PRIVACY POLICY

The Association Institute for Good Governance and Policies in the Environment and Climate Change (IPECC) Skopje (hereinafter referred to as “IPECC”) is an association of citizens from the Republic of North Macedonia established on May 3, 2000, with the aim of promoting sustainable development and good governance in the environment and climate change, through the development and implementation of policies that contribute to the protection of the environment and the achievement of climate neutral development.

In order to ensure transparent and legal processing and retention of personal data, the Foundation adopted this Privacy Policy to inform you about the nature, scope and aims for which we collect, use and process your personal data, the manner in which we protect your personal data, and about your rights arising from the Law on Personal Data Protection.

In accordance with the Law on Personal Data Protection, the data controller is:

Controller: Association Institute for Good Governance and Policies in the Environment and Climate Change (IPECC) Skopje

Address: St. 11 Oktomvri No. 38-27, 1000 Skopje – Centar

Telephone: +389 (0)2 615 1016

E-mail: contact@ipecc.org.mk

Our coordinator for protection of personal data:

Liljana Dinev

E-mail: contact@ipecc.org.mk

Telephone: +389 (0)2 615 1016

*Every visitor of this website may, at any time, contact our coordinator for protection of personal data directly, with any questions or suggestions related to the issue of protection of personal data.

 

  1. Definitions

Personal data

The term personal data shall mean any information related to and pertaining to an identified physical person or physical person who can be identified (data subject), while a physical person who can be identified shall mean a person whose identity may be determined directly or indirectly, especially on basis of an identifier such as first and last name, unique citizen registration number, information on its location, identifier on the internet, or on basis of one or more marks and features specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Data subject

Data subject shall mean any identified or physical person who can be identified, whose personal data is processed by the controller responsible for the processing of personal data.

Processing of personal data

Processing of personal data shall mean any operation or operations performed on the personal data, or a group of personal data, automatically or in any other fashion, such as: Collection, evidence, organisation, structuring, retention, adaptation or change, retraction, consultation, insight, use, disclosure through transfer, publication or any other manner of making the data available, synchronisation or combination, limitation, deletion or destruction.

Controller

Controller shall mean a physical person or legal entity, administrative body, a body of the state or legal entity established by the state to perform public authority, agency or other body that, independently or in cooperation with others, determines the aims and the manner of processing of personal data. When the aims and the manner of processing of personal data are defined by a law, the same law shall also prescribe the controller or the special criteria for its appointment.

Processor

Processor shall mean a physical person or legal entity, administrative body, a body of the state or legal entity established by the state to perform public authority, agency or other body that processes the personal data on behalf of the controller.

Consent

Consent of the data subject shall mean any freely given, concrete, informed and unambiguous expression of will, through a statement or clearly affirmed action, expressing consent for processing of his or her personal data. When your personal data is processed on the basis of your given consent, you shall have the right to revoke your consent at any time and we shall promptly cease the processing of your personal data.

Data subject

IPECC processes the personal data of the following categories of data subjects:

  • Employees of IPECC
  • Members of the association and members of the Assembly and founders of IPECC
  • External collaborators and associates
  • Participants in trainings/workshops/conferences.

Categories of Personal Data

For the specified subjects of personal data, IPECC processes the following categories of personal data:

Employees of IPECC

  • For the purpose of meeting its contractual obligations and in compliance with the Law on Record Keeping in the Area of Labor, the IPECC processes the following personal data of its employees:
    • Name and surname, address, the unique citizen registration number (EMBG), birthdate, competed level of education and degree earned, working time, sick-leaves, annual leaves, salaries, bank account numbers.
    • In addition, the association may process employee images, contact and emergency information for its employees based on express consent.
  • The employees’ data is retained for a period of 45 (forty-five) years, in accordance with the Law on Record Keeping in the Area of Labor.
  • The association processes the data for its employees to fulfill the contractual obligations arising from the employment contract, the legal obligations arising from the Employment Law and the Law on Labor Records, as well as on the basis of consent.
  • Taking into account the activity of the association as well as the financing of the association’s operation through projects supported by international organizations, it is possible for IPECC to share data with international organizations. IPECC pays special attention to the fact that the shared data are within the scope of the necessary data to fulfill the contractual obligation with the donor and that they are protected during transmission with appropriate technical and organizational measures. In addition, the data can become available to other users in accordance with the law by submitting a written request with a specific legal basis for the requested data.
  • Employee data, such as name and surname, and photo, based on express consent, are published on IPECC’s website.
  • All IPECC employees from the very beginning of their employment are familiar with the procedures and trained for the protection of personal data and the security of the information system and are authorized within their competences to handle the personal data of the stakeholders.

Members of IPECC

  • For the purposes of fulfilling the legal obligations arising from the Law on Associations and Foundations, IPEC keeps a record of members, that is, a Register of Members, where the personal data of IPEC members as well as members of IPEC bodies are processed. For its members and members of bodies, IPEC processes the following personal data:
    • Name and surname, date of payment of membership fee, date of birth, address, education information, workplace, e-mail, telephone number.
  • Member data is kept for 10 (ten) years from the day of termination of membership in the organization.
  • Data on the members of the Administrative Bodies, based on express consent, are published on the IPECC website.

External collaborators and associates

  • To carry out various activities within its scope, IPECC hires various profiles of external collaborators (consultants, trainers, translators…), whose personal data we process for the purposes of fulfilling contractual obligations. For external collaborators, IPECC processes the following personal data:
    • Name and surname, the unique citizen registration number (EMBG), address, personal ID card number, bank account number.
  • Data on external collaborators are kept for 10 (ten) years from the date of execution of the service contract for the purposes of audits of the organization’s projects and activities.
  • It is possible to share external data with IPEC donors for the purpose of fulfilling the contractual obligations arising from the project implementation agreement with the donor, and for the purpose of confirming the performance of the contractual engagement by the external collaborator.
  • For more detailed information, contact our coordinator for personal data protection.

Participants in trainings/workshops/conferences

  • IPECC within the scope of its operations, organises different seminars, trainings, conferences, and for the purposes of organizing the activities and reporting to our donors, we process the following personal data:
    • Name and surname, position, organisation and institution, e-mail address and signature.
  • The data on the training participants are kept for 10 (ten) years from the date of holding for the purposes of audits of the projects and activities of the organization.
  • The data it processes about the participants in events is collected for the purpose of documenting the event and for the purposes of audits, internal and external, as well as for confirming the presence of the participants and the signed persons.
  • During the events, pictures are taken and in certain cases and recording, for which IPECC informs the participants both during the nomination itself and before the event begins. If, in a certain image published on our website, social media or other media, you want it deleted, please contact our officer, for which, within the given legal term, IPECC will remove it from the place where it was placed. IPECC will make every effort to inform them and request that the image be removed from other media if it has been downloaded and republished.
  • – For more detailed information on the processing of personal data of event participants, please contact our personal data protection coordinator.

Integrity and Confidentiality of Personal Data

IPECC undertakes adequate technical and organisational measures to protect the personal data collected through this website from unauthorized access, illegal disclosure and destruction of data. The access to personal data is limited only to persons holding special authorisation to handle the data.

Cookies

Our website uses cookies. The cookies are textual data files kept in your information system through the web-browser.

Many cookies contain so-called cookie ID – a unique identifier of the cookie, consisting of series of characters that allow the visited websites to distinct different web-browsers and their users from the other web-browsers, with the help of the unique cookie identifier.

We use cookies to help us improve our service for the visitors and the users of our website. Cookies allow us to recognize you with the aim of making the use of our website easier. If you use the cookies on our website, you don’t have to enter the access information every time you are accessing the website, because the website stores the information, and the cookie is saved on your information system.

As a visitor or user of our website, you can prevent the installation of cookies at any time, using the appropriate settings of the web-browser or to permanently refuse the installation of cookies. Also, you can delete the already installed cookies at any time, through the settings of the web-browser or using other software solutions. If you turn off the setting of cookies through the web-browser, you won’t be able to use all the functionalities on our website.

Collection of general data and information

When you access our website, it collects a series of general data and information. The general data and information are kept in the log-files (databases) on the server. The collected data and information may refer to (1) the type of web-browser and the version you use, (2) the operational system used for access, (3) the website from which the access system accesses our website, (4) the date and the time of access to the website, (5) the IP address, (6) the Internet Service Provider of the access system, and (7) other similar information that may be used in cases of attacks on our information system.

When using the general data and information, we make no assumptions about the user. We need the information to (1) correctly deliver the contents of our website, (2) optimise the contents of our website, (3) ensure long-term sustainability of our information system and the web-site technology, and (4) provide the information necessary to prosecute in case of cyber-attack to the competent law enforcement authorities. For that reason, we anonymously analyse and collect statistical data in order to ensure optimal levels of protection for the personal data we process. The anonymous data from the log-files (databases) of the servers are kept separately from your personal data.

Deadlines for safe keeping of data

The data collected on the basis of your previously expressed consent is processed until you revoke your consent or until the aims for which the data was collected were achieved. The data processed to comply with legal obligations are kept for the duration of the legally prescribed deadlines. Once the aims are achieved, the data is destroyed in accordance with material regulations and regulations on keeping records.

Transfer of Personal Data

The data on the performed activities kept by the Foundation for the purposes of reporting and audit, are presented to the international organisations/donors to our organisation.

Sharing Data with Third Parties

For the purposes of implementation of some of its activities, the IPECC engages various companies and individuals to provide expert services. In compliance with the Law on Personal Data Protection, these entities act as data processors. The Law on Personal Data Protection prescribes that any person or entity which, on behalf of the IPECC, processes the personal data processed by the IPECC shall be considered to be a processor or personal data.

Your rights

You have the following rights regarding the processing of personal data:

  • The right to be informed about the processing of your personal data
  • The right to access your personal data
  • The right to correction and deletion of personal data
  • The right to restrict the processing of personal data
  • The right to object or complain

For any additional information and/or exercise of your rights for personal data protection, you can contact the personal data protection coordinator.

Your right to file a request/petition to the competent authority

If you are convinced that the organization violates the provisions of the Law on Personal Data Protection in the processing of your personal data, you have the right to file a Request for protection of personal data to the competent body, the Agency for Protection of Personal Data.