Pursuant to provisions of the Law on Personal Data Protection (hereinafter: the Law), TENFORE DOO BELGRADE PAYMENT INSTITUTION, from Belgrade, 60 Dobračina Str, registration no: 17327852, before starting collecting and further processing of personal data, for a one-time payment transaction (Western Union money transfer and fund transfer) is hereby acquainting the customer (hereinafter: the Customer) with terms and conditions for collection and further processing of personal data, as well as the relevant informaiton, in the following way:
Payment services of one-time payment transaction:
1. Western Union Money Transfer
TENFORE d.o.o Belgrade Payment Institution, 60 Dobračina Street, Belgrade (TENFORE), Western Union Network (France) SAS (Western Union), Representatives of Western Union (Partners).
Basic data to be collected are the following: first and second name, date of birth, place of permanent or temporary residence, ID number, ID document number, name of the issuer and date and place of issuance of ID document, as well as other data depending on the money transfer amount, as provided by the Law on Prevention of Money Laundering and the Financing of Terrorism.
2. Fund Transfers
TENFORE d.o.o Belgrade Payment Institution, 60 Dobračina Street, Belgrade (TENFORE)
Basic data to be collected are the following: first and second name, place of permanent or temporary residence of the payer and/or receiver, number of payment account of the payer and/or receiver, as well as other data depending on the money transfer amount, as provided by the Law on the Prevention of Money Laundering and Terrorism Financing.
3. TENFORE d.o.o. Belgrade Payment Institution provides services of Western Union money tarnsfer and fund transfer through a network of authoriesd and registered representatives of TENFORE on the basis of the Contract on Personal Data Processing or binding provisions of the Contract on Provision of Payment Services.
4. Person for peronal data protection
A person designated for protection of personal data to whom the Customer may address with questions and requests in connection with personal data processing, to the following addresses: e-mail: zastita.podataka(at)tenfore.net, post: 60 Dobračina Str, Begrade.
5. Purpose of processing and legal grounds
Data Controllers shall process the personal data specified herein for the purpose of exercising rights and obligations arising from the contract on one-time payment transaction, on the basis of the Law on Payment Services and consent of the person whose personal data are processed. The Customer gives consent for the execution of payment transaction, which is legal grounds for processing of his personal data. Data provision is obligatory and necessary condition for execution of a one-time payment transaction, because without these data the service cannot be executed according to legal regulations.
6. Right to revocation
The Customer has the right to revoke the consent for data processing any time. The revocation has no effect on the permission to process data before the revocation. The revocation can be provided in writing. After the Customer revokes the consent for personal data processing, on the basis of provided consent, further data processing is not allowed according to this Law.
7. Personal data processing
The Customer sends data when using a one-time payment transaction service. The collected personal data and information are used for the purpose of providing a one-time payment transaction, as well as for the purpose of administration and business books of Data Controllers, for providing support to the Customer regarding the accurate execution of the one-time payment transaction, prevention of money laundering and terrorism financing, adjustment of operations with applicable regulations and fulfillment of legal obligations of Data Controllers, better understanding of the Customer through an analysis and examination of the one-time payment transaction information and thus improvement of the area of prevention and detection of frauds and thefts in providing the one-time payment transaction, improvement of our products, services and business, as well as for sending to Customers commercial messages by e-mail, telephone, post, SMS or through any other channel, if they choose and/or accept so.
8. Right of the Customer to data protection
The Customer has the right to get informed with the Data Controller of the ensured measures for protection of his personal data.
9. Processing of data received by third persons
Data Controllers shall keep and retain the information provided by the Customer of a third person (i.e. the payer or receiver, as the case may be) so as to ensure execution of one-time money transfer service. Prior to providing these data and information of the third person, the Customer is obliged to notify the third party and ensure the third party consent for usage of the Customer’s data and information as stated in this clause. Data delivery is obligatory for execution of money transfer service to the Customer. Without it, Data Controllers will not be able to execute the money transfer service or other services requested by the customer.
10. Right to access data
The Customer is obliged to provide to Data Controllers Korisnik accurate and updated personal information when using one-time payment transaction service.
The Customer has the right to request a copy of data referring to him and which are being processed. The Customer has the right to have his incorrect personal data corrected and/or deleted without unnecessary delay if the data are no longer required for achievement of the original purpose, if the Customer has revoked the consent for processing, and there is no other legal grounds for processing, if the data have been illegally processed, all in compliance with the law.
11. Right to data correction and deletion
Data Controller is obliged to notify all recipients whose personal data have been disclosed of any personal data correction or erasure or restrictions in their processing, unless it is impossible or it requires overuse of time and resources, and to notify the Customer, at the Customer’s request, of all recipients.
12. Right to data transferability
The Customer has the right to receive its personal data previously delivered to Data Controller in a structured, usually used and electronically readable form and has the right to transmit these data to another controller without interference by Data Controller, if all legally anticipated conditions are fulfilled. This right also includes the right of the Customer to have its personal information directly transmitted to another data controller by Data Controller, if technically viable.
13. Right to file a complaint
The Customer has the right to file a complaint at any time to processing of its personal data for the purpose of direct advertising, including profiling, to the extent it is connected with direct advertising. If the person whose personal information is processed files a complaint to processing for the purpose of direct advertising, the personal data cannot be further processed for such purposes.
14. Data protection measures
Data Controllers will adequately protect the personal data from misuse, destruction, loss, unauthorized changes or access, and/or undertake all necessary technical, personnel and organizational measures to protect the data, all in accordance with the Law.
15. Recepients of personald data
Personal data can be taken out from the Republic of Serbia to other countries and international organisations only subject to relevant protection measures, in accordance with the Law, internal acts of the Institution, as well as other regulations governing this area.
TENFORE may transfer personal data for the purpose of execution of the contract on one-time payment transaction (Western Union money transfer) and share them with Western Union Network (France) SAS (Western Union), as well as Representatives of Western Union (Partners).
16. Data retention period
Personal data are kept by Data Controllers within terms prescribed by the laws governing accounting and auditing, the position and operations of payment institutions and prevention of money laundering and terrorism financing.
17. Violation of personal information
The Customer has the right to be notified of violation of his personal information. If the violation of personal information can result in high risk for rights and freedom of private persons, TENFORE is obliged to notify the Customer of the violation without unreasonable delay.
TENFORE is not obliged to notify the Customer if: it has taken appropriate technical, organisational and personnel measures with regard to the information of the person whose security has been undermined; it has subsequently taken the measures to ensure that violation of personal information cannot result in any further consequences for him; notifying the Customer would present unproportional consumption of time and resources.
In that case, TENFORE is obliged to ensure notification to the person to whom the data refer, by public notifications or any other effective way.
18. Request for exercising rights of the Customer
If the Customer believes that his right stipulated by the Law has been violated, he an submit a complaint to the personal data processing by completing the Request. The completed request can be submitted by electronic means, by sending e-mail with attachment to the address zastita.podataka(at)tenfore.net or to the address TENFORE d.o.o. Belgrade Payment Institution, 60 Dobračina Str, 11000 Belgrade with the note „for the Person for protection of personal data“.
TENFORE can charge certain fee for processing and submission of copies, under legally prescribed terms.
TENFORE is obliged to provide to the Customer whose personal data are processed the information stated in the request, without any delay, but not later than within 30 days from the day of the request receipt. This term can be extended by another 60 days if necesssary, taking into account the request complexity, but the Customer must be notified thereof within 30 days. If TENFORE fails to act upon the customer request, the Customer must be notified thereof not later than within 30 days from the day of request receipt, as well as of the right to file a complaint to the Commissioner and/or the court.
19. Right to file a complaint to the Commissioner for the information of public significance and protection of personal data and a complaint to court
The Customer has the right to file a complaint to the Commissioner for Information of Public Informance and Personal Data Protection if he believes that processing of his personal information has been done contrary to provisions of the Law. Filing a complaint shall not affect the Customer right to initiate other procedures for administrative or judicial protection. The Customer has the right to initiate an administrative procedure, against the decision settling on his request made by the Commissioner, within 30 days from the day of the decision receipt. Filing a complaint in the administrative procedure shall not affect the right to initiate other procedures for administrative or judicial protection.