MaPLoRds

Policy

Privacy Policy

Privacy Notice

The International Bank for Reconstruction and Development (IBRD), the International Development Association (IDA),] (together the “World Bank” or “Bank”, “we” or “us”) respect your concerns about privacy. This Privacy Notice applies to the personal data that we collect and handle for the purposes of using and maintaining mobile application MaPLoRds (together the “Service”). For the purposes of this Privacy Notice, “personal data” means any information relating to an identified or identifiable individual.

Version Disclaimer

Please note that application is currently in a beta version and is under testing. While we make reasonable efforts to ensure its stability and functionality, there may be bugs, errors, or performance issues. By using application, you acknowledge and accept that it is still in development.

Purpose of this Privacy Notice

This privacy notice aims to give you information on how we collect, use, disclose, transfer, store and process your information when you use our Service, including any data you may provide through your use of our Service.

Information We Collect

Information You Provide to Us

Any information that you voluntarily provide to us, including your mobile number (MSISDN - number uniquely identifying a subscription in a Global System for Mobile communications), and geolocation will be used for the sole purpose for which the information was provided to us.

We collect and store three types of information:

Certain information when you use our Service which does not identify you as an individual but rather identifies the device you use to access our Service such as: Mobile number (MSISDN): we collect and store for the purpose of authentication and registration.

Technical Data, including internet protocol (IP) address, browser type and version, browsing actions and patterns, time zone setting and location, browser plug-in types and versions, information about operating system, platform and other technologies on the devices you use to access our Service.

Usage Data, including information about how you use our Service.

Device Data: we collect information from the device you use to access our Service. This includes IP address, language setting, device model, device operating system version, MaPLoRds application version.

Aggregated Data, such as statistical or demographic data for any purpose which data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Service feature.

Information We Collect by Automated Means

We use “cookies” and “web beacons” to optimize functionality and give you the best possible experience. We obtain certain information by automated means when you use our Service, such as the IP address of the device you use to connect to the Internet and the pages accessed. We collect this information through various means, including “cookies” and “web beacons”. To learn more about cookies, click here.

If you use our native mobile application, you will be asked if you want to receive push notifications from the Service. Push notifications may include alerts, sounds, icon badges and other information in relation to the use of the Service itself. You can choose to allow or reject push notifications being sent to your device. If you do not allow us to send you push notifications, you will be able to use the mobile application, but you may not get the full benefit of its features. You can control your preferences to receive push notifications via your device settings.

How is your information collected?

We use different methods to collect information from and about you and / or your device including through:

Automated technologies or interactions. As you interact with our Services, we may automatically collect Technical Data about your device, browsing actions and patterns. We collect this information by using cookies and other similar technologies. Please see our cookie policy for further details. (link to your cookies policy )

Information collected from you. You may give us your mobile number (MSISDN), Any information that you voluntarily provide to us, including your mobile number (MSISDN - number uniquely identifying a subscription in a Global System for Mobile communications), and geolocation by contacting us via our Service.

Information We Collect from Third Parties

This Service does not collect any information on you from other sources.

Information We Share

We do not sell or otherwise disclose personal data collected as set out above, except as described in this Privacy Notice. We engaged the services of third-party service provider University of Belgrade, Faculty of Mining and Geology for hosting, developing, and maintaining this Service for Bank. This service provider is not authorized by the Bank to use or disclose the personal data, except as necessary to perform specific service for the Bank. The Bank requires its partner and service provider to appropriately safeguard the privacy and security of personal data they process on the Bank’s behalf.

We will take steps to ensure that arrangements with third party service providers to protect your privacy by ensuring that these third parties comply strictly with instructions when they are processing your information. We may share your Personal Data with third parties who process your Personal Data on our behalf when they provide services to us, for example data analytics for the improvement of resilience of local roads networks.

Specific Purpose of Processing

The purpose of data collection on this Service is dedicated to the improvement of resilience of local roads networks.

International Transfers

Third parties with whom we share your Personal Data may be based outside of Serbia and, as such, the processing of your Personal Data may involve a transfer of your Personal Data outside Serbia. If your Personal Data is transferred outside the Country, we take steps to make sure it has the same level of protection as it would have in Serbia.

Types of Processing

We have set out below in a table format a description of all the ways we plan to use your Personal Data, and which of the lawful bases we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.

Activity Type of data Lawful basis for using your information
To improve our Service and user experience.
  1. Usage Data
  2. Technical
  3. Device
  4. Profile
  1. Necessary for our Legitimate Interests (to define categories of users of our Service, to keep our Service updated and relevant).
To administer and protect our Service (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  1. Usage
  2. Technical
  3. Device
  1. Necessary for our Legitimate Interests (for running our Service, provision of administration and IT services, network security, to prevent fraud
  2. Necessary to comply with a legal obligation.
To deliver relevant Service content to you and measure or understand the effectiveness of our services to you
  1. Usage
  2. Technical
  3. Device
  1. Necessary for our Legitimate Interests (to study how users use our Service, to facilitate production of reports and analysis needed by resilience experts.
To use data analytics to improve our Service, user relationships and experiences. We use third party Data Processors such as Google Analytics 360 to assist us with this activity.
  1. Usage
  2. Technical
  3. Device
  1. Necessary for our Legitimate Interests (to define types of users for our Services, to keep it updated and relevant, to develop and to improve user experience by understanding which features of our Service to prioritize, optimize and improve).
To monitor and better understand the performance of our App (i.e. if something goes wrong, understanding why the error occurred.)
  1. Usage
  2. Technical
  1. Necessary for our Legitimate Interests (for running our business – the provision of IT services, to fix our Service’s errors and improve our Apps’ performance for users).
To communicate our terms of use, privacy notice and cookie policy, and notify you of changes to these and/or any changes to our products and services
  1. Technical
  2. Usage
  3. Technical
  4. Device
  5. Profiel
  1. Necessary to comply with a legal obligation.
  2. Necessary for our Legitimate Interest (to keep our records updated and to study how customers use our products and services).

How We Protect the Information

The Bank maintains appropriate technical and organizational safeguards against unauthorized processing of personal data and against accidental loss, destruction or damage.

How Long We Keep the Information

We will only retain your information for as long as necessary to fulfil the purposes we collected it for (e.g. such as providing you access to our Service), including for the purpose of satisfying any legal, accounting, or reporting requirements.

Where it is no longer necessary to process your Personal Data, we will delete it or anonymize it by removing all details that identify you in accordance with Data Protection Law. For example, upon your request we will delete your Personal Data unless this is required to be retained to enable us to comply with applicable Laws and Bylaws.

Please note, however, that we may be subject to legal and regulatory requirements to keep Personal Data for a longer period, in particular pursuant to any applicable statutory limitation period.

Your Rights

Under certain circumstances, you have rights under Data Protection Laws in relation to your Personal Data, including the right to:

  • request access to your Personal Data;
  • request correction of your Personal Data;
  • request erasure of your Personal Data;
  • object to processing of your Personal Data;
  • request restriction of processing your Personal Data;
  • request transfer of your Personal Data;
  • withdraw consent;
  • object (where our lawful basis for processing your Personal Data is based on our Legitimate Interests); and complain to the regulator by visiting https://www.poverenik.rs

Changes to this Privacy Notice

We may, from time to time, change or update this privacy notice. All changes to this privacy notice will be published on this page of our Service. Each change will become effective upon publication. We recommend that you revisit and read this privacy notice regularly to ensure that you are up-to-date with the current terms.

World Bank Group Policy Document

Click here to view the full document.

Questions or concerns

Please contact the Data Privacy Office at privacy@worldbank.org

Glossary

Term What this means
Anonymized Data Data sets that cannot be used to identify an individual.
Data Controller A natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data is to be processed.
Data Processor A natural or legal person which processes Personal Data on behalf of the Data Controller.
Data Protection Laws Law on Personal Data Protection of the Republic of Serbia and any applicable laws or regulations relating to the protection of Personal Data.
Legitimate Interests Processing Personal Data for our business interests, activities and needs including providing you with the best service and experience we can offer. We balance our interests against any possible impact on you (both positive and negative), your rights and your freedom. Where our business interest and needs are overridden by your interests, rights or freedom, we will not process your Personal Data (unless you have provided us with your consent or unless required by any applicable laws or regulations).
Personal Data Information relating to an identifiable person, who can be directly or indirectly identified in particular by reference to an identifier.