Privacy Policy

1. Introduction

This privacy policy is in accordance with the basic principles of the Law on Personal Data Protection. Through this law, the provisions of the General Data Protection Regulation (GDPR) of the European Union are transposed into our legislation.

This privacy policy, in accordance with the Law on Personal Data Protection, regulates the basic principles and principles in exercising the rights of personal data subjects as visitors and users of the services of the platform https://thehub.mk/. 

Our platform offers services such as providing work positions, i.e. work tables in a shared workspace (co-working space), as well as, special rooms for events and a separate room for office work.

Our platform collects only those personal data that are necessary for the successful delivery of the service, with the prior consent of the personal data subject.

2. Definitions

“Personal data” means any information relating to an identified or identifiable natural person (personal data subject), and an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a national identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Processing of personal data” means any operation, or set of operations, which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, consultation, use, disclosure by transmission, publication or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Restriction of processing of personal data” means the designation of personal data that are stored, with the aim of limiting their processing in the future;

“Controller” means a natural or legal person, a state authority, a state authority or a legal person established by the state to exercise public powers, an agency or another body, which alone or jointly with others determines the purposes and manner of processing of personal data, and where the purposes and manner of processing of personal data are determined by law, the same law determines the controller or the specific criteria for his determination;

“Processor of a collection of personal data” means a natural or legal person, a state authority, a state authority or a legal person established by the state to exercise public powers, an agency or another body which processes personal data on behalf of the controller;

“Consent” of the personal data subject is any freely given, specific, informed, and unambiguous indication of the personal data subject’s will, by which he or she signifies agreement to the processing of his or her personal data;

“Personal data breach” is any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed; 

3. Prohibition of discrimination

The protection of personal data is guaranteed to every natural person without discrimination based on their nationality, race, skin color, religious beliefs, ethnicity, gender, language, political or other beliefs, material status, birth, education, social origin, citizenship, place or type of residence or any other personal characteristics.

4. Controller of the personal data collections

The controller of the personal data is the Company for Trade and Services HABOT DOO Skopje, with its registered office at ul. Bulevar Partizanski Odredi, no. 17, Skopje – Center, EMBS 7697597. 

5. Principles and lawfulness of personal data processing

Personal data are processed by the following processing principles:

• In accordance with the law, sufficiently and in a transparent manner in relation to the personal data subject;
• Collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
• Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
• Accurate and, where necessary, kept up to date, with all appropriate measures being taken to erase or correct, without undue delay, inaccurate or incomplete data, having regard to the purposes for which they are processed;
• Stored in a form which permits identification of personal data subjects for no longer than is necessary for the purposes for which the personal data are processed;
• Processed in a manner which ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, by applying appropriate technical or organizational measures.

Lawfulness of the processing of personal data means that the personal data are processed by the controller based on law and that there is a legal basis for their processing. Our platform will collect and process personal data only based on the previously obtained consent of the personal data subject for specific purposes.

We can obtain the same consent by giving a free, specific, informed, and unambiguous statement of the will of the personal data subject by ticking the appropriate box when visiting our platform or by signing an appropriate written statement of consent to the processing of personal data by the personal data subject.

The personal data subject has the right to withdraw consent at any time and the same withdrawal does not affect the lawfulness of the processing, based on the consent given before its withdrawal.

Withdrawing consent is as simple as giving it.

6. Rights of the personal data subject

Personal data subjects, as exclusive holders of their personal data, have the following rights:

• Right of access;
• Right to rectification;
• Right to erasure (‘right to be forgotten”);
• Right to restriction of processing;
• Right to be informed in the event of rectification, erasure or restriction of processing;
• Right to data portability;
• Right to object;
• Right not to be subject to a decision based solely on automated processing;

Personal data subjects also have all other rights arising from the Law on Personal Data Protection.

7. Collections of personal data

In accordance with the nature of the controller’s operations, the following sets of personal data are collected by personal data subjects:

• Name and surname;
• Address;
• E-mail address;
• Phone number;

8. Purposes of personal data processing

We collect and process the above personal data lawfully, fairly and transparently.

The personal data we collect is kept to a minimum for the purpose of successfully delivering our service.

Personal data is collected for the following purposes:

• For the successful delivery of the services we offer on our platform;
• For the purpose of recording the persons who use our services;
• Optimizing and improving the functionality of the website, i.e. the platform https://thehub.mk/;

We also collect and process personal data in order to comply with the Personal Data Protection Act and to constantly improve and optimize our service.

We and any processors of personal data are obliged to store and not process this personal data contrary to the purpose for which they were shared with us by the personal data subjects.

We, as the controller and the processors, will not use personal data in a manner and for purposes contrary to those for which they were shared by the personal data subject. The personal data subject may at any time submit a request for insight into the manner in which his or her personal data is processed.

9. Technical and organizational measures for the protection of personal data

As a Company committed to providing maximum protection when collecting and processing personal data, we take a sufficient level of technical and organizational measures to ensure the security of personal data and minimize the risk of an incident, i.e. we take the following technical and organizational measures:

• Authentication of authorized persons, i.e. login to the information system, is performed through a unique identifier that is linked only to one authorized person;
• Technical measures to secure the equipment on which personal data is processed, such as automated logout from the information system after 15 minutes of inactivity, installed firewall, regularly updated antivirus software and regular updates of software programs;
• Providing records or logs for each access;
• Protection of the internal network by limiting access to the Internet by blocking non-essential services, Wi-Fi network management that includes the use of the most modern encryption methods;
• Ensuring physical security in relation to the premises in which the servers and network equipment through which personal data is processed are located and stored;
• Issuing authorization to authorized persons with precisely defined tasks who will have insight into the storage and processing of personal data;

We are not limited to applying only the above-mentioned technical and organizational measures, i.e. in addition to the above-mentioned measures, we also take additional technical and organizational measures when necessary for enhanced protection of the personal data we process.

The technical and organizational measures are subject to regular updates and checks by the Controller and accordingly we can update, adjust and change them in order to improve the protection of personal data.

10. Sharing your personal data

We may share your personal data with:

• Government authorities: If, based on law, a government authority requests the sharing of personal data that we process.

When sharing personal data, service providers take all technical and organizational measures to store and process personal data in order to prevent an incident related to them.

11. In the event of an incident

In the event of an incident related to the protection and processing of personal data, the Controller undertakes to act in accordance with the obligations arising from the Law on Personal Data Protection, i.e. within a deadline and without delay, it will notify the Personal Data Protection Agency upon learning of such a violation, and the notification will state the nature and scope of the violation.

In such a case, the Controller will also take all necessary measures to quickly and immediately eliminate the violation.

12. Contact details of the authorized person for personal data protection

The authorized person for personal data protection is: Ivana Srdic from HABOT DOO.

You can contact the authorized person for personal data protection at the following e-mail address: contact@thehub.mk

If you have any questions regarding this Privacy Policy, please contact the Data Protection Officer at the e-mail address provided in this section.

13. Privacy Policy Changes

As the Data Protection Controller, we reserve the right to make changes to this Privacy Policy as and when necessary. Any changes to this Privacy Policy will be posted on our platform in a timely manner and you will be notified of them. Please review this Privacy Policy periodically to stay up to date with the latest updates.