Privacy Policy

Last Modified: September 25, 2025

  • Data We Collect
  • Purposes of Processing
  • Legal Basis
  • Data Sharing
  • Retention Period
  • Your Rights
  • Exercising Your Rights
  • Data Security
  • Personal Data Breaches
  • Cookie Policy
  • Policy Changes
  • Contact for Inquiries
  • Right to Lodge a Complaint
  • Important Notices

Protection of Personal Data

PING d.o.o. (hereinafter: “PING”) is committed to protecting the privacy and personal data of its clients, business partners, and all individuals who come into contact with us and our services. This Personal Data Protection Policy explains how we collect, use, store, and safeguard your personal data in accordance with the Law on Personal Data Protection of Bosnia and Herzegovina (“Official Gazette of BiH”, No. 12/2025).

What Personal Data We Collect

1. Employee Data (Human Resources Records)

In accordance with the Labour Law of the Federation of Bosnia and Herzegovina, we maintain human resources records that include:

  • Full name
  • Unique Master Citizen Number (JMB)
  • Date and place of birth
  • Nationality
  • Educational background (title or occupation)
  • Place of residence and address
  • Contribution payer number for public pension and health insurance funds
  • Data on salary calculation and payments
  • Bank account number
  • Tax card number
  • Evaluation data
  • Employment status data
  • Data on previous employment
 

2. Job Applicant Data

When you apply for a job with us, we collect:

  • Full name
  • Contact details (telephone, email, address of residence)
  • Curriculum vitae (which may include a photograph)
    • Education and professional qualifications
    • Previous work experience
  • Information provided in the cover letter
  • References (name, surname, and contact details of the referee)
  • Any other information voluntarily submitted in the job application
 

3. Client and Business Partner Data

When establishing a business relationship, we may collect the following data:

  • Full name of the contact person
  • Business address
  • Business telephone and email address
  • Job title/position within the company
  • Records of our interactions (meetings, calls, email correspondence)
 

4. Data Collected Through Website and Contact Forms

When you contact us, we collect:

  • Full name
  • Email address
  • Messages and inquiries you send to us

When visiting our website, the following information is automatically collected:

  • Device IP address
  • User location (city/country, estimated based on IP address)
  • Browser type and version
  • Device operating system
  • Browser language settings
  • Time zone and time of access
  • Screen resolution and device type (desktop/mobile)

In addition, we collect website usage data such as:

  • Pages visited
  • Time spent on the website
  • Clicks and interactions with content
  • Performance and security data
  • Error and system logs
  • Data necessary for detecting and preventing abuse or spam activities

5. Data Collected Through Help Desk Platform

We may collect the following categories of data related to employees of PING’s clients:

  • Personal data: full name, email address, username, IP address
  • Organisational data: organisation name, department, role
  • Support data: content of support tickets, attachments, logs, communication
  • Technical data: date and time of access, device, browser

6. Video Surveillance

Our business premises are equipped with video surveillance at the entrance in order to protect the safety of persons and property. Cameras may record:

  • Facial appearance
  • Date and time of entry and exit

Why We Collect Your Data

We use your personal data for the following purposes:

1. Human Resources Management

  • Maintaining personnel records in accordance with the Labour Law
  • Calculating and paying salaries
  • Reporting to the Tax Administration, the Statistical Office, and other institutions
  • Evaluating employee performance
  • Managing employment status

2. Recruitment Process

  • Assessing job applicants
  • Conducting selection and interviews
  • Verifying references
  • Creating a database of potential candidates (with consent)

3. Service Provision and Business Communication

  • Responding to your inquiries and requests
  • Delivering our IT services
  • Maintaining business relationships
  • Fulfilling contractual obligations
  • Improving our website

4. Security

  • Protecting our business premises
  • Ensuring the safety of people and property
  • Preventing misuse and fraudulent activities

5. Legal Obligations

  • Complying with statutory requirements
  • Maintaining business records

Legal Basis for Data Processing

We process your personal data on the following legal grounds:

  • Consent – when you have given us permission to process your data.
  • Performance of a Contract – when processing is necessary to fulfil a contract with you.
  • Legal Obligations – when we are required to process data in order to comply with the law.
  • Legitimate Interests – for maintaining business relationships and ensuring security.

Data Sharing

We may share your personal data in the following circumstances:

1. Within the Company

  • With employees who require access to data in order to perform their duties and fulfil contractual obligations, always in accordance with the principle of minimum necessary access.

2. With External Partners

  • Accounting service providers for the purpose of salary calculations and payments
  • IT service providers

3. With Competent Authorities (Legal Requirements)

  • Government authorities, when required by law
  • Courts in the event of legal proceedings

All employees and external partners are bound by contractual obligations that ensure the protection of your personal data.

Koliko dugo čuvamo vaše podatke

1. Employee Data

  • For the duration of the employment relationship
  • After termination of employment, in accordance with statutory requirements on the retention of personnel records
  • Certain data is kept permanently for pension and health insurance purposes

2. Job Applicant Data

  • Up to 1 year after completion of the recruitment process, or up to 3 years if you have provided explicit consent
  • Data of applicants who enter into employment are transferred to the human resources records

3. Client and Business Partner Data

  • For the duration of the business relationship and 3 years after the contractual obligation has ended (including warranty periods)
  • In accordance with statutory requirements on the retention of business documentation

 4. Video Recordings

  • Up to 30 days, after which they are automatically deleted
  • Exception: where proceedings have been initiated in which the recording is used as evidence

5. Website Data

  • Up to 1 year, unless you have provided consent for longer retention

Your Rights

You have the following rights with respect to your personal data:

  • Right to Information: The right to know how we process your data (as explained in this Policy).
  • Right of Access: The right to request a copy of your personal data that we hold.
  • Right to Rectification: The right to request the correction of inaccurate or the completion of incomplete data.
  • Right to Erasure (“Right to be Forgotten”): The right to request the deletion of your data under certain circumstances.
  • Right to Restrict Processing: The right to request a temporary limitation on the processing of your data.
  • Right to Data Portability: The right to obtain your data in a structured format.
  • Right to Object: The right to object to the processing of your data.
  • Withdrawal of Consent: If you have given consent, you may withdraw it at any time.

How to Exercise Your Rights

To exercise your rights, you may contact us at:

  • Email: info@ping.ba
  • Data Protection Email: zastita.lpodataka@ping.ba
  • By post at our company address

We will respond to your request within 30 days of receipt. This period may be extended by an additional 60 days in complex cases.

Security of Your Data

We take all necessary steps to establish and maintain the highest standards in software design and development, project management, engineering, and service delivery. In this regard, we have certified our quality management system in accordance with the international standard ISO 9001 and our information security management system in accordance with ISO 27001.

We implement appropriate technical and organisational measures to safeguard your data, including:

1. Technical Measures

  • Secure passwords and access controls
  • Antivirus protection
  • Regular data backups
  • Physical security of premises and equipment

2. Organisational Measures

  • Employee training on data protection
  • Clean desk and screen policy
  • Minimum necessary access rights
  • Data breach procedures

Personal Data Breaches

In the event of a personal data breach:

  • We will notify the Personal Data Protection Agency within 72 hours.
  • If the breach poses a high risk to your rights, we will also inform you.
  • We will document the breach and the measures taken.

Cookie Policy

This Cookie Policy explains what cookies are, how we use them on our website, what types of cookies we use, and how users can control their use.

Cookies are small text files that are stored on your device when you visit a website. They are used to enable website functionality, improve the user experience, and analyse website usage.

Our website may use the following types of cookies:

  • Strictly Necessary Cookies – required for the basic functionality of the website (login, navigation).
  • Analytical Cookies – help us understand how visitors use the website (e.g., Google Analytics).
  • Functional Cookies – remember your settings (such as language and preferences).
  • Marketing Cookies – used to display relevant advertisements and measure the effectiveness of campaigns.

A cookie banner/notice is provided on our website with a link to this document.

You can control or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

Our website also uses third-party cookies (e.g., Google, social media platforms) that assist us with analytics and marketing. The privacy policies of these third parties apply to their use of cookies.

Policy Changes

This Policy may be updated from time to time. In the event of significant changes, we will inform you on our website or via email.

Date of last modification: 25 September 2025

Contact for Inquiries

For any questions regarding this Policy or the protection of your personal data, please contact us at:

Right to Lodge a Complaint

If you believe that your rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Agency of Bosnia and Herzegovina (Personal Data Protection Agency of BiH – Website: https://azlp.ba/).

Important Notices

  • We do not process the data of children under the age of 16 without parental consent.
  • We do not transfer your data outside of Bosnia and Herzegovina without appropriate safeguards (Standard Contractual Clauses/consent).
  • You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.