Contact form
Back

Keep in touch

Contact center: 011 7777 600

(If you have already contacted us regarding the same matter, please enter your case number)

Notice on the processing of personal data

In accordance with Article 23 of the Law on the Protection of Personal Data ("Official Gazette of the Republic of Serbia" No. 87/18), the Ministry of Finance (hereinafter referred to as the Controller) hereby issues a Notice on the Processing of Personal Data.

In accordance with Article 23 of the Law on Personal Data Protection ("Official Gazette of the Republic of Serbia" No. 87/18), the Ministry of Finance (hereinafter referred to as the Controller) hereby:

 

NOTICE ON THE PROCESSING OF PERSONAL DATA

 

1) IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

Ministry of Finance
Address: Kneza Miloša 20, 11000 Belgrade
Registration number: 17862146
Tax ID: 108213413
Electronic presentation of the Ministry: https://www.mfin.gov.rs/


2) CONTACT DETAILS OF PERSONS FOR PERSONAL DATA PROTECTION

Contact details of the person responsible for personal data protection at the Ministry of Finance
Marija Radovanović
Telephone: 011/765-2030
Email address: marija.radovanovic@mfin.gov.rs


3) PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING

Personal data is processed for the purpose of the functioning of the "electronic invoice system", which is an IT solution managed by a central information intermediary and through which electronic invoices are sent, received, recorded, processed and stored, in accordance with the Law on Electronic Invoicing ("Official Gazette of the Republic of Serbia", No. 44/21 and 129/21 - hereinafter: the Law).

The legal basis for the processing of personal data is the fulfillment of the legal obligations of the controllers under the Law on Electronic Invoicing.

Providing data is a necessary condition for accessing the electronic invoice system.


4) RECIPIENTS, OR GROUPS OF RECIPIENTS AND SOURCES FROM WHICH PERSONAL  DATA OURS THAT ARE NOT COLLECTED FROM THE PERSONS TO WHOM THE DATA RELATES AND TYPES  OF PERSONAL DATA COLLECTED

The Office for Information Technology and E-Government submits electronically to the electronic invoice system, which is operated by the "central information intermediary" (in accordance with the Law: the competent unit, within the ministry responsible for financial affairs, which maintains the register of information intermediaries, manages the electronic invoice system and is responsible for its functioning):


Data on the name, surname and unique identification number of the person logging into the system.
The electronic invoice system uses a mechanism for reliable electronic identity verification of its users, by being integrated with the Single Sign-On (SSO) system, which was established and is the responsibility of the Office for Information Technology and e-Government. Single Sign-On (SSO) is a service through which a user can authenticate himself and be granted access to the electronic invoice system during a single session. If he has an electronic identity, the user has the option of logging in and authorizing himself in the electronic invoice system. The electronic invoice system is officially registered for use of the SSO system, and as such has its own ID (OAuth Client Key) and password (OAuth Client Secret).


When a user logs in to the Electronic Invoice System, Single Sign-On (SSO) confirms the user's identity and returns the data on the Unique Citizen Identification Number (JMBG) to the Electronic Invoice System, so that the Electronic Invoice System can check in the appropriate registers (APR register, register of users of public funds and register of the Tax Administration) whether the person who identified himself via the Single Sign-On (SSO) system is also the legal representative of the legal entity for which he wants to open an account on the Electronic Invoice System and to check whether the person who identified himself via the Single Sign-On (SSO) is a user within a specific legal entity. After identifying the person via the Single Sign-On (SSO) system, the Electronic Invoice System takes the obtained Unique Citizen Identification Number (JMBG) and compares it with the Unique Citizen Identification Number in the specified registers in order to check the legal representatives.


5) TRANSFER OF PERSONAL DATA TO ANOTHER COUNTRY OR INTERNATIONAL ORGANIZATION

The controller will process the data exclusively in the Republic of Serbia, and has no intention and will not transfer the data to another country or international organization.


6) PERSONAL DATA RETENTION PERIOD

In the Electronic Invoice System, the Unique Citizen Identification Number (JMBG) obtained from the Single Sign-On (SSO) system is encrypted using a hash algorithm and the resulting value is stored for the purpose of verifying the identity of the legal representative during each subsequent login. In this way, the Electronic Invoice System does not store data on the (JMBG), but a hash value calculated based on the JMBG, which will be compared with the calculated hash value during each user login. The hash algorithm is irreversible, which means that it is not possible to access data on the (JMBG) user based on the hash value stored in the Electronic Invoice System database. Logs containing access data are fully anonymized and are stored for 90 days.


User data is not collected. Data on legal representatives collected in the described manner is encrypted using a hash algorithm and the resulting value is stored for the purpose of verifying the user's identity during each subsequent login, as long as the person is registered as a legal representative in the appropriate registry.


7) RIGHTS OF THE PERSONS TO WHOM THE DATA APPLIES

The person to whom the personal data relate has the right to request from the Controller access, correction, deletion or completion of his/her personal data, as well as the right to restriction of processing, the right to object and the right to data portability, all in accordance with the provisions of Articles 26, 29, 30, 31, 36 and 37 of the Personal Data Protection Act.

The request to exercise these rights must be submitted in writing and can be submitted to the Data Protection Officer:

Ministry of Finance


• by sending it to the email address: marija.radovanovic@mfin.gov.rs
• by mail to the address: Ministry of Finance, Personal Data Protection Officer, Kneza Miloša
20, 11000 Belgrade or
• by personally submitting the request to the registry of the Ministry of Finance at Kneza Miloša 20, 11000
Belgrade, with a note for the Personal Data Protection Officer.


8) THE RIGHT OF A PERSON TO FILE A COMPLAINT TO THE COMMISSIONER

The person to whom the data relates has the right to file a complaint with the Commissioner for Information of Public Importance
and Personal Data Protection if he or she believes that the processing of his or her personal data has been carried out contrary to
the provisions of the Law.