GrabIT LLC (hereinafter: GrabIT) respects your right to privacy. Regardless of whether you establish a business relationship with Grabit as an employee, client, candidate, or in any other capacity, you have the right to have your personal data protected.
In this privacy and data protection policy ("Policy") we explain how we collect your personal data, why we collect it, what we do with your personal data, with whom we share it, how we protect your personal data, and what you can request that we send your personal data.
This Policy applies to the processing of your personal data in the context of human resources management and employee-related activities (payment management, safety and health at work, selection, organizational development), as well as in the context of various services, tools, applications, websites, portals, marketing activities, sponsored social media platforms, etc. which are provided or administered by us or on our behalf.
This policy contains general rules and explanations. It is supplemented by separate specific privacy notices, related specific services, tools, applications, web pages, portals, sponsored social media platforms, etc., provided or administered by us or on our behalf. These privacy notices will be communicated to you whenever your personal data is needed in the context of the above-mentioned activities (eg via Internet pages, portals, individual communication services, newsletters, events, etc.).
When we ask for your Personal Data, we will always clearly inform you which of your Personal Data we are collecting. This information will be available through a document available to all subjects of personal data.
Please note that in accordance with the applicable legislation on the protection of personal data, your personal data may be processed if we have a legal basis for the processing of personal data. The legal bases for processing personal data are:
• Fulfillment of legal obligations - We process your personal data for the purposes of legal obligations (for example, the obligation to keep employees' personal files).
• Fulfillment of contractual obligations - We process your personal data also for the purpose of fulfilling contractual obligations arising from agreements for employment and for the purpose of fulfilling other contractual obligations that arise from some other type of contract but within the scope of the regulations set out in the Personal Data Protection Act and its by-laws.
• Statement of consent - We can only process your data on the basis of your express consent or if we are legally required. In that case, we will take appropriate measures to inform you in a timely, transparent, understandable, and easily accessible way about the purpose of the processing for which your consent is not necessary so that you can make an informed decision about whether you want to give us your consent. Additionally, you will be informed of your legal rights, as well as how to withdraw your consent based on the Personal Data Protection Act.
Below you will find examples of situations in which we will most often request your personal data and the legal basis for our request:
• For the purposes of entering the employment relationship with GrabIT LLC - when applying to the Employment Agency of the Republic of Northern Macedonia or of Republic of Slovenia.
• Payment of wages – this includes the basic data sent to accounting service providers and their communication with the Public Revenue Office.
• To provide additional benefits as desired by employees, such as private health insurance, additional sports activities, additional pension insurance, etc.
• For the participation of interested candidates in the process of application, selection, and employment in GrabIT - where basic personal data is required and which can be accessed by the candidates, a request for withdrawal of consent to the use of personal data and which are used exclusively in the recruitment and selection process
We process your Personal Data for specific, clear, and legitimate purposes and will not subsequently process your Personal Data in a way that is incompatible with those purposes.
The purpose of each Processing of your Personal Data will be clearly stated in the Information for the subject of the personal data in connection with that particular Processing. This document will be available on the GrabIT website.
It is important for us to maintain accurate and up-to-date records of your Personal Data. For this purpose, the data collected by consent will be updated every time 5 hours or you will be deleted after withdrawing your consent. Then, after each request for exclusion, deletion, and addition of personal data we will react accordingly within 15 days. We encourage you to report any changes or inaccuracies in your personal data via the available email addresses. To ensure that we do not process data after the expiration date for which they are intended, GrabIT has established a procedure with deadlines for deleting all documents containing personal data. We will take the necessary actions to delete or update (where necessary) any inaccurate or outdated Personal Data.
You have the right to access your personal data that we process, and if these personal data are inaccurate or incomplete, you have the right to request rectification. At any time,
Under the conditions set out in the law, you may request the deletion of your personal data ("the right to be forgotten") or restriction of processing. For this purpose, use the instructions and given email addresses published on our page and in the privacy statement.
We apply a set of appropriate technical and organizational security measures to protect your Personal Data from illegal or unauthorized access or use, as well as from accidental loss or damage to their contents. These measures are developed in accordance with the information technology we use, the associated costs of implementation, the nature, scope, context, and purposes of the processing, as well as in accordance with the standards and practices applied in our industry.
Your personal data may be processed by a third party - the Processor only under the conditions stipulated by law and only if he agrees to apply the same technical and organizational security measures.
Any Processor who processes personal data on behalf of and at the expense of GrabIT has obtained authorization to process personal data and undertakes to apply appropriate technical data security measures.
Maintaining data security means protection against unauthorized or illegal processing, as well as against accidental loss, destruction, or damage to your personal data:
Our personal data security measures include:
Controlled access – access to the personal data storage system is not granted to anyone without an appropriate password or two-factor authentication, so data is only available to authorized persons.
Access control – we adopted measures that prevent unauthorized reading, copying, modification, removal from the system, or other handling of them.
Transmission Control – all personal data handled by electronic transmission is protected to prevent unauthorized reading, copying, modification or deletion.
To which categories of users can we provide personal data:
The Company may disclose your personal data if such action is necessary for:
If, when using our website or portal, you use your registration in a specific social network (for example, your Facebook profile), we record your personal data available on the social networks and your use of such a social network means that you have expressly approved the provision of your Personal Data registered by us through this tool.
Options for requesting information and submitting applications: We provide various information and the option to send an application via the contact format on our website. Depending on the option you choose, we process different personal data:
If you do not contact us through one of the channels listed on our website, we will process all the personal data contained in your message and that you have provided in order to process it and respond to your request.
Information via post/e-mail
If you have submitted a request or application for employment, we will process the data you provide in your email, at least your first and last name and the contact details of the channel you have chosen (postal address and/or e-mail), as well as the sent letter biography.
We want to be as transparent as possible with you, so you can tell us what your choice is about how you want us to use your Personal Data.
• Choosing how to contact you
You have different options to choose how you want us to contact you, through which channel (e.g. e-mail, mail, social networks, phone), for what purpose, and how often, by adjusting your device's privacy settings or by updating your user profile or by following the withdrawal instructions contained in the (obtained) communication.
• Your Personal Data
You can always contact us as described in Point 3. WHO CAN YOU CONTACT IF YOU HAVE QUESTIONS OR REQUESTS? to find out which of your Personal Data are stored by us and where they come from. Under certain conditions established by law, you have the right to receive your Personal Data that you have provided in a structured, commonly used, machine-readable format and/or (if technically possible) to receive direct transmission to another controller appointed by you.
• Right to rectification
If you find errors in your Personal Data or if they are incomplete or inaccurate, you may request that we correct the inaccurate or supplement the incomplete Personal Data.
• The right to request restriction of Processing
You have the right, under the conditions established by law, to request the restriction of the Processing of your Personal Data (for example, when the accuracy of your Personal Data is being checked).
• The right to sentence
You have the right at any time, in accordance with applicable law, to object to the processing of your Personal Data, as well as to the processing of your Personal Data for direct marketing purposes (if you wish, you can also indicate which communication channel you wish to use and how often to contact you) or sharing your Personal Data with third parties for such purposes.
You have the right to withdraw your consent to the continuation of the processing of personal data provided by you at any time in the manner specified in Point 3.
• In addition, you may request that we delete all personal data relating to you ("the right to be forgotten") (except in certain cases, for example - to prove the transaction or when there is a legal basis).
Subjects of personal data can exercise their rights under this Policy by submitting a request to exercise the respective right.
A request to exercise the subjects' rights to personal data can be submitted in the following way:
• Electronically to the following email address: [email protected];
On the Company's website: www.grabit.io
By mail to the address at Cane Konjarec street 41, 7500 Prilep, Republic of North Macedonia.
The request for the exercise of the right in connection with the protection of personal data must contain the following information:
• Identification of the person - name and surname.
• Contacts for return information - address, telephone, e-mail address.
• Request - description of the request.
GrabIT LLC provides information on the activities undertaken in connection with the request to exercise the rights of the subjects within a period of 15 or 30 days (depending on the nature of the request) upon receipt of the request.
If there is a legal possibility, the deadlines of the previous article can be extended for an additional 60 days, taking into account the complexity and number of requests from a certain person. GrabIT LLC informs the person of any such extension within 15 or 30 days (depending on the nature of the request) after receiving the request, stating the reasons for the delay.
When the request is submitted via electronic means of communication, the information, where possible, is provided by electronic means, unless the subject of personal data has requested otherwise.
Please keep in mind that you have the right to submit a claim against the Controller to the competent authority for the protection of personal data.
In relation to GrabIT LLC (as the Controller), the competent authority for personal data protection is the Personal Data Protection Agency of the Republic of North Macedonia.
We provide Contact regarding issues related to the Protection of Personal Data, where we will answer your questions or requests regarding this Policy, specific privacy notices, and Your Personal Data (and their Processing).
Any questions, requests, or complaints related to the application of this Policy or the exercise of your rights as described in this Policy can be directed to the following Contact regarding questions related to the Protection of Personal Data:
Cane Konjarec street 41, 7500 Prilep, Republic of North Macedonia
E-mail: [email protected]
The provisions of this Policy supplement and do not replace other provisions of the applicable legislation on the protection of Personal Data. In the event of a conflict between this Policy and applicable data protection legislation, the latter shall prevail.
ГРАБИТ ДООЕЛ ПРИЛЕП has the right to change this Policy at any time. In such case, we will notify you of such changes and ask you to familiarize yourself with the latest version of this Policy and confirm its acceptance. The policy is available at www.grabit.io, where you can familiarize yourself with it and all subsequent changes.