Privacy Policy

1. Privacy

Noleko d.o.o. Čačak (hereinafter referred to as: NOLEKO) is the data controller for the personal data of individuals, which it processes exclusively in accordance with applicable legal regulations, specifically in compliance with:

The Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – “GDPR”), The Law on Personal Data Protection (Official Gazette of RS, No. 87/2018, hereinafter referred to as: the Law) and business needs.

NOLEKO processes personal data in accordance with this Personal Data Protection Policy – Privacy Policy (hereinafter referred to as: the Policy) and other internal regulations governing personal data protection and privacy matters.

Below are the most important terms and procedures we implement to protect your personal data (hereinafter referred to as: Users and/or Interested Parties) related to the collection, processing, and storage of personal data.

2. Supervision

In the process of using personal data, we adhere to all prescribed and mandatory rules and security measures.

3. Our Approach

The protection of personal data is of essential importance to us.

4. Principles of Personal Data Processing Followed by NOLEKO:

a) Legality, fairness, and transparency

NOLEKO ensures the lawful, fair, and transparent processing of personal data through the following measures:

  • Processing is necessary for the registration of interested parties for employment, work outside of employment, or internships at the company Noleko d.o.o. Čačak;
  • Processing is based on the prior consent of the person to process their data;
  • Processing is necessary to comply with the legal obligations NOLEKO has as the data controller or to exercise the legally prescribed powers NOLEKO has as the data controller;
  • Processing is necessary to pursue NOLEKO’s legitimate interests.

b) Purpose Limitation: We collect your personal data only for clearly defined, specific, explicit, justified, and lawful purposes and do not process it further in ways that are not compatible with these purposes.

c) Data Minimization: This principle requires us to process only the personal data that is necessary, relevant, and adequate in relation to the purpose for which it is used.

d) Accuracy: We are required to take all reasonable measures that allow us to regularly update or correct your personal data.

The principle of storage limitation requires us to store your personal data only for the period necessary for the specific purpose for which it is being processed. Once the processing period expires or the purpose of the processing ceases, we delete your personal data or destroy it in a legally prescribed manner.

e) Integrity and confidentiality, non-repudiation, and availability: We are required to protect personal data from unauthorized or unlawful processing, loss, or destruction through technical and organizational measures to safeguard your personal data. At the same time, we ensure that access to personal data is granted only to authorized employees.

f) Accountability: We are required to document compliance with all of the above conditions.

5. Contact for Your Questions

If there is any uncertainty in any part of this statement or if you have any questions or comments regarding the protection of your personal data, you can contact us at the email: [email protected].

6. Categories of Personal Data We Process

Personal data refers to information that allows us to identify you. Therefore, it includes information that can be specifically attributed to you.

Personal data does not include anonymous or aggregate data, i.e., data that cannot be clearly attributed to you.

Personal data is classified into the following categories:

  • Information that Users and/or Interested Parties provide by filling out appropriate forms on our website or submitting them through their resume and/or cover letter, certificates, diplomas.
  • Basic data that includes your first and last name, date of birth, educational background, titles, information about skills, knowledge of foreign languages, training, and a list of previous employers;
  • Communication data: email, phone number. Special categories of personal data that include sensitive information: for example, in the selection process for a high-risk job, the candidate will be informed that a pre-employment medical examination provided by the Employer is required, and the employment for that position can only be finalized after receiving a report from the doctor confirming that the candidate is fit to perform the job duties for that position.

7. Legal Basis for Processing Your Personal Data

The personal data we receive from you is used only to the extent necessary and for the purposes described here, namely for the registration of interested parties for employment, work outside of employment, or internships at Noleko d.o.o. Čačak.

The legal basis for processing personal data includes:

Consent – you provide us with consent to process personal data by submitting your resume for the purpose of further recruitment, selection, and notification of open job positions, all with the goal of potential employment and establishing an employment relationship.

We hereby inform you that, for the purposes stated here, we will continue to process the data you have provided through your resume, cover letter, and/or by filling out a predefined questionnaire for the next 2 years, all in accordance with the Constitution of the Republic of Serbia, the Law, and the principles of legality, transparency, purposefulness, proportionality, and data processing security.

8. Data Protection

We take care of the protection of your personal data and, for that reason, adhere to the following technical and organizational measures to ensure the security of your personal data.

These measures include the following types of protection:

  • Physical access control – we store all data in a way that protects access to it, which means that the places where data is stored are secured by technical means such as smart cards, keys, doors that can be locked electronically, etc.
  • Controlled access – access to the personal data storage system is not granted to anyone without appropriate passwords or two-step verification. Thus, the data is available only to authorized individuals/employees and only to the extent necessary, with an obligation to comply with NOLEKO’s internal regulations governing personal data protection;
  • Electronic access control – we have adopted measures that prevent unauthorized reading, copying, modification, removal from the system, or other unauthorized access and/or manipulation with the data.
  • Transfer control – prohibition of transferring personal data via open communication channels or computer networks that are not under Noleko’s control.

9. Your Rights

Right to Information on the Processing of Personal Data:

You have the right to know the legal basis for processing, the purpose, or information about the storage period of personal data. You will always be informed of the legal basis and purpose of processing personal data before the processing begins, as defined by this Policy, NOLEKO’s internal regulations, and the Law.

Right to Access Personal Data:

We commit to providing information on whether we process your personal data and, if we do, in what manner. You also have the right to request a copy of the processed personal data. Upon your request, we are obliged to inform you of the purpose of the data processing, the recipients of the processed personal data, and/or other related information.

Right to Correction:

You have the right and permission to request that we change any of your personal data that we process if it changes (e.g., surname change, address change, etc.).

We are not required to verify whether the personal data we have collected is current, inaccurate, or imprecise; however, when you notify us of such a fact, we are obligated to act in accordance with your comment or request for correction.

Right to Erasure:

Also known as the “right to be forgotten,” this right requires us, as the data controller, to destroy your personal data in the following cases:

  • if the purpose for processing no longer exists, i.e., personal data is no longer necessary to achieve the purpose for which it was collected or otherwise processed;
  • if you withdraw your consent for the processing of personal data, and there is no other reason for processing your personal data;
  • if you object to the processing of personal data; and
  • if personal data must be erased to comply with legal obligations (e.g., destruction obligations).

Right to Object:

You have the right to submit an objection to the Commissioner for Personal Data Protection if you believe that any of your personal data is being processed in a way that constitutes a violation of your rights under the relevant regulations.

Right to Data Portability:

If you ask us to transfer your personal data, we are obligated to do so in a manner that transfers it in a structured, commonly used, and machine-readable format. This right can only be exercised when the processing is based on consent or a contract and is simultaneously automated, i.e., exclusively carried out using technical means based on a pre-determined algorithm and without any intervention.

10. How to Exercise the Rights of Data Subjects

Users whose personal data is processed can exercise their rights by filling out a request at the following link: REQUEST.

The data subject can submit a request in written or electronic form to the official postal address Bulevar Tanaska Rajića 2, 32000 Čačak, or via email at [email protected].

NOLEKO employees will verify the identity of the applicant by inspecting a personal document. NOLEKO is obligated to act on the request no later than 30 calendar days from the date of receiving the complete request.

If NOLEKO does not act on the applicant’s request, it must notify the applicant of the reasons for not doing so without delay, and no later than 30 calendar days from receiving the request. Along with the notification of non-compliance, NOLEKO must inform the applicant of their right to file a complaint with the Commissioner or a lawsuit in court to exercise their rights.

11. Rules on Sharing Your Personal Data with Third Parties

The geographical scope of data processing is limited only to the territory of the Republic of Serbia, specifically to the Controller’s addresses, namely:

Bulevar Tanaska Rajića 2, 32000 Čačak

The Controller does not transfer personal data outside the territory of the Republic of Serbia.

12. When You Are a Data Subject

You are a data subject only as a natural person; legal regulations regarding personal data protection do not apply to legal entities, cooperatives, associations, etc.

I am aware of the Information on the processing of personal data and the rights and obligations related to the processing of personal data at NOLEKO DOO ČAČAK.
I agree that NOLEKO DOO ČAČAK may process my personal data submitted through my resume and/or the completed application form for the job competition, in accordance with the Information on the processing of personal data, the applicable Personal Data Protection Policy at NOLEKO DOO ČAČAK, and the Law on Personal Data Protection (“Official Gazette of RS”, no. 87/2018).

I agree that the personal data I have submitted via my resume and/or the completed application form for the job competition be stored in the database of NOLEKO DOO ČAČAK for a period of 2 years, for the purpose of reconsidering my resume in the event of future vacant job positions and the need for employment or engagement outside of employment.