This Rulebook represents an internal act that regulates the issue of protection of personal data on employees and individuals hired under the service agreement, as well as their families, applicants, external consultants and other individuals that have entered or are about to enter into contractual and other legal relationships with the company “NOVALITE” LLC NOVI SAD as an Operator, as well as other individuals whose data are being processed by NovaLite (suppliers, bidders, service beneficiaries/clients, business partners, etc.) in accordance with the Law and other regulations in the field of data protection.

The company “NOVALITE” LLC NOVI SAD observes the valid legislation and ensures that personal data are collected and processed for certain purposes, and it also observes the principle of data minimizing and ensures that personal data are stored only during the time period required to fulfil the purpose for which they have been collected providing that personal data are collected solely for legitimate purposes and as such are considered as precise and up to date, that they are processed in accordance with the appropriate legal basis and that they are protected from any kind of unauthorized or illegal access by internal or external parties.

Considering the above, NovaLite hereby informs the employees and individuals hired in other manner (executants), as well as potentially other individuals whose data are being collected about all important aspects of their personal data collection and processing.


Certain expressions used in this Privacy Policy have the following meaning:

▪️ “Personal data” means any information relating to either directly or indirectly identified or identifiable natural person, in particular based on an identifier such as a name, an identification number, location data, an identifier in electronic communication networks or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

▪️ “Special types of personal data” are data revealing racial or ethnic background, political opinion, religious or philosophical belief or membership in a union, genetic data, biometric data, data on health condition, sexual life or sexual orientation of physical entity;

▪️ “Personal data processing” means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organising, grouping, namely structuring, storage, adaptation or alteration, disclosing, consultation/insight into, use, disclosure by transmission, namely delivery, copying, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (hereinafter referred to as: processing).


NovaLite may process the following personal data of employees and individuals hired under service agreement:

▪️ Name and family name/surname, address, date and place of birth, sex, marital status, unique personal number, personal identification card number, citizenship, health insurance number (PIN); academic and professional /expert qualifications: level of education, titles, data on skills, foreign language competences, trainings, employment history, biography; financial data: bank account number, data on income and additional benefits; data on execution of work related duties; work place – position, superior’s (supervisor′s) assessment, business e-mail address, IP address, access code; communication data: e-mail address, telephone number, contact details of a relative in case of emergency;

▪️ other data required for the execution of employer′s obligations set forth by the law and the execution of employment contract, namely the agreement regulating the work outside of employment based relationship between the employee, namely individual hired based on service agreement and NovaLite. At the same time, it is possible to collect and process personal data for marketing and promotional activities of the company “NOVALITE” LLC NOVI SAD, such as photographs, video recordings, etc. whereas these data are collected and processed based on revocable consent given by the individual in question that may be revoked at any time.

NovaLite may also process certain categories of special types of personal data, in accordance with Article 17 of the Law (for example, processing of special type of personal data of employees and members of their families for the purpose of fulfilling obligations or exercising statutory powers in the field of labour relations, social security and social protection).

NovaLite may process the following personal data of other individuals (service beneficiaries/clients, business partners, etc.):

▪️ Name and family name/surname, name of the employer/body/organization represented by the person, date of birth, place of birth, residence address, sex, data on academic and professional/expert qualifications, contact e-mail address, contact telephone.

NovaLite may process the following personal data of suppliers and bidders:

▪️ Name and family name/surname, residence address, contact e-mail address, contact telephone.

NovaLite may process the following personal data of a job applicant:

▪️ Name and family name/surname, date and place of birth; academic and professional/expert qualifications contained in the curriculum vitae and motivation letter: level of education, titles, data on skills, foreign language skills, training, list of previous employers; communication data: e-mail address, telephone number.

In accordance with the principle of data minimizing NovaLite does not process a larger number or any other type of personal data than the ones needed to fulfil the set purpose.

NovaLite may process other personal data apart from those referred to in this Article, depending on its needs and specifically determined purpose of data processing.

Starting from the specific purpose that data collection and processing should achieve as well as in relation to the legal grounds, NovaLite shall, when necessary, inform the data subject about all its specific characteristics (notification). This Privacy Policy and special notification shall apply to such processing and in case of potential disagreement the special notification shall be given the advantage.


The purposes of personal data processing include:

▪️ Employment and human resources management – NovaLite processes personal data for purposes of concluding and implementing of employment contract and other forms of employment (for example, personal data processing for the needs of: determining the knowledge and skills of applicants for certain jobs, managing working hours and absences from work, calculation of salaries, travel expenses and per diems, determining of compensation for sick leave and other forms of absence from work, assessment of employees’ advancement, providing of additional training and education and disciplinary procedures);

▪️ Performing of activities and conducting of business activities – NovaLite processes personal data for the needs of procurement and payment of goods and services, business development, business cooperation, project management, work organization, office operations, marketing and promotional purposes and other types of business activities conducting and performing of business activities, including reporting to clients on the conducted business activities;

▪️ Communication, information technologies and information security – NovaLite processes personal data for the purpose of managing and maintaining the functioning of the communication and information network, maintaining information security and preventing the occurrence of information risks;

▪️ Harmonization of operations with laws and other regulations – NovaLite processes personal data in order to fulfil the prescribed obligations and harmonize the operations with laws and other regulations (commercial, labour and tax related legislation, etc.).


NovaLite may assign personal data to third parties under the conditions set forth in this Article and shall be deemed responsible to undertake all necessary and required measures in order to ensure that personal data are being processed and safe-guarded in accordance with the law and other regulations.


Personal data shall not be kept longer than it is needed to fulfil the purpose for which they have been collected.

NovaLite shall keep the data within the given legal time period if the deadline for personal data storing is set forth by the law.

The data shall be permanently deleted upon the fulfilment of their purpose, namely expiry of the deadline legally set forth for data storing.

In certain cases, personal data may be kept for a longer period, for the needs of fulfilling legal obligations or for establishing, executing or defending a legal claim, in accordance with the applicable laws.


The individuals whose data are processed have the following rights:

▪️ Right to notice on processing and insight – individuals to whom the data refer have the right to be informed about the processing of their personal data and the right to access their personal data, including viewing, reading, listening to data and taking notes;

▪️ Right to receive a copy – individuals to whom the data refer have the right to be issued a copy of data from NovaLite;

▪️ Rights upon the executed insight – after the insight, the data subject has the right to request from NovaLite to correct, supplement, update, or delete of data, as well as to terminate and temporary suspend the processing of personal data;

▪️ Right to transferability – the data subject may request from NovaLite the transfer of personal data to another operator, when this is technically feasible, namely when personal data, which are the subject of the transfer request, are in a structured and machine-readable format;

▪️ Right to withdraw the consent – when the consent of individuals to whom the data refer is the legal basis for personal data processing such person has the right to withdraw the consent at any time, in writing;

▪️ Right to object to processing – the data subject has the right to object to personal data processing aimed at direct marketing and to request a restriction on processing in some other cases;

▪️ Right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection – if the data subject is not satisfied with NovaLite’s response to the request for fulfilment of rights regarding personal data protection, he/she has the right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection.


The employees shall honour and protect the personal data being processed. Employees are allowed to process only those data to which they are allowed access, in accordance with the tasks they perform.


NOVALITE LLC NOVI SAD undertakes all necessary technical and organizational measures to ensure an adequate level of security and protect your personal data, in particular against the risk of unwanted or unlawful destruction, manipulation, loss, alteration or disclosure or access of unauthorized third parties. We are constantly striving to improve our safety measures and maintain them in accordance with the latest technological and technical standards.


This Privacy Policy enters into force on the eighth day following that of its publication on NovaLite’s website and NovaLite’s notice board providing its implementation starts as of August 21st, 2019.

This Privacy Policy may be updated periodically, but so that the level of privacy protection achieved will not be diminished. All potential changes take effect upon the expiry of eight days after their publication on NovaLite’s website and NovaLite’s notice board.