I BASIC INFORMATION ABOUT US AS PERSONAL DATA CONTROLLER

At Farmbooker doo Belegiš (hereinafter: FarmBooker), your data and the right to privacy and responsibility regarding it have special attention and importance for us, and we devote great importance and care to this area - its protection, its use in accordance with regulations and principles of good practice and user information. Further in this text, you can learn more about the processing and protection of personal data by FarmBooker and its processors.

II DEFINITIONS

All definitions in this Privacy Policy have the meaning as stated above, and if a term that is not defined in this section is used, the definitions given in the Terms of use of the FarmBooker platform, services and other content (hereinafter: Terms) are applied, as well as positive legal regulations if they are not covered in the Terms.

III COLLECTION AND USE OF PERSONAL DATA

IV METHODS OF PERSONAL DATA PROCESSING

FarmBooker uses and processes collected data in ways that include the following actions: collecting, recording, transcribing, duplicating, copying, transmitting, searching, classifying, storing, separating, cross-referencing, combining, matching, changing, securing, using, making available for inspection, disclosing, publishing, disseminating, recording, organizing, storing, adapting, disclosing by transmission or otherwise making available, concealing, moving and otherwise making unavailable, as well as carrying out other actions related to the specified data.

V PERSONAL DATA PROCESSING ON THE BASIS OF LEGITIMATE INTERESTS

In FarmBooker, personal data is processed in certain cases and according to certain categories of natural persons based on the following legitimate interests of FarmBooker:

• Improving, developing and upgrading FarmBooker services, systems and products for easy, efficient and secure business,
• Technical maintenance of the website and the Platform and services in order to ensure the security of the website and web application and prevent their abuse,
• Customer relationship management (eg providing information related to the customer contract for the purpose of communicating information about which products FarmBooker creates for the customer are more viewed and popular, promotional offers and service notifications),
• Monitoring client satisfaction and improving user experience,
• Ensuring the functioning of information systems and protection of workstations, servers, mobile devices, software, communication equipment, networks and information is a priority action. The goal is to prevent incidents, illegal or malicious activities that may threaten the availability, authenticity, integrity and confidentiality of stored personal data, as well as the general security of related IT services. This includes an adequate response to potential threats and incidents related to information security,
• Implementation of measures to protect FarmBooker employees and property in situations of threats and violence, as well as in similar circumstances when individuals, without processing their personal data, would not be able to adequately protect and realize their legitimate interests and rights in accordance with the law. These measures include the installation of video surveillance at the entrances to business premises, with the aim of shedding light on the circumstances of criminal acts or threats directed at employees and company property. This is undertaken in order to prevent unauthorized access and the presence of unwanted persons in the business premises, while ensuring compliance with the rules related to the workplace.

What do we understand as your legitimate interests?

We understand these aspects as legitimate expectations that you have regarding the processing of your personal data by us. For example:

• You expect FarmBooker IT solutions to operate with a high level of security regarding your data,
• You expect a FarmBooker employee or partner to be aware of your previously concluded agreements with us, if any, and to recommend appropriate FarmBooker IT services or offers from its clients,
• We view your complaints and suggestions as an opportunity to improve our services, adjust the quality of services to you as our customers, and provide additional functionalities in accordance with technological progress.

Šta razumemo kao vaše legitimne interese?

Shvatamo ove aspekte kao legitimna očekivanja koja imate u vezi sa obradom vaših ličnih podataka od strane nas. Na primer:

• Očekujete da informaciona rešenja FarmBooker funkcionišu sa visokim nivoom bezbednosti u vezi sa vašim podacima,
• Očekujete da zaposleni ili partner FarmBooker bude upoznat sa vašim prethodno zaključenim ugovorima sa nama ako isti postoje i da vam preporuči odgovarajuće informacione usluge FarmBooker ili ponude svojih klijenata,
• Vaše pritužbe i sugestije posmatramo kao priliku za poboljšanje naših usluga, prilagođavanje kvaliteta usluga vama kao našim strankama, i pružanje dodatnih funkcionalnosti u skladu sa tehnološkim napretkom.

VI CATEGORIES OF THE PROCESSORS OF PERSONAL DATA

As is often the case in a large number of companies, FarmBooker also uses the services of business partners, known as processors, for specific segments of personal data processing. These processors provide services and process personal data on our behalf. We conclude appropriate contracts with them on the processing of personal data, setting the same standards of data protection as if we had carried out the processing ourselves. It is important to note that these contractual processors process data exclusively for the purpose of providing defined services according to the contract concluded with FarmBooker, and may not use them for any other purposes, nor for their own or independent purposes.

The GDPR, in addition to the term "processor", introduced a number of new concepts such as "recipient" and "joint controller", which do not have the same meaning.

In accordance with GDPR, the term "processor" means a natural or legal person, that is, an authority that processes personal data on behalf of the controller.

We especially want to draw your attention to the fact that, in accordance with the GDPR, personal data is disclosed to recipients and processors of personal data for the purposes specified by the GDPR on the Protection of Personal Data - such as for the purposes of applying regulations, legitimate interests and consent to processing.

VII STORING OF PERSONAL DATA

We keep your personal data for as long as necessary to achieve the purposes set out in this privacy policy, and if not prescribed by the Privacy Policy, the Cookie Policy or the Terms, in any case no longer than 10 years. Exceptions apply where a longer storage period is prescribed or permitted by regulation. For more information about the personal data we collect based on cookies and the duration of their storage and other processing, see our Cookie Policy.

After the expiration of the storage period, the data from the databases will be deleted and the documentation will be destroyed in such a way that its content can no longer be determined or can no longer be used again.

We retain your personal data that we process on the basis of your consent and for the purposes specified in the consents, until the time for which the data is stored has expired, your consent is withdrawn or until you file an objection to the data processing.

Your data is stored on:

• Servers - ours and the processor's,
• Locally on your device - we also store data in the form of cookies, and we also use other technologies to store data on your device, such as localStorage and sessionStorage.
• Cookies - see our Cookie Policy for more information.
• LocalStorage - allows us to save certain data on your device and use it during subsequent visits to our platform.
• SessionStorage - temporarily stores data while you use our platform, and is automatically deleted when you close your browser.
• You can manage this data by clearing the cache or through your browser settings.

The data stored on the server that we store are deleted automatically after the expiration of the periods specified in section III of this policy - Data retention period (unless there is a legal basis to store them longer), and the data stored by processors on their servers is regulated by sections III and VI of this policy. Cookies are stored in accordance with the Cookie Policy, data saved through SessionStorage is deleted automatically as soon as the user closes the browser tab with the Platform or the browser itself, and data saved through LocalStorage is not deleted automatically after a certain time period due to technical limitations of LocalStorage itself and you must delete them yourself in the above-mentioned manner if you wish, although we emphasize that we do not have access to data stored in this way if you are not actively using the Platform or website.

VIII AUTOMATED DECISION MAKING, WHICH IMPLIES PROFILING

We do not make decisions solely on the basis of automated processing of your data, which would entail profiling and have legal or similar effects for you.

Profiling is any form of automated processing that is used to assess a specific personality trait, in particular for the purpose of analyzing or predicting a natural person's work performance, economic status, state of health, personal preferences, interests, reliability, behavior, location or movements.

Meta Pixel, whose services we use, may process user data for the purpose of personalizing ads on Meta's platforms. This data may include your IP address, interactions with our content, browser and device information, and other data listed in section III of this policy and their privacy policies which you can access via the link in section VI of this policy. The Meta Pixel may enable the display of targeted ads based on your interests and activities on our website.

If you do not want your data to be used for the purpose of personalizing ads, you can object to this processing through the privacy settings on the Meta platforms or by withdrawing your consent to marketing cookies via our cookie banner.

IX PROCESSING OF SPECIAL PERSONAL DATA

We do not analyze any specific type of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation data), and the functionalities provided by the Platform are not intended to process any such personal data. However, if you choose to provide us with such personal data, you will be deemed to have consented to such data processing, which we then store in accordance with section III of this policy.

X PRIVACY PROTECTION

We implement, review and maintain security protocols that meet the latest data protection standards and best practices. We use various personnel, organizational and technical measures to secure data against loss, theft, unauthorized use and the like. We protect your data in accordance with applicable laws and internal rules that regulate the security and protection of personal data, as well as information security.

We take administrative, technical, organizational and other measures to ensure an appropriate level of security of the personal data we process. After assessing whether the measure is adequate and what level of security is appropriate, we take into account the nature of the personal data we process and the nature of the processing activities we perform, the risks to which you are exposed through our processing activities, the costs of implementing security measures and other relevant issues in certain circumstances. All of the above is not the only thing that is important to us when determining which protection measures we will take.

Some of the measures we implement include access authorization controls, information classification (and handling), integrity and confidentiality protection, data backups, firewalls, data encryption and other appropriate measures.

We use HTTPS encryption of traffic between your browser and server, as well as Bcrypt hashing of your passwords. Our servers use firewall protection and advanced security protocols to prevent unauthorized access. Access to data is limited only to authorized employees and partners, with adequate security authentication and regular security checks. All data transmitted over the Internet is protected by encryption to ensure user privacy.

Anyone processing personal data on behalf of FarmBooker is required to maintain the confidentiality of your data. They must not disclose data to unauthorized persons or individuals without an adequate legal basis for processing your personal data. Internal employees have access to your data, while external entities only get access if they process the data on our behalf and on the condition that they access only the necessary information, subject to the contractual obligation to keep the data confidential. All our employees or the employees of our contractual partners continuously attend training in order to understand their obligations, but also the importance of confidentiality and protection of your personal data.

Business premises where data carriers, hardware and software are stored are carefully secured with high-level information and physical security measures, thus preventing unauthorized access to personal data. The internal network is protected from external access by means of a firewall system and other active intrusion prevention and detection systems, following the latest standards in the field of information security.

No less important, we have concluded adequate Data Processing and Sharing Agreements with our contractual partners and are continuously working on auditing or checking their degree of compliance with applicable regulations. During the check, that is, the audit, the security standards are also checked so that the data of the respondents is always safe.

Your data is stored on secure AWS (Amazon Web Services) servers in the EU (Federal Republic of Germany, Frankfurt, eu-central-1), as well as in the Republic of Serbia, locally on FarmBooker servers and locally on your devices. Certain data that may be stored by processors is stored on the servers listed in Section VI of this privacy policy.

XI DATA TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

In the event that the transfer of your personal data to third countries or international organizations is necessary, before transferring the data we will carefully check whether such transfer has an appropriate legal basis and protective measures (such as the existence of an adequate decision, the existence of binding business rules, approved certification mechanisms, the use of so-called standard contractual clauses) and we will make sure that it is fulfilled in accordance with the GDPR, such as e.g. conclusion of standard contractual clauses with processors for transfer to other countries. In any case, your data can only be transferred to countries within the EU/EEA, to countries that provide an appropriate level of protection in accordance with the relevant regulations, and to countries that do not belong to those previously mentioned, but only with the application of appropriate security measures.

XII EXERCISE OF RIGHTS IN RELATION TO PERSONAL DATA

XIII OTHER INFORMATION

For all questions related to this Privacy Policy, comments, complaints, requests for assistance in exercising your rights related to the processing of your personal data, you can contact us at the e-mail address or other contact methods indicated in the header of this Privacy Policy.

We will make every effort to provide you with an answer in the shortest possible and reasonable time, in accordance with the law.

XIV PRIVACY POLICY UPDATE

Your continued use of the Services after changes to the privacy policy are posted means you agree to the changes. The date of publication of the latest version of the Privacy Policy is published at the beginning of it, next to the title (Privacy Policy). The privacy policy begins to be valid and enters into force, unless otherwise stated in the amendment or notification itself, the next day from the day of their publication at the following link.

We reserve the right to make changes to this Privacy Policy. In case of changes to this Privacy Policy, you will be notified of the changes by accessing the Services, or we will notify you via email (to the email address you provided when accessing the Platform) if you are a Registered User. The corresponding new version of the Privacy Policy will also be available on the Platform in the same way as the current version. In any case, we advise you to check the current version of the Privacy Policy each time you access and use the Platform, in order to be adequately informed about the processing of your data.