Data Privacy Policy

DATA PROCESSING POLICY
Notice on the Processing of Personal Data

Freelancer Forum, (hereinafter referred to as the "Controller"), in the capacity of data controller, processes users' data collected through the website https://freelancer.forum/public/ in accordance with the Law on Personal Data Protection ("Official Gazette of the Republic of Serbia" No. 87/2018—hereinafter referred to as the "Law").

This document contains all necessary information in accordance with Article 23 of the Law, as follows, with the aim of informing data subjects whose personal data are being processed (forum users).

When processing personal data, the Controller:

ensures that the collection and further processing of personal data are always based on an adequate legal basis;
respects the rights of data subjects and provides adequate assistance to them in exercising their guaranteed rights;
publishes and makes publicly available all relevant information related to the processing;
ensures that the collection and further processing of personal data are conducted solely for the purpose of achieving a specific goal;
collects and processes only the minimum set of personal data necessary for achieving that specific purpose;
collects and processes personal data only for the period required to fulfill the purpose for which they were collected;
ensures that the collected personal data are accurate and up to date;
ensures that the data are protected from any unauthorized or illegal access by internal or external parties.

1. Basic Terms Related to Personal Data Protection

"Personal data" refers to any data related to an identified or identifiable natural person, either directly or indirectly, particularly based on identifiers such as name, identification number, location data, or electronic network identifiers, or on one or more characteristics of the person's physical, physiological, genetic, mental, economic, cultural, or social identity.

"Processing of personal data" refers to any action or set of actions performed on personal data or data sets, whether automated or non-automated, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, using, disclosing by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasing, or destroying.

"Sensitive data" refers to data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data regarding a natural person’s sexual life or orientation.

The Controller does not collect or process sensitive data unless such data are voluntarily provided or required by applicable regulations. The Controller does not collect or process any personal data of minors without the prior verifiable consent of a parent or legal guardian.

A "Processor" is any natural or legal person, or government authority, that processes personal data on behalf of the Controller.

A "Recipient" is any natural or legal person, or government authority, to whom personal data are disclosed, regardless of whether it constitutes a third party, except when authorities receive data within the scope of a lawful investigation and process the data in compliance with applicable personal data protection rules.

2. Types of Personal Data Collected and Processed by the Controller and Categories of Data Subjects

The Controller collects personal data directly from data subjects to the extent necessary for achieving the specific purpose of processing, including:

identification and contact details (email address, user’s IP address).

3. Methods of Collecting Personal Data

The Controller collects personal data directly from data subjects when they enter and submit their data during registration on the Controller's website.

4. Legal Basis for Data Collection and Processing

The Controller collects and processes personal data based on the consent of the data subject, as per Article 15 of the Law. The data subject, through an unambiguous declaration of intent during registration, confirms that they have been informed of all relevant aspects of the data processing in accordance with Article 23 of the Law and consents to the processing of their personal data. Consent is voluntary and can be withdrawn at any time, which will result in the deletion of the collected personal data. Withdrawal of consent does not affect the processing carried out prior to the withdrawal (Article 15, Paragraph 3 of the Law).

5. Purpose of Processing Personal Data

The Controller collects and processes personal data for the following purposes:

user registration and participation in forum communication;
record-keeping;
informing users about the Controller’s services.

6. Storage and Protection of Personal Data

The Controller stores personal data in internal and electronic records (databases), secured through processors, and applies all necessary organizational, technical, and personnel protection measures in accordance with the Law, including:

technical measures within the computer system to permanently protect personal data from misuse, unauthorized access, collection, or disclosure;
storing data on servers and computers accessible only to authorized personnel who are obligated to maintain confidentiality;
other information security measures necessary to protect personal data.

7. Rights of Data Subjects

Data subjects have the following rights concerning their personal data:

the right to be informed about the processing and access their personal data and related information (Article 26 of the Law);
the right to request the correction of inaccurate or incomplete personal data (Article 29 of the Law);
the right to request data deletion (Article 30 of the Law);
the right to restrict processing (Article 31 of the Law);
the right to data portability (Article 36 of the Law);
the right not to be subject to decisions based solely on automated processing, including profiling (Article 38 of the Law);
the right to be informed of personal data breaches that could result in high risks to their rights and freedoms (Article 53 of the Law);
the right to lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection, address: Bulevar kralja Aleksandra No. 15, 11120 Belgrade, phone: +38111 3408 900, email: office@poverenik.rs (Article 82 of the Law);
the right to judicial protection if they believe their rights under the Law have been violated (Article 84 of the Law); and
other rights guaranteed by applicable laws.

Data subjects can exercise their rights by contacting the Controller or the designated contact person. The Controller will provide all necessary information and assistance regarding the exercise of these rights, as prescribed by the Law.

8. Access to Personal Data

The Controller may provide personal data to third parties—processors and recipients. All processors sign specific agreements regulating data processing actions and protection measures.

Categories of individuals with access to personal data include:

the Controller’s employees and other authorized personnel; and
IT companies (processors) maintaining information systems where data are stored.

Exceptionally, personal data may also be disclosed to competent authorities if legally required, but only to the extent necessary to fulfill specific legal obligations.

Personal data are stored in the Republic of Serbia and will not be transferred to other countries unless those countries provide an adequate level of data protection in compliance with Article 64, Paragraph 7 of the Law.

9. Retention Period for Personal Data

Personal data will not be retained longer than necessary to achieve the purpose for which they were collected. Data are stored until the withdrawal of consent or, in any case, for up to two years from the date of collection, after which they will be deleted.

If the data are needed for other legitimate purposes (e.g., legal proceedings), they may be retained for a longer period.

10. Obtaining Information on Data Processing

Data subjects can contact the designated contact person Vladimir Golubovic via email: challengeandinspirepodcast@gmail.com to address any questions regarding data processing, including the exercise of their rights and access to related documents. The contact person will respond within 14 business days of receiving the inquiry.

11. Consent to Data Processing

By giving consent to data processing, the user confirms that they have read and fully understood this notice on personal data processing and agrees to the collection, processing, and use of personal data in the manner described above, in accordance with applicable regulations.