Mobile App PINGUJME
Introductory Notes
We are aware of and understand how important privacy is to you, and therefore we take the protection of personal data very seriously.
By creating this Privacy Policy, we aim to make the processing of your personal data transparent and easy to understand. This Privacy Policy explains which personal data we collect and for what purposes, how we store it, what your rights are, and how you may exercise those rights in connection with the use of our mobile application PINGUJME (hereinafter: ‘’PINGUJME’’ or the “App”).
In this regard, this Privacy Policy, together with our General Terms and Conditions for the use of the PINGUJME application (hereinafter: the “Terms”), contains information relating to or that may relate to you. We recommend that you read them carefully in order to learn everything that may be relevant to you regarding the Application and the processing of your personal data. Definitions contained in the Terms shall have the same meaning in this Privacy Policy unless otherwise specified.
The information contained in this Privacy Policy is provided in accordance with the Law on Personal Data Protection (Official Gazette of the Republic of Serbia No. 87/2018) (hereinafter: the “Law”).
Controller
Under the Law, the Controller is the entity that determines the manner and purpose of personal data processing.
The Controller in accordance with this Privacy Policy is the following company:
YAGMA DOO RAČUNARSKO PROGRAMIRANJE SREMSKA KAMENICA,
Radomira Raše Radujkova 6, 21000 Novi Sad,
Registration No. 22176374, TIN: 115565098
Email info@pinguj.me
(hereinafter: the ’’Controller’’ or ’’We’’).
The Controller’s Data Protection Officer is:
Goran Ćelić,
Tel +381 64 4025198,
Email info@pinguj.me
Data We Collect
When you use the App, the Controller collects and processes your personal data as a User of the App - i.e. a User, Worker or a person managing a Service Provider’s account - and depending on the role in which you use the App, this includes the following:
User data, such as your first and last name, username, location, gender, date of birth, and registration date;
Contact data, such as your email address and mobile phone number;
Data regarding the type of App User, namely whether you are a User, Worker or a person managing a Service Provider’s account;
Technical data related to the use of the App, such as authentication data and login identifiers, including, where applicable, Auth0 tokens and related technical identifiers;
Data regarding the use of the App, consisting of information that you enter yourself, information entered about you by other App Users, and activities you perform within the App, such as:
(if you are a User)
Data relating to all your searches, including by type of service, location, time, workers, service providers, available appointments, prices, and ratings; data regarding your appointment bookings and cancellations, including successfully completed or missed appointments; data regarding your rating/reputation (ratings, comments, and penalty points related to compliance with scheduled appointments and attendance); data regarding your restrictions/suspensions from using the App or certain functionalities thereof; data regarding ratings and comments you have given to Workers or Service Providers, as well as your favourite Workers and Service Providers, etc.
(if you are a Worker)
Data regarding your employment status (i.e. whether you are associated with a specific Service Provider) or unemployment status (i.e. that you are available to be searched by Service Providers); data regarding your services, appointments, working hours, and absences; data regarding the prices of your services; data regarding the way you manage your schedule and appointment organization (free/busy status, confirmation or cancellation of appointments, recording no-shows of Users, etc.); data regarding your restrictions/suspensions from using the App or certain functionalities thereof; data regarding your status as a favourite Worker among Users; data regarding your rating/reputation (ratings and comments provided about you by App Users, including other reputational indicators), etc.
(if you are a person managing a Service Provider’s account)
Data regarding your searches and interactions with Workers; data regarding your restrictions/suspensions from using the App or certain functionalities thereof, etc.
We do not collect your personal data that falls within special categories of personal data (e.g. health data, racial or ethnic origin, political opinions), unless we explicitly state otherwise and obtain separate consent for such collection and processing.
Purposes of Processing and Legal Basis
Personal data is processed for the following purposes and on the basis of the corresponding legal basis:
| Processing Purpose | Legal Basis of Processing |
|---|---|
| Registration of App Users, management of user accounts, and enabling App Users to use the functionalities of the App. | Performance of a contract or taking steps at your request prior to
entering into a contract (Article 12, paragraph 1, item 2 of the Law). |
| Compliance with legal obligations in the management of the App, including responding to requests from competent authorities and regulatory bodies | Compliance with the Controller’s legal obligations (Article 12, paragraph 1, item 3 of the Law). |
| Ensuring the security, stability, and proper functioning of the App, including the implementation of technical improvements related to the optimization of the App and the prevention of misuse. | The legitimate interests of the Controller (Article 12, paragraph 1, item 6 of the Law) |
For the registration of a user account (i.e. the establishment of a contractual relationship with you) within the App, it is necessary for you to provide us with the personal data required for this purpose, as well as any other data that must be collected in accordance with applicable laws and regulations. If you do not provide such personal data, we will not be able to enable the registration of your user account and access to the functionalities of the App. For the processing of data that is not necessary for establishing a contractual relationship with you, nor required under applicable laws and regulations, but is collected on the basis of consent (where applicable), you are not obligated to provide your consent. In any case, if you have any questions, such as whether the collection of personal data constitutes a legal or contractual obligation or is necessary for establishing a contractual relationship with you, we remain at your disposal for any necessary clarification.
Recipients and Third Parties
We take care to ensure that access to personal data is granted only to those employees engaged in activities related to the App and who require such access in order to perform their tasks and duties.
Access to personal data may also be granted to third parties where they have a lawful or legitimate reason for such access. Whenever we allow a third party access to personal data, we will take appropriate measures to ensure that the data is used in a manner consistent with this Privacy Policy. Such third parties may include our processors (e.g. providers of technical and infrastructure services necessary for the functioning of the App), who act on our behalf and in accordance with our instructions, based on concluded data processing agreements.
Personal data may also be disclosed to competent authorities where required by applicable laws and regulations or pursuant to lawful requests by such authorities, as well as where necessary for the establishment, exercise, or defence of legal claims.
Personal data may also be made available to other parties, such as potential purchasers or investors, in connection with the reorganization or sale of our company or the group to which we belong, or the transfer of all or part of our business operations.
Retention of Personal Data
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal obligations or other legal requirements. When determining the appropriate retention period for personal data, we take into account the amount, nature, and sensitivity of the personal data, the potential risk of harm resulting from unauthorized use or disclosure of personal data, the purposes for which we process the personal data, whether those purposes can be achieved through other means, and the requirements under applicable laws and regulations.
Generally, this means that personal data will be retained for as long as your user account remains active, plus a reasonable period necessary for the establishment, exercise, or defense of legal claims, unless a longer retention period is required under applicable laws and regulations. If personal data is processed on the basis of your consent, your data will be deleted or anonymized once you withdraw your consent, unless further retention is required under applicable laws and regulations or for the establishment, exercise, or defense of legal claims.
Upon expiration of the relevant retention period, the data will be deleted or anonymized, unless applicable laws and regulations provide otherwise.
International Data Transfers
Personal data is stored on the Controller’s premises as well as on the servers of third parties (service providers) located within the European Union.
Whenever your personal data is transferred outside the Republic of Serbia, we will continuously ensure that any such transfer is carried out exclusively in accordance with the Law and with an adequate level of protection equivalent to the level guaranteed under the Law. This includes, among other things, transfers to countries that have been recognized as providing an adequate level of data protection, or the implementation of appropriate safeguards (e.g. the application of standard contractual clauses, approval by the Commissioner for Information of Public Importance and Personal Data Protection for the transfer of data, and similar measures) in accordance with the Law. If you would like to learn more about these safeguards, please feel free to contact us.
Security Measures
The Controller implements appropriate technical, organizational, and personnel measures to protect personal data against unauthorized access, loss, destruction, alteration, misuse, or unauthorized disclosure.
These measures include access control, regular system testing, implementation of advanced malware protection, backup systems and databases, employee training, and other safeguards. Such measures are designed to ensure a level of security appropriate to the risks associated with the processing of your personal data.
Processing of Minors’ Personal Data
PINGUJME is intended for adults as Application Users, as well as minors over the age of 15 who may use the Application exclusively as Users.
Automated Decision-Making and Profiling
Within the App, we do not carry out automated decision-making, including profiling, that produces legal effects concerning you or significantly affects your position.
Rights of Data Subjects
In accordance with the Law, you have the following rights:
Right of Access: You have the right to obtain information about the personal data we have stored about you.
Right to Rectification and Erasure: You may request that we correct inaccurate data and, where the legal requirements are met, delete your personal data.
Right to Restriction of Processing: You may request that we restrict the processing of your personal data, provided that the legal conditions for such restriction are met.
Right to Data Portability: If you have provided us with data based on a contract or consent, you may, subject to the fulfilment of legal requirements, request to receive such data in a structured, commonly used, and machine-readable format, or request that we transfer such data to another responsible party.
| RIGHT TO OBJECT: You have the right to object to our processing of your personal data at any time on grounds relating to your particular situation, where the legal basis for processing is the pursuit of legitimate interests. If you exercise your right to object, we will cease further processing unless we demonstrate compelling legitimate grounds for the processing which override your rights, interests, or freedoms. |
| OBJECTION TO DIRECT MARKETING: If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes. If you exercise your right to object, we will cease processing your personal data for direct marketing purposes. |
| WITHDRAWAL OF CONSENT: If you have given us consent to process your personal data for specific processing activities and purposes, you may withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. |
Right to Lodge a Complaint: If you believe that the processing of your personal data has been carried out contrary to the provisions of the Law, you may lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection, Bulevar kralja Aleksandra 15, 11120 Belgrade.
Contact
To exercise your rights, submit questions, or file objections, you may contact us using the contact details provided in the “Controller” section.
Changes to the Privacy Policy
This Privacy Policy may be amended or supplemented from time to time in order to reflect changes in our data processing activities, legal obligations, or other relevant circumstances. The current and valid version of the Privacy Policy is always available within the App.
We recommend that you periodically review the applicable Privacy Policy within the App in order to stay informed of any possible changes. If we make significant changes that may affect your rights, we will clearly notify you through the App and, where required by law, directly as well, for example via email or another appropriate means of communication.