Privacy Policy of the National EMF RATEL System Internet Portal

The Privacy Policy (hereinafter: the Policy) governs the general rules of personal data processing related to visitors of the National EMF RATEL System’s Internet portal emf.ratel.rs under the competence of and owned by the Regulatory Agency for Electronic Communications and Postal Services. The Cookie Policy, governing the use of cookies and how they collect and process personal data, is also an integral part of this Policy.

General provisions

The Internet portal of the National EMF RATEL system for continuous monitoring of high frequency electromagnetic field levels is dedicated to a continuous 24/7 monitoring of the changes in the electomagnetic filed levels and to the assessment of the exposure of the general public to these fields. In addition, this system performs so-called broadband measurements of field levels in the measurement stations’ surroundings.

This portal offers the display of current measurement results of electromagnetic field levels, for individual locations.

In this Privacy Policy, the Regulatory Agency for Electronic Communications and Postal Services, Palmotićeva 2, 11000 Belgrade, identification number: 17606590, (hereinafter: the Agency), in its capacity as Data Controller, pursuant to the Law on Personal Data Protection („Official Gazette of RS“, No. 87/18, hereinafter: the LPDP), defines the type of personal data it collects and processes during the browsing of the National EMF RATEL System’s Internet portal emf.ratel.rs, and how it handles the data.

The Agency shall process the user’s personal data in a lawful, fair and transparent manner in relation to the data subject and shall protect these data by implementing appropriate technical, organizational and personnel measures. The Agency shall collect data for specified, explicit, legitimate and lawful purposes. The data collected by the Agency shall be adequate and limited to what is necessary in relation to the purposes for which they are processed. The Agency shall also undertake all reasonable measures to provide that the data be accurate and up-to-date.

What kind of personal data does the Agency collect during your visit to Portal and how?

During your visit to this Portal, the browser you are using on your device will automatically, without your activity, send to our Internet page server the following data: chosen language and font size, IP address of the device the request was sent from, date and time of the access, name and URL of the downloaded database, web page from which the access was made (referrer URL), the browser you are using, name of the country from which the access is made and, if necessary, the operating system installed on your device, along with the name of your Internet access provider.

On what legal grounds does the Agency collect and process personal data?

The legal grounds for collection and processing of personal data performd by the Agency, as defined in the LPDP, can be the folowing: consent of the data subject (Article 12, paragraph 1), compliance with legal obligations to which the Controller is subject (Article 12, paragraph 3) and performance of tasks carried out in the public interest or in the exercise of official authority vested in the Controller (Article 12, paragraph 5).

For what purposes does the Agency collect personal data?

Personal data are collected exclusively for the purposes of smooth operation of the Portal, designed to enable users to get informed about latest measurement results of electromagnetic field levels, for individual locations.

Personal data of the Portal visitors are used and processed exclusively by authorized persons employed at the Agency, as part of their regular professional tasks and activities within the Agency’s competence. The person from whom personal data are collected, i.e. the data subject, discloses the data willingly.

Definition of terms:

• “personal data” means any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• „data subject“ means any natural person whose personal data are being processed;
• „controller“ means the natural or legal person, or public authority which, alone or jointly with others, determines the purposes and means of the processing of personal data;
• „processor“ means a natural or legal person, or public authority which processes personal data on behalf of the controller;
• „processing of personal data“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (hereinafter: processing);
• „privacy policy“ is a statement or a legal document explaining how and why personal data are collected and processed, along with collector’s responsibilities and citizens’ rights;
• „cookies“ are text files stored locally in the user’s browser, exchanged between the website and user’s device as a short-term memory of user’s activity on the website.

How does the Agency protect personal data?

In order to ensure personal data protection of the Portal visitors, the Agency uses advanced technologies combined with an efficient security control management. For maximum data protection in line with the international standards, the Agency plans to implement standards ISO 27001 and COBIT, and has designated an officer for personal data protection, with a designated authorized person for cyber and communication security already in place.

In addition, the Agency is committed to applying the highest possible data protection standards, subsequently implementing all necessary organizational, technical and personnel measures, including but not limited to:

• technical protection measures,
• physical access control to the system where personal data are stored,
• data access control,
• data entry control,
• data availability control,
• other cyber security measures,
• all other necessary measures of personal data protection.

All personal data processors and/or recipients are equally bound to implement the prescribed protection measures pursuant to the signed contract with the Data Controller, and the legally prescribed standards and requirements.

For how long does the Agency store its users’ personal data?

The above data are temporarily stored by the server in a so-called Log Database, for the following purposes: to establish an unhindered connection, to secure comfortable use of our web page, and to assess security and stability of the system.

Personal data recipients and processors

Data Processors – based on special agreements or other legally binding acts made in compliance with Article 45 of the LPDP, the Agency is entitled to hire data processors that will process personal data at the request and on behalf of the Agency (IT companies and similar).

The Agency shall not transmit the Portal users’ personal data to other countries or international organizations.

What are the rights of persons whose personal data are processed by the Agency?

Right of access

The data subject shall have the right to obtain from the Agency confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored or the criteria used to determine that period; the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority (the Commissioner); where the personal data are not collected from the data subject, any available information as to their source; and the existence of automated decision-making. (Article 26 of the LPDP)

Right of rectification and completion

The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. (Article 29 of the LPDP)

Right to erasure of personal data

The data subject shall have the right to obtain the erasure of personal data concerning him or her, if the requirements from Article 30 of the LPDP are fulfilled.

Right to restriction of processing

The data subject shall have the right to obtain restriction of processing, if one of the requirements under Article 31, paragraph 1 of the LPDP has been fulfilled.

Right to object

If deemed legitimate, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, to the Agency (Palmotićeva 2, 11000 Belgrade).

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Agency, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Agency, if the requirements from Article 36 of the LPDP have been cumulatively fulfilled.

The Agency shall provide information regarding the exercise of rights under Articles 26, from 29 to 31 and 36 of the LPDP, free of charge. Where the data subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive character, the Agency may:

• charge a reasonable fee based on administrative costs, i.e. acting on the request;
• refuse to act on the request.

Automated decision-making and profiling

Automated decision-making is the process of making a decision by automated means without any human involvement. “Profiling” means any form of automated processing of personal data relating to a natural person, in particular to analyse that person’s habits, interests or online behaviour.

The Agency does not employ automated decision-making nor does it perform any kind of profiling on this Portal.

Cookies

On this Portal at emf.ratel.rs, the Agency uses cookies, which enable site functionality and provide a better user experience.

During the visit to the above Portal, a notification will appear asking for your consent to use cookies. You are free to decide whether the browser on your computer or mobile device will automatically accept and store all cookie categories described in the following text.

Cookie categories used on this site

Statistics cookies – help the owner of the Internet portal (the Agency) understand how the visitors use the website. To that purpose, in order to analyze the frequency of website visits and track the browsing of specific sections and improve the service, we use Google Analytic, a web analytics tool provided by Google Inc.

How to delete cookies?

„Cookies“ can be deleted or disabled from your Internet browser. Here are the links containing detailed instructions as to how to delete cookies from some of the most used browsers:

• Chrome
• Safari
• Firefox
• Samsung Internet
• Opera
• Edge
• Internet Explorer

If you are using another browser, please follow the instructions of the relevant provider.

Other sites’ privacy policy

The national EMF RATEL system’s Internet portal is a linked subdomain of the main Agency’s web page found at www.ratel.rs. The Privacy Policy of the said website refers to this portal as well, in the segment “Necessary cookies”.

Entering into force and updating of the Act on RATEL’s privacy policy

This Privacy Policy shall enter into force on the day of its publishing on the national EMF RATEL system’s Internet portal emf.ratel.rs.

The Agency’s Privacy Policy can be changed or amended due to changes in the applicable legislation, following an initiative by the Agency, the users or the competent body (the Commissioner for Information of Public Importance and Personal Data Protection).

All subsequent changes will be timely published on the national EMF RATEL system’s Internet portal emf.ratel.rs.

How to contact us?

You can send your questions and requests regarding personal data processing to the authorized person for personal data protection, via the following emails: milica.bosnic@ratel.rs or ratel@ratel.rs.

Headquarters address: Regulatory Agency for Electronic Communications and Postal Services, Palmotićeva 2, 11000 Belgrade.

Supervisory authority

The monitoring of the LPDP application is carried out by the Commissioner for Information of Public Importance and Personal Data Protection.

If you feel your right to personal data protection has been violated by the Agency, you are entitled, pursuant to Article 82, paragraph 1 of the LPDP, to lodge a complaint with the Commissioner at: office@poverenik.rs, or to: the Commissioner for Information of Public Importance and Personal Data Protection, Bulevar Kralja Aleksandra 15, 11000 Belgrade.

The complaint form is available on the website of the Commissioner www.poverenik.rs, in the section data protection/forms.

You are also entitled to court protection should you consider that during data processing the Agency violated any of your special rights provided for under the LPDP.