Data security

We take the data protection and security of our employees, business partners and customers seriously.

Therefore, respect for privacy is a serious concern to which we pay special attention when processing and using personal data. If personal data is collected (eg your name, address or other contact information), it is processed and used exclusively in accordance with the applicable data protection regulations. Below we would like to inform you about the collection of personal data when using this website. Personality data is any data that relates to you personally - e.g. name, address, e-mail address, user behavior.

 

1. Data controller and person


The controller responsible for the collection, processing and use of your personal data in the context of the Personal Data Protection Act is:

PHOENIX PHARMA DOO BELGRADE
Bore Stankovica 2, Belgrade-Makis
Registration number: 07517807

You can contact our personal data protection person at milos.krstic(at)benu.rs
or via our postal address, marked on the hands of the "data protection person".

 

2. Collecting personal information when visiting our website


(1) When you use the website for informational purposes only - ie. if you do not register or otherwise provide us with information - we only collect personal information that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary to show you our website and ensure stability and security:

  • IP adress
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Amount of data transferred
  • URL of the previously visited page (Referer URL)
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

The legal basis for the processing of this data is Article 12, paragraph 1, item 6 of the Law on Personal Data Protection. Our interests in data processing are in particular to enable the use of the website by guaranteeing the stable operation and security of the website. Where not explicitly stated, we only retain personal information for as long as necessary to fulfill the purposes for which it was collected.

(2) In addition to the information mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that the browser stores on your hard drive and through which certain information passes. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make websites more useful and efficient.

In order to determine whether you have agreed to the processing of data related to cookies / software add-ons (if necessary), we have set a cookie based on our legitimate interest (Article 12 paragraph 1 item 6 of the Law), which informs us what type of processing data you have given consent or if you have not given consent.

Of course, you can see our website without cookies. Internet browsers are generally set to accept cookies. You can disable the use of cookies at any time by setting your browser. Use the help functions of your Internet browser to learn how to change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.

(3) If you consent, we will use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”). Google Analytics allows us to collect statistics on the use of our website and its resources. Cookies are stored for two years. We use Google Analytics exclusively for statistical purposes - e.g. to track how many users clicked on a particular item or information.

The legal basis for processing is your consent (Article 12, paragraph, item 1 of the Law), which you can give in the cookie header. If you have not given us consent, Google Analytics will not record your use of our website.

Google Analytics is based on cookies and records information about your use of our website, including your IP address. To prevent website visitors from being identified by their IP addresses, we use certain code to ensure that your IP address is transmitted only in abbreviated and therefore anonymous form. It is no longer possible to identify individual users using this abbreviated IP address.

More information on data protection using Google Analytics can be found here.

You can revoke your consent to future action by downloading and installing the add-on available at the following link: tools.google.com/dlpage/gaoptout.

Additionally, you can change your settings here or via the opt-out page of the Network Advertising Initiative (NAI).

Alternatively, you can disable Google cookies through the Digital Advertising Alliance website using the following link: http://optout.aboutads.info/?c=2#!/.

Finally, you can prevent cookies from being stored using the general browser settings.

General Google Note:

The data recorded by Google Analytics is sent to Google based in the United States. Google is self-certified on the basis of Privacy Shield in order to ensure adequate protection of your personal data in accordance with the laws of Serbia.

Additional information about Google's data protection can be found at https://policies.google.com/privacy?hl=en.

 

3. Email contact


If you contact us (e.g. via the contact form or email), we store your information in order to process your inquiry and any additional questions. We delete this data when it no longer has to be stored or restrict its processing if there are legal obligations to keep the data. We only store and use other personal data if you agree to it or if it is legally allowed without special consent.

 

4. Google Fonts


To ensure consistent font display, our website uses a font service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). When you access a web page, the browser loads the required web fonts into the browser's cache to display text and fonts correctly. To do this, the browser you use needs to communicate with Google's servers. This includes the transfer of personal information to Google LLC servers in the United States. For example, Google will be notified that our website has been accessed through your IP address. Google fonts are used to ensure that our online services are presented in a consistent and attractive manner. Our legitimate interests are derived from these purposes.

In the event that personal data is transferred to a US LLC based in the USA, Google LLC has been certified in accordance with the EU-US Privacy Shield Convention, which guarantees compliance with the level of data protection applicable in the EU.

You can find more information about Google Fonts at developers.google.com/fonts/faq and Google's privacy policy: https://www.google.com/policies/privacy.

 

5. Google reCAPTCHA


We also use reCAPTCHA, a tool from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") on this website. This tool is primarily intended to distinguish whether the entry was made by a natural person or was misused using machine and automated means. This data processing involves sending the IP address and, where applicable, other data that Google requests for the reCAPTCHA service to Google and is performed in our legitimate interest (avoiding abuse and spam). In some cases, the use of Google reCAPTCHA may involve the transfer of personal information to Google LLC servers. in the United States.

In the event that personal information is transferred to Google LLC. based in the USA, Google LLC. is certified for Privacy Shield, which guarantees compliance with the level of data protection applied in our country. You can view the current certificate here: https://www.privacyshield.gov/list

Additional information about Google reCAPTCHA and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en-Latn

 

6. Vimeo


We use the Vimeo provider to embed and display videos; our legitimate interests are derived directly from those purposes. Vime is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, NY 10011, USA. If you access websites that are part of our presence on the Internet and contain embedded videos - e.g. if you are playing a video - the connection to the Vimeo servers is established and the video is displayed. Information about which web pages you have visited and your IP address is then transferred to the Vimeo server. If you are logged in to Vimeo as a member, Vimeo will link this information to your personal user account. If you use a plug-in - e.g. click the Play button on the video - this information is also associated with your user account. The legal basis is Article 12, paragraph 1, item 6 of the Law on Personal Data Protection. You can prevent this information from being associated with your account by logging out of your Vimeo user account before using our website and deleting the appropriate cookies from Vimeo.

For more information on data processing and tips on data protection by Vimeo, visit vimeo.com/privacy.

 

7. Photos


We often take photos at events. Photos are used internally and externally (in print media, on websites, etc.). Upon arrival at the event, attendees are informed that photos can be taken and used. When taking and posting photos, we make every effort to ensure that this does not violate the legitimate interests of the groups of people in the picture.

The legal basis for the processing of this data is generally a legitimate interest in terms of Article 12 paragraph 1 item 6 of the Law: Events of customers and / or employees and presentation of marketing activities of the data controller, as well as consent (12 paragraph 1 item 1 of the Law). You have the right to object to this processing by e-mail to milos.krstic(at)benu.rs .

Photographs will normally be deleted within 12 months of their creation, if the purpose of the photograph is no longer valid.

 

8. Your rights


In the following, we would like to inform you of your rights under:

Right of access

You have the right to request confirmation of the processing of data relating to you and, if so, to request information relating to that data in accordance with Article

Right to correction

Pursuant to Article 29 of the Law, you have the right to request the addition or correction of incorrect information relating to you.

Right to delete

Pursuant to Article 30 of the Law, you have the right to request that your personal data be deleted, provided that there are no legal obligations to keep the data.

The right to limit processing

You can request a processing restriction in accordance with Article 31 of the Law.

The right to data portability

You have the right to request a copy of the personal data we hold about you and, in addition, to request that they be passed on to other data controllers.

The right to object

You may object to the processing of your personal data in accordance with section 37 of the Act at any time.

Right to withdraw consent

You have the right to withdraw the consent you have given at any time, with effect from the moment of withdrawal.

The right to lodge a complaint with the Commissioner for Personal Data Protection.

 

09. Data protection incident reporting system


PHOENIX group, ie. PHOENIX Pharmahandel GmbH & Co KG, as well as its affiliates of which the Operator is a member, has established a network-based reporting system that provides our employees, business partners, customers and third parties

provides individuals with a simple system for reporting incidents or data problems. These reports are taken seriously, reviewed and responded to regularly, and are used to improve personal data protection. You can access this reporting system at any time via https://phoenixgroup-databreach.integrityplatform.org.

To explain the background of the reporting system in more detail, we also answered a number of frequently asked questions below:

When should I report an incident?

The PHOENIX group has an obligation to notify the supervisory authority within 72 hours of learning of the incident. This means that all incidents must be reported without delay via an online reporting tool.

Which data protection incidents should be reported and how?

All personal incident incidents are reported to the Data Protection Officer via an online reporting tool.

What is a data protection incident?

A data protection incident is any event that results in or could result in accidental or intentional loss of personal data (electronic or paper) or destruction of data or unauthorized access to data (eg loss or theft of laptops, smartphones, paper documents, prescriptions).

What happens after I file a report?

Data protection officers will review the incident report and contact you for further information or, if necessary, assist you in post-incident proceedings.

 

10. General


We reserve the right to change our data protection policy. This may be necessary as a result of technical development, for example. Therefore, please review the data protection policy from time to time and apply the current version.

If you have additional questions regarding the processing of your personal data, please contact the designated data protection officer.