engljezik.png bihjezik.png

Privacy Policy

At the Institute for Standards and Safety, we respect your privacy and, in accordance with the Law on Personal Data Protection and GDPR, we conduct all activities on the website to protect and ethically process your personal data, as described below.

Use and Definitions:

The Director and coordinator of the website is the company Institute for Standards and Safety Ltd. Visitor or user of the website refers to anyone who visits the mentioned website.

What data do we collect:

When you sign up on the homepage in the contacts, fill out a contact form, or sign up to enter your company's information into the system, including your name, email, and phone number, for the purpose of establishing business communication.

What is the purpose of collecting personal data:

The personal data collected when providing a service will be processed for the purpose of contract creation in accordance with the main contractual documents and our Terms and Conditions, as well as for necessary documentation in accordance with regulatory requirements and potential additional requirements of models that need to be verified upon client request. This is also for accounting, bookkeeping, and auditing, for establishing and defending legal claims, as well as for managing customer relationships, including creating offers for further ISS services (e.g., training for internal and external auditors or relevant education).

The legal basis for processing is Article 6.1(b) of the GDPR (performance of a contract, as long as the data subject is a signatory to the contract), Article 6.1(f) of the GDPR (legitimate interests between ISS and the requester for providing agreed services for quality improvement), and Article 6.1(c) of the GDPR (legal obligations of ISS).

In direct advertising for our range of services, we use customer personal data (name, company name, address, contact details, service order data) for our own advertising and marketing purposes to send information about customers, their services and products, news, and other user information that might be of interest to the customer, as long as the consumer has not objected to processing for the purpose of direct advertising.

If you have given us consent to process personal data for specific purposes (e.g., participation in events, sharing information), the legality of this processing will be based on your consent. Consent can be revoked at any time. This also applies to the revocation of consents given before the entry into force of the GDPR.

Retention period of personal data:

The transmitted personal data will only be stored and used for the period required to achieve the intent (mentioned above) for which they were processed. After fulfilling the intent, your personal data will be deleted or access to them will be blocked.

You can request that we stop using your personal data to establish business contact and sales. In this case, we will appropriately prevent the use of your personal data for business communication within 30 days and notify you accordingly.

Are data sent to a third country or an international organization?

Data will be transferred to countries outside the European Union to the extent necessary for ISS to fulfill a request (e.g., if a verification is done in a third country), if required by law, or if you have explicitly consented to it.

Procedure for exercising rights:

Under the General Data Protection Regulation (GDPR), each stakeholder has the right to be informed about the personal data processed about them, as well as the rights to rectification, erasure, restriction of processing, and data portability. For reasons arising from their specific situation, stakeholders can object to our processing of personal data at any time based on legitimate interest. Stakeholders can also object at any time to the future use of their personal data for direct advertising purposes, free of charge and without giving specific reasons. If you object to processing for direct advertising, we will not use your personal data for these purposes. In addition, there is the right to lodge a complaint with the competent data protection authority. Consents given can be revoked at any time. To exercise rights and for questions related to data protection guaranteed by ISS, stakeholders can contact:


If you need further clarification regarding the data security policy of ISS, please write to us at

Your consent:

By using this website, you give your consent to this privacy policy.

Changes to our privacy policy: In case of changes to our privacy policy, we will notify you on this page and update the date of change of the privacy policy below as follows.

This privacy policy was last modified on September 30, 2020.

Sarajevo, September 30, 2020. Institute for Standards and Safety Ltd. Sarajevo

0 0