Privacy policy

POSTE SRPSKE JSC. BANJALUKA
ENTERPRISE FOR POSTAL OPERATIONS
REPUBLIC OF SRPSKA JSC. BANJALUKA

Based on Article 14 of the Law on the Personal Data Protection ("Official Gazette of BiH" No.
12/25) and the EU General Regulation 2016/679 of the European Parliament, on the Protection of Personal Data
(GDPR), the Company's Management has issued

PRIVACY AND PERSONAL DATA PROTECTION POLICY

INTRODUCTION

Poste Srpska JSC. Banja Luka, within the framework of performing its activity and providing services, processes personal data in accordance with the Law on the Personal Data Protection ("Official Gazette of BiH", No. 12/25).
One of the most important principles of the Law is the principle of transparency towards the holders of personal data whose data is processed. Respecting the principle of transparency, we have developed this Privacy and Personal Data Protection Policy in order to strengthen the trust of natural persons whose data we process. 
The Privacy Policy aims to inform the holders of personal data whose personal data is collected, for what period of time it is collected, the purpose of collection and processing, the right to access personal data, the rights of the holder of personal data, and how they can use them.

1. DATA CONTROLLER INFORMATION
   Enterprise for Postal Operations of the Republic of Srpska JSC. Banja Luka (abbreviated name: Poste Srpske a.d. Banja Luka), Kralja Petar I Karadjordjevica, no. 93, 78000 Banja Luka, Republika Srpska, Bosnia and Herzegovina,
   ЈИБ: 400959000002
   Contact: 051/211-336, е-маил: uprava@postesrpske.com
2. DATA PROTECTION OFFICER INFORMATION
   The Company has appointed a Personal Data Protection Officer. Contact details of the Personal Data Protection Officer who can be contacted regarding the protection of personal data:
   • In writing: Enterprise for Postal Operations of the Republic of Srpska JSC. Banja Luka, Kralja Kralja Petra I Karadjordjevica, no. 93, 78000 Banja Luka, to the attention of the "Personal Data Protection Officer".
   • By sending an e-mail to: zastita.licnih.podataka@postesrpske.com
   • Phone: 051/249-025
3. PERSONAL DATA BEING PROCESSED
   Personal data is any data relating to a natural person whose identity has been established or can be established:
   Identification data (name and surname, personal ID number, ID card number, passport number, date and place of birth, etc.;
   – Contact data: (residential address, telephone number, e-mail address, computer IP address, etc.);
   – Financial data and data relating to the business relationship: (data and information about the contracts you have concluded with the Post, JIB, data relating to your transaction account, financial status, data on products and services you use, data on transactions, etc.);
   – Sociodemographic data: (data on gender, age, education, employment, etc.)
   – Data on your choices, which include: consent to receive marketing communications, data on contacts and communications with the Post, such as your inquiries, requests, complaints, including legal disputes with the Post, and information, responses and advice provided by the Post.

   The Post collects the above data directly, if the person is a user of postal services, when the Post is requested an offer, when you contact us by phone and/or when you visit us in our branches, or automatically (via our website or from a third party from publicly available sources such as open databases or other publicly owned data.

4. LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
   а) Compliance with the legal obligations of the Post as a data controller
   In carrying out its activity, the Post is obliged to act in accordance with the regulations governing postal activities and related regulations, such as the Law on Post of BiH, the Law on Postal Services of the Republika Srpska, General Conditions for the Provision of Postal Services of BiH, Special Conditions for the Provision of Postal Services, the Law on the Prevention of Money Laundering and Financing of Terrorist Activities, the Law on Internal Payment Transactions, the Law on Foreign Exchange Operations. In this regard, the aforementioned regulations define the obligation of the Post to identify users of postal services by using valid identification documents (name and surname, telephone number, residential address, financial data, other contractual data).

   b) Fulfillment of contractual obligations in which the data holder is a contracting party or in order to take action at the request of the Post Office and the personal data holder prior to the conclusion of a contract. закључења уговора.
   Accordingly, the data necessary for establishing a business relationship with the Post is processed, which depends on the contracted service, and the collected personal data is processed for the purpose of providing postal services (name and surname, telephone number, address of the recipient/sender, financial data, other contractual data). 
   The provision (collection) of personal data in relation to the above-mentioned items a) and b) is mandatory.
   If the personal data holder (or his representative) refuses to provide any of the data necessary for compliance with legal obligations and/or the conclusion and execution of a contract in which the personal data holder is a user of postal services, it is possible that the Post will not be able to provide certain services or will refuse to establish a business relationship, limit or cancel an already established business relationship.
   c) Communication with users,which includes processing for the purposes of: responding to inquiries, offering services that we believe you are interested in, sending offers, sending/delivering notifications that we send during the duration of the contract, responding to your comments arising from the business relationship with the Post Office (contact information, data on previous services, etc.)
   d) Collection of receivables;
   Processing is necessary for the performance of contractual obligations by the service user (identification data, financial data).
   e) Protection of Postal property and ensuring the safety of property and third parties;
   Processing is necessary to comply with legally prescribed security measures (data collected through video surveillance).
   f) Sending promotional content (notifications and offers);
   The basis for the processing of personal data is the consent of the natural person (name and surname, telephone number, e-mail address).
   g) Protection, statistics and analysis of the website;
   For the stated purpose, the following data is processed: IP address, user ID, information system data, data on website visits.
   h) Advertising and social networks (interaction with the website, visit data)
   i) Analysis of Post's operations and creation of reports and management analysis;
   For the stated purpose, personal data is processed for the purposes of internal management, conducting business audits and implementing business controls (identification data, transaction data, data on concluded contracts).

5. SHARING PERSONAL DATA
   Depending on the purpose of collecting personal data, we may share it with third parties who assist us in providing digital and e-commerce services, advertising agencies, marketing, digital advertising and social media advertising, third parties required for the delivery of products and delivery services, persons who assist us in providing technical support, payment service providers, legal representatives, and the like.
   We may also disclose personal data as part of a business transaction, such as a merger or sale of assets, and to competent state and public authorities and institutions if required by law.
6. TRANSFER OF PERSONAL DATA TO ANOTHER COUNTRY OR INTERNATIONAL ORGANIZATION
   Personal data may be transferred to other countries, postal operators or international postal organizations that bring together postal operators, for the purpose of providing postal services as a core business, depending on the address of the recipient or sender. Such transfer is carried out on the basis of concluded international agreements and acts of the Universal Postal Union.
7. PERSONAL DATA RETENTION PERIOD
   Personal data is stored and processed for as long as necessary to fulfill the contractual and legal obligations of the Post. Also, the internal acts of the Post define the retention periods for documentation and data that the Post processes in its operations, in accordance with the legal regulations on archival materials. In exceptional cases, it is possible for data to be processed and stored for a longer period when necessary for other justified purposes (e.g. for the purposes of court and other legal proceedings, etc.).
8. TECHNICAL AND ORGANIZATIONAL PROTECTION MEASURES
   For each personal data processing activity, the Post Office takes appropriate technical and organizational measures to ensure the level of security of personal data and protection against unauthorized and unlawful processing and access, loss, destruction, alteration, forgery and manipulation. All employees who, in the course of their duties, are granted access to personal data are obliged to maintain the confidentiality of personal data and are liable in cases of violation of the confidentiality of personal data.
9. WEBSITE SEARCH
   The website of Post uses so-called cookies and similar technologies.
   The website of Post uses so-called cookies and similar technologies. Cookies are small pieces of data that a website stores on a device (e.g. mobile phone, computer, tablet) when the website is visited. Cookies provide the ability to recognize and remember users, enable the provision of personalized services on the website because they track which parts of the website users visit, help measure the effectiveness of advertisements and searches, and based on this information it is possible to improve communication and
   services.
   The information collected by cookies and similar technologies may include your login information, location, IP address, browsing information, device information, duration of visit, services viewed, and the like. Most of the cookies we use are deleted when an individual browsing session ends, and there are also some permanent cookies that we can use to recognize a visitor. Visitors have the right to turn off cookies in their browser settings.
10. RIGHTS OF PERSONAL DATA HOLDERS
    a) The right to withdraw the given consent;
    When the processing of personal data is based on your consent, as the data holder, you have the right to withdraw your consent. Withdrawing consent does not affect the lawfulness of data processing that was based on consent before its withdrawal.

    b) Right to access personal data;
    The personal data holder has the right to request from the Post confirmation that their data is being processed and, if it is being processed, to obtain access to it, as well as information about the purpose of the processing, categories of personal data, recipients or categories of recipients, the expected period for which the data will be stored, the existence of rights, and the like.
    c) The right to correction and deletion of data;
    If personal data are inaccurate or incomplete, the data holder has the right to request their correction without undue delay.
    In certain cases, the data holder has the right to request their deletion, provided that the aforementioned right is not an absolute right. Namely, the Post has the right to refuse a request for data deletion if it has a legitimate interest and/or a legal obligation and/or the right to retain certain data (e.g. in cases of litigation).
    d) Right to restriction of processing;
    The data holder has the right to request restriction of processing of personal data in the event that he/she disputes the accuracy of personal data, when he/she considers that the processing is unlawful and opposes the deletion of personal data and instead requests restriction of processing, when the Post no longer needs the personal data for the purposes of processing, but the data holder requests it for the establishment, exercise or defense of legal claims, and in the event that he/she has filed an objection to processing and expects confirmation as to whether his/her interests outweigh the legitimate interests of the Post.
    e) Right to data transmission
    The data holder has the right to receive personal data concerning him or her, as well as to have them directly transmitted to another controller.
    The aforementioned right applies exclusively to personal data of the data holder that he or she has provided to the Post in a structured, commonly used and machine-readable format, if the processing is based on consent or the performance of a contract to which the data holder is a party, provided that the right in question does not adversely affect the rights and freedoms of others.
    f) Right to objection
    The data holder has the right to object to the processing of personal data if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Post, if the processing is necessary for the legitimate interests of the Post (including profiling), or if the data are processed for the purposes of direct marketing. 
    In such cases, the Post may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data holder or for the establishment, exercise or defense of legal claims.

    Requests and objections can be submitted via email: zastita.licnih.podataka@postesrpske.com or in writing by mail to the address of the headquarters of "Poste Srpske" a.d. Banja Luka, to the attention of "Personal Data Protection Officer".

    For the purpose of processing requests and objections for the exercise of the rights of the data holder, the Post has the right to request verification of the identity of the applicant.
    The data holder may exercise his/her requests without undue delay, and no later than within 30 days from the date of receipt of the request by the Post. This deadline may be extended by 60 days, if necessary, taking into account the complexity and number of requests received, of which the Post is obliged to notify you within 30 days from the date of receipt of the request, stating the reasons for the delay.

11. Final provisions 
    The Post reserves the right to amend and supplement this Privacy and Personal Data Protection Policy, in order to align the processing of personal data at the Post with applicable regulations.

FOR THE MANAGEMENT             
DIRECTOR             
Miladin Radovic, B.Sc.