Article 13 and 14 General Data Protection Regulation (GDPR)
With this information we are informing you about the processing of your personal data (“Data”) as well as your data protection rights.
CONTENT OF THIS PRIVACY POLICY:
- Which Data is processed and from which sources do they come from?
- Who is responsible for the processing of your Data and how can you get in touch with the controller?
- What are the purposes, the duration, and the legal basis of the processing of your Data?
- Cookies, pixels and analytics tools
- Are you obliged to provide Data?
- Automated decision making
- Your rights in the context of the processing of your data
1. Which Data are processed and from which sources do they come from?
We process the data we receive from you when you visit our Web platform PhiLink https://www.philink.me and the data, we receive from you as part of your use of our Web platform PhiLink (hereinafter “Web Platform”, “PhiLink” or “our Services”).
We receive your data from the following sources:
- From you: When you visit the Web Platform, when you register a PhiLink Profile and when you use our Services, we receive the data directly from you.
- From Social Media (publicly accessible sources): If you disclose your social media profile(s), we receive your data from the respective social media platform (e.g. Facebook, Youtube).
2. Controller and Representative
PhiAcademy doo Beograd-Vozdovac , Bulevar Oslobodenja 137, Belgrade – Vozdovac, Serbia, is the responsible controller for the data processing activities.
Designated Representative pursuant to Art 27 GDPR is PhiAcademy GmbH, Gartengasse 8/8, 1050 Vienna, Austria.
3. What are the purposes, the duration, and the legal basis of the processing of your Data?
We process your Data in the following described manner. If we process your Data for any other purpose, we will inform you separately before we start processing your Data. If you are obliged to provide the Data for the respective purpose, it will be made visible with (*).
3.1 Data processing when visiting the Web Platform
Data: Browser type*, operating system*, country*, date, time and duration of access, IP address*, pages accessed.
Purpose: This data processing is necessary to provide you with the best possible user experience on our Web Platform and to guarantee the stability of the Web Platform. In particular, we use this data for the purpose of providing the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.
Legal Basis: We process the mentioned Data based on our legitimate interests or based on the legitimate interests of third parties (Art. 6 para. 1 lit f GDPR), namely to enable the operation of the Website.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage.
To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer[1] |
|---|---|---|---|
| Eximius Solutions d.o.o Beograd | Operations support | Serbia | Standard contractual clauses pursuant to Art 46 GDPR |
3.2 Data processing when visiting the Web Platform – Internal data analysis
Data: Data collected by us and third parties via cookies, tracker and pixel. For more information, please go to section 4.
Purpose: We will process Data you provide when you interact with our Platform for the purpose of internal data analysis, tracking for product development reasons (e.g. testing and prototyping functionalities, assessing their usage).
Legal Basis: Our legitimate interest or the legitimate interests of third parties (Art. 6 para. 1 lit f GDPR), namely our interest in being able to create statistics about user behavior and to be able to improve our service on the basis of evaluations of user behavior.
Duration: We process the Data you provide only as long as it is necessary for the purpose it was collected, we are under legal obligation to do so, or we have a corresponding overriding interest to retain the Data.
To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Maintenance and hosting of the website | Luxembourg | |
| Eximius Solutions d.o.o Beograd | Development & maintenance of the Platform | Serbia | Standard contractual clauses pursuant to Art 46 GDPR |
3.3 Registration of Profile and Use of our Services
Data: Name*, e-mail address*, location (city/country)*, profile photo and colors, other links (e.g. Facebook, Youtube, website, webshops).
Purpose: We process your Data to verify if you meet the requirements for the use of our Services and for the purpose of managing our contractual relationship and to provide our Services to you. Furthermore, we may process data for monitoring and to solve technical errors or issues.
Legal Basis: We process the mentioned Data based on our legitimate interests or based on the legitimate interests of third parties (Art. 6 para. 1 lit f GDPR), namely to provide our Services to you and to ensure the stability and security of our Services.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage.
To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Maintenance and hosting of the Platform | Luxembourg | |
| Toscom – the webserver experts | Maintenance and hosting of the Platform | Austria | |
| Eximius Solutions d.o.o Beograd | Development & maintenance of the Platform | Serbia | Standard contractual clauses pursuant to Art 46 GDPR |
| Public bodies and authorities | Legal obligation |
3.4 User support
(if you contact us via e-mail at philink@phiacademy.com)
Data: Name*, e-mail-address*, issue or request*.
Purpose: We will process Data you provide when you contact us to respond to your questions or to fulfill your issues.
Legal Basis: We process the mentioned Data based on our legitimate interests or based on the legitimate interests of third parties (Art. 6 para. 1 lit f GDPR), namely to process your inquiries and requests in order to be able to provide our Services even better.
Duration: We process the Data you provide only for the duration of the response or fulfillment of your requests and issues. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need Data for the exercise or defense of legal claims.
To achieve the intended purposes, it may sometimes be necessary to disclose your Data to the following recipients:
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Maintenance and hosting of the website | Luxembourg | |
| Toscom – the webserver experts | Maintenance and hosting of the website | Austria | |
| Eximius Solutions d.o.o Beograd | Development & maintenance of the Platform | Serbia | Standard contractual clauses pursuant to Art 46 GDPR |
4. Cookies, pixels and analytics tools
The Web Platform uses cookies, which are small files stored on your device (web browser).
We use the Data collected through these cookies to improve our Services and to make them user-friendly, for example to evaluate the use of our Services. Some cookies remain stored on your device until you delete them, other cookies are only stored for a certain duration.
For the collection of these Data we use the following technologies:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Web Platform, and collect data including your IP address, browser type, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Web Platform.
4.1 Cookies necessary for the functioning of the Web Platform:
| Name | Function/purpose | Storage Period |
|---|---|---|
| Philinkfid | Your session ID on the server | 2 hours |
All these cookies are technically necessary for the presentation of the Web Platform. You can manually delete any cookie. Please note that a general deactivation/deletion of cookies may possibly lead to functional limitations of the Web Platform.
4.2 Cookies not technically necessary for the functioning of the Web Platform:
Additionally, we use pixels and tags from the following third parties (which may in turn place cookies). These cookies are not technically necessary for the presentation of the Web Platform and only activated with your given consent:
4.2.1 Cookies for marketing and advertising purposes
| Name | Description/purpose | Privacy Policy | Third Party | Storage period |
|---|---|---|---|---|
| Google Analytics | We use Google Analytics to help measure how users interact with our Website. | https://policies.google.com/privacy | Google Analytics | 7 days |
| Google Ads | We use Google Ads to deliver targeted advertisements to individuals who visit our Website. | https://policies.google.com/privacy | Google Ads | 7 days |
| Facebook Ads | We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our Websites | https://www.facebook.com/policy.php | 7 days |
4.2.2 Analytical and behavorial cookies
| Name | Description/purpose | Privacy Policy | Third Party | Storage period |
|---|---|---|---|---|
| _gat | Determined by Google Analytics to identify unique sessions | https://policies.google.com/privacy | Google LLC (Google Analytics Cookie) | 1 minute |
| _gid | Determined by Google Analytics to identify unique sessions | https://policies.google.com/privacy | Google LLC (Google Analytics Cookie) | 1 day |
| _ga | Determined by Google Analytics to identify unique sessions | https://policies.google.com/privacy | Google LLC (Google Analytics Cookie) | 2 years |
4.3 Other Analytics and Marketing tools
4.3.1 Google Analytics
We use the Cookies of Google Analytics, a web analysis service provided by Google LLC (hereinafter “Google”). These cookies transmit data about your usage of the Website/Platform to a Google server in the USA. However, your IP address will be shortened prior to transmission and the transmitted data can no longer be associated with your person.
Data: Data about your usage of the Website/Platform (visits, sessions, frequency, time active, events & user actions).
Purpose: Google will use the collected information to evaluate general usage data of our Website/Platform and to compile reports on Website/Platform activities. For information about how Google and its affiliates use data, please visit Google's Privacy Policy, currently available at: www.google.com/privacy.html.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal. If you want to prevent the use of Google Analytics cookies in general, you can either do this through your browser settings or you can install the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout.
Duration: Your Data will be processed until you withdraw your consent. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need the Data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Google LLC | Evaluation of general usage of our Website/Platform, compilation of reports on Website/Platform activities | USA | SCCs |
Additional information about the tool can be found here https://policies.google.com/privacy.
4.3.2 Google Customer Match
Google Customer Match feature enables us to create an audience using data such as email addresses and phone numbers. Google does not receive actual email addresses. Google’s system transforms the contact information we have into hashed codes using the secure hashing algorithm SHA256, a one-way hashing mechanism that is not unencrypted by Google.
Data: Name*, e-mail-address*, address (street, city, postal code, county, country), chosen license, metadata (date of registration, date of subscription, clicks, etc.)
Purpose: We process your Data for the purpose of remarketing, direct marketing and social media marketing in the Google Customer Match tool. We may combine Data we or our providers have collected with Data collected by our affiliates to provide a more detailed picture of your needs and interests.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal.
Duration: Your Data will be processed until you withdraw your consent. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need the Data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Google Ireland ltd | remarketing, direct marketing and social media marketing | Ireland |
Additional information about the tool can be found here: https://support.google.com/google-ads/answer/6334160?hl=en
https://policies.google.com/technologies/partner-sites?hl=en
https://policies.google.com/privacy
4.3.3 Facebook
We also use the Facebook Audience Pixel analysis tool from Facebook Ireland Limited. All data collected by this pixel is encrypted by Facebook using "hashes".
Data: Data about your usage of the Website/Platform (visits, sessions, frequency, time active, events & user actions).
Purpose: Measure the effectiveness of our advertising.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. Beyond that data processed on your consent will no longer be stored if you withdraw your consent unless there is a legal obligation to do so or we need the data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Meta Platforms Ireland Limited | Analysis of data to measure the effectiveness of our advertising | Ireland |
Additional information about the tool can be found here https://www.facebook.com/policy.php.
4.3.4 Facebook Custom Audiences
Facebook’s customer list custom audiences feature enables us to create an audience using data such as email addresses and phone numbers ("Audience"). When using this feature, your data is locally hashed on our system before we upload and pass it to Facebook ("Hashed Data") to be used to create an Audience.
Data: Name*, e-mail-address*, address (street, city, postal code, county, country), chosen license, metadata (date of registration, date of subscription, clicks, etc.).
Purpose: We process your Data for the purpose of remarketing, direct marketing and social media marketing in the Facebook Customer List Audience tool. We may combine Data we or our providers have collected with Data collected by our affiliates to provide a more detailed picture of the needs and interests of our Clients and Customers.
Legal Basis: We process this data on the basis of our legitimate interest (Article 6 para 1 lit f GDPR) in direct advertising and marketing and to measure the effectiveness of our advertising.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Meta Platforms Ireland Limited | direct advertising and marketing and to measure the effectiveness of our advertising | Ireland |
Additional information about the tool can be found here: https://www.facebook.com/legal/terms/customaudience
4.3.5 TikTok
Data: Data about your usage of the Website/Platform (visits, sessions, frequency, time active, events & user actions).
Purpose: Measure the effectiveness of our advertising.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. Beyond that data processed on your consent will no longer be stored if you withdraw your consent unless there is a legal obligation to do so or we need the data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| TikTok Information Technologies UK Limited | Advertising and Direct Marketing | UK | Adequacy decision pursuant to Art 45 GDPR |
Additional information about the tool can be found here https://www.tiktok.com/legal/privacy-policy?lang=en
4.3.6 Pinterest
Data: Data about your usage of the Website/Platform (visits, sessions, frequency, time active, events & user actions).
Purpose: Measure the effectiveness of our advertising..
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. Beyond that data processed on your consent will no longer be stored if you withdraw your consent unless there is a legal obligation to do so or we need the data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Pinterest Europe Ltd. | Advertising and Direct Marketing | Irland |
Additional information about the tool can be found here https://policy.pinterest.com/en-gb/privacy-policy#section-residents-of-the-eea
4.3.7 Snapchat
Data: Data about your usage of the Website/Platform (visits, sessions, frequency, time active, events & user actions).
Purpose: Measure the effectiveness of our advertising.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. Beyond that data processed on your consent will no longer be stored if you withdraw your consent unless there is a legal obligation to do so or we need the data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Snap Inc. | Advertising and Direct Marketing | USA | SCCs |
Additional information about the tool can be found here https://www.snap.com/en-GB/privacy/privacy-policy
4.3.8 LinkedIn
Data: Data about your usage of the Website/Platform (visits, sessions, frequency, time active, events & user actions).
Purpose: Measure the effectiveness of our advertising.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.
Duration: We store your data only as long as it is necessary for the purposes for which we have collected your data, we are legally obliged to do so or we have a corresponding overriding interest in the storage. Beyond that data processed on your consent will no longer be stored if you withdraw your consent unless there is a legal obligation to do so or we need the data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| LinkedIn Ireland Unlimited Company | Advertising and Direct Marketing | Ireland |
Additional information about the tool can be found here https://www.linkedin.com/legal/privacy-policy?
4.3.9 Hotjar
Data: Device’s IP address (stored in a de-identified format); device screen resolution; device type (unique device identifiers), operating system, and browser type; geographic location (country only); preferred language used to display the Hotjar enabled site; mouse events (movements, location and clicks); keypresses; referring URL and domain; pages visited; and. Date and time when website pages were accessed
Purpose: We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.
Legal Basis: The collection of data only takes place with your consent. This consent can be withdrawn by you at any time. The withdrawal of this consent does not affect the lawfulness of processing based on the consent before its withdrawal.
Duration: Your Data will be processed until you withdraw your consent. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need the Data for the exercise or defense of legal claims.
| Recipient | Purpose | Located in | Appropriate safeguards to third countries transfer |
|---|---|---|---|
| Hotjar Ltd. | Measures how costumers/users interact with the Website/Platform and to receive feedback | Malta |
Additional information about the tool can be found here https://www.hotjar.com/legal/policies/privacy/.
5. Are you obliged to provide Data?
If you visit the Website and/or interact with the Web Platform, you are obliged to provide the data marked with (*). Unless you provide those mandatory Data, we will generally not be able to provide our services. You are not obliged to provide any other data.
6. Automated decision-making
We do not use automated decision-making or profiling according to Article 22 GDPR.
7. Your rights in the context of the processing of your data
You have the right to (i) access as to whether and what personal data we process and receive copies of your data, (ii) request rectification or amendment of inaccurate or not lawfully processed data and request erasure of your personal data, (iii) request restriction of data processing activities in certain circumstances, (iv) object to data processing activities in certain circumstances or withdraw consent previously given for the processing, (v) request that we provide you your data in a transferable format, and (vi) lodge a complaint with the Austrian data protection authority (www.dsb.gv.at) or to any other data protection supervisory authority in the EU, in particular at your place of residence or place of work.
To exercise any of the above-mentioned rights, you can (i) contact us directly by e-mail or by post at the following address:
PhiAcademy doo Beograd-Vozdovac
Bulevar Oslobodjenja 137, 11000 Belgrade, Serbia
e-mail: info@phi-academy.com
Or you can (ii) contact our Representative by e-mail or by post at the following address:
PhiAcademy GmbH
Gartengasse 8/8, 1050 Vienna, Austria
E-Mail: contact@phiacademy.at
[1] "Third Country" includes all countries other than (1) the Member States of the European Union and (2) the Member States of the European Economic Area, which means, in addition to the EU Member States, Iceland, Liechtenstein and Norway.