller and services provider (ex. Google Maps, Google Analytics), who processes your personal data following their own privacy policy: https://policies.google.com/privacy?hl=en-US.

b.      Links to other websites

This Website may contain links to third parties websites. We disclaim any control over, relationship with, or endorsement of these sites and shall not be liable for data protection while visiting such websites. Links to other websites are provided only as a convenience and we encourage you to read these third-party websites’ terms of use and privacy policies.

c.       Transfer of personal data to USA

WARNING:

While using the Website and/or applying for a job position, event and/or webinar, your personal data could be transfered and processed in the USA or other third country or it is not possible to prevent such transfer and further process by social media platforms. In such cases, it is possible that the level of data protection does not attain the levels of data protection, as defined in GDPR, LPDP of RS and/or LPPD of BiH.

Transfer of personal data to USA/cessation of Privacy Shield application:

According to the Court of Justice of the European Union decision No. C-311/18, dated from 16th July 2020, the s.c. Privacy Shield, which had previously and in certain circumstance confirmed an adequate data protection level, no longer represnets a valid legal basis for transfer of personal data from EU to the USA.

What can the personal data transfer to USA mean for you as user and what are potential risks thereof?

The risks derive from the powers and functions of american intelligent agencies and legal situation in the USA, which, according to the Court of Justice of the European Union, no longer ensures an adequate level of personal data protection.

 The Standard Contractual Clauses, as accepted by the Commission in 2010 (Commission Decision of 5th February 2010 on Standard Contractual Clauses (SCC) for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, 2010/87/EU) are no longer valid.The new Standard Contractual Clauses (SCC) were adopted by the Commission on 4th June 2021 and from December 27th 2022, the new SCCs, standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, shall serve as a valid ground for data transfer.

The Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Law on personal data protection ("Official Herald of RS", No. 87/2018) and Decision on establishing Standard Contractual Clauses ("Official Gazette of RS", No. 5/2020) shall serve as a valid ground for data transfer.

What measure are we taking to ensure legal transfer of data to USA? 

Whenever american providers offer such options, we opt for personal data processing on servers within the EU. In this way, the american intelligence agencies do not have access to personal data thereon.

In case of further use of tools, originating from the USA, we adopt the following measures:

The risks, related to the transfer of personal data to USA, are defined above.

We aim to conclude the standard contractual clauses with the suppliers from the USA.

7. Storage period

We retain your personal data to the extent reasonably necessary to fulfil the purposes for which we collected or obtained it, or to comply with legal requirements/obligations.

We retain the personal data of unsuccessful applicants for at least six months but no longer than two years after the recruitment process or assessment has been completed. Information may be held for a longer period where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for legal or regulatory purposes). If the applicant is successful in his/hers application, the personal data gathered through the recruitment process will be retained in line with the Privacy Notice for the employees. 

Where the legal basis for the processing your personal data is your consent, we shall keep your personal data until you withdraw your consent.

8. Protection and Security

We take precautions to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. We have taken appropriate technical and organisational measures to protect the information systems on which we store your personal data and require our data processors, on a contractual basis, to protect your personal data.

9. The rights of data subjects

The natural persons/data subjects to whom the personal data apply have the following rights, which shall be enforced free of charge. Before ensuring the individual's rights, we shall verify its identity. An individual shall make a request on a written form, sent to to us via email or post as stated below.

We shall fulfill such request, where applicable, within one month, except when the complexity of the request or numerous requests require longer time period. In the latter case, where applicable, this period can be prolonged for another two months period. We shall inform the natural person/data subject about such extension, as well as about the reasons thereof.

Rights of the natual persons/data subjects which reside in EU have the following rights according to the GDPR:

a)     Right of access by the data subject: subject to request, data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

-         the purposes of the processing;

-         the categories of personal data concerned;

-         the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

-         where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

-         the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

-         the right to lodge a complaint with a supervisory authority;

-         where the personal data are not collected from the data subject, any available information as to their source;

-         the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Upon request, the Controller shall make a copy of all personal data that is being processed and present it to the data subject.

b)     Right to rectification: The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.

c)      Right to erasure or the right to be forgotten: The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

-         the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

-         the data subject withdraws consent on which the processing is based and no other legal ground for processing exists;

-         the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR;

-         the personal data have been unlawfully processed;

-         the personal data have to be erased for compliance with a legal obligation in Union or Slovenian law.

d)   Right to restriction of processing: The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

-       the accuracy of the personal data is contested by the data subject;

-       the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

-       the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

-       the data subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the data subject.

e)     Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, under the conditions set out in Article 20 of GDPR.

f)       Right to object: Subject to conditions, set out in Article 21 of GDPR, the data subject has the right to object the processing of personal data, concerning him or her.

g)     The withdrawal of consent: When the processing is based on the individual's consent, he or she has the right to withdraw this consent at any time. Such withdrawal has no impact on the lawfulness of processing based on consent before the consent was withdrawn.

 

Natural person/data subject that resides in EU and whose personal data is being processed shall file a complaint or make a request regarding the processing of his or hers personal data through email security@comtradegaming.com.  

You also have the right to lodge a complaint with the competent supervisory authority. Contact information: Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana, Republic of Slovenia, phone: 00386 1 230 97 30, email: gp.ip@ip-rs.si, DPO for the supervisory authority: dpo@ip-rs.si.

Rights of the natural persons/data subjects which reside in Republic of Serbia have the following rights according to the LPDP of RS:

         I.        The withdrawal of consent to the processing of personal data at any time, which will not affect the admissibility of the processing carried out before the revocation - Article 15 of LPDP of RS,

        II.        The right to transparency and information regarding the exercise of rights and the manner of data collection - Articles 21 and 23 of LPDP of RS,

      III.        The right to request from the Controller access to the collected personal data Article 26 of LPDP of RS,

     IV.        The right to request from the Controller the correction and supplementation of the collected personal data - Article 29 of LPDP of RS,

       V.        The right to request from the Controller the deletion of the collected personal data - Article 30 of LPDP of RS,

     VI.        The right to request from the Controller the limitation of the processing of the collected personal data - Article 31 of LPDP of RS,

    VII.        The right to data portability, i.e. the right to receive data previously submitted to the Controller from the Controller in a structured, commonly used and electronically readable form and/or for the data to be transferred by the Controller to another controller without interference - Article 36 of LPDP of RS,

  VIII.        The right to submit a complaint to the Controller on the processing of the collected personal data - Article 37 of LPDP of RS,

     IX.        The right to not be subject to a decision made solely on the basis of automated processing, including profiling, if that decision produces legal consequences for you or if that decision significantly affects your position - Article 38 of LPDP of RS,

       X.        The right to lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection regarding personal data processing - Article 82 of LPDP of RS,

     XI.        The right to file a lawsuit with the competent court in connection with the processing of personal data - Article 84 of LPDP of RS.

 

Natural person/data subject that resides in Republic of Serbia and whose personal data is being processed shall file a complaint or make a request regarding the processing of his or hers personal data through email security@comtradegaming.com.

You also have the right to lodge a complaint with the competent supervisory authority. Contact information: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, 11120 Beograd, phone: +38111 3408 900, email: office@poverenik.rs.

 

Rights of the natural persons/data subjects which reside in Republic of Bosnia and Herzegovina have the following rights according to the LPPD of BiH:

A.       the right to withdraw your consent to the processing of personal data at any time, unless you as the data subject and us as the Controller expressly agree otherwise - Article 5 of Law of BiH - consent of the Data subject;

B.       the right to be informed about data collection before we start collecting data - Article 22 of Law of BiH - notification about the collection of personal data;

C.       the right to inform you without delay which third party provided us with personal data, if we did not obtain personal data from you - Article 23 of Law of BiH - source of personal data;

D.       the right to inform you at your request about the course of processing of your data carried out by us or the data processor, the purpose of data processing, the legal basis and duration of processing, whether the data were obtained from the data subject or from a third party and about the right to access personal data, as well as about who received or who will receive the data and for what purpose - Article 24 of Law of BiH - right of access to personal data;

E.       the right, unless otherwise provided by law, based on your request once a year, without compensation, to provide you with information related to the processing of your personal data - Article 25 of Law of BiH - method of providing information; 

F.       the right to submit a free objection to our request regarding the future use or transfer of your data for the purpose of direct marketing or to be informed before your data is first transferred to a third party for the purpose of direct marketing - Article 26 of Law of BiH - objection regarding direct marketing;

G.      the right to submit to us a request for the correction, deletion or blocking of data that is found to be incorrect or incorrectly stated or processed in another way that is contrary to the law and rules related to data processing - Article 27 of Law of BiH - correction, deletion and blocking of data;

H.       your right as a data subject that we, as a Controller, cannot make a decision that will produce a legal effect on you or that may significantly affect you, and the purpose of the decision is to assess certain personal characteristics of you as a data subject, which is based solely on the automatic processing of personal data, two exceptions are provided by Law of BiH - if the decision was made in the process of concluding or executing a contract, provided that your request as the Data subject is fulfilled or if there are appropriate measures to protect your legitimate interests and if we authorized on the basis of the law, which determines the measures to protect your legitimate interests as a Data subject, to make such a decision - Article 29 of Law of BiH - Making a Decision on the Basis of Automatic Data Processing;

I.         the right to submit a complaint to the Agency in order to protect your rights if you establish or suspect that we, as a data controller or data processor, have violated your rights or that there is a direct danger of a violation of rights - Article 30 of Law of BiH - filing a complaint;

J.        the right to file a lawsuit and initiate a dispute for compensation of damages before the competent court in the area of ​​your residence or place of residence or the competent court in the area of ​​our headquarters for compensation of material or non-material damage - Article 32 of Law of BiH for damage;

K.       the right of data subject that the Controller provides them with information about the processing of personal data or provide access to personal data is limited and we are not obliged to provide said information if this could cause significant damage to the legitimate interests of state security, defense, public safety, prevention, investigation, detection of criminal acts and prosecution of perpetrators, and violations of the ethical rules of the profession, economic and financial interests, including monetary, budgetary and tax issues, inspection and other control duties, protection of the Data subject or the rights and freedom of others in Bosnia and Herzegovina - Article 28 of Law of BiH - determination of exceptions to rights.

 

Natural person/data subject that resides in Republic of Bosnia and Herzegovina and whose personal data is being processed shall file a complaint or make a request regarding the processing of his or hers personal data through email security@comtradegaming.com.

You also have the right to lodge a complaint with the competent supervisory authority Agencija za zaštitu ličnih podataka u Bosni i Hercegovini. Contact information: No 6 Dubrovačka Street, 71000 Sarajevo, Bosnia and Herzegovina, phone +387 33 726 250, email: zlpinfo@azlp.ba.

 

10. Cookies 

We use cookies and similar technologies to ensure that you get the most out of our Website. We may also use cookies to collect information about how you use our Website and your online behavior. The types of data that we collect in this way may include your previous destination, the type of browser, the operating system, the browser used, as well as the duration of your visit to the Website. For more information on how we use cookies and similar technologies and how you can control them, please see our Cookie Policy published at the bottom of the Website.

For more information on how to disable email tracking, please go to the following link

(https://www.wikihow.com/Stop-Email-Trackinghttps://nordvpn.com/blog/how-to-block-email-tracking/https://www.hongkiat.com/blog/detect-disable-email-tracking/), or to the documentation within your e-mail application (if you use it) or your e-mail service provider (if you use an Internet browser to read e-mail).

 

11. Links to other websites

This website may contain links to third parties websites. We disclaim any control over, relationship with, or endorsement of these sites and shall not be liable for data protection while visiting such websites. Links to other websites are provided only as a convenience and we encourage you to read these third-party websites’ terms of use and privacy policies.

 

12. Changes to this Privacy Policy  

We may update our privacy policy from time to time. An updated Privacy Policy will be posted on the relevant website or will be provided to you upon request.