RULEBOOK ON PERSONAL DATA PROCESSING
This Rulebook on personal data processing shall govern the way in which AVA Shopping Park processes personal data of the AVA Shopping Park website users (“Website”), and the users of the Accounts on the Website (“Account”).
Protecting your personal data during our business operations is one of the most important obligations of IKEA SRBIJA DOO BEOGRAD (VOŽDOVAC), (“AVA Shopping Park”). Therefore, our goal is to offer you a safe experience on the Internet while respecting your rights to personal data confidentiality and protection.
Pursuant to the Law on Personal Data Protection (Official Gazette No 87/2018) (“the Law”), AVA Shopping Park is obliged to process personal data in accordance with the processing principles solely for the below specified purposes and in the manner that ensures the security of the personal data.
Principles of data processing
Personal data of the AVA Shopping Park Website/Account users shall be:
- a) ) processed lawfully, fairly and in a transparent manner in relation to the data subject;
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected/processed;
- d) accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed or collected;
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. AVA Shopping Park undertakes to safeguard personal data of the Website/Account users in accordance with the requirements of the Law;
- g) AVA Shopping Park shall be able to demonstrate compliance with principles listed under (a) to (f), which is why the rules and conditions of personal data processing must be documented.
AVA Shopping Park shall process only the personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Personal data shall be processed for the following purposes which will always be specifically and explicitly presented to you, generally by means of a Notice, but also in any other way used to provide information to users (such as posters, symbols, etc.):
- a) user identification and enabling access to their Account, provision of the services available on the Account (i.e. enabling the use of all Account features);
- b) contacting users via any means of communication and providing information (which are not related to advertising);
- c) profiling users in order to provide content relevant to their interests, and improve the services provided;
- d) sending messages for the purposes of direct advertising through the means of communication for which the user gave their consent at the time of setting up the Account, for the purpose of promoting activities, offers and products available at the AVA Shopping Parka, the Company and their Partners; advertising messages can be sent as a result of profiling or not related therewith;
- e) performing marketing activities or advertising in general, verifying customer loyalty and market research;
- f) performing economic, financial and/or administrative management at the AVA Shopping Park;
- g) centralizing operations and maintaining an internal database in which user data shall be stored, which will be accessible to the AVA Shopping Park to use them (since the use of such data requires processing thereof through internal applications of the AVA Shopping Parka during business);
- h) performing internal analysis (including statistical analysis and reports) related to the customer portfolio, improvement and development of services and conducting market research and analysis in order to improve and develop the services provided by the AVA Shopping Park, the Company and their Partners;
- i) archiving, resolving disputes, investigations and other requests/complaints AVA Shopping Park is a party of; verification of risks associated with AVA Shopping Park procedures and procedures, as well as AVA Shopping Park audits or investigations;
- j) high level of security of both computer systems (e.g. applications, networks, infrastructure, websites) and physical locations;
- k) providing support at the request of the users.
Each time we receive personal data from yourself or others, we will provide you with the following information:
- a) identity and contact details of the data controller, as well as data protection officer at the data controller;
- b) type of data;
- c) purpose of processing;
- d) legal basis for processing;
- e) existence of a legitimate interest of the AVA Shopping Park on the basis of the provisions of the law/contract execution, and the consequences of your refusal;
- f) the recipient, i.e. a group of recipients of personal data, if any;
- g) the fact that we intend to transfer personal data to another country;
- h) term of keeping personal data, and
- i) your rights regarding the personal data processing.
This information will be available to you either in the Notices or through another means of communication AVA Shopping Park uses for such purposes (such as posters, symbols, etc.).
Access to your data
Access to your data will be provided only to those natural or legal persons with whom we cooperate for the purposes of processing, in respect of (new or planned recipients) we are able to prove a legitimate interest in accordance with the provisions of the Law, or the legal obligation to provide your information.
The following legal entities and their employees will have access to your data:
- a) IT service providers (such as software maintenance and development, website maintenance and development);
- b) providers of market research services, transmission of advertising messages, network tool user traffic and behavior monitoring, adaptation of various types of advertising to consumers, advertising via social media and advertising content;
- c) Companies within IKEA SRBIJA DOO BEOGRAD (VOŽDOVAC) (“Company”);
- d) AVA Shopping Park Asset Manager.
We will require these companies and their employees to respect the obligation to maintain the confidentiality of this information and to ensure a high level of security in the processing of your data.
We will provide your personal data to judicial authorities, state institutions and central and local authorities in case of a substantiated request or legal obligation.
Personal data security
We will take the appropriate security measures so that your transferred, stored or otherwise processed personal data are protected against destruction or damage, unauthorized or unlawful modification, unauthorized disclosure or access, or any other form of illegal processing. The security measures applied in relation to your personal data the ability to ensure the ongoing confidentiality integrity, availability and resilience of processing systems and services, as well as the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
All personal data is processed via secure pages that use the SSL encryption-based Internet security protocol, marked with a padlock icon displayed at the top of the window.
For more information on the website security standards, see the section “Help”.
In addition to the above, your account is password protected in order to protect the security of your data and the confidentiality of information sent through the Account. AVA Shopping Park uses their best efforts and appropriate IT technologies to ensure the protection and security of the data you provide us with.
In cases of personal data breach provided by the Law, AVA Shopping Park will inform the competent authorities and persons in the prescribed manner.
Accuracy of personal data
AVA Shopping Park processes personal data that are accurate, and has established and applies procedures for their regular updating. Therefore, AVA Shopping Park takes all necessary measures to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Your personal data is processed and stored for as long as necessary, i.e. within the period in which we provide you with Website/Application services.
When you decide to delete your account, AVA Shopping Park will keep your data for another 3 years, for the purposes of the legitimate interests pursued by the AVA Shopping Park including the possibility of data access and submission of the necessary documents in case of possible disputes, complaints or investigations.
As the Website/Account user, you have the following rights you can exercise, individually or cumulatively, with respect to your personal information AVA Shopping Park holds:
- a) Right of access – The data subject shall have the right to obtain from the AVA Shopping Park confirmation as to whether or not personal data concerning him or her are being processed, access to the personal data and certain information thereof. AVA Shopping Park shall deliver a copy of the processed personal data upon request. AVA Shopping Park may request reimbursement of the costs of making additional copies required by the data subject;
- b) Right to rectification – The data subject shall have the right to obtain the rectification of inaccurate personal data concerning him or her, and the right to have incomplete personal data completed, including by means of providing a supplementary statement;
You have the option to edit your information at any time by clicking on the “My account” button, then “Account settings”, so that you may access your personal data and can change then at any time.
- c) ) Right to erasure (‘right to be forgotten’) – in cases expressly provided by law, you have the right to request AVA Shopping Park to erase your data. You can request the deletion of personal data in the following cases:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the personal data have to be erased for compliance with a legal obligation of the AVA Shopping Park.
- d) Right to restriction of processing – The data subject shall have the right to obtain from AVA Shopping Park restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the AVA Shopping Park to verify the accuracy of the personal data;
- AVA Shopping Park no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- the data subject has objected to processing, a u pending the verification whether the legitimate grounds of the AVA Shopping Park override those of the data subject.
you revoke the consent on the basis of which the processing had been performed;
you object to processing in accordance with your legal right to object;
- personal data have been illegally processed;
processing is illegal, and you oppose the erasure of personal data;
In these cases, the data will not be further processed, whereby they shall be stored.
- e) Right to object the personal data processing – the data subject shall have the right to file an objection to the AVA Shopping Park, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, including profiling, based on AVA Shopping Park’s legitimate grounds for the processing or performing activities in the public interest.
Advertising messages sent electronically may contain brief information about your ability to object to the processing of personal information for direct advertising purposes. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
The right to file objections to processing of personal data for the purposes of direct advertising conducted by the AVA Shopping Park is available to users when processing personal data for the purposes of direct advertising, in relation to products similar to those already contracted, is not based on a consent, but on (i) legitimate interest of the AVA Shopping Parka or (ii) an existing contractual relationship with AVA Shopping Park.
- f) Right to complain – the data subject shall have the right to file a complaint to the processing of personal information by the AVA Shopping Parka. The complaint shall be submitted to the Commissioner for Information of Public Importance and Personal Data Protection (“Commissioner”);
- g) The right to revoke consent – the data subject shall have the right to at any time revoke consent to the processing of personal information by the AVA Shopping Park, if the processing is based on consent. Revocation of consent does not affect the admissibility of processing based on the consent given before revocation. For example, you have the option to revoke your consent to processing for direct marketing purposes.
You may revoke your consent to processing by AVA Shopping Park for direct marketing purposes as follows:
- By sending a text message or clicking the link, depending on the instructions in the respective text or e-mail;
- By contacting the AVA Shopping Park via the below given means of communication (mail or e-mail).
You may exercise the aforementioned rights (except for the right to contact the Commissioner you can exercise under the conditions established by that authority, which are presented on their official website www.poverenik.rs) either individually or collectively, by sending a message:
- If by e-mail, to the e-mail address: firstname.lastname@example.org ;
In addition, a data protection officer has been appointed (“Representative”) at the Company level, you can contact in case of any issues related to the protection of personal data and the exercise of your rights thereto. You can contact the Representative by submitting a written, dated and signed request to the following postal address: Dimitrije Ostojić, IKEA Srbija d.o.o. Beograd, Ul. Astrid Lindgren 11, or the following e-mail: email@example.com.
Rulebook on Data Secrecy and Other Documents Related to Personal Data Processing
This Rulebook on data secrecy represents a general framework that reflects the data processing principles applied by the AVA Shopping Park. The Rulebook on data secrecy is supplemented the following documents:
Account Notice regarding the personal data processing functions of this means of communication and the Account;
by accessing the section “Account Settings” in the Account;
Amendments to the Rulebook on data secrecy
This Rulebook on data secrecy was last updated on 10 May 2022.
AVA Shopping Park reserves the right to revise and update this Rulebook on data secrecy at any time. You may find additional information in this updated document at avashoppingpark.rs/en/privacy-policy
Therefore, please check the relevant article of our Rulebook on data secrecy when visiting the Website, as it may have changed since your last visit.
If you have any questions regarding the information provided on this page, please send us an e-mail at firstname.lastname@example.org.