The Privacy Policy is an important tool for compliance with Article 16 of the Law on Personal Data Protection ("Official Gazette of RNM" no. 42/20 and 294/21). This Privacy Policy provides general information on personal data processing when you visit our website, as well as information on personal data processing that is necessary for the Development Bank of North Macedonia JSC Skopje (DBNM) to achieve its legal goals, tasks, and obligations. Personal data is processed in accordance with the provisions of the Law on the Protection of Personal Data.
In its operations, DBNM respects and applies all the principles related to personal data processing, to ensure that your data are processed in accordance with the regulations for personal data protection, i.e., that they shall be:
- processed lawfully, fairly, and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency"),
- collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes; ("purpose limitation"),
- adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization"),
- accurate and, where necessary, kept up to date, every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy"),
- kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, or longer than the legally established period ("storage limitation"),
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality").
Controller of Personal Data
The Development Bank of North Macedonia AD Skopje (DBNM) with headquarters at 26 "Dimitrie Chupovski" Str., 1000, Skopje, Republic of North Macedonia is a personal data controller.
Purposes of processing
DBNM processes personal data for the realization of legal goals, tasks, and obligations, for the protection of the life or health of people/employees, protection of the property of the institution, as well as for the fulfillment of a contract where the data subject is a contracting party, or to take action at the request of the data subject before they accede to the contract.
Whose data is processed by the bank? – Categories of Personal Data Subjects
DBNM processes data related to the following categories of personal data subjects:
- Natural persons founders, signatories, authorized persons, real owners, or others, to legal entities - users and potential users of DBNM's financial products and services (lending and commission work, credit insurance and factoring, guarantees, finance, etc.),
- Natural persons or persons founders, signatories, authorized persons, real owners, or others, to the legal entities - suppliers, service providers needed for the operation of DBNM,
- Employees and assigned persons in DBNM,
- Candidates for employment in DBNM,
- Members of boards and other bodies of DBNM,
- Participants in trainings and events organized by DBNM,
- Visitors to the DBNM website,
- Clients and visitors to DBNM,
- Natural persons submitting complaints, requests for access to public information, and requests for exercising the rights to protect personal data, and
- Whistleblowers and persons for whom there is suspicion or knowledge that they have performed, perform, or will perform punishable, unethical, or other illegal or impermissible activity that violates or endangers the public interest.
How we collect personal data
We collect personal data through various channels, such as:
Categories of personal data users
The personal data processing activities are performed by authorized employees in DBNM.
We do not share your data with third parties, except in the following cases:
- In the case of hiring service providers - personal data processors who are bound to act according to the instructions of DBNM to ensure appropriate protection of personal data amid providing those services,
- At the request of the judicial or other competent authorities, institutions, and other entities and bodies for the exercise of their competencies, and only in cases when there is a legal obligation (Court, Ministry of Internal Affairs, Agency for the Protection of Personal Data, notaries, executors, Government of RNM, Ministry of Finance of RNM, etc.).
Transfer of personal data
DBNM may transfer personal data from certain categories of personal data subjects to member states of the European Union (EU) or the European Economic Area (EEA), for which DBNM notifies the Personal Data Protection Agency, and continues to protect personal data by applying appropriate protective measures following the regulations for the protection of personal data that govern the transfer of personal data.
DBNM may also transfer personal data from certain categories of personal data subjects to other countries that are not members of the EU and EEA, whereby DBNM ensures the protection of personal data through consistent compliance and application of appropriate protective measures for protection regarding the processing in connection with the transmission, and following the regulations for the protection of personal data.
Storage time of collected data
The data we collect is stored in accordance with the law and for the period necessary to achieve the purpose of the processing, unless the circumstances require longer storage (eg. to investigate a virus or malicious attack through the use of the DBNM website, to investigate a breach of the physical security of DBNM, as well as other cases for which, according to the law, it is necessary to provide evidence).
After fulfilling the purpose for which the data was processed, and if there is no other legal basis or legal obligation to keep the personal data, they are deleted, destroyed, or anonymized accordingly.
Measures for personal data protection
The operation and actions of DBNM in relation to the protection of personal data of the data subjects that are processed by DBNM are fully compliant with the regulations for the protection of personal data in RNM. This implies a fully implemented system of technical and organizational measures for confidentiality and protection of personal data processing, such as:
- strict security procedures are applied to reduce the risk of breaching the security of personal data such as unauthorized disclosure, unauthorized access to the personal data of natural persons, and other security incidents;
- the equipment/premises where personal data is stored, is located in a secure environment with limited physical access;
- firewalls, strong passwords, anti-virus programs, and other measures to protect personal data (eg, encryption and pseudonymization) are used.
- only authorized persons have access to personal data within the DBNM, and the authorizations are regulated in accordance with the work processes in the bank;
- DBNM employees are committed to ensuring confidentiality;
- DBNM conducts regular training for the protection of personal data for employees, which ensures a satisfactory level of awareness within the organization.
What are your rights?
Your rights regarding personal data processing are:
- Right to be informed and have access to personal data,
- Right to rectification,
- Right to erasure (“right to be forgotten”),
- Right to restriction of processing,
- Right to data portability,
- Right to object and automated individual decision-making, including profiling,
- Right to withdraw consent.
The subject of personal data may, at his/her request, receive information about:
- whether personal data are collected from the data subject;
- which categories of personal data are processed;
- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
- recipients or categories of recipients of the personal data;
- sources of personal data;
- the period for which the personal data will be stored;
- whether personal data is transferred to a third country or international organization.
To exercise your rights, you can submit a request in person or through a proxy. The form is available at the following link:
If you have given consent to DBNM for processing your personal data, you have the right to withdraw the consent at any time, without affecting the legality of the processing that was based on the consent before it was withdrawn, when the processing is carried out based on the article 10 paragraph (1) indent 1 or based on article 13 paragraph (2) point 1) of the Law on Personal Data Protection.
For additional information and/or exercising your rights to personal data protection, you can contact our Personal Data Protection Officer.
The right to submit a request to the Personal Data Protection Agency
The Personal Data Protection Agency (PDPA) is an independent public authority that is responsible for supervising the legality of the activities undertaken during the processing of personal data in the territory of the Republic of North Macedonia, as a protection of the fundamental rights and freedoms of natural persons in relation to personal data processing (
www.azlp.mk).
If you consider that the manner in which DBNM processes your personal data violates the provisions of the Law on the Protection of Personal Data, you can submit a request to the Personal Data Protection Agency.
Privacy Policy changes
DBNM keeps its Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last updated on March 8, 2024.