SrpskiINFORMATION ON PERSONAL DATA PROCESSING
This document describes the processing of personal data related to the collection of data during the entry, operation, management, and use of the central information system in the field of hospitality and tourism (E-tourist), its content, and the types of data in accordance with Articles 23 and 24 of the Law on Personal Data Protection (“Official Gazette of RS”, No. 87/18).
The Ministry of Tourism and Youth, as the data controller, provides the following:
NOTICE ON PERSONAL DATA PROCESSING
1. Identity and Contact Details of the Controller
Ministry of Tourism and Youth
Address: Nemanjina 22–26, 11000 Belgrade, Serbia
Tax ID: 113344555
Official website:
https://mto.gov.rs/tekst/308/sektor-za-turizam.php
2. Subject, Purpose, and Legal Basis of Processing
The controller processes personal data for the purpose of performing tasks within its competence, establishing the central information system in the field of hospitality and tourism – E-tourist (hereinafter: CIS). CIS is a unified and centralized electronic information system containing all relevant data on accommodation service providers and accommodation facilities, through which records are kept and other data arising from hospitality, nautical, hunting-tourism, or tourism service activities are entered.
The subject of personal data processing is the performance of legal obligations of the controller in accordance with the Law on Hospitality (“Official Gazette of RS”, No. 17/19), the Law on Tourism (“Official Gazette of RS”, No. 17/19), and the law governing personal data protection.
The purpose of data processing is maintaining records by the controller in a prescribed manner, which may include: name and surname, unique citizen identification number, date of birth, address, and other relevant data.
Processing is carried out electronically within the central information system or another ICT system, in the form of audio-video recordings and photographs, and in paper form through registers, card files, or other formats, in accordance with the law on personal data protection.
3. Data Entered into CIS
The data entered into CIS are regulated by the Law on Hospitality, the Law on Tourism, and the Rulebook on the Method of Entering, Operating, Managing, and Using the Central Information System and its Content and Types of Data (“Official Gazette of RS”, No. 87/20, 67/21, 58/23, and 26/25). The system is organized by thematic areas.
In the hospitality section, the accommodation provider enters data on accommodation users:
1) For domestic citizens: name and surname, date of birth, unique citizen number, address, type of provided service, accommodation unit details, date and time of arrival and departure, manner and reason for arrival, and other relevant data.
2) For foreign citizens: name and surname, date of birth, nationality, type, number, and date of issuance of the travel document, date and place of entry into Serbia, duration of approved stay, type of provided service, accommodation unit details, date and time of arrival and departure, manner and reason for arrival, and other relevant data.
In the tourism section, the travel agency enters data on passengers contained in the contract for purchased travel services, as well as data stated in the issued travel guarantee certificates (name and surname, address, phone number, and email address).
Data are entered based on an identity document or another public document with a photograph; for minors, based on other appropriate documentation.
4. Persons Who Use the Data
Administrators at the controller have access to all CIS functionalities and entered data.
Exceptionally, access is also granted to:
- Tourism inspectors and authorized inspectors of local self-government units, within their legal powers and scope of supervision.
- Employees or engaged personnel of the Ministry with a user account, for the purpose of providing evidence in administrative procedures.
All users with access to data are obliged to comply with data protection and confidentiality regulations and use the data within the scope of their official authorizations.
5. Transfer of Personal Data and Protection Measures
The controller processes data exclusively within the Republic of Serbia and may exchange them with state authorities, provincial authorities, local self-government units, and holders of public powers, in accordance with the Law on Tourism, the Law on Hospitality, and the Law on Personal Data Protection.
Data exchange is conducted electronically, in a controlled and secure manner, with protection measures applied pursuant to information security regulations.
6. Rights in Case of Unlawful Processing
In accordance with personal data protection and information security laws, measures are taken to prevent any misuse of personal data.
The data subject has the right to submit a complaint to the Commissioner for Information of Public Importance and Personal Data Protection if they believe that their data has been processed contrary to the Law on Personal Data Protection.
The data subject has the right to judicial protection under Article 84 of the Law on Personal Data Protection if their rights have been violated by the controller or processor through unlawful processing. Filing a lawsuit does not affect the right to initiate other administrative or judicial proceedings.
7. Retention Period
Personal data are stored for two years from the date of collection, after which they are deleted or anonymized.
8. Contact Information for Personal Data Protection
Contact for questions regarding personal data processing:
marija.djacic@mto.gov.rs
HOTEL TURIST Bajina Bašta | Rezervacije: +381 31 866570 | info@hotelturist.rs
