Personel Data Protection
Personal Data Protection
The right to privacy and the protection of users' personal data is a priority in the operation of STAR SHOP DOO Skopje (hereinafter STAR SHOP). As a company, we pay great attention to the protection of personal data in all our business processes, implementing the standards set by the regulations for privacy and protection of personal data in the Republic of North Macedonia.
This Guide should be a practical tool that provides clarification on the meaning of the terms used in the regulations for the protection of personal data, elaborates the principles for the protection of personal data that must be taken into account during any processing of the personal data of users and employees of Star Shop.
Meaning and definitions of terms used in the Guide
Terms arising from regulations for the protection of personal data
PERSONAL DATA is information relating to an identified natural person or an identifiable natural person. An identifiable person is a person whose identity can be determined directly or indirectly, based on a citizen's identification number or based on one or more features specific to his physical, physiological, mental, economic, cultural or social identity.
Personal data are: name and surname, address, date of birth, unique identification number of the citizen, ID card number, photo of identification documents, telephone number, e-mail address, etc.
PERSONAL DATA PROCESSING means an operation or a set of operations performed on personal data automatically or otherwise, such as: collection, recording, organization, storage, adaptation or change, withdrawal, consultation, use, disclosure through transmission, posting or otherwise making available, equalizing, combining, blocking, deleting or destroying.
PERSONAL DATA SUBJECT is a natural person whose personal data is processed
PERSONAL DATA CONTROLLER is a natural or legal person, state authority or other body, which independently or together with others determines the purposes and method of personal data processing.
PROCESSOR OF PERSONAL DATA is a natural or legal person or an authorized body of the state government that processes personal data on behalf and on behalf of the controller.
PERSONAL DATA PROTECTION OFFICER is a person who is authorized by the controller to monitor the implementation of personal data protection regulations and to ensure compliance of operations with the principles of personal data protection.
Principles of personal data protection
When processing personal data, we are guided by the following principles for the protection of personal data:
- To be processed fairly and in accordance with the law
Usually, the fair processing of personal data implies compliance with the "principle of necessity" – data processing to the extent necessary to achieve a specific goal. The processing of personal data in accordance with the law implies the existence of a legal basis and respect for any legal restrictions arising from other laws. Data processed on the basis of law can be used for:
- Conclusion, supervision and termination of a contract
- Conclusion of an employment or internship contract
- Conclusion of a contract for a work
- Delivery of ordered products
- Notifications about new products
- Notifications about reductions (discounts) of already existing products
- Notices of unpaid debt
- Applying for financing
- Billing of products
- Notification of remaining number of installments
To be collected for specific, clear and legally established purposes and to be processed in a manner consistent with those purposes.
The use of products and services is not conditioned by the user's consent to use his data for other purposes, except for fulfilling the rights and obligations arising from the concluded agreement.
- To be relevant, appropriate and not to a greater extent in relation to the purpose to be achieved by their processing (data economy)
The "principle of necessity" limits the amount of data that can be processed to only those that are necessary to fulfill the purposes for which they are processed. For example, regardless of the type of business relationship established, the processing of data on the nationality of the user would be irrelevant, inappropriate and excessive.
- To be accurate, complete and, where necessary, updated, whereby all appropriate measures will be taken to delete or correct the data, taking into account the purposes for which they were collected or processed (data quality)
This principle refers to the quality of the data, according to which Neptune as the controller of personal data takes care of their accuracy. Updating data means replacing data that was once correct with new data or supplementing it. At the same time, the user has the right to request that actions be taken to delete or correct his data.
- To be kept in a form that allows identification of the user, no longer than the time required to fulfill the purpose for which the data was collected
This principle limits the period in which personal data can be legally processed, whereby after the end of the purpose for which they were collected, they should be deleted or destroyed, i.e. anonymized. Upon termination of the contractual relationship, these data must be kept for a period of 1 (one) year from the date of issuance of the last invoice for the provided services.
It is considered to have been acted in accordance with the principle of erasure of data in the event that the identification characteristics of the users are deleted (anonymization) or the identification characteristics are replaced with other characteristics (pseudonymization). Anonymization and pseudonymization are performed in such a way that the user's identity cannot be revealed or can only be revealed with unreasonable effort.
User rights
Users-subjects of personal data have the right:
- To be informed about the processing of their personal data
- To access their personal data and
- To supplement, modify, delete or request to stop the use of their personal data
Below is a more detailed explanation regarding these rights:
- As a function of transparency, Star Shop has the obligation to inform the user about the purposes and legal basis of the processing of his personal data.
- Every user has the right to access his personal data. The request for access to the data must be submitted in writing or through the Star Shop website here and the user's response will be given within 15 days from the day of receipt of the request.
If the user does not receive a response to the request for access to personal data, he can submit a request for determination of violation of the right to protection of personal data to the Agency for the Protection of Personal Data.
- The user has the right to request addition, modification, deletion or stopping of the use of his personal data. At the request of the user, Star Shop is obliged to supplement, modify, delete or stop the use of personal data, if the data is incomplete, incorrect or not updated and if their processing is not in accordance with the law. Regardless of whether the user has submitted a request for addition, modification or deletion of personal data, if Star Shop determines that the personal data is incomplete, incorrect or not updated, it is obliged to add, modify or delete the same. Star Shop is obliged to inform the subject of personal data in writing about the additions, changes or deletions made, no later than within 30 days from the day of receipt of the request.
Obligations of Star Shop Ltd
Obligation of employees/engaged persons to protect personal data
The employees/engaged persons in Star Shop when undertaking their work tasks and responsibilities:
- They familiarize themselves with the regulations for the protection of personal data, as well as with the adopted documentation for technical and organizational measures to ensure secrecy and protection during the processing of personal data.
- They sign a declaration of secrecy and protection during the processing of personal data.
With this Statement, they undertake to respect the principles of personal data protection, to process them in accordance with the instructions received from Star Shop, unless otherwise regulated by law, and to keep personal data confidential, as well as the measures for their protection . This statement is also valid after the termination of their employment/engagement in Star Shop.
-They attend mandatory training on personal data protection.
Star Shop is obliged to inform the user about:
- The identity of the controller;
- The purposes for the processing;
- The right to access, modify or delete personal data
- The identity of Star Shop's personal data protection officer
User's consent for any additional processing of personal data
For any additional data processing, beyond the purposes of fulfilling the established subscriber relationship, Star Shop provides separate consent. Consent is a freely and expressly given declaration of will by the user agreeing to the processing of his personal data for a specific purpose.
Only on the basis of previously given consent, the user's personal data can be processed for direct marketing purposes (opt-in principle).
What is direct marketing?
Any type of communication made in any way for the purpose of sending advertising, marketing or propaganda material that is directed directly to an identified user.
Outsiders
Legal and natural persons who enter into a business relationship with Star Shop, on the basis of which they have access to documentation and personal data of Star Shop users, are committed to confidentiality and protection of personal data with special confidentiality and data processing agreements.
To whom should the user contact in order to exercise his rights?
The user can contact the Personal Data Protection Officer at Star Shop. The personal data protection officer acts in accordance with the internal regulations in order to exercise the user's rights in a simple, fast and efficient way without causing unnecessary delay or costs.
The user receives a response to the request within 15 days.
What is the next instance the user can turn to?
If the user is not satisfied with the answer and the information provided by the Personal Data Protection Officer of Star Shop and if he believes that his rights have been violated, he can submit a request to determine the violation of the right to the protection of personal data to the Personal Data Protection Agency data.
EBRU BAYRAM
Personal Data Protection Officer
Email address:
ebru.bayram@starshop.mk