Privacy and Cookie Policy

Kameleon Solutions doo
Company Identification Number: 110665696
Registered HQ: Užička 41, 11000 Belgrade, Serbia


Contact:

  • Email: office@kameleonsolutions.com

  • Telephone: +381 11 4141120

Kameleon Solutions doo ("Controller") is committed to protecting your personal data in compliance with applicable laws, including the Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"). This Privacy Policy outlines how we collect, use, and protect your personal information.

1. Introduction

Kameleon Solutions d.o.o., Identification No. 110665696, with its registered office at Užička 41, 11000 Belgrade, Serbia (hereinafter referred to as the “Controller”), is committed to safeguarding your personal data in accordance with applicable laws. Effective from October 15, 2018, this commitment is guided by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”).

These Privacy Principles (hereinafter referred to as the “Principles”) apply to all personal data processed by the Controller. The processing is based on the performance of contractual obligations, your consent, legal requirements, or the Controller’s legitimate interests. These Principles outline how your personal data is used and protected by the Controller.

2. Personal Data We Process

Personal data refers to any information related to an identified or identifiable natural person. An identifiable natural person is someone who can be directly or indirectly identified, particularly by reference to specific identifiers, such as name, identification number, location data, online identifiers, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

As the operator of the website www.kameleonsolutions.com (hereinafter referred to as “website”), the Controller provides services and products through this platform. The website features contact forms that require the following personal data: name, surname, telephone number, email address, and information about your employer and job position. The details of your company and job position help us tailor our offers to better suit your needs and requirements.

If you enter into an agreement with the Controller, we will need additional identification data, such as your name, surname, telephone number, address, date of birth, or any other information necessary for fulfilling the agreement.

The Controller processes your personal data only with your consent or in cases where legal regulations allow the processing of personal data without consent. Consent is just one of the legal grounds for processing personal data. We specifically request your consent for processing your personal data when sending you commercial communications, service and product offers, and information about events organized by the Controller, including invitations to such events.

When you use our website, the Controller logs your IP address and standard data, such as your browser type and any referring websites you visited before accessing ours. This information is used to monitor and prevent fraud, identify issues, and compile anonymous statistical data that do not identify you personally.

3. Purposes of Personal Data Processing

The Controller processes your personal data for the following purposes:

  • Pre-Contract Negotiations: Engaging in discussions and preparations before concluding a contract.

  • Performance of Contractual Relationship: Fulfilling obligations under the contract you have with the Controller.

  • Post-Contract Claims: Addressing and asserting claims related to the contract after its termination.

  • Responding to Inquiries: Contacting you to respond to your inquiries, and provide information about our services and products upon request.

  • Commercial Communications: Sending promotional materials, offers for services and products, information about events organized by the Controller, including invitations to such events, and conducting other marketing activities.

  • Fulfillment of Legal Obligations: Meeting the Controller’s legal obligations in accounting management and taxation.

  • Improving Services and Website Functionality: Enhancing the quality of services provided by the Controller and improving website functions.

4. Legal Basis for Personal Data Processing

The Controller processes personal data based on the following legal grounds:

  • Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken before concluding the contract at the request of the data subject. Providing personal data is essential for pre-contract negotiations, contract conclusion, and performance from the Controller's side. Without the provision of personal data, these actions cannot be completed.

  • Processing is necessary for the fulfilment of a legal obligation that applies to the Controller.

  • Processing is necessary for the purposes of the legitimate interests of the Controller or a third party, except in cases where the interests or fundamental rights and freedoms of the data subject take precedence, requiring the protection of personal data.

  • The data subject has given consent to the processing of their personal data for one or more specific purposes. Consent is given voluntarily, and you have the right to withdraw it at any time by sending an email to the Controller at office@kameleonsolutions.com, including your name and surname for identification purposes. Withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.bvg

The Controller processes your personal data for various specific purposes, and each purpose is associated with a particular legal basis. Here is a detailed explanation:

  1. Pre-Contract Negotiations

Processed Personal Data: Identification data (name, surname, date of birth), contact data (address, email, telephone), and information about your employer and job position, if applicable.

Legal Basis: Implementation of measures adopted before concluding the contract at the request of the data subject.

  1. Performance of Contractual Relationship

Processed Personal Data: Identification data (name, surname), contact data (address, email, telephone), and any other information necessary for contract performance, such as bank account details.

Legal Basis: Performance of the contract to which the data subject is a party.

  1. Asserting Claims from Contractual Relations After Termination of the Contract

Processed Personal Data: Name, surname, telephone, email, and information about your employer and job position, as needed.

Legal Basis: Performance of measures adopted before concluding a contract at the request of the data subject.

  1. Sending Commercial Communications and Marketing Activities

Processed Personal Data: Name, surname, telephone, email, and information about your employer and job position, as needed.

Legal Basis: Consent to personal data processing and the legitimate interest of the Controller (direct marketing).

  1. Fulfillment of Legal Obligations in Accounting and Taxation

Processed Personal Data: Identification data (name, surname, date of birth), contact data (address, email, telephone), and accounting information (bank account number and other tax-related data).

Legal Basis: Fulfillment of the Controller’s legal obligations in accounting management and taxation.

  1. Improving Quality of Services and Website Functions

Processed Personal Data: IP address.

Legal Basis: Legitimate interest of the Controller.

5. Period of Personal Data Processing

The Controller processes Your personal data for the duration necessary to fulfil all rights and obligations arising from the respective contractual relationship. Additionally, personal data are stored for the period required by applicable legal regulations or for which you have provided consent. In other cases, the processing period is determined by the purpose of processing or is governed by legal regulations in the area of personal data protection.

The Controller processes personal data according to the purpose of processing for the following periods:

  • Pre-contract negotiations: Personal data are processed during the period of pre-contract negotiations.

  • Performance of the contractual relationship: Personal data are processed during the term of the contractual relationship.

  • Asserting claims arising from contractual relations after the termination of the contract: Personal data are processed for 15 years after the termination of the contractual relationship. In the case of judicial proceedings, personal data are processed for the entire duration of the proceedings.

  • Contacting to answer an inquiry and provide information on services and products upon request: Personal data are processed during the term of the negotiation to respond and provide information on services and products.

  • Sending commercial communications, offers of services and products, information on events organized by the Controller, including invitations to such events, and performing other marketing activities: Personal data are processed for 5 years from the date of consent to the processing or until the withdrawal of consent.

  • Fulfilment of the Controller’s legal obligations in the field of accounting management and taxation: Personal data are processed for 10 years from the calendar year following the provision of the performance.

The Controller will delete the personal data once the retention period has expired.

6. Automated Individual Decision-Making, Including Profiling

Automated individual decision-making, including profiling, refers to any decision made based solely on the automated processing of personal data—without human involvement. This process may involve assessing various personal aspects related to the data subject, such as analyzing, estimating, or predicting factors like work performance, economic situation, health condition, personal preferences, interests, reliability, behaviour, location, or movement.

The Controller processes personal data both manually and through automated methods. Automated processing is used primarily to facilitate the performance of contractual relationships, particularly in managing internal processes necessary for delivering the services. Additionally, automated processing occurs when the data subject has provided consent for their personal data to be used for sending commercial communications, service and product offers, event information, and other marketing activities. In such cases, profiling may also be conducted.

7. Providing Personal Data to Third Parties

Personal data may be shared with third parties that cooperate with the Controller in delivering services, facilitating product delivery, processing payments, and providing marketing services (e.g., providers of mailing services and cloud services). These third parties require access to your data to perform their tasks and are obligated to adhere to the principles of personal data processing as outlined by the Regulation. An updated list of these third parties is available upon request.

The Controller will not share your personal data with third parties beyond those mentioned above without your consent. The data will not be shared with other individuals or unrelated companies, except in the following circumstances:

  • Compliance with Legal Regulations: When required by law or in response to legal obligations.

  • Protection of Rights and Property: To protect the Controller's rights and property, as well as those of its representatives, users, and others, especially in enforcing contracts, policies, and terms of service. This also includes cases where urgent action is needed to safeguard the security of the Controller, its users, or any other person.

  • Corporate Transactions: In connection with mergers, sales of company assets, financing, or acquisitions of all or part of the Controller’s business by another company, or during such processes.

The Controller will not transfer your personal data to a third country or an international organization without your consent, except to the aforementioned third parties.

8. Rights of the Data Subject

As a data subject, you have the following rights regarding your personal data, which you may exercise at any time:

  • Right of Access: You have the right to know if your personal data is being processed. If so, you can request access to that data and obtain information about the processing.

  • Right to Rectification: If you discover that the Controller is processing inaccurate or incorrect data, you have the right to request a correction.

  • Right to Explanation: If you believe that the processing of your personal data violates your privacy or legal rights, you can request an explanation.

  • Right to Restriction: You can request a temporary restriction on the processing of your personal data under certain circumstances.

  • Right to Erasure: If your data is no longer necessary for the purposes it was collected for, you have the right to request its deletion.

  • Right to Object: You can object to the processing of your personal data. The Controller must demonstrate a legitimate reason for the processing that outweighs your interests, rights, and freedoms.

  • Right to Data Portability: You have the right to request that your personal data be transferred to a third party of your choice.

  • Right to Lodge a Complaint: If you believe your rights have been violated, you can file a complaint with the Office for Personal Data Protection.

  • Right to Withdraw Consent: You can withdraw your consent to the processing of your personal data at any time. The withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

9. Security Measures and Personal Data Protection

The Controller has implemented all necessary technical and organizational measures to protect personal data. These measures include:

  • Technical Safeguards: Data stored electronically is protected by antivirus software, encrypted disks, regular backups, and password protection.

  • Physical Safeguards: Personal data in paper form is stored in lockable cabinets within the Controller’s secure premises, housed in a guarded building.

  • Access Control: Only authorized personnel have access to personal data.

10. Cookies and Web Beacons

To provide services tailored to your needs, the Controller uses cookies (both session ID cookies and permanent cookies) to store and occasionally monitor your visits to the website. Cookies are small text files saved on your computer to record your browsing activity. Session ID cookies expire when you close your browser, while permanent cookies remain on your hard drive for a longer period. The Controller also stores information about your screen resolution and whether JavaScript is enabled in your browser to enhance your browsing experience.

Most internet browsers automatically accept cookies, but you can usually remove or refuse them by following the instructions in your browser's help file. However, refusing cookies may limit your ability to use all features of the website.

The Controller may also collect data using web beacons, which are electronic images used on websites and in emails sent by the Controller. Web beacons help deliver cookies, track website visits, and determine whether emails have been opened and acted upon. Additionally, the Controller may collect information about your computer or other access devices to reduce risks and prevent fraud.

The Controller reserves the right to modify or amend these principles at any time by posting the revised version on the website. Any changes will take effect immediately upon posting.

 

Effective Date: 15 October 2018

Kameleon Solutions d.o.o.

 

 

© 2024 Kameleon Solutions. All rights reserved.

Top