Privacy Notice for the Use of the “Yettel Green Trails” Application

1. Introduction

We value your privacy and take the protection and security of personal data very seriously. The security and proper use of personal data are of utmost importance both for the users of the “Yettel Green Trails” application and for Yettel. That is why it is very important to us that you understand how and why we process personal data when using the “Yettel Green Trails” application.

This Notice does not regulate rights and obligations, but aims to inform you about which personal data we process, how we process it, and for what purposes we use it. We also want to explain your rights regarding your personal data and how you can exercise those rights.

This Notice applies only to the data we process in connection with the Application. It does not apply to other situations in which Yettel processes personal data, which are addressed in the relevant notices published on www.yettel.rs.

The Privacy Notice enters into force on 01.01.2023 and is associated with the Terms of Use of the Application.

The Notice may be amended or supplemented due to changes in applicable legislation, at the initiative of Yettel, the User, or a competent authority (e.g., the Commissioner for Information of Public Importance and Personal Data Protection). Users are encouraged to regularly check the latest version of the Notice on the Yettel website.

2. Definitions

2.1. Notice

Refers to this Privacy Notice for the use of the “Yettel Green Trails” application, including any subsequent amendments and supplements.

2.2. Yettel

Yettel d.o.o. Belgrade, with its registered head office at Omladinskih brigada 90, Belgrade, Corporate ID. 20147229. In this Notice, the pronouns “we,” “us,” or “our” also refer to “Yettel.”

2.3. Personal Data

Personal data means any information relating to a natural person whose identity is determined or determinable, directly or indirectly, in particular by reference to an identifier.

2.4. Application

Yettel Green Trails application

2.5. User

Is a natural person who has activated and uses the Application..

2.6. Device

Means the end device through which the Application is used.

3. Which user personal data we process

Data required for Yettel account registration

To use Yettel’s services and applications, including the Application, the User must register a Yettel Account. To register, the Customer must have a valid email address or phone number. This address or phone number is required for the account validation process. The password is used for account authentication and is considered confidential information.

The personal data of the User that we process when using the Application include:

These are automatically generated data that contain information about how Users interact with the Application. For instance:

Data on access to the Application
Cookies
Data on the use of the Application

Settings data

These are data on certain parameters of the Application that are configured by Users or that are automatically applied if Users have not made their own choice. These settings enable Users to manage certain features of the Application in line with their preferences.

Use of “Google Maps” within the App is subject to the Google Inc. Terms of Service. Yettel assumes no responsibility for any inaccuracies in the display of locations, terrain, or other features shown on “Google Maps.” For any issues related to the use of “Google Maps,” users may contact Google Inc. customer service.

4. How do we collect user personal data

In the course of, and for the purpose of, providing services through the Application, Yettel collects Users’ personal data in various ways. When you activate the Application, we collect data directly from you. However, in most cases, the data are automatically generated by the systems and platforms through which the service is provided, as well as during actual use.

We collect the data directly from the User:

In the process of activating the Application;
During communication with Users in connection with the Application, for example when submitting inquiries, complaints, and/or claims;

Data is generated automatically:

When Users use the Application.

5. How we process user personal data

Yettel processes Users’ personal data primarily for the purpose of providing the services enabled by the Application.

In addition, Yettel processes Users’ personal data to protect its legitimate interests. In such cases, this generally involves data processing carried out to ensure high-quality and timely service to Users, including the resolution of disputes with them.

Of course, there are cases where we are required to process User data in order to fulfill obligations arising from applicable regulations (such obligations may include providing assistance to competent authorities, which may sometimes involve the disclosure of personal data of certain Users).

It is important to note that Yettel does not engage in automated decision-making based on profiling that may produce legal effects for the users or similarly affect them.

5.1. Data processing for the purpose of contract performance

Most data processing activities are carried out to allow Users to activate the Application, manage its features, and use it.

5.2. Data processing for the purpose of protecting Yettel’s legitimate interests

We process user personal data in order to improve the user experience.

It is very important to us to provide our users with fast, convenient, and efficient support if they need it. Ensuring the quality of user experience is of key importance to Yettel in order to meet the expectations and needs of Users.

We also process data to maintain the security of information and networks.

Preserving the confidentiality, integrity, and availability of our products and services, as well as information relating to Users, is of fundamental importance to Yettel. For this reason, we take measures to prevent or detect attempted attacks and/or unauthorized access to the information and communications systems through which data are processed in accordance with this Notice. We also maintain records (logs), with highly restricted access, which are used only when necessary to investigate potential security incidents.

We also process user personal data when necessary to resolve disputes or legal matters.

At times, in order to exercise its rights or protect its legitimate interests, Yettel processes User data to, for example, initiate an out-of-court settlement request or legal action against third parties.

5.3. Data processing for the purpose of complying with legal obligations

In order to comply with obligations established by relevant legislation, we are required to process Users’ personal data. Examples include obligations set out in tax legislation, compliance with requests or orders issued by public authorities, and similar situations.

6. Who we share user personal data with

6.1. To Personal Data Processors

Personal data processors are natural or legal persons who process personal data on behalf of Yettel, as designated by Yettel through a mutually signed agreement. They are not permitted to process the personal data provided to them for any purposes other than to perform the tasks assigned by Yettel under the agreement. Processors are obliged to follow all written instructions of Yettel.

An example of a Data Processor is a service provider responsible for the implementation and/or maintenance of information systems who may occasionally need to access data processed within the respective systems through which the Service is provided.

6.2. To Competent Authorities

Yettel shares the personal data of its customers with competent state and/or local government or other authorities to meet legal obligations, i.e. in cases where such obligations are mandated by valid regulations.

Given Yettel's business activities – providing electronic communications services and networks – the company may be subject to inspections by various governmental authorities, such as the Regulatory Agency for Electronic Communications and Postal Services (RATEL), the Commission for Protection of Competition, the Market Inspection of the Ministry of Trade, Tourism and Telecommunications, and the Commissioner for Information of Public Importance and Personal Data Protection. During the inspection, these authorities have the possession to request Yettel to submit documents and information in its possession. Required documents and information may contain personal data of our users.

6.3. Third parties in case of status changes, i.e. change of employer or change in the ownership structure of the company

In the event of a transformation of Yettel, as well as in the event of a transfer of assets in accordance with applicable legislation, User data may be made available to a third-party successor.

7. Transfer of personal data to other countries

As a rule, Yettel has no practice of transferring user personal data to other countries that are not on the list of countries with an adequate level of personal data protection.

An adequate level of protection is considered to be provided in countries and international organizations that are members of the Council of Europe Convention on the Protection of Individuals with regard to the automatic processing of personal data, as well as in countries that the European Union has determined to provide an adequate level of protection. Also, the Government of the Republic of Serbia established a list of countries, parts of their territories or one or more sectors of certain activities in those countries and international organizations that provide an appropriate level of personal data protection.

8. How long we retain user personal data

Yettel does not store Users’ personal data.

9. How we protect user personal data

Yettel’s priority is to build and maintain trust between us and our Users. Therefore, the protection of our systems and personal data is very important to us. In accordance with the requirements of the applicable legislation and based on best practices, Yettel undertakes the necessary technical, personnel and organizational measures to ensure the security of user personal data.

To ensure the its customers’ personal data protection, Yettel uses advanced technologies combined with effective management of security controls.

All implemented controls are in line with international standards and implementation frameworks (ISO27001, COBIT), as well as with the local Law on Personal Data Protection.

Yettel has appointed a data protection officer and has dedicated departments responsible for information security and fraud prevention. These entities assist in protecting and securing personal data and ensuring compliance.

10. What rights data subjects have

10.1. General information on the rights of data subjects.

Yettel will respond to a natural person’s request to exercise any right described in this section only if the person submitting the request can be identified.

Only individuals whom we can identify are able to exercise the rights outlined in this section. If the purpose for which Yettel processes personal data does not require the identification of an individual, Yettel is not obligated to store, obtain, or process additional information to identify a person solely for the purpose of addressing that person's request.

Yettel informs individuals of actions taken in response to a request within one month of receiving the request covered in this section. In certain cases, this period may be extended by up to two additional months.

Yettel will provide the data subject with information on actions taken based on the request to exercise rights under this section without undue delay and no later than one month from the date of receipt of the request. If necessary, this period can be extended by another two months, considering the complexity and number of requests. Yettel will inform the User of such extension and the reasons for the delay within 30 days of receiving the request.

If they refuse to act on the request, Yettel shall inform the individuals of their rights.

If Yettel does not take action on an individual's request, they will promptly inform the user, within 30 days of receiving the request, about the inability to comply with the request and inform the user of their right to file a complaint with the Commissioner for Personal Data Protection and seek protection through legal procedures.

In certain cases, Yettel may request additional information to verify the identity of the natural person.

If we have a justified doubt regarding the identity of the individual submitting the request, Yettel may request additional information necessary to verify that person’s identity.

Yettel’s processing of requests to exercise rights under this Article is free of charge, unless the requests are manifestly unfounded or excessive.

Yettel's actions in response to a request to exercise the rights outlined in this Article are free of charge. When an individual's request is evidently unjustified or excessive (e.g., due to frequent repetition), Yettel reserves the right to: (a) refuse to act on the request, or (b) charge the necessary administrative costs for providing the requested information.

10.2. The User has the right to access their personal data.

The User has the right to request from Yettel information on whether their personal data is being processed, and if it is, to request access to such data.

10.3. The User has the right to request the correction of data if it is inaccurate or outdated.

10.4. In certain cases, the User has the right to request the erasure of personal data.

Users shall be entitled to request that Yettel delete personal data relating to them in the following cases:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
The User has objected to the processing of personal data processed based on Yettel’s legitimate interests, and there are no overriding legal grounds for processing that outweigh the User’s interests, rights, and freedoms, or the data processing is not necessary for the establishment, exercise, or defense of legal claims;
The User has objected to the processing of personal data carried out for the purpose of direct marketing, and there are no other legal grounds for processing such data;
if the personal data concerning the respective User has been processed unlawfully;
the personal data must be erased by Yettel in order to comply with legal obligations arising under the laws of the Republic of Serbia.

10.5. In certain cases, the User has the right to data portability.

The data subject is entitled to receive from us their personal data previously provided to Yettel in a structured, commonly used, and machine-readable format, and is entitled to transfer that data to another controller without interference from Yettel if the following conditions are met in their totality:

Yettel processes such data for the purpose of concluding or performing a contract with the User, or based on the consent given by the User;
The processing is done automatically.

The user is entitled to have his personal data directly transferred to another controller by Yettel, if this is technically feasible.

10.6. In certain cases, the User has the right to object to the processing of their personal data.

Users have the right to object at any time and on any grounds to the processing of personal data relating to them, where Yettel processes such data for the purpose of pursuing its legitimate interests.

10.7. Users have the right to lodge complaints with the Commissioner for Information of Public Importance and Personal Data Protection.

Users have the right to lodge complaints with the Commissioner for Information of Public Importance and Personal Data Protection if they believe that Yettel is violating the Law on Personal Data Protection.

11. Cookie Notice

Our company’s website uses cookies and similar technologies to ensure the proper functioning of the website, to improve the user experience, personalize content, provide social media features, and analyze traffic.

We also share information about how you use the website with our partners, social media platforms, and analytics companies, who may combine it with other information you have provided to them or with information they have collected when you used their services.

11.1. What are cookies?

Cookies are small text files that are stored on the user’s computer when accessing certain websites. Cookies allow a website to “remember” the user’s interests and settings on the site, based on the choices the user made while visiting the site. A cookie itself does not contain or collect personal data. However, in combination with a web browser, it can help a website “deliver” personalized content to the user. Cookies are stored in your browser’s memory, and each typically contains information such as the name of the server from which the cookie was sent, the duration of the cookie, and its value (usually a randomly generated unique number).

11.2. How can you manage cookies?

On your device we may store only those cookies that are strictly necessary for the operation of this website. For all other types of cookies, we require your consent. We respect your right to choose and your right to the protection of personal data, which is why you can manage your cookie preferences and disable certain types of cookies through your web browser. If you choose not to accept certain types of cookies, the services and features we offer on our websites may be limited, which may affect your user experience. By accepting cookies, you help us improve and analyze our websites and provide you with personalized content and offers.

In addition, if you wish, you can disable the storage of cookies on your computer. Please note that blocking all cookies may negatively affect your use of many websites. Cookie settings can be controlled and configured in your web browser. If you wish to delete or disable them, you need to update your browser settings (for information on how to delete and disable cookies, please consult your web browser by selecting the help option).

You can also find more information at the following addresses:

http://www.allaboutcookies.org/manage-cookies/

http://www.aboutads.info/choices/

We disclaim all responsibility for any loss of service functionality or content quality on our websites in cases where the user selects cookie settings other than the default settings.

11.3. Which cookies do we use?

Strictly necessary cookies

These cookies are essential for the functioning of the site, as they enable basic functionalities such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Statistical cookies

Statistical cookies help us understand how visitors use our website, which allows us to improve and optimize it. They collect and aggregate information about website usage and then provide it to us in anonymized form.

Marketing cookies

Marketing cookies are provided by third parties and are used to analyze visitor behavior both on our website and on others. The purpose of marketing cookies is to display advertisements that are relevant to website visitors.

Unclassified cookies are those that are still in the process of being classified by us and the providers of individual cookies.

12. Yettel Contact Information

Yettel d.o.o. Belgrade (registration number 20147229), with its principal office in Belgrade (Omladinskih brigada 90), is the controller of personal data processed and referred to in this Privacy Notice.

If you have any questions and requests regarding the processing of personal data, please contact our Personal Data Protection Officer at dpo@yettel.rs.

13. Entry into force and updating of this privacy notice

This Privacy Notice for the use of the “Yettel Green Trails” application enters into force on 01.01.2023, and from that moment previous versions of the Notice shall cease to be valid.