Privacy Policy
This Privacy Policy explains in a clear and transparent way what personal data we collect, why we do it, and how we use and protect it. Our goal is to provide you with complete control over your data and to fully comply with the Law on Personal Data Protection of the Republic of Serbia ("Official Gazette of RS", No. 87/2018 – hereinafter “the Law”).
Who we are and how to contact us
We are SYMALLOR DOO BEOGRAD, with a registered seat at Ljutice Bogdana 34, Registration No. 21858412, TIN 113390211. In terms of the Law, we are the controller of your personal data.
If you have any questions about your data or wish to exercise any of your rights, please feel free to contact us. Our team is here to help you.
- Email: info.hr@symallor.rs
- Address: Ljutice Bogdana 34, 11000 Belgrade, Republic of Serbia, with the note “For the Data Protection Officer”
Our data processing principles
Our entire operation is based on the fundamental data protection principles prescribed by the Law. This means we always adhere to the following:
- Lawfulness, fairness, and transparency: We process your data exclusively in accordance with the law, in a fair manner, and with full transparency towards you.
- Purpose limitation: We collect data only for the specific and legitimate purpose that we have clearly presented to you, and we do not process it for any other reason.
- Data minimization: We collect and process only the amount of data that is necessary to fulfill the purpose. Nothing more.
- Accuracy: We strive to ensure your data is always accurate and up-to-date.
- Storage limitation: We keep your data only for as long as is necessary for the purpose for which it was collected, or as required by law.
- Integrity and confidentiality: We apply strict security measures to protect your data from unauthorized access and misuse.
- Accountability: We are responsible for complying with all these principles and can demonstrate our compliance at any time.
Whose data do we process?
This policy applies to all individuals we come into contact with in the course of our business:
- Candidates: Individuals who apply for jobs, are in our candidate database, or participate in selection processes for our clients.
- Representatives of Clients and Business Partners: Employees of companies that use our recruitment or business consulting services.
- Visitors to Our Website: Anyone who visits our website at www.symallor.rs
How and why do we process your data? (Purpose and legal basis)
To be completely transparent, we have detailed every data processing activity in the tables below.
| Purpose of processing (What we do?) | Personal data we use | Legal basis for processing (Why we are allowed to do this?) |
|---|---|---|
| Providing recruitment and selection services (connecting with employers, skill assessment). | Name and surname, contact details (email, phone), CV (work experience, education, skills), cover letter, interview notes, test results. | Performance of a contract (when you apply for a specific ad or accept our job-seeking terms) and your Consent (for storage in our database for future opportunities). |
| Sending your application to a specific employer. | Your CV and relevant data for that position. | Your explicit Consent, which we request for each individual submission of your application to an employer. |
| Storing your profile in our candidate database for future job opportunities. | All data from your CV and profile. | Your Consent. You can withdraw your consent and request deletion at any time. |
| Sending notifications about new job opportunities that match your profile. | Email address, your job preferences. | Your Consent. |
| Verifying references (contacting previous employers). | Your name and previous employment details. | Your Consent to contact the individuals you have listed as references. |
For REPRESENTATIVES OF CLIENTS AND BUSINESS PARTNERS
| Purpose of processing (What we do?) | Personal data we use | Legal basis for processing (Why we are allowed to do this?) |
|---|---|---|
| Managing the business relationship (communication, sending offers, meetings, contracting). | Name and surname, business email, business phone, position in the company. | Performance of a contract with the company you represent and our Legitimate interest to communicate effectively with clients. |
| Providing business consulting services. | Data of our client's employees provided to us by the client for the project (e.g., HR audit, performance analysis). In this case, we are the processor of the data on behalf of the client. | Performance of a contract with the client. |
| Invoicing and financial administration. | Data required for invoicing. | Compliance with legal obligations (Law on Accounting). |
| Sending business news and information about our services (B2B marketing). | Business email. | Our Legitimate interest to inform existing clients about relevant services. You always have the option to unsubscribe. |
For VISITORS TO OUR WEBSITE
| Purpose of processing (What we do?) | Personal data we use | Legal basis for processing (Why we are allowed to do this?) |
|---|---|---|
| Ensuring the website functions correctly and securely. | Technical data (IP address, browser type, device information). | Our Legitimate interest to maintain a secure and functional website for our users. |
| Analyzing website usage to improve our services. | Aggregated usage data (pages visited, time on site), cookie data. | Your Consent, which you provide through our cookie consent banner for all non-essential cookies. |
| Managing your cookie preferences. | Data about your consent choices (e.g., which cookie categories you accepted). | Compliance with legal obligations to record user consent preferences. |
Who do we share your data with?
We store your data securely and do not share it with anyone unless it is necessary. We may share data exclusively with the following categories of recipients:
- Clients (Potential Employers): We share your CV and profile with companies looking for candidates, but only with your prior consent for each specific position.
- IT Service Providers: Companies that provide us with technical support, such as hosting providers or suppliers of applicant tracking systems (ATS). They are contractually obligated to keep your data secure and use it only on our instructions.
- External Associates: Such as psychologists for professional assessment or reference check agencies, but only if you have consented to participate in such assessments.
- State Authorities: We share data with competent authorities (e.g., Tax Administration, courts) only when we are legally obligated to do so.
Data transfers to other countries
We primarily store all your data on servers located in the Republic of Serbia or in European Union countries, which provide an adequate level of data protection.
If it is necessary to transfer data outside of Serbia and the EU for the purpose of providing a service (e.g., if the client is a US company), we will do so only by applying appropriate safeguards, such as Standard Contractual Clauses approved by the competent authorities, and we will inform you transparently about it.
How long do we keep your data?
We keep your data only for as long as is necessary for the purpose for which it was collected, or as required by law.
- Candidate Data: If you have given us consent to keep you in our database, we will store your data for 2 years from our last contact with you. Before this period expires, we will contact you to ask if you wish to extend your consent. If you are employed through our agency, we will keep certain data for longer, in accordance with labor regulations.
- Client Data: We keep it for the duration of the business relationship and thereafter, in accordance with legal obligations.
Your rights regarding personal data
You have full control over your data. Your rights are:
- Right of access: You can request information about whether we process your data and receive a copy of that data.
- Right to rectification: If your data is inaccurate or incomplete, you have the right to request its correction.
- Right to erasure ("right to be forgotten"): You can request that we delete your data if it is no longer needed, if you withdraw your consent, or if it has been unlawfully processed.
- Right to restriction of processing: You can request that we temporarily stop processing your data.
- Right to data portability: You have the right to receive your data in a machine-readable format and transfer it to another controller.
- Right to object: You can object to processing that is based on our legitimate interest.
- Right to withdraw consent: If the processing is based on your consent, you can withdraw it at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, simply send us an email at info.hr@symallor.rs
Security of your data
We take the security of your data very seriously. We apply modern technical and organizational security measures, including access control, encryption, and regular security audits, to protect your data from unauthorized access, loss, or destruction.
Right to complain to the Commissioner
If you believe that we are processing your data contrary to the provisions of the Law, you have the right to file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection.
Address: Bulevar kralja Aleksandra 15, 11000 Belgrade
Email: office@poverenik.rs
Changes to this Policy
We may periodically update this policy to align it with changes in our business or legal regulations. All changes will be published on this page, and the date of the last update will always be visible at the top of the document.