Privacy Policy
25th September 2023
Guide to the protection of personal data in EAST GATE MALL
Purpose of the Guide
The right to privacy and the protection of users’ personal data is a priority in the operation of EAST GATE MALL DOOEL import-export Skopje (hereinafter EAST GATE MALL). As a company, we pay great attention to the protection of personal data in all our business processes, implementing the standards set by the regulations on privacy and protection of personal data in the Republic of North Macedonia. This Guide should be a practical tool that provides clarification on the meaning of the terms that are used in the regulations for the protection of personal data, develops the principles for the protection of personal data that must be considered during any processing of the personal data of users and employees of EAST GATE MALL.
Meaning and definitions of terms used in the Guide
Terms arising from regulations for the protection of personal data
PERSONAL DATA is information relating to an identified natural person or an identifiable natural person. An identifiable person is a person whose identity can be determined directly or indirectly, based on a citizen’s identification number, or based on one or more features specific to his physical, physiological, mental, economic, cultural, or social identity.
Personal data are: first and last name, address, date of birth, unique identification number of the citizen, ID card number, photo of identification documents, telephone number, e-mail address, etc.
PERSONAL DATA PROCESSING means an operation, or a set of operations performed on personal data automatically or otherwise, such as: collection, recording, organization, storage, adaptation or change, withdrawal, consultation, use, disclosure through transmission, posting or otherwise making available, equalizing, combining, blocking, deleting, or destroying.
PERSONAL DATA SUBJECT is a natural person whose personal data is processed.
PERSONAL DATA CONTROLLER is a natural or legal person, state authority or other body, which independently or together with others determines the purposes and method of personal data processing.
A PROCESSOR OF PERSONAL DATA is a natural or legal person or an authorized body of the state government that processes personal data on behalf and on behalf of the controller.
PERSONAL DATA PROTECTION OFFICER is a person who is authorized by the controller to monitor the implementation of personal data protection regulations and to ensure compliance of operations with the principles of personal data protection.
Principles of personal data protection
When processing personal data, we are guided by the following principles for the protection of personal data:
- To be processed fairly and in accordance with the law
Usually, the fair processing of personal data implies compliance with the “principle of necessity” – data processing to the extent necessary to achieve a specific goal. The processing of personal data in accordance with the law implies the existence of a legal basis and respect for any legal restrictions arising from other laws. Data processed based on law can be used for:
- conclusion, supervision, and termination of a contract
- concluding an employment or internship contract
- entering into a contract for a deed
- delivery of ordered products / services
- notifications about new products / services
- notifications about reductions (discounts) of already existing products / services
- unpaid debt notices
- applying for financing
- collection of products / services
- notification of the remaining number of installments.
- To be collected for specific, clear, and legally established purposes and to be processed in a manner consistent with those purposes. The use of products and services is not conditioned by the user’s consent to use his data for other purposes, except for fulfilling the rights and obligations arising from the concluded agreement.
- To be relevant, appropriate, and not more than the purpose to be achieved by their processing (data economy). The “Principle of Necessity” limits the amount of data that can be processed, only to those that are necessary for fulfillment of the purposes for which they are processed. For example, regardless of the type of business relationship established, the processing of data on the nationality of the user would be irrelevant, inappropriate, and excessive.
- To be accurate, complete and where necessary updated, whereby all appropriate measures will be taken to delete or correct the data, taking into account the purposes for which they were collected or processed (data quality).
This principle refers to the quality of the data, according to which EAST GATE MALL as the controller of personal data takes care of their accuracy. Updating data means replacing data that was once correct with new data or supplementing it. At the same time, the user has the right to request that actions be taken to delete or correct his data.
- To be kept in a form that allows identification of the user, no longer than the time necessary to fulfill the purpose for which the data was collected.
This principle limits the period in which personal data can be legally processed, whereby after the end of the purpose for which they were collected, they should be deleted or destroyed, i.e. anonymized.
Upon termination of the contractual relationship, these data must be kept for a period of 1 (one) year from the date of issuance of the last invoice for the provided services.
It is considered to have been acted in accordance with the principle of erasure of data in the event that the identification characteristics of the users are deleted (anonymization) or the identification characteristics are replaced with other characteristics (pseudonymization). Anonymization and pseudonymization are carried out in such a way that the identity of the user cannot be revealed or can only be revealed with unreasonable effort.
User rights
Users-subjects of personal data have the right:
- to be informed about the processing of their personal data,
- to access their personal data and
- to supplement, modify, delete or request to stop the use of their personal data.
Below is a more detailed explanation regarding these rights:
- As a function of transparency, EAST GATE MALL has the obligation to inform the user about the purposes and legal basis of the processing of his personal data.
- Every user has the right to access their personal data. The request for access to the data must be submitted in writing or through the website of EAST GATE MALL here, whereby the user’s response will be given within 15 days from the day of receipt of the request.
If the user does not receive a response to the request for access to personal data, he can submit a request for determination of violation of the right to protection of personal data to the Agency for the Protection of Personal Data.
- The user has the right to request addition, modification, deletion or stopping of the use of his personal data. At the request of the user, EAST GATE MALL is obliged to supplement, modify, delete or stop the use of personal data, if the data is incomplete, incorrect or not updated and if their processing is not in accordance with the law. Regardless of whether the user has submitted a request for addition, modification or deletion of personal data, if EAST GATE MALL determines that the personal data is incomplete, incorrect or not updated, it is obliged to add, modify or delete the same. EAST GATE MALL is obliged to notify the subject of personal data in writing about the additions, changes or deletions made, no later than within 30 days from the day of receipt of the request.
Obligations of EAST GATE MALL
Obligation of employees/engaged persons to protect personal data
The employees/engaged persons in EAST GATE MALL when undertaking their work tasks and responsibilities:
- They familiarize themselves with the regulations for the protection of personal data, as well as with the adopted documentation for technical and organizational measures to ensure secrecy and protection during the processing of personal data.
- They sign a declaration of secrecy and protection during the processing of personal data.
- With this Statement, they undertake to respect the principles of personal data protection, to process them in accordance with the instructions received from EAST GATE MALL, unless otherwise regulated by law, and to keep personal data confidential, as well as the measures for their protection. protection. This statement is also valid after the termination of their employment/engagement in EAST GATE MALL.
- Attend mandatory training on personal data protection.
EAST GATE MALL continuously informs the employees/engaged persons about the immediate obligations and responsibilities for the protection of personal data. - Informing the user about his rights EAST GATE MALL is obliged to inform the user about:
- the identity of the controller,
- the purposes for the processing,
- the right to access, modify or delete personal data,
- the identity of the personal data protection officer of EAST GATE MALL.
User’s consent for any additional processing of personal data
For any additional data processing, beyond the purposes of fulfilling the established subscriber relationship, EAST GATE MALL provides separate consent. Consent is a freely and expressly given declaration of will by the user agreeing to the processing of his personal data for a specific purpose.
Only based on previously given consent, the user’s personal data can be processed for direct marketing purposes (opt-in principle).
What is direct marketing?
Any type of communication is made in any way for the purpose of sending advertising, marketing or propaganda material that is directed directly to an identified user.
External persons
Legal and natural persons who enter into a business relationship with EAST GATE MALL, on the basis of which they have access to documentation and personal data of users of EAST GATE MALL, are committed to confidentiality and protection of personal data with special confidentiality and data processing agreements.
To whom should the user contact in order to exercise his rights?
The user can contact the Personal Data Protection Officer at EAST GATE MALL. The personal data protection officer acts in accordance with the internal regulations in order to exercise the user’s rights in a simple, fast and efficient way without causing unnecessary delays or costs.
The user receives a response to the request within 15 days.
What is the next instance the user can turn to?
If the user is not satisfied with the answer and the information provided by the Personal Data Protection Officer of EAST GATE MALL and if he believes that his rights have been violated, he can submit a request to the Agency for the Protection of Personal Data to determine the violation of the right to the protection of personal data. personal data.
Philip Kopanovski, Personal Data Protection Officer
– Requirements for exercising the rights to personal data:
- Form No. 1 – Request for access to personal data
- Form No. 2 – Request for correction of personal data
- Form No. 3 – Request for deletion of personal data processing
- Form No. 4 – Request to limit the processing of personal data
- Form No. 5 – Request for transfer of personal data
- Form No. 6 – Request for withdrawal of consent for personal data processing
- Form No. 7 – Objection to the processing of personal data
– Statement on privacy during video surveillance in EAST GATE MALL