This Privacy notice contains important information on how and for what purposes Duomed Southeast Europe, as a data controller, collects and processes your personal data when using our website (www.duomed.com) and the services associated with it. These processing operations are always carried out by Duomed Southeast Europe as Controller, located at Jurija Gagarina 70, 11000 Belgrade (postal address: Bulevar Arsenija Čarnojevica 82/2, 11000 Belgrade) with enterprise number 105124000.
Protecting your personal data is very important to Duomed Southeast Europe. Therefore, we make every effort to ensure data protection and to comply with the provisions of the General Data Protection Regulation (GDPR) whenever we process your personal data.
In more concrete terms, Duomed Southeast Europe will always handle personal data for specific purposes in accordance with the law. We shall take the necessary steps to never request more personal data than is required for the purpose in question and furthermore not to retain such personal data for longer than is necessary. Finally, Duomed Southeast Europe implements technical and organisational measures to ensure appropriate security for the protection of personal data.
This Privacy notice was last updated on 12 January 2024. Duomed Southeast Europe reserves the right to amend this Privacy notice later. Changes will be clearly communicated in this Privacy notice.
2. Personal data
According to legislation currently in force, personal data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of personal data are the name, address, or email address, but also includes your IP address.
The processing of personal data is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
2.1 Which personal data do we process?
2.2 Why do we process your personal data?
Duomed Southeast Europe shall only use your personal data for communication in the context of a professional relationship.
2.2.1 Invoicing and administration
Duomed Southeast Europe collects invoicing and administrative information to fulfil its administrative obligations, such as charging for services provided to the customer or maintaining our statutory accounting records. Duomed Southeast Europe is required by law to retain such personal data for 5 years.
2.2.2 Recruitment and job applications
We collect data from people who apply to us, spontaneously or otherwise, in connection with recruitment. This can be done via the job section at www.duomed.com, or through LinkedIn messages, emails, or other clear actions in which an applicant indicates an interest in applying for a job.
Such personal data shall be deleted within 1 month after the application if the applicant is not recruited. If the person is hired, these data shall be included in the personnel files and shall be retained after the termination of the employment contract. If the person is not hired, but has an interesting profile, said candidate shall be kept in the pool of pre-qualified candidates for one year provided the candidate has consented to the same.
2.2.3 Requests for information
The personal data that we collect via www.duomed.com or via email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org and email@example.com are used to answer your questions appropriately and accurately.
This information is entered into our customer system so that we can offer you even better service in the future.
In order to fully process your requests for information, we store your personal data for this activity as long as you are a customer of our company. If you are not a customer of Duomed Southeast Europe, we shall delete this information six months after replying to your question.
2.2.4 In order to maintain contact with you
We believe it is very important to have good relationships and communication with all our customers. Therefore, we shall contact you to keep you informed of relevant offers/promotions and of innovation and novelties that you may find interesting.
For the processing of personal data under this activity, Duomed Southeast Europe shall use its legitimate interest. If you receive this communication from us, you may at any time notify us that you no longer wish to receive it.
2.2.5 Camera security
Duomed Southeast Europe has installed security cameras at specific locations for the protection of the physical safety of visitors and employees. These cameras do not always save the images, but in some cases only display the current image. Duomed Southeast Europe collects this data on the basis of its legitimate interest in ensuring the everyone’s safety.
The image recordings are stored for a maximum of 30 days. As may logically be expected, cameras without storage will not store images.
2.3 Do we pass your personal data on to third parties?
Duomed Southeast Europe shall not pass personal data on to other parties, which may use the same for their own purposes. Duomed Southeast Europe is part of the Duomed Group; your personal data may be shared with other members of the Duomed Group in order to ensure better service.
Duomed Southeast Europe also uses a number of processors, which means that these parties are only permitted to process your data for the purposes specified by us. Under no circumstances shall they process your personal data for their own purposes.
Duomed Southeast Europe shall take the necessary steps to process your personal data solely within Serbia, the European Union or other countries where to a transfer is possible under the Data Protection Law.
3. What rights do you have and how can you exercise them?
3.1 Access to your personal data.
You have the right to access all personal data concerning you that we process. You may also receive a copy of this data, which we shall send to you on paper or digitally. You can request this by sending an email to our DPO at firstname.lastname@example.org.
3.2 Rectification of your personal data.
You have the right to request that we rectify your personal data if they are incorrect or incomplete. You may also request that we temporarily stop using your personal data until they are rectified or completed. You can request this by sending an email to our DPO at email@example.com.
3.3 Withdrawing your consent.
You have the right to withdraw your consent at any time. You can request this by sending an email to our DPO at firstname.lastname@example.org.
3.4 Erasure of your personal data.
You have the right to request the erasure of your personal data in case they are no longer required for the purposes of this Privacy notice or if you withdraw your consent to the processing. You can request this by sending an email to our DPO at email@example.com.
Attention: We are not obliged to erase your personal data if we are required or permitted to retain them on the grounds of a legal obligation.
3.5 Data portability of your personal data.
You have the right to receive your personal data in a universally readable format such as a text file or other digital file.
3.6 Objection to the processing of your personal data.
If you feel that we are not using your personal data in an appropriate manner, you may object to such processing operations, for example where such processing is carried out for purposes relating to newsletters, marketing, or other processing operations that are not required in the context of our professional relationship. You can request this by sending an email to our DPO at firstname.lastname@example.org.
3.7 Lodging a complaint with the Poverenik
If you are not satisfied with the manner in which your personal data is processed, you may lodge a complaint with the Poverenik, please visit https://www.poverenik.rs/en/.
 Data Protection Law of 9 November 2018 (Official Gazette of the Republic of Serbia, no. 87/2018)