Privacy Notice

Privacy Notice on the Processing of Personal Data

We respect your privacy and your personal data. With a view to ensuring transparency and accountability in relation to the processing of personal data, this Privacy Notice is intended to inform users of the website, business partners and other individuals whose personal data are processed of all material aspects of such processing.

Controller's contact details:

Joint Law Office Stojković | Smiljanić
Alekse Nenadovića 1, Belgrade
Email: office@triapartners.rs
Website: www.triapartners.rs

The Controller acts as the administrator of the website.

1. What is personal data?

Personal data means any information relating to an identified or identifiable natural person, whether identified directly or indirectly, including, for example, name and surname, personal identification number, address, education-related data, IP address capable of revealing identity, and similar information.

2. What is the processing of personal data?

Processing of personal data means any operation or set of operations performed on personal data, whether by automated or non-automated means. This includes, without limitation, the collection, recording, organisation, storage, retention or otherwise making personal data available.

3. Who is the Controller?

The Controller is any natural or legal person that determines the purposes and means of the processing of personal data. For the purposes of this Privacy Notice, the Controller is the Joint Law Office Stojković | Smiljanić.

4. Who is the Processor?

A Processor is any natural or legal person that processes personal data on behalf of the Controller, such as providers of IT services, hosting services or website maintenance services.

5. Who is a Recipient of personal data?

A Recipient is a natural or legal person to whom personal data are disclosed.

6. Who is a "third party"?

A third party is any natural or legal person other than the data subject, the Controller, the Processor or the Recipient, as well as persons authorised to process personal data under the direct authority of the Controller or the Processor.

7. From whom do we collect personal data?

We collect and otherwise process personal data relating to individuals engaged within the joint law office, candidates for engagement, business partners, subscribers to newsletters and similar communication tools, as well as users who follow the Controller's profiles on social media platforms.

8. Which personal data do we process?

As a general rule, we process only the minimum amount of personal data necessary to achieve a specific purpose, including:

  • Business partners: basic contact details such as name and surname, job title, telephone number and email address, and, where applicable, the name of the legal entity represented and the individual's position therein. Such data are processed for the purposes of communication, establishing and performing business cooperation, organisation of events and promotion of the Controller's services, based on the legitimate interests of the Controller.
  • Newsletter and promotional communications users: basic contact details such as email address, name and surname and telephone number, processed on the basis of consent.
  • Social media followers: data designated as publicly available in accordance with the policies of the relevant social media platform, processed for the purpose of promoting the Controller's activities, whereby the Controller and the respective social media platform may act as joint controllers.
  • Event participants: basic contact details, employment-related data, company details, payment-related data required by payment intermediaries, as well as photographs and video recordings taken during events, which may include the image of participants. Such recordings are used for the promotion of events organised by the Controller, based on the Controller's legitimate interests.
  • Photographic and video recordings may also be collected during online seminars, meetings and similar events, with prior notice that the event is being recorded.

9. What are special categories of personal data?

Special categories of personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health, or data concerning a person's sex life or sexual orientation.

10. Do we process special categories of personal data?

The Controller does not process special categories of personal data. Should the need arise to process such data, data subjects will be informed in a timely manner prior to such processing.

11. How do we collect personal data?

Personal data are collected directly from data subjects or indirectly through third parties, such as social media platforms. Where personal data are not obtained directly from the data subject, the Controller verifies that the disclosure of such data was lawful and ensures that data subjects are informed of all material aspects of the processing. For further information on the use of personal data by social media platforms, data subjects are encouraged to review the privacy policies of those platforms.

12. Legal basis for processing

All processing of personal data must be lawful. Depending on the category of data subjects and the purpose of processing, personal data are processed on the basis of:

  • consent of the data subject, which may be withdrawn at any time without affecting the lawfulness of prior processing;
  • performance of a contract or the implementation of pre-contractual measures at the request of the data subject;
  • compliance with legal obligations applicable to the Controller; or
  • legitimate interests pursued by the Controller or a third party.

The applicable legal basis is determined on a case-by-case basis, considering the nature of the data and the purpose of processing.

13. Purpose of processing

Depending on the category of data subjects, personal data are processed for the purposes of:

  • informing data subjects about the Controller's activities through various communication channels, including social media and newsletters;
  • establishing employment or other forms of professional engagement;
  • contacting candidates for engagement following the completion of a specific recruitment process, subject to consent;
  • organising, participating in, promoting and providing information about events organised by the Controller; and
  • complying with applicable legal obligations.

14. How do we store personal data?

Personal data are stored in internal records, in paper and/or electronic form, and are protected by appropriate organisational, technical and personnel-related measures designed to ensure an appropriate level of security.

15. What rights do you have in relation to the processing of personal data?

Data subjects have the right to be informed about the processing of their personal data, the right of access, rectification, erasure and restriction of processing, the right to data portability, the right to object to processing, the right to lodge a complaint with the competent authority, as well as the right to judicial protection and compensation for damage in the event of unlawful processing.

Requests for the exercise of these rights may be submitted in free form by email to office@triapartners.rs.

16. What security measures do we apply?

The Controller applies appropriate organisational, technical and personnel-related security measures, including physical access restrictions, role-based access controls on a need-to-know basis, secure password management practices, controlled data input and transfer procedures, and other information security measures in line with recognised industry standards.

17. Are there Processors, Recipients and/or third parties?

Personal data may be disclosed to Processors, Recipients or third parties, including IT service providers, accounting agencies, payment intermediaries, auditors, event agencies and competent public authorities, strictly in accordance with applicable law. All Processors are engaged under appropriate data processing agreements, and the Controller remains responsible towards data subjects.

18. Data retention period

Personal data are retained only for as long as necessary to achieve the purpose for which they were collected. Employment-related data are retained on a permanent basis where required by applicable regulations. Personal data processed on the basis of consent are retained until the purpose is fulfilled or consent is withdrawn. Data processed on the basis of legitimate interests are retained until such interests are satisfied.

19. Cookies and similar technologies

Cookies are data stored on a user's computer or other device that enable the monitoring and analysis of website usage. Cookies do not generally enable identification of individual users. Where cookies do enable identification, they are treated as personal data. Users may manage or delete cookies through their browser settings. At present, the Controller does not actively use cookies, but potential categories may include necessary, functional and performance cookies:

  • Necessary Cookies – cookies that are essential for the proper functioning of the website. The removal of such cookies may result in the website, or certain parts thereof, becoming unavailable or unusable.
  • Functional Cookies – cookies that enable enhanced functionality of the website and the personalisation of information presented to the user. Such cookies may be set by the Controller or by third parties and may be removed in the manner described above. The removal of this type of cookies may cause certain website services to function improperly or not at all.
  • Performance Cookies – cookies that provide information about website visitors and the manner in which users use the website, such as the number of visits or the frequency of visits to a particular page. This information does not identify individual users and helps the Controller improve the performance of the website and deliver a better user experience.

20. Special processing notices

Where specific processing activities so require, due to their purpose or legal basis, the Controller will provide data subjects with separate, specific notices prior to such processing.

21. Additional information on personal data processing

All additional questions relating to the processing of personal data, including the exercise of data subject rights, may be addressed to office@triapartners.rs. The Controller will respond to all inquiries within ten working days.

22. Entry into force and amendments

This Privacy Notice applies as of 1 January 2026. It may be updated from time to time, provided that the level of protection of personal data achieved is not reduced. By engaging with the Controller, data subjects confirm that they have read, understood and accepted the processing of personal data as described herein.

Zajednička advokatska kancelarija Stojković | Smiljanić

Alekse Nenadovića 1, 11000 Belgrade, Serbia

office@triapartners.rs