Go back

Privacy policy

Updated on January 1, 2025

This Privacy Policy (hereinafter referred to as the “Policy”) explains our privacy practices regarding the collection, use, disclosure and transfer of your Personal Data by Vega IT and/or its subsidiary(ies) and/or affiliate(s) (collectively referred to as the "Vega IT" or “we” or “us”, “our”) in relation to interactions on our Website and the use of our Service.

Introduction

Vega IT d.o.o. Novi Sad („Vega IT“, “we,” “us” or “our”) is a Software Development company established under law of Serbia with the headquarter in Novi Sad, Novosadskog sajma 2/9. Also, it has its affiliated companies (daughter companies) in other jurisdictions (Montenegro, UK, USA). We take the security of your information very seriously and take steps to keep your information secure. For that reason, we created this Policy – to explain to you in a transparent and understandable way how we collect, share, and use your data, as well as how you can exercise the rights you have as a Data subject.

Please note that every term that is capitalized but undefined in this Policy has the same meaning as in our Terms & Conditions.

The Policy applies to all individuals who access our Website, send us inquiries via the Contact Page, email, or social media account, engage our Service, or apply for a work position in Vega IT. However, the Policy does not apply to information from which no individual can reasonably be identified (anonymized information).

This Policy, along with our Terms & Conditions and Cookie Policy, constitutes an Agreement that is binding on you. Therefore, we strongly suggest you read it carefully and get informed about the processing and protection of your Personal data.

By accessing or using any of our Websites or Services (including email communications), you agree to this Policy. This Policy may change from time to time, and these changes may affect how we use the information described below, so please check the Policy periodically for updates.
This Policy, beside other, covers these topics:

  1. information about your rights and our obligations,
  2. clarity about our dealings with you and transparency about how we collect and use your personal data,
  3. commitments on how we protect your personal data,
  4. commitments on how we will facilitate your rights and respond to your questions.

In case you have any questions regarding this Policy, please contact us at privacy@vegaitglobal.com.

  1. Definitions
  2. Information we collect
  3. How do we use and collect personal data
  4. Disclosure of your information
  5. Onward transfer of your information
  6. Choices about how we use and disclose your information
  7. Data integrity and proportionality
  8. Your rights
  9. Data security
  10. Iso/iec 27001 compliance
  11. How long do we store your data
  12. Children under the age of 15
  13. Data contoller
  14. Contact information

Definitions

“Consent” Your explicit consent to the processing of personal data. Persons who are 15 years of age or older may give free consent to the processing of their Personal data.
“Cookies” Small pieces of code stored on your device (computer or mobile device). This information is used to provide you with certain functions, track your use of the Website, and compile statistical reports on the website activity. Mention of Cookies also includes other similar technologies; more detailed information on what are they and how you can manage them you can find in our Cookie Policy.
“Data processor” Any natural or legal subject who processes Personal data on our behalf. We may use the services of various service providers to process your Personal data more effectively. You can find more information about our Data Processors in Section 4. of this Policy.
“Data Protection Law”
  • Serbia - the Law on Personal Data Protection adopted in November 2018, entered into effect on August 22, 2019, (harmonized with the GDPR)
  • EU/EEA - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
  • USA – New York Personal Privacy Protection Law and other relevant regulations.
“Data subject” or “you” Any natural person who shares their Personal data with Vega IT via Website.
“GDPR” General Data Protection Regulation 2016/679.
“Personal data” or “data” or “personal information”

Any information relating to an identified or identifiable natural person (Data subject);

  • An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or multiple factors specific to its physical, physiological, genetic, mental, economic, cultural, or social identity.
  • Data about a company or any legal entity is not considered to be personal data but registering on behalf of a legal entity may include sharing personal data.
  • However, the information related to one-person companies may constitute Personal data when it allows the identification of a natural person. The privacy rules also apply to all personal data relating to natural persons in the course of professional activity, such as the employees of a company or organization, and business e-mail addresses like “firstname.surname@company.com”.
“Processing”

Any activity or set of activities performed on Personal data or sets of Personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Service”

Making available any content by us on the Website.

The Service does not include products or services that Vega IT otherwise provides such as services via platforms or mobile apps.
“Website”

The website owned by Vega IT, or its affiliates and subsidiaries located at https://www.vegaitglobal.com/, https://www.vegait.co.uk, or https://www.vegait.de.

 

 

Information we collect

We collect several types of information for our business operations as explained in detail in Section 3 of this Policy.
Data about you may be shared and collected directly from you or from third parties.
Under “data provided by you” we mean:

  • Data collected voluntarily – when you contact us through the Website, social media, email, etc. and intentionally share certain information with us,
  • Data collected automatically – when you access the Website,
  • Data collected through Cookies – as we have explained in our Cookie Policy.

A. Personal data you share with us voluntarily

Personal Information Provided Directly by You:

  • Name
  • Company
  • Email address
  • Telephone number
  • Records and copies of your correspondence with us

All personal information that you provide to us needs to be true, complete, and accurate, and you are obliged to notify us of any changes to such personal information.

Information Collected from Forms on Our Websites

  • Information provided when using our Services
  • Information submitted when posting material on our Website
  • Information requested when seeking further services
  • Information provided when reporting problems with our Websites, products, or services

Usage Details, IP Addresses, and Cookies

  • Details of your visits to our Websites (as explained below)
  • Information about your connectivity (IP address, Browser information)
  • Device type,
  • Unique device identification number,
  • Location data/ Broad geographic location (e.g. country or city-level location)
  • Logs and other communication data
  • Resources accessed and used on the Websites
  • Browsing actions and patterns
  • Information collected using cookies and Web beacons

We may collect information about how your device has interacted with our Website, which includes the pages accessed and links clicked. Collecting this information enables us to better understand the interests of the visitors who visit our Website, where they come from, and what content on our Website is relevant to them.
This information is collected primarily by using cookies and similar tracking technology, as explained in more detail in our Cookie Policy.

Email Marketing Information

  • Email Engagement Data:
  • Open Rate: Information on whether the email was opened.
  • Duration of Open: How long the email was open.
  • Content Interaction: Details about interactions with the content of the email.
  • Marketing Preferences: Information related to user preferences for receiving marketing communications.

Processing which is described in section 2.4. is conducted based on our legitimate interest to better understand how recipients generally engage with our marketing emails, to improve the overall effectiveness of our marketing processes, as well as our product and service, and to build stronger relationships with our clients and subscribers. To ensure that this interest does not override the rights and freedoms of data subjects, we have conducted a Legitimate Interests Assessment (LIA).

Importantly, this processing is not intended to identify or profile individual users, but rather to focus on aggregated patterns of recipients’ interaction with marketing emails and analyze such information on a general level, with the goal of refining our overall email marketing strategies.

You have the right to object to this type of processing at any time, as outlined in Section 8 of this Privacy Policy.

B. Personal data we collect about you from third parties

In some cases, we may obtain your personal data without you giving us such data directly.

If you apply for a working position at Vega IT, we may obtain information about you:

  • through publicly available sources online – (e.g. on your current employer’s website, or on a professional networking site such as LinkedIn); and
  • by reference or word of mouth – for example, through a referral from a former employee/employer or from a referee you have identified.

If you are our client, we will process identification and background information as part of our business acceptance, as well as to fulfil any other legal or regulatory requirements to which we may be subject.

 

How do we use and collect personal data

We use and process your Personal data only when necessary to manage and operate our business services, fulfill our regulatory obligations, and provide a functional Website, content, and Services. We carefully consider our use of Personal data, and below, you can find the details of what data we collect, for what purposes and the legal basis.

Data we collect Purpose Legal basis Retention period
Author’s name, job title and short biography. Blogs: This data is collected for the purpose of publishing Blogs on our Website. Processing is based on author’s consent. You can withdraw your consent at any time, but this will not affect the lawfulness of processing based on your consent that was carried out before you withdrew your consent. We will keep your data until the withdrawal of your consent.
Your name and e-mail, as well as the additional information shared within your message or the attachment (question/message/note/file), information on how you heard about us. Responding to your inquiries: We collect your personal data in order to respond to the inquiries you sent us via the Contact page on our Website, as well as to respond to you regarding the rest of your requests, and to provide and improve Services to you.

Processing is necessary for the performance of the Agreement or to enter into such an Agreement with you.

 

 In the event an agreement is concluded between you and Vega IT, your data will be processed for the duration of that agreement. If an agreement is not concluded, we may process your data for a period of 12 months based on our legitimate interest.
Your name, email address, type of application (job/internship), city where you apply for the position, and any additional personal data contained in the form/email, as well as in the attachment (question/message/note). Processing your application for open work positions:
After you send us your application, which you submit by sending an inquiry by filling in the form available on our Website here, or by clicking Send us your CV!, or sending an email at jobs@vegaitglobal.com we will need to examine it in order to determine whether you fulfil our requirements as a candidate.		 Processing is necessary for the performance of the Agreement or to enter into such an Agreement with you.
Sometimes, processing is also based on your consent.
Processing of job candidate’s data is covered in more detail in our separate Employment Candidate Privacy Notice which is delivered to all job candidates at Vega IT i.e. available on the Website.		 We will keep your data for a period of 12 months after your last application date if your application is not successful. If you have given your consent to keep your data after that period, in that case we will keep your data for a maximum of 24 months after your last application date. If your application is successful and you establish an employment relationship, we will store your data during the duration of the employment relationship and after the termination of the employment relationship in accordance with our internal rules and procedures.
Email of subscribers to our newsletter. Newsletter: You can leave us your email address in order to subscribe to our newsletter. This newsletter allows us to inform you of the new products and services, updates, as well as other news relevant to Vega IT. We may use your email address to notify you about any changes to the Website, policies, products and Services. Processing is based on your consent.
Also, you can withdraw your consent at any time, but this will not affect the lawfulness of processing based on your consent that was carried out before you withdrew your consent.		 We will keep you on our mailing list until you withdraw your consent.

Employee’s photos and videos, employee’s short biographies.

Client’s photos and videos, testimonies.

 Promoting Vega IT’s business:
Vega IT wants to promote its employees, culture, values, services, products and Vega IT’s news and business to the existing and potential clients, business partners, other associates, as well as the general public, by publishing information about activities, events, latest news, hot topics, interviews, photographs/videos of employees and clients on social networks, Website and other channels of communication.		 Processing is based on your consent.
Also, you can withdraw your consent at any time, but this will not affect the lawfulness of processing based on your consent that was carried out before you withdrew your consent.		 We will keep your data until the withdrawal of your consent.
Technical data and data related to your device collected primarily by using cookies and similar tracking technology, as explained further in our Cookie Policy.

Analysis, management, and improvement of Website and Service:

Automatically collected data is used for:

  • managing the Website,
  • improvement of use and performance of the Website, as well as the update,
  • analysis of the use of the Website and measure the interest of the Website visitors;
  • providing the most efficient presentation of the Website according to the data subject’s device.
 Processing is based on your consent or our legitimate interest, i.e. for the safe usage and functioning of our Website, the protection of our business, but also the protection of our other Website visitors, which is essential to us. If the processing is based on your consent, until the withdrawal of your consent. You can withdraw your consent at any time at your cookie setting as explained in our Cookie Policy. The withdrawal of consent does not affect the lawfulness of the processing based on the consent prior to such withdrawal.
If the processing is based on our legitimate interest, we will keep the data as long as our legitimate interest exists.

Disclosure of your information

Protecting your personal information is important to us. We do not rent or sell your personal information to third parties. We may disclose or transfer personal information that we collect or that you provide as described in this Policy, including:

  • Business Transactions: In the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Vega IT's assets, including the transfer of personal information held by Vega IT about our website users as part of the assets.
  • Third Parties: To our subsidiaries, affiliates, agents, contractors, service providers, and other third parties who assist us in operating our business or providing services, and who are contractually obligated to keep personal information confidential and use it only for the purposes of providing services for or with us.
  • Legal Compliance: To comply with legal obligations, including responding to court orders, laws, legal processes, or government or regulatory requests.
  • Enforcement: To enforce or apply our Terms of Use and other agreements that govern the use of our products and services.
  • Protection: To protect the rights, property, or safety of Vega IT, our employees, our users, or others.

This is the list of Data processors with whom we share your personal data:

Processor Role Seat
  Technical/IT support  
 

Data storage

  
 

Hosting providers

  

Social Networks

Vega IT collects and processes Personal data through user interactions on social networks such as Facebook, LinkedIn, Instagram, and YouTube. Vega IT or responsible individuals appointed by Vega IT have access to messages and/or posts on these social networks. However, personal data collected through these interactions, especially those in messages directed to Vega IT, are not stored in other locations or processed further, except for purposes outlined in this policy or the privacy policy.

Vega IT uses their business profiles on services like Facebook, LinkedIn, Instagram, and YouTube. You can review their privacy policies or privacy statements, as well as how they use your personal data, through the links provided below.

Vega IT cannot influence the privacy policies of social network service providers, which act as independent data controllers. If you have questions regarding data collection and processing by Facebook, YouTube, LinkedIn, and/or Instagram, or if you wish to exercise any of your rights under the Data Protection Law, please contact:

Company

Contact Information

Details

Facebook
(META PLATFORMS IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

 

Privacy Policy Data Protection Officer

 

Whenever an individual is logged into Facebook and accesses the Website simultaneously, Facebook will receive information about this via the Facebook component, regardless of whether the individual clicks on the Facebook component. If an individual does not wish to transmit such information, they can prevent this by logging out of their Facebook account before accessing the Website.
The owner of Facebook is a company registered in the USA, which may affect the location of your data.

YouTube
(Google Ireland, Ltd., Gordon House Barrow St, Dublin 4, Ireland)

Contact Form Privacy Policy

 

YouTube or Google will receive information through the YouTube component that an individual has visited the Website if they were logged into YouTube during the visit, regardless of whether they clicked on a YouTube video. If you wish to prevent such data transfer, you can log out of your YouTube account before opening the Website.
The owner of YouTube is a company registered in the USA, which may affect the location of your data.

 

Instagram
(META PLATFORMS IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Privacy Policy Data Protection Officer

 

The same terms apply as for Facebook for users logged into their Instagram accounts. The owner of Instagram is a company registered in the USA, which may affect the location of your data.

 

LinkedIn
(LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

Privacy Policy

When an individual is logged into LinkedIn and accesses the Website simultaneously, LinkedIn will receive information through the LinkedIn component, regardless of whether the individual clicks on the LinkedIn component. If you wish to prevent this information from being transmitted, you can log out of your LinkedIn account before accessing the Website.
LinkedIn is owned by a company registered in the USA, which may affect the location of your data.

Onward transfer of your information

To support our global operations and in compliance with applicable laws, we may transfer your personal information to, and access it from, our corporate offices, subsidiaries, and affiliates located in various countries, including those outside the European Economic Area (EEA). Please be aware that countries outside the EEA, including Serbia, may not provide the same level of data protection as EEA countries.

When transferring your personal data outside the EEA, including to countries like Serbia, we implement appropriate safeguards to ensure that such transfers are compliant with applicable Data Protection Laws. These safeguards may include:

  • Data Transfer Agreements: We may use data transfer agreements with third-party recipients that incorporate standard contractual clauses approved by the European Commission.
  • Adequacy Decisions: We ensure that transfers are made to jurisdictions that have been deemed adequate by the European Commission, where applicable.
  • EU-US Data Privacy Framework: For transfers to the United States, we may rely on frameworks such as the EU-US Data Privacy Framework.

You have the right to request additional information about these safeguards and obtain a copy of the relevant agreements by exercising your rights as outlined below. When transferring personal data within the Vega IT group of companies, we ensure that appropriate safeguards are in place to protect your data.

Choices about how we use and disclose your information

We are committed to giving you control over your personal information. Here are the ways you can manage your information and preferences:

  • Tracking Technologies and Advertising: You can adjust your browser settings to refuse all or some cookies, or to notify you when cookies are being sent. Please read our Cookie Policy for more information. Be aware that disabling or refusing cookies might affect the functionality of certain parts of our Website. For email communications, you can limit tracking by preventing the loading of embedded images through your email client settings.
  • Promotional Offers from Us: If you prefer not to receive promotional emails from us, you can opt out by contacting us at privacy@vegaitglobal.com and requesting removal from future email distributions.
  • Job Applications and CV Submissions: Information provided as part of a job application or CV submission will be used solely for recruitment purposes. If you wish to have your data removed or not used for future job opportunities, please contact us at privacy@vegaitglobal.com.
  • Review and Access: You have the right to review and update the personal information we hold about you. You can request access to or correction of your data by contacting us through the provided email.
    Data Deletion: You may request the deletion of your personal information at any time, subject to any legal obligations we may have. Please contact us at privacy@vegaitglobal.com to make such a request.
  • Data Deletion: You may request the deletion of your personal information at any time, subject to any legal obligations we may have. Please contact us at privacy@vegaitglobal.com to make such a request.

By exercising these choices, you can help us ensure that your Personal data is managed according to your preferences and rights.

Data integrity and proportionality

We collect and retain only the personal information necessary for specific, identified purposes described in Section 3 of this Policy. We will use this information solely for those purposes and ensure that it is not used in any manner that is incompatible with these purposes.

Your rights

We believe it is important for you to have control over your Personal data. This Section of our Policy should provide you with general information and an explanation of these rights.

In accordance with applicable Data Protection Law, you have the following rights:

Right to withdraw the Consent

If you have provided your consent to the collection, processing, and transfer of your Personal data, you have the right to withdraw your consent - fully or partly.

Once we have received a notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented, unless there is another legal ground for the processing.
Right to access

You can send us a request for a copy of the Personal data we hold about you.

We have ensured that appropriate measures have been taken to provide such a copy in a transparent and easily accessible form, using clear and plain language.

Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data subject and with prior verification as to the subject’s identity.

Information will be provided to the Data subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary.
Right to correction of your Personal data If the Personal data we have about you is incorrect, you have the right to request that we correct those data. In such a case, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the Personal data in question to them.
Right to be forgotten

You have the right to request from us that your Personal data be deleted in these situations:

  • The personal data are no longer needed for the purpose for which they were collected;
  • You have withdrawn your consent (where the processing was based on consent);
  • You have objected to the processing and no overriding legitimate grounds are justifying us processing the personal data;
  • the Personal data was being unlawfully processed; or
  • the Personal data has to be erased for compliance with a legal obligation.

However, this right does not apply where, for example, the processing is necessary to comply with a legal obligation, or for the establishment, exercise, or defence of legal claims.
Right to the restriction of processing

You can exercise your right to the restriction of processing if:

  • the accuracy of the Personal data is contested,
  • the processing is unlawful, but you do not want the data erased,
  • we no longer need the Personal data but you require the data for the establishment, exercise, or defence of legal claims,
  • you have objected to the processing, but the verification of whether the legitimate reasons of the data controller override those of the Data subject is pending.
Right to data portability

In case you have provided your Personal Data to us, and that data is processed using automated means, you have the right to ask us for a copy of such Personal Data, as well as to have those data transmitted to a third-party data controller.
Right to object

You have the right to object to using your Personal Data in case processing is based on our legitimate interest, as well as if the processing is performed with a purpose of direct marketing, which includes profiling.
Right to Lodge a Complaint

If you have any concerns or requests in relation to your Personal data, please contact us at privacy@vegaitglobal.com and we will respond within 30 days.

If you are not satisfied with our response, you can also contact the competent supervisory authority in the country where you reside or the Commissioner for Information of Public Importance and Personal Data Protection, Bulevar kralja Aleksandra 15, 11120 Belgrade, email office@poverenik.rs.

Data security

We are committed to protecting your Personal data and have implemented reasonable and appropriate measures to secure it against unauthorized access, use, and disclosure. We use technical and organizational safeguards to protect personal data from unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access, as well as other forms of unlawful processing. These safeguards are designed considering the latest technological advancements, implementation costs, the risks associated with processing, and the nature of the personal data, with particular attention to sensitive information.

While we employ reasonable security measures, such as Secure Socket Layer (SSL) encryption for transmitting passwords, we cannot guarantee absolute security for the information transmitted to our Websites. The transmission of information over the internet is not 100% secure, and we cannot warrant the security of any data you transmit to us. We are not responsible for any circumvention of privacy settings or security measures on our Websites.

Iso/iec 27001 compliance

We comply with, and have received certification in the ISO standard ISO/IEC 27001. The ISO/IEC 27001 standard provides a framework to establish, implement, maintain and continually improve an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. This certification is subject to ongoing external assessments, with a full reassessment occurring every three years.

To learn more about the ISO standards, please visit their website.

How long do we store your data

We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.

When determining data retention periods, we take into consideration local laws, contractual obligations, and the expectations and requirements of data subjects, our customers, and suppliers. When we no longer need Personal data, or when you legitimately request us to delete your information, we will securely delete or destroy it.

Data retention periods are described in more detail in Section 3. of the Policy.

However, as an exception to the data retention periods in Section 3 of the Policy, data may be processed longer for the purpose of submitting, enforcing, or defending a legal claim or counterclaim.

Furthermore, if a specific imperative regulation defines the obligation to retain certain data for a period longer than stated in Section 3 of the Policy, we are obliged to retain the data within that period.

Children under the age of 15

Our Websites and Services are not intended for children under the age of 15. We do not knowingly collect, use, or disclose personal information from children under 15 years of age.

In compliance with relevant regulations, including the Children’s Online Privacy Protection Act (COPPA) in the United States and the GDPR in the European Union, we take measures to ensure that we do not collect personal data from individuals under the age of 15.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@vegaitglobal.com. We will take appropriate steps to delete any personal information collected from your child.

Data contoller

The Data Controller of this website is: Vega IT d.o.o. Novi Sad, Novosadskog sajma 2/9, Novi Sad, Serbia.

Contact information

If you have any questions or comments about this Privacy, please contact us by emailing us at privacy@vegaitglobal.com. or by writing to us at:

  • Vega IT d.o.o. Novi Sad
  • Attention: Legal Department, Privacy Statement Issues
  • Novosadskog Sajma 2, Novi Sad, 21000
  • Serbia