Privacy policy

Notice on the Processing of Personal Data

DDOR GARANT Voluntary Pension Fund Management Company Belgrade (hereinafter: the Company), as a data controller, informs clients and members about the basic information related to the processing of personal data, personal data protection, and the rights of data subjects in order to ensure transparent data processing.

In its operations, the Company applies the highest business standards, strictly adhering to the obligations prescribed by the regulations of the Republic of Serbia, as well as the rules of the Company’s majority shareholder, DDOR GARANT Voluntary Pension Fund Management Company Belgrade, which is Prva Group plc with a 60% share in the equity capital. The second shareholder of DDOR GARANT Voluntary Pension Fund Management Company Belgrade, with a 32.46% share, is DDOR Novi Sad ado, and with a 7.54% share, DDOR RE ado Novi Sad, a reinsurance joint-stock company in majority ownership.

Legal entity: DDOR GARANT Voluntary Pension Fund Management Company Belgrade (hereinafter: the Company)
Adress: Maršala Birjuzova 3-5, 11000 Belgrade, Serbia
Company registration numberj: 20230240
Phone: +381 (0)11 3036 142
Email: info@garant-penzije.eu
support@garant-penzije.eu

The Company is obliged to apply standards set by the group’s documents in line with the European General Data Protection Regulation (GDPR).


The Company collects and processes personal data for the purpose of establishing a business relationship and concluding a contract, as well as for fulfilling the rights and obligations arising from the contract, to the extent necessary for:

1. Fulfilling Contractual Obligations
The Company collects and processes personal data to fulfill the rights and obligations arising from the contract with the data subject, primarily membership contracts in the voluntary pension fund, employer contribution contracts, pension plan contracts, requests for lump-sum payments, fund transfers, programmed payments, and other member requests.

2. Fulfilling Legal Obligations

The Company processes personal data for the purpose of fulfilling legal obligations prescribed by the regulations of the Republic of Serbia governing the operations of voluntary pension fund management companies (in accordance with the Law on Voluntary Pension Funds and Pension Plans, the Law on the Prevention of Money Laundering and the Financing of Terrorism, the Law on the Prevention of Corruption, the Capital Market Law, etc.).

3. Protecting Legitimate Interests
In exceptional cases, data processing is based on protecting the Company’s or third parties’ legitimate interests, including:

  • Auditing and analytics;
  • Service/product-related notifications;
  • Business management and service/product development;
  • Protection of members, clients, employees, and Company assets;
  • Monitoring public areas;
  • Transaction monitoring, AML/CTF compliance;

  • Measures for monitoring transactions, preventing money laundering and the financing of terrorism, and criminal offenses;

  • Processing of data within the central database of the group, both domestically and abroad (group applications), for administrative purposes, as well as for risk management at the group level;

  • Obrada podataka za potrebe sprovođenja zakona;

  • Protection of legal claims and defense in legal proceedings;

  • Ensuring IT security and IT operations of the Company;

  • Prevention and investigation of criminal offenses;

  • Further improvement of the usefulness of service features, such as applications and others.


Data related to services, the website, and communication

Data related to the use of electronic services and websites, website and application functions, as well as email communication between (potential) members and the Company, information about viewed web pages or content and evaluated links, including external websites, response times or data entry errors, and the duration of website usage. This information is collected through the use of automated technologies, such as cookies or web beacons (e.g., pixel counting used to track emails or websites), or website tracking (recording and analyzing browsing behavior) on the website, as well as through the use of external service providers or software (e.g., Google Analytics).

By filling out the fields on the contact page of the Company’s website, you consent to the collection and further processing of your personal data. All personal data you provide by completing the available fields are treated as a business secret and are stored permanently in accordance with the Law on Voluntary Pension Funds and Pension Plans.

Technical Data of End-User Devices

Information about devices and systems used to evaluate websites or portals and applications or other means of communication, such as internet protocol (IP) addresses or types and versions of operating systems and web browsers, as well as additional device identifiers and advertising identifiers or location information and other comparable data about devices and systems.

The Company processes personal data collected from data subjects at the time of establishing a business relationship, as well as during the course of business cooperation. In addition, the Company processes data obtained from publicly available sources (e.g., the Business Registers Agency and others) or data obtained on legally prescribed grounds (e.g., from the central database of majority shareholders and similar).

The categories of personal data processed by the Company include:

Personal information (name and surname, personal identification number, date and place of birth, nationality),

Contact information (residential address, mailing address, phone number, email address, etc.),

Identification data from personal documents (type and number of personal document, issuing authority, date and place of issuance),

Information on the activity and professional engagement of the data subject (occupation, field of business activity, employment status, name of employer).

In addition, the processing may include:

Transaction data,

Electronic records collected through marketing activities,

Data obtained by the Company in the process of complying with obligations under the Law on the Prevention of Money Laundering and Terrorism Financing and other applicable regulations.

Within the Company, business units or employees receive only the data necessary for them to fulfill their contractual, legal obligations and legitimate interests, based on the “need to know” principle (only the information that is truly necessary). All employees who process personal data undergo training related to personal data protection and are required to apply the highest business standards in their daily operations.

Data processors may also include parties with whom the Company has concluded service agreements related to the processing of personal data (suppliers), which are entered into for the purpose of fulfilling contracted services or supporting business processes. Suppliers (e.g., IT and back-office service providers) receive only the data necessary for the performance of contracted services. All suppliers are required to treat the data as strictly confidential and to process it solely for the purpose of providing the agreed services.

In accordance with legal or regulatory obligations, government authorities and institutions, auditors, and similar entities may be recipients of personal data. In cases where data is provided to other parties, the Company is obligated to comply with the duty to protect business secrets in accordance with the Law on Voluntary Pension Funds and Pension Plans, and is therefore required to maintain the confidentiality of all information related to members and facts entrusted or made available within the framework of business cooperation.
Recipients of personal data may also include affiliated legal entities or similar entities. In such cases, only the data necessary for the execution of the business relationship are disclosed. Depending on the type of contract, recipients may include, for example, insurance companies, correspondent banks, stock exchanges, custodian banks, or other companies that are in a contractual relationship with the Company.

The categories of personal data processed by the Company include personal information such as name and surname, personal identification number, date and place of birth, and nationality; contact information such as residential address, mailing address, phone number, and email address; identification data from personal documents, including the type and number of the document, issuing authority, and the date and place of issuance; as well as information related to the activity and professional engagement of the data subject, including occupation, field of business activity, employment status, and the name of the employer. In addition to the foregoing, the processing may also include data related to transactions, electronic records collected through marketing activities, and data obtained by the Company in the process of complying with obligations under the Law on the Prevention of Money Laundering and Terrorism Financing and other applicable regulations.

The Company processes personal data within the Republic of Serbia. Any transfer of personal data to another country is conducted for the purpose of contract and/or order execution (e.g., payment orders and securities orders), and only if it is established that the other country ensures an adequate level of personal data protection based on signed agreements regulating data processing. All data transferred for contract and/or order execution may only be disclosed to legal entities that have undertaken to comply with the highest data protection and security standards.

Personal data is retained until the purpose and legal basis for processing are fulfilled, i.e., it is processed throughout the entire period of the business relationship, as well as after its termination in accordance with the internal policies and legal regulations, particularly the following legal acts: the Law on Voluntary Pension Funds and Pension Plans, the Law on the Prevention of Money Laundering and Financing of Terrorism, the Law on Cultural Property, and others.

The Company retains data after the termination of the business relationship if there is a legal basis for retention, a legitimate interest of the Company (e.g., dispute resolution, defense of legal claims), or for the purpose of complaint resolution.

Individuals whose personal data is processed have the right to access, rectify, supplement, delete, or restrict the processing of their stored data, the right to object to the processing of their data, and the right to data portability, in accordance with the conditions set out in the Law on Personal Data Protection.

If, as a member, you believe your data protection rights have been violated, you may file a complaint with the Company regarding the processing of your personal data.

If you are not satisfied with the Company’s response, or believe that the processing of your data has been carried out contrary to the Law on Personal Data Protection, you may contact the Commissioner for Information of Public Importance and Personal Data Protection.

At any time, you may file a complaint regarding the processing of your personal data if you believe it was processed contrary to the provisions of the Law on Personal Data Protection, with the competent supervisory authority – the Commissioner for Information of Public Importance and Personal Data Protection:
Address: Bulevar kralja Aleksandra 15, Belgrade, e-mail: office@poverenik.rs

In order to establish a business relationship, it is necessary for the fund member to provide all data required for initiating and maintaining the business relationship, as well as any data required by law. If the member does not provide such data, the Company will not be able to conclude or execute the contract, nor will it be able to fulfill an existing agreement.

All data processed by the Company is appropriately protected from misuse, destruction, loss, unauthorized alteration, or access. As the data controller, the Company has implemented technical, personnel, and organizational measures for data protection, in accordance with established standards and procedures, to protect the data from loss, destruction, unauthorized access, alteration, disclosure, or any other misuse. Employees engaged in data processing are under strict obligations of confidentiality.

Goran Arsić
Head of Legal and General Affairs
Phone: 011 32 84 386
E-mail: goran.arsic@garant-penzije.eu

The Company processes personal data of clients and potential clients for the purpose of organizing promotional sales campaigns. Data is collected from individuals who participate in the sales campaign, in accordance with its terms. The legal basis for processing is the consent of clients and potential clients, confirming that they are aware that the Company will store, process, use, and share their personal data with its employees and third parties for the purpose of conducting the promotional campaign. Without this data processing, the Company would not be able to carry out the campaign.

The Company processes personal data (name and surname, phone number, email) and other data collected through the campaign from individuals who completed the survey and gave consent for the purposes of being contacted and receiving useful information, offers, and notifications about insurance products and services. The legal basis for this processing is the data subject’s consent, and the data is retained for one year or until consent is withdrawn.

The Company shares personal data with third parties that are legally or operationally required to access such data. A transfer of personal data to another country may occur only if it is established that the destination country ensures an adequate level of personal data protection.

The individual who has given consent has the right to withdraw consent at any time, and also has the right to access, rectify, supplement, delete, and restrict the processing of data, the right to object, and the right to data portability. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If an individual believes their personal data has been processed contrary to the provisions of the Law on Personal Data Protection, they have the right to file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection.

For privacy and data security questions, or if you have knowledge of or suspect a data breach, you may contact the Data Protection Officer, Goran Arsić, Head of Legal and General Affairs, by phone at +381 11 32 84 386 or by email at goran.arsic@garant-penzije.eu

DDOR GARANT Voluntary Pension Fund Management Company Belgrade

 

VAT ID: 104746708
Reg No: 20230240

FOLLOW US

Facebook-f Instagram Linkedin-in

ANNOUNCEMENTS

FUNDS

CALCULATOR

MY ACCOUNT

I want to join/register independently online.

Choose a fund, fill in your information, and we’ll call you to arrange the signing.

JOIN BY YOURSELF

I need help with registration.

If you need help choosing a fund or have additional questions, fill out the contact form and we will respond to you as soon as possible.

ASK A QUESTION