Article

Avature – Privacy notice

Information on processing your personal data for Onboarding process

Deloitte d.o.o.
Zmaja od Bosne 12c
71000 Sarajevo
Bosna i Hercegovina
Tel: +387 (0) 33 277 560
Fax: +387 (0) 33 277 561
www.deloitte.com/ba

PRIVACY NOTICE

In accordance with Article 6 of the Law on the Protection of Personal Data ("Official Gazette of BiH", no. 49/06, 76/11 and 89/11) (hereinafter: "the Law"), the Employer as the Data Controller informs the Employee of processing of his Personal Data by the Employer. Data processing is carried out in accordance with the provisions of the employment contract between the Employee and the Employer, in connection with or for the purposes of performing the Employee's work for the Employer, and also for the purposes of using the Employer's information systems and ensuring compliance with the internal policies of DTTL member companies and their subsidiaries and affiliates. related parties.

1. Definitions:

(The definitions of the terms listed in the text that follows are given exclusively for the purposes of this document and cannot in specific cases indicate the existence or establishment of a possible employment relationship in accordance with the valid Labor Law ("Official Gazette of the Federation of BiH", number: 26/16, 89/18, 23/20, 49/2021 and 44/22 or "Official Gazette of the Republika Srpska" number: 01/16, 66/18 and 91/21 and 119/21) (hereinafter: "Labor Law" )

"Controller" is any public body, natural or legal person, agency or other body that independently or together with others manages, processes and determines the purpose and method of processing personal data on the basis of laws or regulations. In relation to the Employee's Personal Data, the Data Controller is his Employer / Deloitte CE Group member firm.

"Employee" means any person in an employment relationship or other type of employment with the Employer, including legal representatives, representatives, professional associates and advisers of the Employer.

"Employment relationship" for the purposes of this document, in addition to an employment relationship in the sense of the Labor Law, also includes employment that is not an employment relationship (agreement on temporary and occasional jobs, a contract on professional development, a work contract, etc.) and other contractual relationships with natural persons who are hired as needed by the Employer.

"Employment contract" for the purposes of this document, means the contract establishing and regulating the employment relationship defined in the text above.

"Personal data" means any information relating to a natural person who has been identified or whose identity can be determined.

"Processor" is a natural or legal person, public body, agency or other body that processes personal data on behalf of the Controller.

"Recipient" means the natural or legal person, public body, agency or other body to which the data is disclosed, regardless of whether it is a third party or not; authorities that can receive data within the framework of a special request are not considered as recipients.

2. Types of personal data processed:

The Employer processes the Personal Data of the Employee in the following scope:

• Personal data to the extent that processing is required by applicable relevant legal regulations (Labor Law, Occupational Safety Law as well as other laws and regulations related to Employment);

• Personal data provided by the Employee before entering the Employment Relationship;

• Personal data related to professional education and experience;

• Other Personal Data related to the Employee's Employment with the Employer and the fulfillment of his obligations under the Employment Relationship (eg: data on work results, data on attending training and online training, lists of phone calls, etc.); and

• Photographs, video and audio recordings of the Employee.

3. Purpose and legal basis of processing:

The Employer processes the Employee's Personal Data for the purpose of exercising rights and obligations in accordance with the Labor Law, the Employment Agreement and other relevant regulations, primarily in relation to record keeping and salary calculation, measures related to the fulfillment of the Employee's obligations arising from the Employment Relationship, education and training of Employees, compensation to Employees, as well as in connection with the Employer's offer and provision of services to clients, as explained in more detail in the following paragraph.

The Employer also has the right to process Personal Data in order to check whether the Employee acts in accordance with the relevant policies of the Employer related to the security of the Employer's devices and systems. Processing to this extent is based on the legitimate interest of the Employer to ensure the continuity of business and the protection of economic, commercial and financial interests, especially with regard to compliance with confidentiality rules. This includes, among other things, the prevention and elimination of any technical problems; then preventing and suppressing activities that are contrary to compulsory regulations, public order and good customs, that is, which intentionally violate the rights and integrity of any third party; prevention and suppression of violations of intellectual property rights; confidentiality protection and inviolability data of the Employer; the security and good technical functioning of its systems and the costs associated with it; as well as material protection of all the Employer's resources.

4. Recipients of data:

The Employer has the right to provide Personal Data to the following Recipients who are Data Processors of the Employer, and who process Personal Data on behalf of the Employer, under the conditions and to the extent agreed with the Employer in the form of a written authorization/contract. Specifically, for the purposes of records of the Employee in the systems, personnel records and records of the Employee's earnings, for the purposes of calculation of compensation and other income of the Employee, as well as for the provision of IT services, documentation archiving, electronic mail services and other hosted applications to the extent necessary for the exercise of rights and fulfilling the obligations arising from the Employment relationship contracted between the Employee and the Employer or in accordance with the agreement between the Employee and the Employer, as well as for the purpose of checking the Employee's compliance with the appropriate Employer's policies related to the security of the Employer's devices and systems based on the Employer's legitimate interest in ensuring business continuity and protection of economic, commercial and financial interests, especially with respect to compliance with confidentiality rules.

Printed versions of the above lists are available from the local Human Resources contact and are made available to the Employee upon personal request.

The Employee's personal data can also be disclosed to competent authorities and services in accordance with applicable legal regulations.

5. Conditions for presenting data

The Employee is hereby informed that the Employer may forward the Personal Data of the Employee for the aforementioned purposes to Deloitte CE and member companies of DTTL, as well as to their subsidiaries and affiliates, during the duration of the Employment Relationship, to other countries in accordance with Article 18 of the Law.

6. Data retention period

Data will be subject to processing until the purposes of Personal Data processing are fulfilled or until required by applicable legal regulations. The Employer has the right to process the Personal Data of the Employee during a period of three years after the termination of the employment relationship or during the period defined by the applicable legal regulations. After the expiration of the specified period, the Personal Data of the Employee will be anonymized or permanently removed, if this does not contradict the applicable regulations. Records for each employed person begin to be kept on the day of starting work, and end on the day of termination of employment. In accordance with the laws governing recording in the field of work, data from the prescribed records on employed persons, which include Personal Data on the Employee, are kept for the duration prescribed by law.

The employee is responsible for the accuracy and updating of the Personal Data submitted to the Employer. The employee undertakes to notify the Employer without delay of any changes in Personal Data.

7. Confidentiality

During and after the employment relationship, the employee is obliged to respect and protect the confidentiality of the personal data of the employer's employees, clients, external associates and suppliers, as well as other natural persons with whom he comes into contact during his employment relationship, which are processed in connection with work tasks and duties performed by the Employee for the Employer. The employee is prohibited from using personal data for his personal needs, publishing them or making them available without the consent of the Employer or the natural person to whom the data belongs. Other obligations of the Employee in connection with the management of confidential data and personal data are defined by the internal policies and regulations of the Employer, and the Employee is informed about them and undertakes to respect them.

8. Protection measures

The employer has established technical, organizational and personnel protection measures in accordance with the standards accepted in the economic branch in which it operates in order to protect and ensure the confidentiality, integrity and availability of Personal Data that are the subject of processing. The Employer will prevent unauthorized use or unauthorized access to Personal Data or prevent a breach of the obligation to protect Personal Data (security incident) in accordance with Deloitte's instructions and policies and applicable legal regulations. Deloitte is certified to the ISO 27001 standard, the generally accepted international standard on information protection and security: https://resources.deloitte.com/sites/centraleurope/quality/Pages/Security-Awareness.aspx

9. Rights of holders of Personal Data

The employee has the right to request from the Employer:

• access to Personal Data, in accordance with Article 24 of the Law;

• providing the data holder with information regarding the processing of his personal data, in accordance with Article 25 of the Law;

• free complaint regarding direct marketing, in accordance with Article 26 of the Law

• correction, deletion or blocking of data, in accordance with Article 27 of the Law;

• submit a complaint to the Agency for the Protection of Personal Data, in accordance with Article 30 of the Law.

The Employee can exercise all of the above rights by sending an email to the local Human Resources contact at elakota@deloittece.com or to the following contact details:

Contact information
regarding the protection of personal ata:

Zlatan Krivić, Internal Legal Advisor

zkrivic@deloittece.com

phone: 033/277-560; mobile: 061/736-843

The employee can also contact zkrivic@deloittece.com for all information regarding the processing of Personal Data, as well as information on the applied protection measures in case of data transfer from Art. 18 of the Law.

For more information on data subject rights, please read:

1604.03 Data Subjects' Rights Execution policy.

Deloitte d.o.o.
Zmaja od Bosne 12c
71000 Sarajevo
Bosna i Hercegovina
Tel: +387 (0) 33 277 560
Fax: +387 (0) 33 277 561
www.deloitte.com/ba

OBAVJEŠTENJE

o obradi ličnih podataka

U skladu sa članom 6. Zakona o zaštiti ličnih podataka ("Sl. glasnik BiH", br. 49/06, 76/11 i 89/11) (dalje u tekstu: “Zakon”), Poslodavac kao Kontrolor podataka obavještava Zaposlenog o obradi njegovih Ličnih podataka od strane Poslodavca. Obrada podataka se vrši u skladu sa odredbama Ugovora o radu između Zaposlenog i Poslodavca, u vezi sa ili za potrebe obavljanja rada Zaposlenog za Poslodavca, a takođe i za potrebe korištenja Poslodavčevih informacionih sistema i obezbjeđenja usklađenosti sa internim politikama društava članova DTTL i njihovih zavisnih i povezanih lica.

1. Definicije:

(Definicije termina navedene u tekstu koji slijedi date su isključivo za potrebe ovog dokumenta i ne mogu u konkretnim slučajevima ukazivati na postojanje ili uspostavljanje eventualnog radnog odnosa u skladu za važećim Zakonom o radu (“Službene novine Federacije BiH”, broj: 26/16, 89/18, 23/20, 49/2021 i 44/22 ili “Službeni glasnik Republike Srpske” broj: 01/16, 66/18 i 91/21 i 119/21) (dalje u tekstu: “Zakon o radu”)

Kontrolor” je svaki javni organ, fizičko ili pravno lice, agencija ili drugi organ koji samostalno ili zajedno sa drugim vodi, obrađuje i utvrđuje svrhu i način obrade ličnih podataka na osnovu zakona ili propisa. U odnosu na Lične podatke Zaposlenog, Kontrolor podataka je njegov Poslodavac / firma članica Deloitte-a CE grupe.

Zaposleni” označava svaku osobu u radnom odnosu ili drugoj vrsti radnog angažovanja sa Poslodavcem, uključujući zakonske predstavnike, zastupnike, stručne saradnike i savjetnike Poslodavca.

Radni odnos” za potrebe ovog dokumenta, pored radnog odnosa u smislu Zakona o radu, obuhvata i radno angažovanje koje nije radni odnos (ugovor o privremenim i povremenim poslovima, ugovor o stručnom usavršavanju, ugovor o djelu i sl.) i druge ugovorne odnose sa fizičkim licima koja se angažuju po potrebi Poslodavca.

Ugovor o radu” za potrebe ovog dokumenta, označava ugovor kojim se uspostavlja i reguliše Radni odnos definisan u tekstu iznad.

Lični podaci” podrazumijevaju bilo koju informaciju koja se odnosi na fizičko lice koje je identifikovano ili može da se utvrdi identitet lica.

Obrađivač” je fizičko ili pravno lice, javni organ, agencija ili drugi organ koji obrađuje lične podatke u ime Kontrolora.

Primalac“ znači fizičko ili pravno lice, javni organ, agenciju ili drugi organ kojem se otkrivaju podaci, bez obzira da li su treća strana ili ne; organi koji mogu primiti podatke u okviru posebnog zahtjeva ne smatraju se kao primaoci.

2. Vrste podataka o ličnosti koji se obrađuju:

Poslodavac obrađuje Lične podatke Zaposlenog u sljedećem obimu:

  • Lične podatke u mjeri u kojoj se obrada zahtjeva važećim relevantnim zakonskim propisima (Zakon o radu, Zakon o zaštiti na radu kao i drugi zakoni i propisi vezani za Radni odnos);
  • Lične podatke koje Zaposleni dostavi prije stupanja u Radni odnos;
  • Lične podatke koji se odnose na stručnu spremu i iskustvo;
  • Ostale Lične podatke u vezi sa Radnim odnosom Zaposlenog kod Poslodavca i izvršavanjem njegovih obaveza iz Radnog odnosa (npr.: podaci o rezultatima rada, podaci o pohađanju obuka i on-line treninga, spiskovi telefonskih poziva, itd.); i
  • Fotografije, video i audio snimci Zaposlenog.

3. Svrha i pravni osnov obrade:

Poslodavac obrađuje Lične podatke Zaposlenog u svrhu ostvarivanja prava i obaveza u skladu sa Zakonom o radu, Ugovorom o radu i drugim relevantnim propisima, prije svega u vezi sa vođenjem evidencija i obračunom zarada, mjerama koje se odnose na izvršenje obaveza Zaposlenog koje proizlaze iz Radnog odnosa, edukaciju i obuke Zaposlenih, naknade Zaposlenima, kao i u vezi sa ponudom i pružanjem usluga Poslodavca klijentima, kako je detaljnije objašnjeno u narednom pasusu.

Poslodavac takođe ima pravo da Lične podatke obrađuje u cilju provjere da li Zaposleni postupa u skladu sa relevantnim politikama Poslodavca koje se odnose na sigurnost uređaja i sistema Poslodavca. Obrada u ovom obimu zasniva se na legitimnom interesu Poslodavca da osigura kontinuitet poslovanja i zaštitu ekonomskih, komercijalnih i finansijskih interesa, a posebno u pogledu poštovanja pravila o povjerljivosti. Ovo između ostalog uključuje prevenciju i otklanjanje bilo kakvih tehničkih problema; zatim sprječavanje i suzbijanje aktivnosti koje su u suprotnosti sa prinudnim propisima, javnim poretkom i dobrim običajima, odnosno kojima se sa namjerom povređuju prava i integritet bilo koje treće strane; sprječavanje i suzbijanje povreda prava intelektualne svojine; zaštitu povjerljivosti i nepovredivost podataka Poslodavca; sigurnost i dobro tehničko funkcionisanje njegovih sistema i troškova koji su sa tim povezani; kao i materijalnu zaštitu svih resursa Poslodavca.

4. Primaoci podataka:

Poslodavac ima pravo da Lične podatke dostavi sljedećim Primaocima koji su Obrađivači podataka Poslodavca, a koji obrađuju Lične podatke u ime Poslodavca, pod uslovima i u obimu koji je usaglašen sa Poslodavcem u formi pisanog ovlaštenja/ugovora. Konkretno, za potrebe evidencije o Zaposlenom u sistemima, kadrovske evidencije i evidencije o zaradama Zaposlenog, za potrebe obračuna naknada i drugih primanja Zaposlenog, kao i za pružanje informatičkih usluga, arhiviranje dokumentacije, usluge elektronske pošte i drugih hostovanih aplikacija u mjeri neophodnoj za ostvarenje prava i ispunjavanje obaveza koje proizlaze iz Radnog odnosa ugovorenog između Zaposlenog i Poslodavca ili u skladu sa sporazumom između Zaposlenog i Poslodavca, kao i u svrhu provjere pridržavanja Zaposlenog odgovarajućim Poslodavčevim politikama koje se odnose na sigurnost uređaja i sistema Poslodavca zasnovane na legitimnom interesu Poslodavca da osigura kontinuitet poslovanja i zaštitu ekonomskih, komercijalnih i finansijskih interesa, a posebno u pogledu poštovanja pravila o povjerljivosti.

Štampane verzije gore navedenih spiskova su dostupne kod lokalnog kontakta za Ljudske resurse i daju se na uvid Zaposlenom na lični zahtjev.

Lični podaci Zaposlenog takođe se mogu otkrivati nadležnim organima i službama u skladu sa važećim zakonskim propisima.

5. Uslovi za iznošenje podataka

Zaposleni se ovim putem obavještava da Poslodavac može Lične podatke Zaposlenog prosljeđivati u prethodno navedene svrhe Deloitte-u CE i društvima članovima DTTL, kao i njihovim zavisnim i pridruženim društvima, tokom trajanja Radnog odnosa, u druge države u skladu sa članom 18. Zakona.

6. Rok čuvanja podataka

Podaci će biti predmet obrade dok se svrhe obrade Ličnih podataka ne ispune ili dok to zahtjevaju važeći zakonski propisi. Poslodavac ima pravo da obrađuje Lične podatke Zaposlenog tokom perioda od tri godine nakon prestanka radnog odnosa ili tokom perioda definisanog važećim zakonskim propisima. Nakon isteka navedenog perioda, Lični podaci Zaposlenog će biti anonimizovani ili trajno uklonjeni, ukoliko to nije u suprotnosti sa važećim propisima. Evidencija za svako zaposleno lice počinje da se vodi danom početka rada, a prestaje danom prestanka radnog odnosa. U skladu sa zakonima koji regulišu evidentiranje u oblasti rada podaci iz propisanih evidencija o zaposlenim licima, koji uključuju Lične podatke o Zaposlenom, čuvaju se u zakonski propisanom trajanju.

Zaposleni je odgovoran za tačnost i ažuriranje Ličnih podataka koje je dostavio Poslodavcu. Zaposleni se obavezuje da bez odlaganja obavijesti Poslodavca o svim promjenama Ličnih podataka.

7. Povjerljivost

Tokom i nakon Radnog odnosa, Zaposleni je u obavezi da poštuje i štiti povjerljivost podataka o ličnosti Poslodavčevih Zaposlenih, klijenata, eksternih saradnika i dobavljača, kao i drugih fizičkih lica sa kojima dolazi u kontakt tokom svog Radnog odnosa, a koji se obrađuju u vezi sa radnim zadacima i dužnostima koje Zaposleni obavlja za Poslodavca. Zaposlenom je zabranjeno da koristi lične podatke za svoje lične potrebe, objavljuje ih ili ih čini dostupnim bez saglasnosti Poslodavca ili fizičkog lica kojem podaci pripadaju. Ostale obaveze Zaposlenog u vezi sa upravljanjem povjerljivim podacima i podacima o ličnosti definisane su internim politikama i propisima Poslodavca, a Zaposleni je o njima obavješten i obavezuje se da će ih poštovati.

8. Mjere zaštite

Poslodavac je uspostavio tehničke, organizacione i kadrovske mjere zaštite u skladu sa standardima prihvaćenim u privrednoj grani u kojoj posluje u cilju zaštite i osiguranja povjerljivosti, integriteta i dostupnosti Ličnih podataka koji su predmet obrade. Poslodavac će sprječiti neovlaštenu upotrebu ili neovlašten pristup Ličnim podacima ili sprječiti kršenje obaveze o zaštiti Ličnih podataka (sigurnosni incident) u skladu sa uputstvima i politikama Deloitte-a i važećim zakonskim propisima. Deloitte posjeduje sertifikat o standardu ISO 27001, opšteprihvaćenom međunarodnom standardu o zaštiti i sigurnosti informacija: https://resources.deloitte.com/sites/centraleurope/quality/Pages/Security-Awareness.aspx

9. Prava nosilaca Ličnih podataka

Zaposleni ima pravo da od Poslodavca zahtjeva:

  • pristup Ličnim podacima, u skladu sa članom 24. Zakona;
  • dostavljanje nosiocu podataka informacija u vezi sa obradom njegovih ličnih podataka, u skladu sa članom 25. Zakona;
  • besplatni prigovor u vezi sa direktnim marketingom, u skladu sa članom 26. Zakona
  • ispravljanje, brisanje ili blokiranje podataka, u skladu sa članom 27. Zakona;
  • podnijeti prigovor Agenciji za zaštitu ličnih podataka, u skladu sa članom 30. Zakona.

Sva navedena prava Zaposleni može ostvariti slanjem elektronske pošte lokalnom kontaktu za Ljudske resurse na adresu elakota@deloittece.com ili na sljedeće kontakt podatke:

Podaci za kontakt u vezi sa zaštitom ličnih podataka:
Zlatan Krivić, Interni pravni savjetnik
zkrivic@deloittece.com
tel: 033/277-560; mob: 061/736-843

Zaposleni takođe može kontaktirati zkrivic@deloittece.com za sve informacije u vezi sa obradom Ličnih podataka kao informacije o primjenjenim mjerama zaštite u slučaju prenosa podataka iz čl. 18. Zakona.

Za više informacija o pravima za lice na koje se podaci odnose, pročitajte:

1604.03 Data Subjects’ Rights Execution policy.

Did you find this useful?