Veracomp takes data privacy and protection very seriously.
The Privacy Notice explains:
- Who is Veracomp and how to contact us regarding privacy?
- What personal data is being collected by us?
- Why do we process personal data and what is the legal basis for processing it?
- Where and how do we collect personal data?
- Will the data be shared with any third parties?
- How is personal data secured and how long will the data be stored for?
- What rights does the data subject have?
- Obligations when third party personal data is transferred to us.
Who is Veracomp and how to contact us regarding privacy?
Veracomp is one of the largest ICT value added distributors (VAD) operating in Central and Eastern Europe (CEE) region. Veracomp provides comprehensive IT solutions mainly for businesses (legal entities) but in some cases also for private consumers.
Pursuant to the provisions of the EU law, Veracomp is a controller of personal data.
This web site (veracompadria.com) and Privacy Notice refers to Veracomp companies operating in the Adriatics region (Albania, Bosnia-Herzegovina, Croatia, Kosovo, Macedonia, Montenegro, Serbia, Slovenia), where we operate through 4 companies in: Bosnia-Herzegovina, Croatia, Serbia and Slovenia.
Should you have any questions about data privacy or personal data protection for those countries, you can contact us:
All contact details for Veracomp companies in the Adriatics region are available here.
If you are a data subject in other CEE countries (i.e. excluding Adriatics), please continue browsing by following the country flag dropdown links in the upper right corner of this web page.
What personal data is being collected by us?
We may process the following personal data:
- first name and last name,
- phone number,
- e-mail address,
- business mailing address,
- employee’s company name,
- job title,
- VAT number,
- participation in special offers and events organised by Veracomp (trainings, conferences, etc),
- IP address of the device used by a natural person in order to access the services of Veracomp (i.e. web site),
- Web browsing data stored in cookies to provide analytics, to store your preferences or to enable advertisements delivery (See Cookies policy).
In extraordinary cases, the scope of data processed may be broader, due to specific processing purposes, in which case we will always require the data subject consent to collect such data.
Why do we process personal data and what is the legal basis for processing it?
As IT distributor, we mainly transact with other businesses, in particular:
- Vendors (IT manufacturers or service providers) we represent as distributors;
- IT reseller companies (our business partners);
- End users i.e. companies or natural persons purchasing the IT equipment and services we distribute.
We process personal data for contact purposes as part of our regular business activities. In particular, the purposes of processing personal data are:
- sending commercial quotations to resellers or end users,
- execute sales, process orders, invoicing, payments and other financial follow-up,
- perform deliveries in accordance with agreements made with resellers or end users,
- abide by applicable provisions of law, including tax and customs law,
- offer pre-sales and post-sales technical support,
- providing technical and business knowledge (mailing, webinars, events, training),
- create interest profiles in order to promote relevant products and services via marketing activities.
The legal basis for processing personal data according to the above-listed purposes in points 1. to 5. is our legitimate interest in processing your personal data from a business perspective in a manner that we believe do not conflict with your privacy rights or freedoms. The legal basis for processing personal data according to the purpose listed in points 6. and 7. is your consent or legitimate interest (if you are a reseller working with us).
Where and how do we collect personal data?
Veracomp may obtain personal data in the following manner:
- consent given when registering for an event (training session, webinar, special offer, etc.) organized by Veracomp and/or made available via an event registration web form on our website,
- consents given when contacting us via contact web form or when registering for our newsletter communications on our website,
- transfer of third party personal data to Veracomp by resellers (the obligations of entities transfering personal data to Veracomp are specified below),
- personal meetings or phone calls during which contact details are exchanged.
Will the data be shared with any third parties?
We may share personal data with vendors which we represent as distributor (i.e. our suppliers). We do this to be able to deliver IT equipment or services, as part of our regular business. In particular, we share your data with vendors to:
- execute a contract to which the data subject is a party,
- to undertake actions at the request of the data subject prior to entering into a contract, e.g. to obtain special prices or rebates (in a competitive quotation situation), after-sales support or provide product updates and renewals;
- process an order,
- activate the product or service (e.g. maintenance) with the vendor,
- deliver post-sales support (remote configuration and technical support, diagnostics at the request of the end user to verify their warranty claims, etc),
- execute warranty services, including: assign RMA number, track and collect the shipment, send the return shipment,
- allow vendors to contact you for marketing purposes, as we represent them on the market,
- provide justification for marketing expense claims for activities (trainings, conferences, etc.) sponsored by a particular vendor.
When transferring data to any third party, we ensure that:
- data protection and restriction of access to such data is given only to authorised persons;
- there are sufficient guarantees of implementation of appropriate technical and organisational measures so that the processing would meet the requirements of GDPR and protect the rights of data subjects;
- transmission of data to third parties, particularly outside the EU is made according to the provisions of EU law (GDPR articles 44-47);
- upon the completion of the provision of services related to data processing, the third party shall be obliged to delete or return to Veracomp, at the discretion of Veracomp, all personal data entrusted to it, and to remove all existing copies of such data, unless the processing is necessary in view of the commonly applicable provisions of the law or in order to determine, assert or secure claims;
- use of pseudonymisation is implemented, wherever technically and economically justified and legally permitted.
How is personal data secured and how long will the data be stored for?
Personal data processed by Veracomp is stored on secure servers or SaaS applications maintained by processors for which we ensure that proper data processing agreements are in place. We make sure all our suppliers match the criteria and are compliant with EU privacy law.
All servers and applications are protected with at least strong password authentication (with mandatory complexity and rotation requirements) and secure transport encryption (TLS).
We have implemented appropriate technical and organisational measures in order to protect personal data against unauthorised or unlawful processing, including loss, destruction or damage.
In case of personal data processed in paper form, data is stored in separate rooms to which only authorised persons have access, and if the data is processed in rooms to which more people have access, the data is stored in locked cabinets the keys to which are only in possession of persons authorised to process data.
Depending on the purpose of processing, personal data is stored only for a period of time necessary to meet the purposes specified in this Privacy Notice. In some cases, the provisions of the law require longer period of personal data retention than the period arising from the contracts or general purposes for which the data has been entrusted for processing, e.g. for tax or settlement purposes or for the purposes of meeting other legal requirements and obligations. In such cases the data shall be stored for a period arising from these regulations.
What rights does the data subject have?
Veracomp ensures the execution of the following rights vested in the persons whose personal data are processed:
- right to receive information about the processing of personal data,
- right to access the contents of processed personal data,
- right to rectify data,
- right to demand from the Controller to erase data,
- right to demand from the Controller to restrict the processing of data,
- right to data portability,
- right to object against the processing of data,
- right to lodge a complaint to the national supervisory authority or the supervisory authority of another European Union member state,
- right to withdraw consent to the processing of personal data at any time,
- right to obtain human intervention on the part of the Controller, to express their point of view, and to contest the decision based on automated processing of data.
Obligations when third party personal data is transferred to us
By entrusting third party personal data to Veracomp, the entrusting party (i.e. reseller) undertakes to follow the conditions of this Notice and, depending on the purpose of making personal data available to Veracomp, such party undertakes to obtain all legally required consents from data subjects, including but not limited to for the transmission of such data to Veracomp with the right to make such data available to vendors for the purposes indicated in this Privacy Notice.
The entrusting entity particularly, but not exclusively, undertakes to:
- entrust personal data for processing in accordance with the principles set forth in this Privacy Notice, the obligations arising from GDPR, particularly Article 28;
- act as Controller within the scope of such data and performs the obligations set forth in Articles 12, 13 and 14 of GDPR;
- process the data only for the performance of cooperation for the duration of cooperation, unless the data retention period arises from the commonly applicable provisions of the law;
- obtain all legally required consents entitling it to make personal data available to Veracomp for the purpose of entrusting such data further to the vendors (see previous section „Will the data be shared with any third parties?”).