Privacy policy

1. General ProvisionsThis Personal Data Processing Policy has been prepared in accordance with the requirements of the Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018) (hereinafter referred to as the Law on Personal Data) and defines the procedure for processing personal data, as well as the measures taken by Trust RDP (hereinafter referred to as the Operator) to ensure the security of personal data.
1.1. The Operator’s primary goal and condition for conducting its activities is to respect human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family confidentiality.
1.2. This Policy regarding the processing of personal data (hereinafter — the Policy) applies to all information that the Operator may receive about visitors of the website https://trustrdp.online/.
2. Basic Terms Used in the Policy2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except when processing is required to clarify personal data).
2.3. Website — a collection of graphic and informational materials, as well as software and databases, ensuring their accessibility on the Internet at https://trustrdp.online/.
2.4. Personal data information system — a set of personal data contained in databases, as well as information technologies and technical means used for their processing.
2.5. Anonymization of personal data — actions that make it impossible, without the use of additional information, to determine the ownership of personal data to a specific User or other data subject.
2.6. Processing of personal data — any action (operation) or set of actions performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
2.7. Operator — a state or municipal authority, legal entity, or natural person who, independently or jointly with others, organizes and/or carries out the processing of personal data, and determines the purposes of such processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data — any information that relates directly or indirectly to a specific or identifiable User of the website https://trustrdp.online/.
2.9. Personal data permitted by the data subject for distribution — personal data made publicly available by the data subject through consent, granted in accordance with the Law on Personal Data (hereinafter referred to as publicly available personal data).
2.10. User — any visitor to the website https://trustrdp.online/.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a defined circle of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite number of persons (transfer) or making them publicly available, including publication in the media, posting online, or otherwise granting access.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state, to a foreign authority, individual, or legal entity.
2.14. Destruction of personal data — any actions that result in the irreversible destruction of personal data, making it impossible to restore their content, and/or the destruction of their physical carriers.
3. Main Rights and Obligations of the Operator3.1. The Operator has the right to:

Receive from the data subject accurate information and/or documents containing personal data;
Continue processing personal data without the consent of the data subject in cases provided for by the Law on Personal Data, including where consent has been withdrawn or where a request to cease processing has been submitted;
Independently determine the composition and scope of measures necessary and sufficient to ensure compliance with the Law on Personal Data and other applicable regulations, unless otherwise provided by law.

3.2. The Operator is obliged to:

Provide the data subject, upon request, with information regarding the processing of their personal data;
Organize the processing of personal data in accordance with the current legislation of the Republic of Serbia;
Respond to requests and inquiries from data subjects and their legal representatives as required by the Law on Personal Data;
Provide the authorized personal data protection body, upon request, with necessary information within 10 days of receiving such a request;
Publish or otherwise make publicly available this Policy on personal data processing;
Take legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution, and other unlawful actions;
Cease the transfer (distribution, provision, access), processing, and destroy personal data in cases prescribed by the Law on Personal Data;
Fulfill other obligations established by the Law on Personal Data.

4. Main Rights and Obligations of Data Subjects4.1. Data subjects have the right to:

Receive information regarding the processing of their personal data, except in cases established by the laws of the Republic. Such information is provided by the Operator in an accessible form and must not contain personal data of other individuals, except as required by law. The list of information and the procedure for obtaining it are determined by the Law on Personal Data;
Request that the Operator clarify, block, or destroy their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing, as well as take measures provided by law to protect their rights;
Require prior consent for the processing of personal data for marketing or promotional purposes;
Withdraw consent for personal data processing or demand cessation of such processing;
Appeal to the authorized personal data protection authority or to a court regarding unlawful actions or inaction of the Operator in relation to their personal data;
Exercise other rights provided by the legislation of the Republic of Serbia.

4.2. Data subjects are obliged to:

Provide the Operator with accurate information about themselves;
Notify the Operator of any updates or changes to their personal data.

**4.3. Persons who provide the Operator with false information about themselves or about another data subject without their consent bear responsibility as provided by law.
5. Principles of Personal Data Processing5.1. Personal data is processed on a lawful and fair basis.
5.2. Personal data processing is limited to achieving specific, predetermined, and legitimate purposes. Processing that is incompatible with the original purposes of collection is prohibited.
5.3. The combination of databases containing personal data that are processed for incompatible purposes is not permitted.
5.4. Only personal data that meets the purposes of its processing shall be processed.
5.5. The content and scope of processed personal data shall correspond to the declared purposes. Excessive data processing in relation to the stated purposes is prohibited.
5.6. Accuracy, sufficiency, and relevance of personal data shall be ensured relative to processing purposes. The Operator shall take necessary measures to delete or clarify incomplete or inaccurate data.
5.7. Personal data shall be stored in a form that allows the identification of the data subject no longer than required by the purposes of processing, unless otherwise established by law or contract. Processed personal data shall be destroyed or anonymized upon achievement of processing purposes or when such purposes are no longer necessary, unless otherwise provided by law.

Purpose of Processing
Informing the User by sending electronic mail.
Personal Data
Telegram username.
Legal Basis
Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018)
Types of Personal Data Processing
Collection, recording, systematization, accumulation, storage, destruction, and anonymization of personal data.

7. Conditions for Personal Data Processing7.1. Personal data is processed with the consent of the data subject for the processing of their personal data.
7.2. Personal data processing is necessary to achieve the purposes established by an international treaty of the Republic of Serbia or by law, for the fulfillment of the operator’s statutory functions, powers, and duties.
7.3. Personal data processing is necessary for the administration of justice, execution of a court judgment, or an act of another authority or official subject to enforcement under the legislation of the Republic of Serbia on enforcement proceedings.
7.4. Personal data processing is necessary for the performance of a contract to which the data subject is a party, beneficiary, or guarantor, or for entering into a contract at the initiative of the data subject or a contract under which the data subject will be a beneficiary or guarantor.
7.5. Personal data processing is necessary for the realization of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant objectives, provided that this does not violate the rights and freedoms of the data subject.
7.6. Processing of personal data is carried out for data made publicly available by the data subject or at their request (“publicly available personal data”).
7.7. Processing of personal data is carried out for data subject to publication or mandatory disclosure under the laws of the Republic.
8. Procedure for the Collection, Storage, Transfer, and Other Types of Personal Data ProcessingThe security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary for full compliance with the current legislation on personal data protection.
8.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access.
8.2. The User’s personal data will never, under any circumstances, be transferred to third parties, except as required by applicable law or upon the data subject’s consent for the performance of a civil-law contract.
8.3. In case of inaccuracies in personal data, the User may independently update them by sending a notification to the Operator’s email: info@trustrdp.io, with the subject line “Personal Data Update.”
8.4. The duration of personal data processing is determined by the achievement of the purposes for which the data were collected unless otherwise provided by contract or applicable law.
The User may at any time withdraw their consent for personal data processing by notifying the Operator via email at info@trustrdp.io with the subject line “Withdrawal of Consent for Personal Data Processing.”
8.5. Any information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by such entities in accordance with their respective User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties, including the service providers mentioned herein.
8.6. Any restrictions imposed by the data subject on the transfer, processing, or conditions of processing of personal data permitted for distribution do not apply in cases of processing carried out in the state, public, or other socially significant interests defined by the laws of the Republic of Serbia.
8.7. The Operator ensures the confidentiality of personal data during processing.
8.8. The Operator stores personal data in a form that allows the identification of the data subject for no longer than necessary for the purposes of processing, unless a longer storage period is required by law, contract, or other binding legal act.
8.9. Processing of personal data is terminated upon achievement of processing objectives, expiration of consent validity, withdrawal of consent by the data subject, or identification of unlawful processing.
9. Actions Performed by the Operator with Collected Personal Data9.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
9.2. The Operator performs automated processing of personal data, including transmission and/or receipt of such data through information and telecommunication networks or without such transmission.
10. Cross-Border Transfer of Personal Data10.1. Prior to carrying out cross-border data transfer, the Operator shall notify the competent authority for personal data protection of its intention to do so (such notification is separate from the notification of intent to process personal data).
10.2. Before submitting the aforementioned notification, the Operator must obtain the necessary information from the authorities, foreign natural or legal persons to whom personal data are intended to be transferred.
11. Confidentiality of Personal DataThe Operator and any other persons who have gained access to personal data are obliged not to disclose or distribute such data to third parties without the consent of the data subject, unless otherwise required by the laws of the Republic.
12. Final Provisions12.1. The User may obtain any clarification on issues related to the processing of their personal data by contacting the Operator via email at info@trustrdp.io.
12.2. Any changes to this Policy will be reflected in this document. The Policy remains valid indefinitely until replaced by a new version.дресу https://trustrdp.online/policy_eng.
12.3. The current version of this Policy is publicly available on the Internet at https://trustrdp.online/policy_eng.