PROTECTION OF PERSONAL DATA – ASSOCIATION EMA

We take the protection of your personal data very seriously and always strive to make the use of our services secure. We are committed to complying with the Personal Data Protection Act. This privacy statement serves to clarify what data we collect from you, for what purpose we use it, and how we protect it.

1. Data Controller and Legislation
Association EMA (Udruga EMA) is the data controller and is subject to REGULATION (EU) 2016/679 (General Data Protection Regulation – GDPR).

2. Personal Data
Personal data refers to any information relating to an identified or identifiable individual.

3. Data Subject
A data subject is any individual (natural person) from whom the Association collects and processes personal data.

4. Processing Principles
Our policy is based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

5. Legal Basis for Processing
Data is processed based on consent, legitimate interests of the Association, performance of a contract, or other legal obligations. Consent can be withdrawn at any time (e.g., unsubscribing from the newsletter).

6. Purpose of Processing
As part of the Erasmus+ project “Pokreni se, preokreni sve!”, data is processed for:

Maintaining user records on the web platform for connecting users (group launches).

Maintaining records of experts whose services are published on the platform.

Service improvement.

7. Data Subject Rights
You have the right to information, access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and the right to object. To exercise your rights, contact: prostor.emancipacije@gmail.com.

8. Data Accuracy
The user is responsible for the accuracy of their data. In case of changes, the user must notify the Association in writing without delay.

9. Data Storage and Security
All data is stored securely. Access is restricted to employees who require the data to perform their duties and legal obligations.

10. Personal Data Breach
A breach includes data loss, theft, or unauthorized access. It also includes situations where a high risk of breach existed due to non-compliance with procedures.

11. Breach Procedure
The Association maintains a Breach Record. In case of a breach, the Data Protection Agency will be notified within 72 hours, and the data subjects will be informed without undue delay.

12. Data Retention
Data will be stored for the time necessary to fulfill the processing purpose and for an additional 5 years thereafter, unless otherwise required by law.

13. Third-party Tracking & Cookies
You can use the site without registration. Most browsers accept cookies by default; you can manage or delete them through your browser settings.

14. Facebook Pixel
We use the Facebook Pixel to measure advertisement effectiveness. This data is anonymous to us but may be processed by Facebook according to their privacy policy.

15. Sharing
Integrated sharing fields for Facebook, Instagram, and email are available. The Association has no insight into the data transmitted to these social networks.