Privacy policy
Privacy notice
The public company "Skijališta Srbije" undertakes to protect the privacy of users of the company's services. We only collect user data necessary to provide the service or information, in accordance with good business practices and our quality policy. All user data are strictly stored and is available only to employees who need access to perform their work. All employees of the Public Enterprise "Skijališta Srbije" are responsible to obey the principles of privacy protection. JP Ski Resorts of Serbia is the controller of personal data, in the sense of the Personal Data Protection Law.
What information do we collect and how?
When you interact with us, whether you use our website, a point of sale, webshop or otherwise communicate, we may collect certain information about you. You may, for example, give us information about yourself if you: create an account on our website, place an order, fill out any form (such as application forms, contests and surveys), opt-in to receive news, or correspond with us (via e-mail, phone, chat, social networks or in some other way). The information provided, may include your name, address, phone number, email address, date of birth, gender, purchase information, photos. We also receive information about you from our partners, who are contracted to provide the services available to you (vendor of the ski ticket sales system, payment processor, bank, rescue service). We rely on carefully selected partners who process your personal data, only to extent necessary to provide their services. The relationship between JP Ski Resorts of Serbia, as a personal data controller, with those companies, which represent personal data processors, is governed by contracts, as prescribed by the Personal Data Protection Act. Based on the Law and the contract, the processing of personal data by the processor is allowed only in the manner and for the duration determined by the controller.
Every time you visit a website, certain data can be created on your device for further use - so-called cookies. These small text files can help you improve your experience and make it easier to interact with the website. This may include saving your location or language settings, so that you do not have to re-enter information on your next visit, or to ensure that items you have added to your basket do not disappear as you move between pages on our site. By clicking the Cookie settings link (at the bottom of the page), you can see which cookies we use and change your settings.
For what purpose do you use my data?
We use your data to provide you with services and provide access to our website and webshop, including enabling ordering, administering your account and optimizing your experience. We can also use the information for advertising purposes, only if you have given your consent. If you have chosen to receive advertising materials and notifications, we and our partners will use your personal data (including your name, e-mail and address) to periodically send you updates, news and offers, via e-mail, telephone, sms message or mail. We may use your information to tailor these messages to you. If you have chosen to receive notifications, news, offers, you will have the option to change that decision at any time.
Who do you share my data with?
JP Ski Resorts of Serbia does not share user data with third parties. Third parties do not include data processors with whom JP Ski Resorts of Serbia, as a personal data controller, has a contract.
Third Parties Websites
Our website may contain links to the websites of our partners and brands, advertisement and affiliated companies. If you follow a link to any of these websites, please note that this Privacy Policy does not apply to them. We are not responsible for the Privacy Policy of those websites, so please check it before submitting any personal information to them.
Security
The protection of your personal data is very important to us. We take a number of reasonable steps to try to protect the personal information you provide, including:
- Using Transport Layer Security (TLS) to encrypt the data you exchange with our site.
- Requirement that you set a unique username and password to access your account.
- Not keeping your credit or debit card information that would allow any third party to make transactions using that credit or debit card (such as your CVV number).
- When entering payment card data, confidential information is transmitted via a public network in an encrypted form, using the most modern methods of tokenization of sensitive data, and in accordance with PCI-DSS standards. The payment card information is not available to the merchant at any moment. 3D Secure protection for all merchants and customers - AllSecure Payment Gateway uses the highest global standards of data protection and privacy. All merchants using the AllSecure Payment Gateway are automatically included in the 3D-Secure protection, guaranteeing customers the security of their purchases. Customers' payment card numbers are not stored on the merchant's system, and the registration itself is protected by data encryption. The entire payment process is compliant with the PCI-DSS standard, which defines the necessary security measures for the processing, storage and transmission of sensitive card data. Sensitive data about the cardholder is protected during the entire payment process: from the moment of data entry on the merchant's online store, during communications between the merchant and relevant banks and card organizations, as well as subsequent storage of such data.
How long will you use my data?
We retain the data you provide us for as long as you may have claims in connection with our services, but no more than four years. In some circumstances, you may ask us to delete your data as set out below. After you stop using our services, we may store your information in an aggregated and anonymous format.
The right to: withdraw consent, access data, make a correction and make a compliant
We hereby inform you that you have the right to revoke your consent to the processing of your personal data, at any time, by sending an e-mail to the address dpo@skijalistasrbije.rs
If you revoke your consent, this will not affect the admissibility of the processing that was carried out on the basis of your consent before your withdrawal. After revoking consent, your data will be permanently destroyed or anonymized. In addition, you have the right to inspect or correct personal data, the right to object, as well as to file a complaint with the Commissioner for Information of Public Importance and Protection of Personal Data, if you believe that your rights provided by the Personal Data Protection Law have been violated. If you have any questions or concerns regarding this Privacy Policy, please contact us at dpo@skijalistasrbije.rs
Privacy policy update
Any changes we make in the future to this Privacy Policy will be posted on this page and/or we will send a notification via e-mail as needed.