Based on the Personal Data Protection Law (Official Gazette of the Republic of Serbia no. 87/2018) and General Data Protection Regulation of the European Union (2016/679), Aklamator, on (date) 01.Avg 2022. brings the following:
1.6. The platform "Aklamator" and website www.aklamator.com is owned and controlled by Aklamator who process and collects Service user's/Website visitor's personal data in the capacity of a Controller.
3.1. Aklamatorin the capacity of a Controller, is responsible for personal data collected from the Service user\Website visitor, in the manner and to the extent provided by this Policy, the Law and GDPR.
3.2. Aklamator shall take the necessary technical, organizational and personnel measures to ensure that the processing is carried out in accordance with The Law and GDPR. Aklamator shall be able to present it to the Data subject, taking into account the nature, scope, context and purposes of the processing, as well as the risk occurrence probability and severity for the rights and freedoms of the Service user/Website visitor/Visistors of the Service user's website.
3.3. Information on which Employees at the Aklamator has access to the personal data, and who is their administrator, is contained in the Record of processing activities referred to in Article 13.
3.4. Aklamator process data referred to in Article 4.4. from Visitors of the Service user's website in the capacity of a Processor or Joint Controller on Service user's behalf and for Service user's account.
4.2. Aklamator as a Controller collects and processes some of the following Service user's information and data:
4.3. Aklamator collects and processes IP address (IPv4 and IPv6) from Website visitors and Visitors of the Service user's website.
4.4. Aklamator collects and processes some of the following information and data from the Visitor of the Service user's website in the capacity of a Processor or Joint Controller:
4.5. Aklamator collects and processes e-mail address from The Visitor of the Aklamator's website www.aklamator.com, who leave their e-mail address on their own initiative, for account registration purposes.
4.6. Special categories of personal data
4.6.1. Aklamator does not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person's sex life or sexual orientation.
4.7. Data obtained from the Internet browser of the Visitors of the Service user's website Html hash
4.7.1. For the purposes of creating a widget, Aklamator uses Html hash, which serves to indirectly monitor whether the Visitor of the Service User's website has already been on the Destination site. The reason is to prevent the Service user's website from reloading, and to prevent the Aklamator's service from being overloaded.
4.7.2. The Service Aklamator does not collect cookies from the Visitor of the Service User's website.
4.7.3. The widget created by the Aklamator Service refers to the Destination site whose Content/Ad units is edited through its editorial policy.
5.1. The data referred to in Article 4, Aklamator shall process:
5.2. Personal data referred to in Article 4 is processed by Aklamator for the following purposes:
5.3. Processing for other purposes
5.3.1. If processing for a purpose is different than the purpose for which the data was collected is not based on the law or on the consent given by the data subject, Aklamator, with due regard to adequate security measures, shall evaluate whether the other purpose of the processing is consistent with the purpose of the processing for which the data were collected, taking particular account of:
5.4. Aklamator is obliged to constantly apply adequate technical, organizational and personnel measures to ensure that only the personal data necessary for the accomplishment of each individual purpose of processing are processed, which is applicable to the number of data collected, the extent of their processing, the deadline for their storage and their availability.
6.1. In case that some of the network's ads collect cookies, the Visitors of the Service user's website have to give their consent to see that ads i.e. Content. Consent from the Visitors of the Service user's website is collect by the Publisher/Service user. If the Visitors of the Service user's website has not given consent, the Content will not be displayed..
6.2. Data subject is not conditioned by giving consent to be provided with a service or part of a service for which performance consent is not necessary and it should be considered voluntary unless, it is impossible for the Data subject to exercise his/her right, without the processing for which consent is required.
6.3. Service user/Website visitor has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It must be as easy to withdraw as to give consent.
7.1. The right to be informed and the right to access information:
7.1.1. Aklamator is obliged to, on Data subject's request, provide them with following information in a concise, transparent, intelligible and easily accessible manner, using clear and plain language:
7.1.2. At the request referred to in Article 7.1.1. Aklamator must responds within 30 days, but this time limit may be extended by another 60 days if it's necessary, taking into account the complexity and number of requests. Aklamator is obliged to inform the Data subject of the extension of the deadline and the reasons for such extension within 30 days from the day of receipt of the request, and if the Data subject has submitted the request electronically, the information should be provided electronically if possible.
7.2. Right to rectification and amendment
7.2.1. The Service user/Website visitor has the right to ask for a correction of inaccurate personal data concerning him/her, without delay if it is possible. Taking into account the purpose of the processing, the Service user/Website visitor has the right to have incomplete personal data completed, which includes providing a supplementary statement.
7.2.2. If it is possible to make the rectification by correction, deletion and entering of other data by the Service user/Website visitor, he/she will execute the correction referred to in Article 7.2.1. alone.
7.2.3. If the Service user/Website visitor is not able to make the correction in the manner referred to in the Article 7.2.2. he/she will address Aklamator with that request.
7.3. Right to erasure ('right to be forgotten')
7.3.1. If the legal requirements are fulfilled, Aklamator is obliged to erase the personal data referred to in Article 4 at the request of the Data subject without delay in the following cases:
7.4. Right to restriction of processing
7.4.1. Data subjects have the right to ask Aklamator to limit the processing of data relating to them, if the processing is illegal, if the inaccuracy of the data is indicated, if an objection to processing is submitted in accordance with the Law, as well as if there are other legal reasons for such request.
7.5. Right to object
7.5.1. Depending on the specific case and whether he/she considers it justified, the Data subject shall has the right to object to Aklamator at any time to the processing of his/her personal data based on the consent, and the Aklamator is obliged to suspend the processing of the Data subject's who filed the objection.
7.5.2. Aklamator is not obliged to interrupt the processing in the manner referred to in Article 7.5.1. if it informed the Data subject about legal grounds for processing which outweigh the interests, rights or freedoms of that Data subject or are related to the submission, exercise or defense of legal claims.
8.1. The personal data of the Service user referred to in Article 4.2 are stored on Aklamator's website called www.aklamator.com in electronic form, on the server database where passwords are stored in hashed form, servers are Hetzner GMBH.
8.2. The personal data of the Service user referred to in Article 4.2. item 3,4,5, and 6, collected on the basis of the performance of a contractual obligation through a Direct Contract, stored in electronic form, on the server that are provided by Hetzner GMBH.
9.1. Aklamator is authorized to use the services of accounting agencies, developers, IT consultants and other external and internal associates for the purposes of fulfilling the obligations of the contract, performing payment transactions, legal obligations, maintaining the service, and improving its work, and it is responsible for their work and results, in accordance with The Law.
9.2. Aklamator guarantees that its Processor will implement appropriate technical, organizational and personnel measures, so that the processing is carried out in accordance with The Law and that adequate protection of the Data subject's personal data is ensured.
9.3. For the purpose of providing the conditions referred to in Article 9.2. Aklamator and its Processor may conclude a contract on data processing, which shall be an integral or accompanying part of the basic contract. The contract shall, among other things, has all the accompanying elements provided by The Law.
10.1. While assessing of the required level of established security of personal data, Aklamator takes into account and monitors the level of technological achievements as well as the cost of their implementation, the nature, context, circumstances and purpose of data processing and on the basis of these parameters assesses the likelihood of risk occurrence, i.e. potential level of risk to the rights and freedoms of individuals.
10.2. In relation to the circumstances referred to in Article 10.1. Aklamator will implement appropriate technical, organizational and personnel measures to achieve the required level of security in regard to the risk.
10.3. Aklamator is obliged to provide a secure communication channel through which the data travels to its Processors, as well as to make sure that data are securely stored with provided adequate security standards.
10.5. Service user's personal and address data provided to Aklamator when completing the questionnaire are considered confidential, and Aklamator is prohibited from selling, ordering, providing or exchanging Service user's name in any form to any third party, unless it is a competent State authorities.
10.7. Payment card information is not available to Aklamator at any time during the transaction.
10.8. Personal and address (current account and the address of the Service user) data by the Services provided to Aklamator during the purchase process are considered confidential, and Aklamator is prohibited from selling, ordering, providing or exchanging Service user's name or information on the current account in any form to any third party , unless the third party is a bank or competent state authorities.
11.2. In the case of personal data breach that may produce a risk to the Data subject's rights, Aklamator shall, without undue delay, and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification to the Supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
11.3. The notification of Aklamator to the Supervisory authorities referred to in Article 11.2. shall at least:
11.4. In case of a personal data breach, Aklamator shall inform Data subjects about the personal data breach that may produce a risk to the rights and freedoms of individuals.
11.5. The communication to the Data subject referred to in Article 11.4. shall describe in clear and plain language the nature of the personal data breach referred to in Article 11.3.
11.6. The communication to the Data subject referred to in Article 11.4 shall not be required if any of the following conditions are met:
11.7. If the Data subject come to find out of any incident that has led or may lead to endangerment of his/her or personal data of third parties, shall immediately notify to Aklamator via the contacts contained in this document.
12.1. Data referred to in Article 4 shall be kept for as long as is necessary for the purpose for which they are processed, except in the case where the basics of collecting these data is the consent of Services user/Website visitor.
12.2. In the case referred to in Article 12.1. when the legal bases of collecting data about the Service user/Website visitor referred to in Article 4 is his/her consent, this data will be stored until removal of the given approval in accordance with the Article 6.3.
13.1. Aklamator keeps a record of the processing of personal data of the Data subject referred to in Article 4 of this Policy.
13.2. In addition to the name and business data of the Aklamator, the record consists of the following information: the category of person whose data are processed, the category of personal data, the purpose of processing, the third parties to whom the data were disclosed, the length of data storage, the description of protection measures, the form in which the data are stored.
13.3. Record referred to in Article 13.1. is kept in electronic form and it is stored permanently, in accordance with The Law.
14.1. "KH"- For domains that serve Aklamator widgets, Aklamator can optionaly activate this feature, enabling if that domain was visited from that browser. Aklamator does not set cookie nor Aklamator can track all visited domains. When this feature is active on Publisher website, Aklamator collects internal_id + domain_id data. This feature enables displaying only Content that Visitor of the Service user's website did not visit yet. Aklamator deletes personal data once a day, and only total number of Visitors of the Service user's website per domain is stored. The purpose of this feature is to measure success when the number of unique visitors is improved.
14.2. "HideArticle" - If this feature is activated, Aklamator temporary stores internal_id, article_ids in order not to display articles that are not intended. Aklamator stores previously mentioned data for up to 72hours.
14.3. "ConsentCheck"- consent status. If "consent check" is active, usually only necessary if widget contain ads, and if user have denied consent Aklamator uses this information to fullfill users decision and avoid loading/displaying ads. Aklamator stores total count - number of new consent given/denied, and previously given/denied consent per each domain. This data is never stored per browser, only summarized. Once a day, before deleting memory buffer, Aklamator summarizes above data, and have total number of views, clicks, number of different visitors (different internal_ids) for each domain. This essentially does not contain browser ID only summarized number of consent given or not given for the purpose of Ad displaying.
14.4. "GeoTarget" - if feature is active, before displaying widget, articles or ads, Aklamator resolves Visitor's of the Service user's website IP address to the country level, in order to display geotargeted ads. This info is never stored per Visitor of the Service user's website, only used during displaying widget Content.
15.1. For the data subject from Republic of Serbia: The Supervisory Authority for Personal Data Protection in the Republic of Serbia is the Commissioner for Information of Public Importance and personal data protection of the Republic of Serbia. You can contact the authority at Bulevar kralja Aleksandra 15th street, 11000 Belgrade, Republic of Serbia, by email at [email protected] or by phone at +381 11 3408 900.
15.2. If the Data subject is from country of the European Union, he/she can contact the Supervisory Authority from his/her country for information about personal data protection.
15.3. Aklamator cooperates with the Commissioner in the exercise of his powers, in accordance with the obligations prescribed by The Law.
16.1. In case of need for interpretation of the Policy's provisions, exercise of the Data subjects rights referred to in Article 4, as well as other issues prescribed by the law, the Data subjects may contact Aklamator using the web form: https://aklamator.com/contact
18.1. The substantive law applicable to the processing of personal data and in connection with the processing by Aklamator is the law of the Republic of Serbia, the Law on Personal Data Protection as well as GDPR where applicable.
18.2. For administrative and judicial proceedings, locally competent are authorities and courts of the Republic of Serbia in accordance with the positive legislation of that country.