I.General Provisions

I.1.For PETITE GENEVE PETROVIĆ, it is a particularly important goal to protect the personal data provided by visitors of the website www.petitegeneve.com (hereinafter as: Website) which is operated by PETITE GENEVE PETROVIĆ, furthermore the customers and visitors of the business premises of PETITE GENEVE PETROVIĆ, and all Contributors who provide any kind of personal data to the Company (hereinafter: Data Subjects or DS) in the course of the business or any other relationship, during placing an order / electronic request for information / making purchase / using repair service / or just in case of personal presence at the business premises, providing the right of informational self-determination, which are provided by PETITE GENEVE PETROVIĆ as determined in this Privacy Policy (hereinafter as: Policy).

PETITE GENEVE PETROVIĆ provides luxury timepiece, jewelry and timepiece accessories purchase, maintaining and repairing services.

The headquarters of the Company are available in Budapest, Belgrade, and Montenegro.

PETITE GENEVE PETROVIĆ manages the personal data of the Data Subjects privately, in accordance with the legal requirements in force – especially the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information („Information Act”), furthermore the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (27 April 2016; hereinafter as: GDPR) – provides their security, takes all the necessary technical and organizational measures, furthermore forms those procedural rules, which are necessary to comply the relevant legal provisions and other recommendations.

I.2.This Policy summarizes those principles, which determine the daily practice of PETITE GENEVE PETROVIĆ regarding the protection of personal data, furthermore by this Policy PETITE GENEVE PETROVIĆ declares the purpose, legal base, time limitation, and the way it uses these kinds of data and how controllers ensure the trust and protection of them.

I.3.While creating this Policy, PETITE GENEVE PETROVIĆ took into consideration the relevant laws in force and the significant international recommendations, namely:

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information;
• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
• Act VI of 1998 on Convention for the Protection of Individuals with regard to Automatic. Processing of Personal Data. Strasbourg, 28 January 1981;
• Act CLV on 1997 on consumer protection;
• the recommendations and resolutions of the data protection commissioner and the relevant data protection practice
• … (applicable Law of Serbia and Montenegro)

I.4.Upon the request of the Data Subjects PETITE GENEVE PETROVIĆ is ready to provide full information on the managed personal data, the purpose, reasons and duration of processing, its activities relating to data processing, as well as the Data Subject’s rights regarding the data management.

PETITE GENEVE PETROVIĆ exclusively manages the personal data where the recording is necessary to monetize the attendance of the Website, to practice its rights and fulfill its obligations in the existing legal relationship with Data Subjects, within this framework to communicate with them, furthermore to secure business in relation to the Data Subjects.

II.The main definitions and principles regarding managing personal data

II.1.Definitions

II.1.1.Data management: shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images)

II.1.2.Disclosure by transmission: shall mean making data available to a specific third party;

II.1.3.Data manager: shall mean the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them;

II.1.4.Data subject: shall mean a natural person who has been identified by reference to specific personal data, or who can be identified, directly or indirectly

II.1.5.Personal data: shall mean any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject;

II.1.6.Data protection incident: unlawful management or process of personal data, especially unauthorized access, alteration, transmission, public disclosure, deletion or destruction, furthermore accidental deletion or damage.

II.1.7.Profiling: shall mean any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

II.1.8.Pseudonymisation: shall mean the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

II.2.Principles

II.2.1.Lawfulness, fairness and transparency

Personal data may be processed only for specified purposes, for the implementation of certain rights or obligations. The recording of personal data shall be done under the principle of lawfulness and fairness.

Personal data may be processed when the data subject has given his consent or when processing is necessary as decreed by law or by a local authority based on authorization conferred by law (hereinafter as “mandatory processing”).

II.2.2.Purpose limitation

The purpose of managing must be satisfied in all stages of data managing operations.

II.2.3.Data minimization

The personal data managed must be essential for the purpose of the data management, and it must be suitable to achieve that purpose.

II.2.4.Accuracy

The data manager shall carry out data operations in order to secure the accuracy (correctness) of the managed data.

II.2.5.Storage limitation

Personal data may be managed to the extent and for the duration necessary to achieve its purpose.

Personal data shall be erased if managed unlawfully, so requested by the data subject, incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision, the purpose of processing no longer exists or the legal time limit for storage has expired, so instructed by court order or by National Authority for Data Protection and Freedom of Information (hereinafter as: NAIH).

II.2.6.Integrity and confidentiality

Data must be protected by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.

If the Data Subjects provide personal information to PETITE GENEVE PETROVIĆ, PETITE GENEVE PETROVIĆ shall take all the necessary steps to ensure the security of these data - both at network communication (ie. online data management) and at data storage and trust (ie. offline data management).

II.2.7.Accountability

The data subject may request from the data manager i) information when his personal data is being processed, ii) the rectification of his personal data, and iii) the erasure or blocking of his personal data, excluded the mandatory processing.

II.2.8.PETITE GENEVE PETROVIĆ declares as a general principle, that in every case it requests personal information from the Data Subjects; the Data Subjects are entitled to freely decide whether or not to provide the requested information after reading and interpreting the required information text. However, it should be noted that if the Data Subject does not provide the personal information, that Data Subject will not be able to access certain services.

PETITE GENEVE PETROVIĆ respects the principles of data management and enforce them every time.

III.The legal basis of the data management

PETITE GENEVE PETROVIĆ manages the data set out at Chapter V. referring to the legal basis below.

III.1.The legal basis of the data management above:

• the voluntary consent of the concerned person (Article 6. Section (1) Point a) of GDPR),
• contractual data management (Article 6 Section (1) Point b) of GDPR)
• compliance with a legal obligation (Article 6 Section (1) Point c) of GDPR)
• the lawful interest of the Data Subject and PETITE GENEVE PETROVIĆ (Article 6. Section (1) Points f) of GDPR)

PETITE GENEVE PETROVIĆ declares that in the event of default the legal basis for data processing under Article 6 Section (1) Point b) of GDPR (contractual) is converted into the legal basis under Article 6 (1) (b) and (f) of the GDPR (lawful interest).

Detailed purposes, legal bases, time limits per each kind of data set out summarized in the “record of processing activities” as Annex 1. of this Policy.

The Data Subject gives the consent personally affirmatively by signing the Data Management Declaration / or electronically during using the Website by checking the thick box during the process of the online contact request. The Data Subject is entitled to withdraw the consent anytime and by this to request the deletion of its data or modify the data concerned by the consent. In case of pending order, the withdrawal of the consent is considered the cancellation of the order, which fact is severally communicated to Data Subjects by PETITE GENEVE PETROVIĆ by the request of deletion / to be forgotten as according to Article 6. Section (1) Point f) of GDPR PETITE GENEVE PETROVIĆ is entitled to manage the data of Data Subject until parties do not restore the original state. According the Article 7. Section (3) and Article 13 Section (2) Point c) of GDPR the withdrawal of the consent does not affect the legality of the prior data management.

III.2.PETITE GENEVE PETROVIĆ manages the personal data of Data Subject set out in Point V.5 (image recording) for purposes in connection with security of property, security of assets, prevention and detection, investigation crimes in accordance with the Article 6 Section (1) Point f) of GDPR with the proportional limitation of the right to protect personal data in order to enforcing the legitimate interests of PETITE GENEVE PETROVIĆ and third party.

IV.The purpose of the data management

PETITE GENEVE PETROVIĆ manages the data set out in Chapter V. in order to enforce the below purposes:

IV.1. Detailed purposes, legal bases, time limits per each kind of data set out summarized in the “record of processing activities” as Annex 1. of this Policy.

These purposes are:

• Property security, security of assets, crime prevention and detection of crimes (Image, video captured by CCTV);
• Processing data regarding visiting the Website – see detailed cookie information on the Website;
• Processing of data of Customers (purchasers, people placing orders, using any services of PETITE GENEVE PETROVIĆ);
• Data processing necessary for tax and accountancy purposes, also for customer identification required by law;
• Data management regarding Customer Database.

IV.2. In every case where PETITE GENEVE PETROVIĆ intends to use the provided personal data for other purposes that the original purpose of the recording informs the Data Subject and receives its prior direct consent; furthermore provide possibility to prohibit the use.

V.The subject of the data management

V.1.Detailed purposes, legal bases, time limits per each kind of data set out summarized in the “record of processing activities” as Annex 1. of this Policy.

These legal bases are:

• Data subject has given consent [GDPR Article 6. subsection (1) point a)];
• Necessary for the performance of a contract [GDPR Article 6. subsection (1) point b)]; Compliance with a legal obligation [GDPR Article 6. subsection (1) point c)];
• The legitimate interests pursued by the controller or by a third party [GDPR Article 6. subsection (1) point f)].

PETITE GENEVE PETROVIĆ collects data directly from the Data Subject, or from public online interfaces published by the data subject.

V.2.Providing the personal data is based on legal provisions and contractual obligation, and some of that are the prior condition of concluding the agreement in subject to the service. The Data Subject shall providing these personal data if intends to use any service of PETITE GENEVE PETROVIĆ.

PETITE GENEVE PETROVIĆ always indicates what data providing is inevitable for the services.

V.3.PETITE GENEVE PETROVIĆ does not collect sensitive data under any circumstances, which refers to personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs, health, pathological addictions, or criminal record.

V.4.The personal and other data provided by Data Subjects to PETITE GENEVE PETROVIĆ, is not completed or linked to data or information from other sources by PETITE GENEVE PETROVIĆ.

V.5.PETITE GENEVE PETROVIĆ performs camera recording the business premises for security, crime detection, investigation and crime prevention purposes, which is stored for up to 3 days. Regarding the fact of the image recording the Data Subject is warned by PETITE GENEVE PETROVIĆ by a sign placed at visible place in the business premises. Data Subject consents to the recording ofthe image by entering to the business premises or by signing the Data Management Declaration. The legal basis of the data management is Section (1) Points f) of GDPR.

V.6.PETITE GENEVE PETROVIĆ records the data of Data Subject in order to respond inquiries in subject of data protection and complaint management set out in Point XI.1. and keeping minutes. By taking the inquiry and the complaint Data Subject acknowledges consents to the data management.

V.7.PETITE GENEVE PETROVIĆ makes copy of the Data Subject personal ID documents in order to perform orders or services in accordance with the provisions of Act LIII of 2017 on Preventing and Impending of Money Laundering and Terrorism Financing, furthermore in order to perform orders and identify Data Subjects makes copy, for which Data Subject consents by taking the order.

VI.The duration of the data management

VI.1.The duration of the data management:

5 years following the achievement of the purpose of the data management (performing the service, settling the invoice) or to date determined by law.

The billing information (name, billing address) are retained for 8 years following the issue of the invoice according to the 169. § (2) of Accounting Act.

Regarding the image recordings at PETITE GENEVE PETROVIĆ’s business premises in accordance with the Point V.5., the duration of the data management is 3 days. If the storage of the recordings is not necessary during this period, the recordings will be automatically deleted at the end of the 3. working day. If justified, PETITE GENEVE PETROVIĆ (if it becomes aware of the content can be used as evidence in official proceeding) manages the image capture until the achievement of the purpose (pending final decision).

The duration of the data management regarding the inquiries in subject to data protection and consumer complaints is 5 years following the achievement of the purpose of the data management or to date determined by law.

The duration of the data management regarding the personal ID document copies set out in Point V.7. is 8 years in case if the copy is based on mandatory know your client procedure. In case of the purpose of the copy is to differ the Data Subjects 5 years.

The duration of the data management regarding the inquiries in subject to data protection and consumer complaints 5 years following the achievement of the purpose of the data management or to date determined by law.

The duration of the data management regarding the data managed in order to keeping contact without any contractual relationship is until the withdrawn the Data Subject’s consent, but at latest 5 years from the last contact.

VI.2.Data Subject is entitled to withdraw the consent to the data management and to request the deletion of the data concerned by the data management or to modify the data. In case of pending order, the withdrawn of the consent to data management is considered as cancellation which fact is brought to Data Subjects attention by PETITE GENEVE PETROVIĆ as according to Article 6. Section (1) Point f) of GDPR PETITE GENEVE PETROVIĆ is entitled to manage the data of Data Subject until parties do not restore the original state in accordance with the cancellation. According to the Article 7. Section (3) and Article 13 Section (2) Point c) of GDPR the withdrawal of the consent does not affect the legality of the prior data management.

VI.3.Where personal data is recorded under the Data Subject’s consent, PETITE GENEVE PETROVIĆ shall - unless otherwise provided for by law - be able to process the data recorded where this is necessary:

1. for compliance with a legal obligation pertaining to PETITE GENEVE PETROVIĆ, or
2. for the purposes of legitimate interests pursued by PETITE GENEVE PETROVIĆ or by a third party (if enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data)

without the data subject’s further consent, or after the data subject having withdrawn his consent.

VII.Exercising the rights of the data subject

VII.1.In case if any Data Subject make a request to PETITE GENEVE PETROVIĆ regarding his or her personal data, generally PETITE GENEVE PETROVIĆ performs this without any delays, but no later than 25 days from the date of the request.

VII.2.The request on deletion / to be forgotten can be filed in electronic way through the e-mail address or in paper format posted to the registered office of PETITE GENEVE PETROVIĆ, furthermore verbally at on phone or at the business premises. The verbally communicated request on deletion / to be forgotten shall be confirmed by PETITE GENEVE PETROVIĆ in written form.

In case of request on deletion (withdraw of consent to data management) the data managed by PETITE GENEVE PETROVIĆ cannot be managed from the date of the receiving of the request.

In case of request to be forgotten PETITE GENEVE PETROVIĆ shall delete from the registry all the links with the lawfully managed data prior to the receiving of the request.

VII.3.In case if the managed data was changed, the Data Subject is entitled to request the medication it in the database. The request on modification can be filed in in electronic way through the e-mail address or in paper format posted to the registered office of PETITE GENEVE PETROVIĆ, furthermore verbally at on phone or at the business premises. The verbally communicated request on saving shall be confirmed by PETITE GENEVE PETROVIĆ in written form.

VII.4.Personal data shall be blocked instead of deletion by PETITE GENEVE PETROVIĆ if so requested by the Data Subject, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the Data Subject. Blocked data shall be processed only for the purpose which prevented their erasure. Restricted data may be handled only with the consent of the Data Subject or the submission, validation or protection of legal claims, or the protection of other rights of a natural or legal person, or in the public interest (Right to Restriction of Data Management).

VII.5.If PETITE GENEVE PETROVIĆ refuses to comply with the Data Subject’s request for rectification, blocking or deletion, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based shall be communicated in writing within 25 days of receipt of the request. Where rectification, blocking or erasure is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the authority.

VII.6.The Data Subject shall have the right to object to managing of the related data:

1. if processing or disclosure is carried out solely for the purpose of discharging PETITE GENEVE PETROVIĆ’s legal obligation or for enforcing the rights and legitimate interests of the controller, the recipient or a third party, unless processing is mandatory;
2. if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and
3. in all other cases prescribed by law.

In the event of a Data Subject's objection, PETITE GENEVE PETROVIĆ shall not be entitled to further data management unless it proves that data management is justified by compelling legitimate reasons that prevail over the interests and rights of the Data Subject or are related to the submission, validation or protection of legal claims.

Regarding the data managed on the legal basis of Article 6. Paragraph (1) Points f) (lawful interest) instead of request of deletion / to be forgotten Data Subject is entitled to object to the managing of its data.

In the event of objection, PETITE GENEVE PETROVIĆ shall investigate the cause of objection within the shortest possible time inside a 15 days period, adopt a decision as to merits and shall notify the Data Subject in writing of its decision.

VII.7.Data Subjects are entitled to request for information regarding the management of their personal data. The request for information can be filed in electronic way through the e-mail address or in paper format posted to the registered office of PETITE GENEVE PETROVIĆ, furthermore verbally at on phone or at the business premises. The verbally communicated request on deletion / to be forgotten shall be confirmed by PETITE GENEVE PETROVIĆ in written form.

Upon the Data Subject’s request PETITE GENEVE PETROVIĆ shall provide information concerning the data relating to the Data Subject, the sources from where they were obtained, the purpose, grounds and duration of the management, the name and address of the recipients and on every activities regarding the data management.

PETITE GENEVE PETROVIĆ shall comply with requests for information and provide the information requested in an intelligible form within the shortest possible time but at latest in 25 days, in writing at the Data Subject’s request.

The information of the concerned person shall be provided free of charge for any category of data once a year. Additional information concerning the same category of data may be subject to a charge. The amount of such charge may be fixed in an agreement between the parties. Where any payment is made in connection with data that was processed unlawfully, or the request led to rectification, it shall be refunded.

PETITE GENEVE PETROVIĆ may refuse to provide information to the data subject in the cases defined by Information Act. Where information is refused, PETITE GENEVE PETROVIĆ shall inform the Data Subject in writing as to the legal provision serving grounds for refusal. Where information is refused, PETITE GENEVE PETROVIĆ shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the National Authority for Data Protection and Freedom of Information. PETITE GENEVE PETROVIĆ shall notify the Authority of refused requests once a year, by 31 January of the following year.

VII.8.Data portability

According to 20. § of GDPR the Data Subject shall have the right to receive the provided data concerning Data Subject in a structured, commonly used and machine-readable format and have the right to transmit those data to another data manager.

In exercising his or her right to data portability pursuant to paragraph above, the Data Subject shall have the right to have the personal data transmitted to another data manager, where technically feasible.

The request on data portability can be filed in electronic way through the e-mail address or in paper format posted to the registered office of PETITE GENEVE PETROVIĆ, furthermore verbally at on phone or at the business premises. The verbally communicated request on deletion / to be forgotten shall be confirmed by PETITE GENEVE PETROVIĆ in written form.

If PETITE GENEVE PETROVIĆ refuses to comply with the Data Subjects’s request on data portability, the factual or legal reasons of the refusal shall be communicated by PETITE GENEVE PETROVIĆ in writing within 25 days of receipt of the request. Where the request on data portability is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the authority.

Regarding the data managed on the legal basis of Article 6. Paragraph (1) Points d) and f) (lawful interest) Data Subject is not entitled to the data portability.

VIII.Additional provisions on the camera system operating in the business premises

VIII.1.PETITE GENEVE PETROVIĆ applies the image recording set out at Point V.5. at the business premises under 1061 Budapest, Andrássy út 10. (Hungary), Uskočka 7, 11000 Beograd, (Srbija), and Hotel Regent, Obala BB, Porto Montenegro, 85320 Tivat, (Montenegro).

VIII.2.PETITE GENEVE PETROVIĆ on the area of the business premises in order of the surveillance of the presence within the premises in order to fulfill the goals and interests set out in Points III.3. and IV.1., operates an electronic surveillance system which does not record any sounds.

The boutiques are located in tourist-centric, busy locations that are notorious for the presence of luxury service providers selling exclusive products. As a result, the areas concerned are a frequent target of violent crime against property or people.

The data controllers deem it necessary to carry out camera surveillance in order to protect its following legitimate interests:

Personal security;
The protection of persons working at or visiting the controller's boutique, as well as their personal data (data contained on computers or in paper form, located at the controller's offices).

Property security;
The protection of property where the controller's boutique situated.

Security of assets;
The protection of assets held for selling, owned or used by the controller or by persons at the controller's head office, as well as trade secrets (trade secrets contained in online or paper documents at the boutique).

Crime prevention and detection of crimes.
In case of suspected offences, the controller should be able to provide evidence to the competent authorities.

The aim is to detect infringements, to catch the perpetrators in the act, to prevent these infringements and, if necessary, to use them as evidence in judicial or other official proceedings.

VIII.3.In order to inform the Data Subjects concerned, on the business premises and nearby the business premises for the persons who intend to enter to a PETITE GENEVE PETROVIĆ boutique, shall place information and alert notice on the operation of the camera system in a visible place.

The exact places of the cameras, and the territory of the recording are detailed in the floor plans of the premises, as Annex 2-4. of this Policy.

PETITE GENEVE PETROVIĆ declares that never records public areas. The security of these nearby public areas is provided by guards.

VIII.4.Reviewing and saving the recorded images can be performed exclusively in order to detect, prove of the violations furthermore to take the necessary measures against the violations. From the reviewing of the images and from the saving of the images documentation is made which records purpose and date of the review and the saving, the data of the acting person, furthermore every necessary or taken measure. The images can be reviewed in the course of occasionally test of the system’s operation, from which PETITE GENEVE PETROVIĆ takes minutes.

VIII.5.Anyone whose right or legitimate interest is being concerned by the image in 3 days from the capturing of the image by suggesting the concerned right or legitimate interest is entitled to request PETITE GENEVE PETROVIĆ to not to destroy or delete the image (request on saving).

The request on saving can be filed in electronic way through the e-mail address or in paper format posted to the registered office of PETITE GENEVE PETROVIĆ, furthermore verbally at on phone or at the business premises. The verbally communicated request on saving shall be confirmed by PETITE GENEVE PETROVIĆ in written form.

IX.Data storage, processing

IX.1.Data storage

PETITE GENEVE PETROVIĆ stores the managed data online physical server, and/or in a well-separated, lockable place, on paper form.

IX.2.Data processing

PETITE GENEVE PETROVIĆ uses data processors providing their services with appropriate confidentiality and data processing obligations:

IT services
Uros Sosevic (Dr Ivana Ribara 180, 11070 Belgrade, Serbia
email: u.sosevic@petitegeneve.com)
External consultant

Software houses
Acebears d.o.o. (Bulevar Vojvode Mišića 3, Belgrade, Serbia, email: mail@acebears.com)

Software houses do not do any recurrent data management process (i.e. data entry, manual reporting, data analysis) but they can perform one-off operations (like importing data, disambiguation, duplicate research and fix, data integrity check, etc.) that involves accessing the data base.

Security services
Criterion + DBS in Hungary
DBS in Serbia
DBS in Montenegro

PETITE GENEVE PETROVIĆ uses data processors providing their services with appropriate confidentiality and data processing obligations.

IX.3.Safeguards provided by PETITE GENEVE PETROVIĆ

PETITE GENEVE PETROVIĆ undertakes an unconditional and irrevocable obligation to ensure the protection of the personal data of the Data Subject. PETITE GENEVE PETROVIĆ is responsible for ensuring the compliance of the partners involved in the further controlling and processing of personal data, thereby ensuring the required protection of personal data.

The processors and the recipients of the data transferred to a third country have committed themselves in a specific agreement on the protection of personal data concluded with PETITE GENEVE PETROVIĆ to take measures in order to ensure a level of protection in accordance with the data protection legislation in force in the EU. Such contracts provide the necessary possibilities and means to PETITE GENEVE PETROVIĆ to enforce the proper protection of personal data, giving the Data Subject proper guarantee to protect and exercise their rights.

PETITE GENEVE PETROVIĆ shall be responsible to present the agreements and their modifications provided for in this section to the Hungarian National Authority for Data Protection and Freedom of Information or to the respective competent supervisory authority for authorization according to the Article 46 (3) of the GDPR.

X.Data security measures, Data Protection Officer

X.1.Data security measures

Regarding the managing and storing of personal data provided by Data Subjects, PETITE GENEVE PETROVIĆ shall act with utmost care. In the field of IT security, PETITE GENEVE PETROVIĆ uses the most effective, most modern tools and procedures reasonably available.

PETITE GENEVE PETROVIĆ plans and implements data management operations to protect the privacy of the affected Data Subjects. PETITE GENEVE PETROVIĆ ensures the security of the data, and takes the technical and organizational measures and established the procedural rules to enforce the provisions of Information Act and other privacy and data protection rules.

PETITE GENEVE PETROVIĆ shall protect the data against by suitable measures against especially any unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction or damage, furthermore the unavailability originated from the change of the technology used.

PETITE GENEVE PETROVIĆ in order to protect electronically managed data in several registries ensures by means of an appropriate technical solution that the data stored in the registry cannot be directly linked and assigned to the concerned Data Subject unless this is permitted by law.

PETITE GENEVE PETROVIĆ has chosen the IT tools used to personal data management at providing the service and operates them in order to the managed data

1. is available to the entitled persons (availability);
2. authenticity and certification is provided (authenticity of data management);
3. lack of alteration can be certified (integrity of data)
4. protected from unauthorized access (data privacy).

PETITE GENEVE PETROVIĆ ensures the security of data management by means of technical, organizational and organizational measures that provides the necessary security level adequate to the data management risks.

The IT system and network of PETITE GENEVE PETROVIĆ are protected against IT related fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer burglaries, and denial-of-service attacks. PETITE GENEVE PETROVIĆ provides security through server- level and application-level security procedures.

Electronic messages transmitted over the Internet independently from protocols (e-mail, web, ftp, etc.) are vulnerable to network threats that may lead to fraudulent activity or disclosure or modification of information. In order to protect such threats, PETITE GENEVE PETROVIĆ shall take all precautionary measures that may be expected from him. PETITE GENEVE PETROVIĆ monitors the systems in order to capture all security dangers and provide evidence of any security incident. However, the Internet is not known - as is well known to the Data Subjects - to be 100 percent secure. PETITE GENEVE PETROVIĆ shall not be liable for any damages caused by the unavoidable attacks carried out despite the expected maximum care.

X.2.Data Protection Officer

PETITE GENEVE PETROVIĆ declares to not being obliged to have a data protection officer, therefore PETITE GENEVE PETROVIĆ does not have a data protection officer.

Pursuant to the Guidelines on Data Protection Officers WP 243 rev.01 adopted by the Article 29 Data Protection Working Party (Working Party), the joint Controllers set out in this paragraph the internal analysis that led to the above conclusion:

The main activity of the joint Controllers is the retail sale of retail sale of timepieces and jewellery, and they do not perform any public task in the course of their operations. The activities of the joint Controllers are not inextricably linked to the processing of personal data. Any processing of personal data of individuals employed or contracted by the joint Controllers, as well as of personal data of clients and clients' contacts, is a necessary or indispensable processing which cannot be considered as a core activity but as an ancillary function. The processing of personal data is not considered to be on a large scale or in large numbers. The processing does not involve systematic and usual monitoring. The main activities of the joint Controllers do not involve the processing of a large number of special categories of personal data as referred to in Article 9 and of data relating to decisions on criminal liability and criminal offences as referred to in Article 10.

XI.Complaints

XI.1. The customer service of PETITE GENEVE PETROVIĆ receives complaints and Data Subject inquiries on the contacts set out at the beginning of this Policy.

XI.2 The complainant Data Subject may ask for legal remedy at the territorial competent court or to competent Authority.

In Hungary:
National Authority for Data Protection and Freedom of Information (NAIH): 1055 Budapest, Falk Miksa utca 9-11. (www.naih.hu +36 (1) 391 1400, ugyfelszolgalat@naih.hu)

In Serbia:
Commissioner for Information of Public Importance and Personal Data Protection
Svetozara Markovica 42 11 000 Belgrade
Website: www.poverenik.rs

In Montenegro:
Agency for Personal Data Protection and Free Access to Information
Bulevar Svetog Petra Cetinjskog br. 147, Podgorica
Personal Data Protection / tel: +382 20 634 894, +382 20 623 863
E-mail: azlp@t-com.me

XII. Execution of official requests

XII.1. PETITE GENEVE PETROVIĆ may be contacted by court, public prosecutor, investigating authority, offense authority, administrative authority, data protection commissioner or other authorities authorized by law in subject of information request, disclosure and handing over of data, furthermore providing documents.

XII.2. PETITE GENEVE PETROVIĆ - provided the authority has declared the exact purpose and the scope of the data - issues personal data only to the extent that it is indispensable to achieve the purpose of the request.