Xessable LTD is founded in 2017 with headquarters at Franklin Ruzvelt No.33A Skopje and has headquarters in the Netherlands, Newtonlaan 115, 3584BH Utrecht. We are devoted to safeguarding and it’s treating the security of the data seriously and according to GDPR regulations that apply in the Netherlands and in North Macedonia.
Relevant laws and legislation
We want transparently to disclose how we may use your data so in this section we will explain the categories of personal data that we may collect and process in the given capacity and for the sole purposes for which may they be collected and processed accordingly.
Xessable LTD Skopje collects and controls personal data according to legislation, transparent and legitimate. To provide impeccable business services and thus comply with our regulations, we must provide an operational website. We think and work very carefully about our usage of personal data. In the context below you will find what we do to protect your privacy ensuring high quality and ethical standards are implemented and the necessary information is valid. Xessable LTD may appear in the capacity of controlling and processing personal data.
The legal basis for this process of personal data is the fulfillment of contract obligations.
Xessable LTD Skopje completely respects the principle of the minimal scope of data, and it collects only the data that are necessary, relevant, and limited for the fulfillment of the purpose for which they are processed.
We reassure you that from Xessable LTD Skopje’s point of view, the personal data are not processed for any other purpose except for the purpose they are collected.
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
Your personal data will not be stored in a form that may ID you, and longer than necessary for the sole purpose they are processed.
Personal data of the employee is in accordance with laws prescribed deadlines, particularly for the longevity of the employment period and after.
The deadlines for keeping personal data are arranged by internal acts of Xessable LTD Skopje.
|Right to be informed (article 17 и 18 from Law on Personal Data Protection)||Xessable LTD has the obligation to inform all the subjects which personal data it collects for them, for what purposes and how long it stores them, and if they are being transferred to third parties. Xessable LTD has the obligation to announce this information on its website in its office venues or to deliver the information to its subjects in paper or in digital form.|
|Right to access
(article 19 from Law on Personal Data Protection)
|On request, Xessable LTD has the obligation to deliver detailed information regarding the data that is collected or processed.
(Form 3 Request for access to personal data)
|Right to change
(article 20 from Law on Personal Data Protection)
|On request, Xessable LTD will change or complement subjects’ personal data.
(Form 4 Request to change personal data)
|Right to Delete
(article 21 from Law on Personal Data Protection)
|On request, Xessable LTD will delete data if the sole purpose is fulfilled, if the subject withdraws the agreement for collection and processing, if the data were illegally processed, or If the subject objects to the processing or to respect the legal obligation of Xessable LTD to delete data when the reason for collection or processing is obsolete.
(Form 5 Request to delete personal data)
|Right to limit the processing
(article 22 from Law on Personal Data Protection)
|On request, Xessable LTD will limit the processing of personal data, if the subject objects the validity of the personal data in the period of validation, if the subject considers the process is illegal, but contraries of deleting, or if the data is needed to exercise legal rights.
(Form 6 Request to limit the processing of personal data)
|Right to transfer the data
(article 24 from Law on Personal Data Protection)
|On request, Xessable LTD will transfer the personal data in a structured, usually common, and machine-readable format or it will transfer them to another LTD. This right is applicable when personal data is processed based on an agreement or contract and when the processing is done by automation.|
|Right to object
(article 25 from Law on Personal Data Protection)
|Based on the objection given by the subject, Xessable LTD will stop the processing of data for the sole purpose of direct marketing and profiling connected with direct marketing.
(Form 7 Objection)
|Rights that come out of automated decision making
(Article 26 from Law on Personal Data Protection))
|The subject has the right to ask not to be a matter of decision based solely on automation processing, based on profiling, if that decision causes legal consequences for them. The controller must not decide if the subject asked in writer to not make such a decision.|
|Right to withdraw the agreement (Article 11 from Law on Personal Data Protection)||On request, Xessable LTD will stop processing the subject’s personal data. The withdrawal does not influence the legal aspect of processing that was done before the withdrawal of the agreement).
(Form 8 Request to withdraw the agreement)
Xessable is maintaining and following up measures to ensure the security protection of personal data whether is collecting or processing and risks against transmission and access by a third party.
We highly value transparency, and it is defined in our GDPR principles and policy when and if a breach of data happens. We will inform affected parties of the accident/breach of their personal data.
Data Protection Authority Agency (DPA) will be informed within 72 hours. This will be managed in accordance with our Security Incident Protocol which sets out the overall process of handling information security incidents and Personal Data Breach Notification which sets out the process of notification of relevant authorities and data subjects in the event of a privacy breach.