Pursuant to the Law on Personal Data Protection and Article 30 of the Statute of KB First Pension Company AD Skopje, the Board of Directors of the Company at the meeting 26/2021, held on 30.07.2021, adopted the following:
PRIVACY AND COOKIES POLICY of KB First Pension Company a.d. Skopje
KB First Pension Company a.d. Skopje (hereinafter: the Company) in accordance with its business activity, also performs personal data processing in accordance with the applicable regulations in the R.N. Macedonia.
The Company takes care of the privacy by respecting the right to privacy and respecting the principles and provisions regarding the protection of personal data and their legal processing, using a number of technical and organizational measures.
Personal Data Processing
The personal data collected by the Company in the role of a Controller, which are further subject to processing, are collected only for purposes determined by law, and for each other purpose the Controller provides a separate Statement of Consent for processing personal data by the personal data subjects.
In compliance with the law, the Company, within its primary activity, has the obligation to inform its members about their rights regarding the pension insurance, as well as about information related to their status in the Company, changes in the legislation, the movement at the financial markets, realized yields, collected fees and other information related to the pension system. In the processing of personal data, the Company uses appropriate techniques and organizational measures in order to ensure protection of their processing. In this regard, the Company currently conducts regular internal controls, external audits, vulnerability assessment and penetration tests that determine and confirm the level of confidentiality, reliability, integrity and availability of IS and data processed within it. The time limitations for the storage of the processed data are defined in accordance with the law and internal acts, and after the expiration of the time limitations for storage, the data are destroyed in accordance with the stipulated internal procedures.
The Company strives to provide as up-to-date data as possible from the personal data subjects in order to inform them in a timely manner.
The collections of personal data processed by the Company are reported in the central register of the +al Data Protection Agency of the Republic of North Macedonia (hereinafter: AZLP), and for every change the Company additionally notifies the AZLP, in accordance with the Law.
People authorized for personal data processing
Regarding the personal data processing, the Company gives special authorizations for the processing to the persons who have a contracted business relationship with the Company. These authorized persons, before starting their work and at the same time by organizing continuous trainings, get acquainted with the protection of personal data processing. The authorized persons have personally signed a Statement on confidentiality and protection of personal data processing.
Company Services Portal – My Account
When using the personal account portal, the Company collects the following categories of data from the persons who log in: username, password (non-legible form), IP address, date and time of login. The exchange of data between the portal of the Company and the persons logging in to the portal (example: username and password) takes place via an encrypted connection (https). Pursuant to the Law, each member and retired member of the funds, managed by the Company, shall receive an appropriate username and password to log in to the portal.
Using the contact form, the subjects submit the following data to the Company: name and surname, e-mail, telephone. The exchange of data between the website (contact form) of the Company and the subjects entering the data in the form, takes place through an encrypted connection (https). The data provided to the Company through this form will be used only for communication with the provider of the data regarding their message.
This service is used to obtain general information about the pension system, information about the Company, as well as to obtain information about the status of the subjects who are members of some of the funds managed by the Company. The data provided to the Company through the chat, will be used only to communicate with the provider of the data regarding their message.
Contact phone – 02/3243777
This service is used to obtain general information about the pension system, information about the Company, as well as to obtain information about the status of the subjects who are members of some of the funds managed by the Company. All calls to the contact phone of the Company, according to a written letter from MAPAS, are recorded in order to control the quality of service and improve the information knowledge of the members. In this regard, AZLP has adopted a special decision approving the processing of biometric data, performed by authorized persons in the Company.
Other channels through which personal data are collected are submitting previously filled-in:
- Request for update or correction of personal data;
- Request for individual account balance
- Form of personal data of assigned member;
- Complaint form
- Member notification form by email
- Request for initiating a probate procedure
- Request for payment of funds based on inheritance
- Insurer notification form by e-mail
- The statement for holder of public office.
Rights of personal data subjects regarding their privacy
The rights that personal data subjects have regarding their privacy and legality of processing are as follows:
- the right to identify the controller;
- the right to receive contact information from the Personal Data Protection Officer at the controller and the right to communicate directly therewith;
- the right to get acquainted with the purposes of processing;
- the right to get acquainted with the categories of personal data processed by the controller for a certain subject;
- the right to obtain information on the time limitations for storage of personal data; the right to be informed about all the users (processors) that the personal data are given for processing;
- the right to receive information on whether the data is transmitted to other and third countries; the right to withdraw the statement of consent for personal data processing (unless it is contrary to law);
- right to update personal data; the right to pseudonymization or deletion of personal data (unless it is contrary to law);
- right to add/change/delete/stop the use of personal data (unless it is contrary to law);
- the right to inspect the manner and scope of personal data processing.
Relevant forms related to the rights of personal data subjects are available on the website of the Company in the section “Documents for members”.
The Company does not perform profiling of the subjects of personal data for any purpose.
The company can perform direct marketing only with the prior consent of the personal data subjects
Cookies are small files used to collect information that allow recognition of your computer or device during your next visit to our website, thus allowing faster access. Also, in certain cases, we write information in the form of “Cookies” on your computer, or other device you use in order to adjust the visit to the websites according to your needs and habits.
All information stored within the “Cookies” will be used only for the needs of the website in a way that your privacy will not be endangered, nor compromised.
- For the technical operation of the website;
- For the collection of aggregate and anonymous statistical data;
- To remember your language preferences
- At the same time, we collect data for which purpose we use a third-party service Google Analytics, in order to collect standard access information and details of visitors’ behaviour, but in a way that no one can be identified, nor is Google allowed to reveal the identities of those who visited our website.
- Cookies are collected and for this purpose a third party service – Facebook is used, for the functioning of the additional module for Live chat
When you visit our website, we may collect some other information or data from your search, such as the IP address, the content of the Company website that you have visited, when you have visited it and from which website you have been redirected.
When you visit our website we use a third party service – Google Analytics to collect standard access information and details of visitors’ behaviour, but in a way that no one can be identified, nor is Google allowed to reveal the identity of those who visited our website.
What kind of cookies do we use?
We use persistent cookies, which remember the search/session when the user shuts down the browser, in order to maintain the user’s status.
When you first access our website, you have the opportunity to get acquainted with the type of cookies and the opportunity to choose what cookies you will allow to be placed on your device. For this purpose, a special window (pop-up) appears with information about cookies.
You can also choose cookies through the option – Cookie settings, on the home screen of the Company’s website.
Information on how to disable cookies for all web sites?
The “Help” menu in the Internet browser toolbar of your computer provides the following user information:
- How to prevent the acceptance of new cookies in the browser;
- How to set the browser to notify you when you receive a new cookie;
- How to turn off cookies completely.
There is a lot of information about cookies in case you want to read more, such as: http://www.allaboutcookies.org (in English).
For example, if you are using Internet Explorer version 11.0, you must do the following:
- select “Settings”, then “Internet Options”;
- click on the “Privacy” tab;
- Use the drop-down menu to select the options you prefer.
The company does not perform video surveillance in any form.
Providing data to third parties – processors
The Company provides personal data of the personal data subjects only to entities with which it has a contracted business relationship and it has concluded an Agreement for security of information system and protection of personal data processing where the manner and conditions for their processing are regulated in detail.
Transfer of personal data to other countries
Pursuant to the Law on Personal Data Protection, other countries are countries where an appropriate level of personal data protection is provided, i.e. these are EU member states or member states of the European Economic Area. The Company may transfer personal data for the purpose of fulfilling an Agreement, in the interest of the personal data subject, between the Controller and a third party in an EU Member States or European Economic Area member states.
Acting in case of incident/unauthorized disclosure/loss of personal data
In case of a security incident, disclosure or loss of personal data, the Company, if it has contact data, informs the affected personal data subjects about the incident, and in case of a larger incident, the Company informs about it through a public announcement or through an appropriate publication on its website, no later than 72 hours after learning of the incident.
Controller KB First Pension Company a.d. Skopje
Personal Data Protection Officer in the Company
Name and surname: Dimitar Gjeorgjievski
Contact mobile phone: 070 253 788
Personal Data Protection Agency
This Policy shall enter into force on the day of its adoption. This Policy, as well as its new and/or modified versions, will be made public on the Company’s website.