RULES ON PERSONAL DATA USE
 INTRODUCTORY PROVISIONS
- Company Metropol Palace doo (Ltd.) Belgrade, with registered head office in Belgrade, Palilula municipality, No. 69 Kralja Aleksandra Blvd., Company Registration Number: 20166495, TIN: 104439205 [hereinafter referred to as: Metropol Palace] hereby informs all individuals whose personal data will be collected and processed that such processing will be performed in accordance with all applicable laws and by-laws as well as the guidelines set forth in these Rules on Personal Data Use [hereinafter referred to as: Rules].
- Metropol Palace is the owner of the 5-star hotel Metropol located in Belgrade at No. 69 Kralja Aleksandra Blvd.; in most of its business-related activities, Metropol Palace acts as a personal data handler, and – independently or together with other handlers – determines the purpose and method of data processing, while in some activities Metropol Palace may be a processor who processes personal data on behalf of another handler. In situations where Metropol Palace acts as a personal data processor for another handler, data processing is carried out in accordance with the contract or other legally binding act that governs the personal data processing and protection, all in line with the Law on Personal Data Protection [“Official Gazette of the Republic of Serbia”, no. 87/2018 – hereinafter referred to as: the Law].
- The Rules are made publicly available on the Metropol Palace website www.metropolpalace.com with the purpose to inform all parties to the fullest extent possible on how Metropol Palace handles personal data, i.e.:  in what way personal data is collected, processed and protected,  in what way the person to whom such data relate may exercise the appertaining rights,  what are the accepted international standards for personal data processing and safeguarding.
- These Rules aim to lay out the fundamental guidelines for the personal data protection in the course of their collection. The standards outlined in Article 5 of the Law are followed by Metropol Palace when collecting and processing personal data, and such personal data shall be:
- Processed in a legal, fair and transparent manner in relation to data subject [legality, fairness and transparency];
- Collected for purposes that are specifically determined, explicit, justified and legal, and where such data cannot be further processed in a way inconsistent with those purposes [restriction with respect to the processing purpose];
- Pertinent, relevant, and constrained to what is required in respect to the processing objective [data minimization];
- Accurate and, if necessary, updated [accuracy];
- Stored in a form that enables the identification of the person only for the period necessary to achieve the purpose of the processing [storage limitation];
- Processed in a way ensuring adequate personal data protection, including protection against unauthorized or illegal processing, as well as against accidental loss, destruction or damage by applying appropriate technical, organizational and personnel measures [integrity and confidentiality].
1.5. The personal data protection in the Republic of Serbia is handled by the Commissioner for Information of Public Importance and Personal data protection [hereinafter referred to as: the Commissioner] with the head office in Belgrade, No. 15 Kralja Aleksandra Blvd. The Commissioner’s contact details are given below:
EMAIL ADDRESS: firstname.lastname@example.org
TELEPHONE NUMBER: +381 11 34 08 900
WEB PAGE: www.poverenik.rs
 MEANING OF TERMS USED IN THESE RULES
2.1. Certain terms used in these Rules shall have the meaning as stated below:
METROPOL PALACE DOO BELGRADE
Belgrade, Palilula Municipality, No. 69 Kralja Aleksandra Blvd., Company Registration Number: 20166495, TIN: 104439205
Email: email@example.com Contact phone number: +381 11 3333 100
PERSONAL DATA PROTECTION OFFICER
Email: firstname.lastname@example.org Contact phone number:+381 11 3333 100
PERSONAL DATA (INFORMATION)
any data relating to a natural person whose identity is determined or determinable, either directly or indirectly, particularly on the grounds of an identity marker, such as a name and identification number, location data, identifiers in electronic communication networks or one or more characteristics of the person’s physical, physiological, genetic,
mental, economic, cultural, and social identity.
a natural person whose personal data is processed.
PERSONAL DATA PROCESSING
any action or set of actions performed in an automatic or non-automatic manner regarding personal data or their sets, such as collecting, recording, sorting, grouping, i.e. structuring, storing, matching or altering, as well as their disclosure, inspection, use, disclosure by transmission, i.e. delivery, duplicating, disseminating or otherwise making available,
comparing, restricting, deleting or destroying (hereinafter referred to as: processing).
marking of the stored personal data to limit their processing in the future.
any type of automated processing used to evaluate a specific personality trait, particularly for the purpose of analysing or predicting a natural person’s work performance, economic position, health status personal preferences, interests, reliability,
behaviour, location, or movement.
processing in such a way that it is impossible to attribute personal data to a specific person without the use of additional data, provided that these additional data are stored separately and that technical, organisational, and personnel security measures are put in place to ensure that personal data cannot be attributed
to a specific or identifiable person.
any structured collection of personal data that is accessible as per specific criteria, whether
centralised, decentralised or classified on functional or geographical grounds.
the natural or legal person processing personal data on behalf of Metropol Palace.
natural or legal person, i.e. the authority to which the personal data was disclosed, regardless of whether it is a third party or not, unless it is an authority that, in accordance with the law, receives personal data as part of the investigation of a specific case and processes this data in accordance with the Rules on the personal data protection related
to the purpose of processing.
a natural or legal person, i.e. a government entity, which is not the data subject, the handler or the processor, as well as the person who is authorised to process personal data under the direct supervision of the handler or
any consensual, specific, informed, and unequivocal expression of such person’s will through which that person, by a statement or clear affirmative action, grants consent to the processing of personal data pertaining to the
PERSONAL DATA BREACH
Such personal data security breach that results in accidental or unlawful destruction, loss,
alteration, unauthorised disclosure, or access
to personal data that has been transmitted, stored, or otherwise processed.
state body, the body of territorial autonomy and
local self-government units, public company, institution and other public service, organisations and other legal or natural person exercising public powers.
 APPLICATION OF RULES
- These Rules shall apply to any and all activities of collecting and processing personal data of employees, potential employees – candidates [potential future employees], customers, hotel guests, users of other Metropol Palace services, as well as other persons who concur to their personal data being used for receiving marketing messages and persons using Metropol Palace accounts on social networks.
- Metropol Palace shall collect, process, and store only the minimum amount of personal data required by law, using appropriate technical and organisational measures to achieve the purpose for which the data is collected and processed.
 TYPES OF PERSONAL DATA COLLECTED AND PROCESSED
4.1. Metropol Palace only processes the minimum amount of personal data required to achieve a particular objective, notably:
- The employees’ data are collected and processed in line with the applicable Labour Law, as well as laws governing employees’ social and health protection, where the purpose of processing such data is to meet Metropol Palace’s legal obligations as an employer, and where such processing is required to comply with Metropol Palace’s obligations in all respects pursuant to Article 12, paragraph 1, item 3 of the Law. Furthermore, Metropol Palace processes other data that employees choose to disclose to Metropol Palace for other purposes and on other legal grounds;
- Data including name and surname, social security number, gender, date and place of birth, residential address, apartment address, telephone number, email address, professional education and competencies, and other information that the person opts to share with Metropol Palace are collected and processed from qualified applicants [potential future employees]. Such processing is
required in order to take actions, at the request of the data subject, prior to the conclusion of an employment contract or other type of engagement, and to contact such persons in the event of a need for employment, all in pursuance of Article 12, paragraph 1, point 2 of the Law. After the end of the specific competition, persons who are not employed can decide that their data will remain available in the electronic records of Metropol Palace, and if there is a need for their employment in the future, Metropol Palace will contact them again. This implies that after the specific competition has concluded, further processing of personal data is carried out with the consent of job candidates [potential future employees] in pursuant to Article 12, paragraph 1, item 1 of the Law. If the job candidate is hired, his or her data will be processed in accordance with the processing method defined for all other employees;
- Personal data is collected and processed from customers/users of Metropol Palace Hotel services, which is required for the performance of the contracted services, notably: name and surname, gender, email address, residential address, telephone number, name of the company where the person is employed, nationality, ID card/passport number, all depending on the category of person, and all in accordance with Article 12, paragraph 1, item 2 of the Law;
- Personal data is collected and processed from interested parties who are willing to receive marketing messages from Metropol Palace, as well as the newsletter, and that: email address as well as name and surname, where such data are necessary to exercise the legitimate interests of Metropol Palace, such as promoting the sale of new products and providing Metropol Palace services based on the consent of interested parties in the sense of Article 12, paragraph 1, item 1 of the Law, i.e. in terms of Article 12, paragraph 1, item 6 of the Law;
- Personal data is collected and processed from persons who follow Metropol Palace profiles on social networks in accordance with the privacy policies of a specific social network, labelled as publicly available, and such processing is carried out with the consent of the data subject. By agreeing to use a specific social network and accompanying liking, following or taking some other similar action on social networks and in pursuance of Article 12, paragraph 1, item 1 of the Law, such data will be processed for marketing purposes [promotion] of Metropol Palace products and services;
 METHOD OF PERSONAL DATA COLLECTION
5.1. Metropol Palace collects personal data directly from the data subjects, notably:
- in accordance with the Labour Law, from employees and persons employed on some other legal grounds outside the employment relation, as well as from prospective candidates for establishing an employment relationship [prospective employees];
- products’ buyers and users of Metropol Palace hotel services;
- participants in promotions organised by Metropol Palace, recipients of newsletters and other marketing messages;
- users of the Metropol Palace website and users of Metropol Palace social media accounts.
5.2. If personal data is collected indirectly, Metropol Palace shall be informed in advance thereof, if possible and applicable in the specific case, whether the person providing the data is authorised to disclose personal data about another person to Metropol Palace for further use processing. Pursuant to Article 24 of the Law, a person providing personal data about another person is required to notify the person whose personal data was provided to Metropol Palace, as well as to inform that person about all important aspects of the processing.
 PARTICULAR/SPECIFIC PERSONAL DATA COLLECTION AND PROCESSING
6.1. Metropol Palace shall not collect or process personal data that reveal racial or ethnic origin, political opinion, religious or philosophical belief or trade union membership, and shall not process genetic data, data regarding the health status or data on the sex life or sexual orientation of a natural person, which data are defined as particular/specific personal data by Article 17 of the Law.
 LEGAL BASIS OF PERSONAL DATA COLLECTION AND PROCESSING
7.1. Pursuant to Article 12 of the Law, the processing is legal i.e. data is collected from a person when one of the following conditions for the legality of data collection and processing is met, notably:
- the person whose personal data is being processed has consented to the processing of his/her personal data for one or more specific purposes;
- processing is required for the execution of a contract concluded with the data subject or for undertaking actions at the request of the data subject prior to the conclusion of the contract;
- processing is required to comply with the handler’s legal obligations;
- processing is required to protect the vital interests of the data subject or another natural person;
- processing is required for the execution of the contract concluded with the data subject;
- processing is required to achieve the controller’s or a third party’s legitimate interests unless these interests are outweighed by the interests or basic rights and freedoms of the data subject that require personal data protection, and especially if the data subject is a minor.
 PURPOSE OF PROCESSING
8.1. In the given case, Metropol Palace shall collect and process personal data for the following purposes:
- with regard to product buyers and/or users of Metropol Palace hotel service, to execute a contract concluded with the data subjects or taking measures at the request of such person prior to the conclusion of the contract, all in accordance with Article 12, paragraph 1, point 2 of the Law;
- in order to fulfil Metropol Palace’s legal obligations under Article 12, paragraph 1, item 3 of the Law, and in reference to Metropol Palace employees;
- to achieve Metropol Palace’s or a third party’s legitimate interests, such as promoting the sale of new products and providing Metropol Palace services based on the consent of interested parties, in accordance with Article 12, paragraph 1, point 6 of the Law, all depending on the category of personal data being processed, as well as the purpose of personal data processing.
8.2. Following the principles and provisions set forth in these Rules, Metropol Palace shall collect and process personal data, depending on the category of persons whose personal data is processed, for the following purposes:
performance of obligations under a concluded employment contract or other contract under which a specific person is engaged outside of the employment relationship, and refers to individuals who are employed or are otherwise engaged in Metropol Palace;
establishing an employment relationship or other type of engagement outside of employment, and in relation to job candidates [future employees];
contacting job candidates [future employees] after the end of the specific job vacancy competition, referring to candidates who agree to have their data processed even after the end of such specific competition;
fulfilment of British Motors’ legal obligations as an employer under the Labour Law, the Law on Records in the Field of Work, and other laws governing the field of social and health insurance, and refers to persons employed or otherwise engaged by Metropol Palace;
fulfilment of contractual obligations on the purchase of Metropol Palace products, use of servicing, and with the person’s consent that their data be processed for marketing purposes – promotion of Metropol Palace products.
 PERSONAL DATA STORING
9.1. Collected personal data is stored for the time required to fulfil the purpose of personal data processing for which personal data was collected, and in accordance with the above:
Employee data is kept permanently in accordance with the obligations of the law governing records in the field of work, whereas job candidate data is kept until the purpose of processing the possible employment is exhausted, i.e. until consent is revoked in accordance with Article 15, paragraph 3 of the Law. Personal data are stored in accordance with the period of storage of employee data when establishing an employment relationship, i.e. engagement on other grounds prescribed by the Labour Law;
Data collected using video surveillance in Metropol Palace’s business premises is kept for a period of 20 days from the date of collection;
Data collected for the purpose of executing the concluded contract with product buyers and users of the Metropol Palace hotel services are kept until the purpose for which they were supplied is fulfilled, i.e. for contract execution and contractual services provision;
Persons who consent to their personal data being used for marketing purposes [receiving notifications regarding promotions, new products, receiving newsletters, etc.] are kept until the consent is revoked in line with Article 15, paragraph 3 of the Law, considering that these persons want Metropol Palace to keep them up to date on all news and promotions, and therefore the data will be used until those persons no longer want it;
Personal data collected from the individuals who follow Metropol Palace accounts on social networks is stored in accordance with the rules of those social networks.
 AUTOMATED DECISION-MAKING AND PROFILING
10.1. Data subject is entitled not to apply a Metropol Palace decision made solely based on automated processing, including but not limited to profiling if that decision has legal consequences for that person or has a significant impact on his position unless that decision is made with the consent of the data subjects unless such decision is:
- necessary for the conclusion or execution of a contract between the data subject and Metropol Palace;
- based on the law, if that law prescribes appropriate measures to protect the rights, freedoms and legitimate interests of the data subject;
- based on the express consent of the data subject.
10.2. Metropol Palace implements appropriate measures to protect the rights, freedoms and legitimate interests of the data subjects, and at least the rights:  to ensure the participation of a natural person under the control of Metropol Palace in making a decision,  the right of the data subject to express their
position regarding the decision of Metropol Palace, as well as  the right of the data subject to contest the decision before an authorized person of Metropol Palace.
 PROCESSING SECURITY
11.1. Metropol Palace stores all personal data collected and processed on paper and electronically. To ensure the security of collected personal data, Metropol Palace implements all necessary and applicable organisational, technical, and personnel measures in accordance with the Law and through:
personal data pseudonymisation and crypto-protection;
by restricting physical access to the system where the data is located; only authorised personnel shall have physical access to the system where the data is stored. Authorised personnel are only those individuals whose work tasks entail access to personal data to the extent that such tasks necessitate it. Authorised individuals shall have access to personal data provided that they are in the possession of the assigned password.
 RIGHTS OF DATA SUBJECTS (PERSONS WHOSE PERSONAL DATA ARE PROCESSED)
- Every person whose personal data is collected and processed has the right to be notified at the time of such data collection, i.e. to be provided with all of the information specified in Article 23 of the Law, including the information on:
the handler’s identity;
contact information of persons responsible for personal data protection; the intended processing’s purpose and legal grounds;
the existence of a legitimate interest on the part of the handler or a third party; the personal data’s
recipient or group of recipients;
the intention of the handler to transfer personal data to another country or international organisation, as well as whether that country or international organisation is a member of the Council of Europe Convention on the Protection of Individuals in Relation to Automatic Processing of Personal Data;
personal data storage period;
the existence of the right to request from the controller access, correction, or deletion of personal data, i.e. the existence of the right to limit processing, the right to object, and the right to data portability;
the right to revoke consent at any time, as well as the fact that revoking consent, has no effect on the admissibility of processing based on consent prior to revocation;
the right to file a complaint with the Commissioner;
whether the provision of personal data is a legal or contractual obligation, or whether the provision of data is a necessary condition for concluding a contract, whether the data subjects have an obligation to provide personal data, and what the consequences are if the data is not provided;
the presence of automated decision-making, including profiling, and, at least in those cases, purposeful information about the logic used, as well as the significance and anticipated consequences of that processing for the data subject;
- In addition to being notified, each data subject has the following rights:
 to inquire whether Metropol Palace processes his/her personal data and to request access to and a copy of such data.;
- to have the incorrect personal data corrected without undue delay. The data subject has the right, depending on the purpose of the processing, to supplement his/her incomplete personal data;
- to have the personal data deleted, while Metropol Palace is obliged to delete such data as soon as possible, provided that the following conditions are met:
personal data are no longer necessary to achieve the purpose for which they were collected; the data subject has revoked the consent on which grounds the processing was carried out, and there is no other legal basis for the processing;
the data subject has submitted an objection to the processing, and there is no other legal basis for the processing that prevails over the legitimate interest, right or freedom of the data subject, personal data were illegally processed;
personal data must be deleted to fulfil the legal obligations of the handler; personal data is collected in connection with the use of IT company services.
- to limit the processing of the subject’s personal data if one of the following conditions is met: the data subject disputes the personal data accuracy;
the processing is illegal, and the data subject opposes the deletion of personal data and instead of deletion requests restriction of such data use;
personal data are no longer needed to achieve the purpose of processing, but the data subject has requested them in order to submit, implement or defend a legal claim;
the data subject has submitted an objection to the processing, and the assessment is ongoing as to whether the legal basis for the processing outweighs the interests of the person.
- to retrieve its previously submitted personal data in a structured, commonly used and electronically readable form including the right to transfer the given data to another handler;
- to object at any time to the processing of his/her personal data carried out to perform tasks in the public interest or to exercise legal powers or if so required to achieve the legitimate interests of Metropol Palace or a third party, including profiling in connection with such processing.
- a decision made solely based on automated processing, including profiling, does not apply to the such data subject, if that decision produces legal consequences for that person or if such decision significantly affects his/her position, unless that decision is necessary for the conclusion or execution of a contract between the data subject and Metropol Palace, if it is based on the law or on the express consent of the data subject;
- Metropol Palace undertakes to provide the data subject with information on the action taken based on the submitted request for exercising the aforementioned rights as soon as possible and no later than 30 days from the date of receipt of the request, with the deadline being extended for an additional 60 days if necessary due to the complexity of the request. The data subject will be notified within 30 days of the date of receipt of the request about the extension of the deadline and the reasons for that extension.
- Metropol Palace shall notify such person of the reasons for not acting promptly, and no later than 30 days from the date of receipt of the request, as well as about the right to file a complaint with the Commissioner, i.e. initiate a lawsuit in court.
- All of the foregoing information shall be provided free of charge to the data subject. Only in the case of a clearly unfounded or excessive request, and especially if the same request is recurrently repeated, Metropol Palace may charge the necessary administrative costs of providing information, i.e. to act on the request or refuse to act on the request, in accordance with its discretionary decision.
12.6. The data subject has the right to contact the Commissioner if the data subject believes that his rights guaranteed by the Republic of Serbia’s positive regulations are being violated.
 ENSURING PROCESSING ACTIONS
- As a personal data handler, Metropol Palace may also provide personal data to third-party providers of services that complement the hotel’s services. Only the party that fully guarantees the application of appropriate technical, organisational, and personnel measures can be designated as a processor, ensuring that the processing is carried out in accordance with the regulations and the data subject’s rights are protected.
- The processor’s processing is governed by a contract or other legally binding act that obligates the processor to act in accordance with the Law and governs all other essential aspects of processing. Processors can include companies that provide IT services [maintenance of information and communication systems or companies that work on internet presentation], as well as other parties who perform certain processing actions in the name and on behalf of Metropol Palace, such as an accounting firm that processes employees’ salaries.
 PERSONAL DATA TRANSFER (DATA PORTABILITY) TO USERS AND THIRD PARTIES
14.1. Personal data are transferred when there is a legal obligation to provide them at the request of the competent state authority. Furthermore, Metropol Palace may provide personal data to its business partners when necessary for the accomplishment of their business relations, all under the terms of a contract that governs the security of personal data in accordance with regulations.
 CROSS-BORDER TRANSFERS OF PERSONAL DATA
- Personal data transfer to other countries or international organisations is permitted in accordance with the regulations governing personal data protection, notably to such countries or international organisations where an appropriate level of personal data protection is ensured, i.e. in the countries and international organisations:
which are members of the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data;
which the European Union has determined to provide an adequate level of protection;
with which the Republic of Serbia has concluded international agreements on the transfer of personal data; and
which are on the list established by the Government of the Republic of Serbia based on the Law’s criteria and rules, and which list is published in the “Official Gazette of the Republic of Serbia”.
- Metropol Palace will not disclose personal data in any foreign country.
 RECORD OF PROCESSING ACTIONS
16. 1. The electronic record of processing operations for which Metropol Palace is responsible as the handler shall contain the details on:
the name and contact information of the controller, joint controllers, the controller’s representative
and person responsible for the personal data protection, and processing purposes; the type of data subject and the personal data type;
the type of recipients to whom the personal data has been or will be disclosed, including recipients in other countries or international organisations;
cross-border i.e. transfer of personal data to other countries or international organisations, including the name of such country or international organization;
the period after which certain types of personal data are deleted, if such a period has been set; general description of protection measures.
 PERSONAL DATA BREACH NOTICE
- Metropol Palace is required to notify the Commissioner of a personal data breach/infringement that may jeopardise the rights and freedoms of natural persons without undue delay, or, if possible, within 72 hours of becoming aware of such breach. If Metropol Palace fails to act within 72 hours of becoming aware of a violation, then Metropol Palace shall be obliged to provide the reasons thereof. In addition to notifying the Commissioner, Metropol Palace is required to notify the data subject and explain the scope of the personal data breach in a concise and understandable manner.
- Metropol Palace is not obliged to inform a person about a personal data breach if Metropol Palace:
has implemented appropriate technical, organisational, and personnel protection measures in relation to personal data whose security has been compromised, particularly if crypto protection or other measures prevent data intelligibility to all persons who are not authorised to access this data;
has subsequently taken action to ensure that the personal data breach implying a high risk to data subjects’ rights and freedoms no longer has consequences for that person;
notifying the data subject would represent a disproportionate expenditure of time and resources; therefore, information must be provided to the data subject through public notification or another effective means.
- Cookies can be removed by changing the settings in the internet browser; however, doing so may reduce the website functionality.
- The cookies used on the Metropol Palace website are:
cookies that are essential for making the website usable by enabling basic functions such as site navigation and access to different areas of the website;
setting cookies that allow a website to remember information that alters how the website behaves or looks;
statistical cookies assist Metropol Palace, the website’s owner, in understanding the interaction of visitors with the site by collecting information anonymously;
marketing cookies used to track website visitors and display advertisements relevant and appealing to an individual user;
unclassified cookies are cookies that are not classified in any of the categories listed but will be
classified in the future.
 FINAL PROVISIONS
19.1. All amendments and supplements to these Rules shall be drafted in writing and published on the Metropol Palace website.
METROPOL PALACE DOO BELGRADE
Belgrade, No. 69 Kralja Aleksandra Blvd.
Ioannis Daskalantonakis, Managing Director