Daylight

PRIVACY NOTICE

PRIVACY NOTICE

In respect to the EU General Data Protection Regulation 2016/679 (the “GDPR”) which came into force on 25 May 2018, European Consulting Group (“ECG Summit” “we”, “our” or “us”) hereby informs you that it has taken appropriate steps to align its policy to the said rules.

We respect your privacy and remain committed to its safety and adequate management. This Privacy Notice sets out the basis on which European Consulting Group (“ECG Summit” “we”, “our” or “us”) as the data controller processes personal data about visitors of our website, applicants, experts and support staff working on our projects as well as other third parties (“you” or “your”).

Please read the following Privacy Policy carefully to understand how we will process your personal data and what rights you have in relation to our processing of your personal data.

European Consulting Group operates the following website: https://ecg.rs/ and may process personal data when providing our consulting services. Personal data may be collected from any of the following sources:

  • Provided by you personally when applying for open opportunities on our website via e-mail or telephone, our online contact form;
  • Collected from third parties (e.g. references, LinkedIn and other job platforms);
  • Personal data of third parties provided by you. If you provide us with such personal data of third parties in specific circumstances (for example by way of an e-mail recommending such third party attaching their CV), we assume that you have informed such third party about the processing of personal data, obtained the consent of such third party and that such disclosure is in accordance with applicable data protection law and our Privacy Notice. Please do not transfer any personal data of third parties unless this is in accordance with the previous sentence;

Please note that for the purposes of updating our database, at times we may search for additional information via publicly available sources, such as search engines, social media, etc.

Personal data we process may include the following:

  • First name, last name, title(s), gender, address, date of birth;
  • E-mail, telephone and other communication data such as messages, notes and type of enquiry;
  • Country of residence or employment;
  • CV and supporting documents (such as identification and contact data, professional experience including present position, education, qualifications, degrees and certificates, experience in the region, language and other skills and other information about your organisation as provided by you (e.g. name, type)
  • Project implementation data (scope, time, participants, reports, communications, etc.);
  • Passport or other ID-Documents (if required and provided by you);
  • Salary and remuneration data (if applicable);
  • Other information necessary due to statuary requirements of labour law (e.g. holiday or pension entitlements);
  • Any other information, documentation or communications that you voluntarily submit to us

You are not obliged to provide us with your personal data as an applicant. However, the provision of certain data may be a requirement to enter into a contract with you as well as to fulfil our statutory obligations. If you decide not to provide certain data, we may not be able to enter into a contract with you (e.g. Expert-Contract, Support Staff-Contract) and you may not be able to work in the respective project. Where this is the case, we will duly inform you that the provision of certain data is required.

Template for our preferred EU Format of Curriculum Vitae can be downloaded HERE and you can refer to this template to see which data we require in order to duly process your application.

Purposes of the processing personal data may include the following:

  • Preparation of tenders for development consulting projects;
  • Review of expert and support staff profiles and qualifications to meet the project criteria;
  • Maintaining a pool of qualified development consulting experts in order to engage them in current and future projects funded by the European Union or our development partners;
  • Implementation of our development projects;
  • To keep you informed about our activities via newsletters, alerts, invitations to the events and/or other information useful for you;
  • To preserve the list of our professional contacts, and
  • Any other professional purposes.

For the above-mentioned purposes we process personal data only in compliance with applicable data protection laws, especially where the processing is:

  • Necessary for the performance of our contract with you or in order to take appropriate steps, at your request, prior to entering into a contract;
  • Required to comply with our legal or regulatory obligations (e.g. under corporate, tax or employment law);
  • Necessary for the purposes of our legitimate interests (or those of a third party) and as far as your interests and fundamental rights and freedoms do not override those interests (Art 6 para 1 lit f GDPR). Without limiting the applicability of the before mentioned legal grounds, we rely on the legitimate interest as a legal basis, inter alia, for:
    • the purposes set out above and as required by and in compliance with the respective programming and project’s documentation such as but not limited to project information documents, terms of reference provided by the European Union and our development partners, which includes:
      • the documentation of reviewed applicants in the scope of the tender preparation as well as evidencing the diligent selection of applicants for projects, and
      • the maintenance of a pool of qualified development consulting experts and support staff as reference for new projects and for additional tasks in current and future development projects, which is inter alia necessary in view of the programme cycles of projects funded by the European Union and our development partners.
  • For certain processing activities we may also ask for your consent (Art 6 para 1 lit a GDPR).

Data storage

We store personal data on our secure servers located in Serbia and have implemented appropriate technical and organisational measures in accordance with applicable data protection laws in order to protect your personal data against accidental or unlawful destruction, alteration, unauthorised disclosure or access and any other unlawful or unauthorised processing.  As an ISO 9001 and ISO 27001 certified company, ECG Summit upholds to high quality and information security standards.

We will only store your personal data as long as there is a legitimate purpose for such storage. We may store personal data during the existing relationship with you and, following its termination, as long as there is a corresponding statutory retention obligation (e.g. under corporate, tax or employment law),  as well as until you do revoke your consent or request the “erasure of your personal data, unless it is contrary to the mentioned conditions arising from a relationship.

Your rights

In line with the GDPR, you are entitled to

  • request access, rectification, erasure (right to be forgotten), restriction of processing of your personal data, as well as right to data portability and right to object to processing;
  • withdraw already given consent or object to the processing of personal data,

for which purpose(s) you may contact us at privacy@ecg.rs.

If you opt-out or request deletion, please note that we may be required to retain certain personal data as per the mandatory law.

Your rights will be protected in line with the GDPR, whereby you are entitled to request the protection of personal data by the relevant EU member state authority.

Should you have any further questions or inquires on our Privacy Notice or our personal data processing, please do not hesitate to contact us at privacy@ecg.rs

Recipients of personal data and international data transfer

We do not sell, trade or rent your personal data.

As we offer our services on a regional level, we may disclose your personal data to our project offices, institutions of the European Union, clients, development and consortium partners, or other third parties, in order to provide our services, meet our contractual obligations, fulfill legal obligations or our other business purposes as specified above.

ECG Summit personnel and/or providers of services (e.g. accountants, IT service providers, etc.), to the extent necessary, shall have access to your personal data when performing relevant tasks, projects and fulfilling legal obligations.  In addition, and if requested, the Data may also be provided to public authorities, in line with the relevant laws.

Some of the mentioned recipients may be located in countries outside the European Union (EU) or European Economic Area (EEA), for which an adequate level of data protection has not yet been recognized by the European Commission. In this case we will only transfer such data that are necessary for (i) the preparation or performance of a contract with you, (ii) the implementation of pre-contractual measures taken at your request or (iii) for the conclusion or performance of a contract concluded in your interest with a third party (Art 49 para 1 lit b and c GDPR).

Hyperlinks

This Website may contain hyperlinks to Websites controlled by parties other than ECG Summit. We are not responsible for and does not endorse or accept any responsibility over the contents or use of these Websites. We are not responsible for the privacy policies or practices of other websites. We encourage you to review the privacy policies of those websites so you can understand how they collect, use, and share your information.

See the Terms of Use of our Website for more information.

Updates to this privacy notice

To reflect changes in our information practices, from time to time we may update this Privacy Notice. If we make any material changes we will announce this by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

If you have any questions about this Privacy Notice or in the event of any other request in relation to the processing of personal data by European Consulting Group, please contact us at: privacy@ecg.rs. You may also write us at:

European Consulting Group
Bulevar Mihaila Pupina 115 V
11070 Beograd

By using our web site, you accept these terms and conditions as well as any changes thereto.

What we may need from you

To confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) we may need to request specific information from you to assist us. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Should you have any further questions or inquires on our Privacy Notice, please do not hesitate to contact us at privacy@ecg.rs.