Privacy Policy
1. General provisions
1.1. “You”, “your”, as referred to in this Privacy Policy, shall refer to any and all persons whose personal data (as defined herein) is being processed (as defined herein), so-called data subjects. See Section 3 below (Who do we collect personal data from) for more details as to who these persons are.
1.2. “We”, “our” and “us”, as referred to in this Privacy Policy, shall refer to DueMark dooel (registered as ДУЕМАРК ДООЕЛ Скопје), whose registered office is at Blvd. Jane Sandanski 43/3-5, 1000 Skopje, North Macedonia (hereinafter DueMark).
1.3. Data privacy is of utmost importance to DueMark.
1.4. This Privacy Policy describes who we collect personal data from, the types of personal data we collect, why we collect such data, what your rights are in this regard, recourse should there be any complaints, ways we obtain personal data and in this regard our cookie policy, direct marketing from our side, who we share that data with, security of your personal data, third-party links on our website (hereinafter Site), how long we keep your data for, who to contact in cases of inquiries, and information about any policy updates which we may carry out in the future.
1.5. We are committed to protecting and respecting your privacy and to processing your personal data in an open, transparent and regulations compliant manner. We further commit to cooperate with EU data protection authorities as well as the Swiss Federal Data Protection and Information Commissioner and to comply with their advice as regards personal data transferred from the EU or Switzerland, including human resources (HR) data in the context of an employment relationship.
1.6. This Privacy Policy complies with all applicable data protection regulations, including the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”).
1.7. We rely on the new EU standard contractual clauses (hereinafter SCCs) issued on 4 June, 2021 by the European Commission that we have executed with our cloud services providers (so-called data processors) as a legal basis for transfer of personal data from the EU and Switzerland to the US, in particular to servers in the US. Said SCCs are hereby incorporated into this Privacy Policy as a valid data transfer mechanism between the EU and Switzerland and the US, being applied automatically and ensuring that personal data is safely transferred from the EU and the Switzerland by taking all necessary measures to provide appropriate safeguards in accordance with applicable EU and Swiss Data Protection Laws.
1.8. Concerning UK data subjects, similar to Section 1.7 above, in accordance with the Retained Regulation (EU) 2016/679 (“UK GDPR”), we rely on the UK SCCs for data processors as approved by the UK Information Commissioner’s Office, that we have executed with our cloud services providers as a legal basis for transfer of personal data from the UK to the US, the same being hereby incorporated into this Privacy Policy.
1.9. For the purposes of all applicable data protection regulations, DueMark is the data controller (as defined herein) of your personal data.
1.10. We will comply with all applicable data protection regulations in the delivery of our services to our clients, in providing the requested information to any potential clients, in the functioning of our Site, in the managing of the human resources data of our employees as well as of any job applicants, in working with our third-party partners, and in any other activity which is part of our everyday business activities.
1.11. Our Site and services are not intended for children under the age of 16. If you are under 16, please ask your parent or guardian before using our Site or services.
1.12. This Policy’s goal is to make sure that your DueMark experience is safe and secure, so that you may use our services with ease and confidence.
1.13. We shall take all reasonable steps to ensure that the personal data we process is reliable, accurate, complete and up-to-date.
1.14. To better understand our views and practices concerning your personal data and how we treat such data, please review this Policy carefully.
2. Definitions
2.1. “Data controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2.2. “Personal data” means any information that identifies you directly or indirectly, including, without limitation, by reference to your name, e-mail address, login ID and other contact or location data or to one of more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
2.3. “Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
3. Who do we collect personal data from
3.1. We collect and use personal data from or about:
a) our clients and any potential clients
b) Site visitors
c) our employees and job applicants
d) third-party partners
e) others with whom we interact
4. Types of personal data we collect
4.1. As a general principle, we limit the collection of personal data to only what is needed for conducting our business activities and pursuing our legitimate interests to render our services.
4.2. In the case of Site visitors, we may collect the following personal data:
a) Electronic identification data about your computer or device: browser type and version, operating system used, Internet Protocol (IP) address, referrer URL, cookie information/identifiers, host name of the accessing computer, data about the web page from which you linked to our Site, date and time a page was accessed, pages viewed, time spent per page. This is data about our Site visitors’ browsing patterns and their browsing behavior, and may also identify any individuals.
b) Data collected through our contact form: full name (required), company/law firm/organization (optional), email address (required), phone number (optional) and job title (optional).
c) Data received from third parties, e.g. from third-party providers supporting us with our marketing communications and advertising by using the data they hold about you.
4.3. In the case of our clients, potential clients, third-party partners as well as any other individual with whom we interact within the framework of our business activities (e.g. a business contact, a visitor etc.), we may collect the following personal data about them (in case of individuals) or about their employees (in case of legal entities):
a) Identification data: full name, work address, work email address, work phone number, country of residence etc.
b) Professional employment and educational data: employer, job title, current work responsibilities, educational qualifications and trainings etc.
c) Personal characteristics: gender, language etc.
d) Financial data: bank account number or wire transfer data, including routing numbers and instructions
e) Work-related data: services ordered, way of interacting with us e.g. when and how you contact us etc., opinions and levels of satisfaction on the services we provide etc.
4.4. In the case of our employees and job applicants, we may collect the following personal data:
a) Identification data: full name, email address, phone number, address and country of residence etc.
b) Employee number
c) Prior professional employment and educational data: prior employers, job titles, work responsibilities, educational qualifications and trainings etc.
d) Personal characteristics: gender, language etc.
e) All other data required to manage their employment or potential employment with us
4.5. We may compile or aggregate personal data from numerous clients or Site visitors to collect data about groups of clients or potential clients or about our services. We do not consider this aggregated data as personal data because it does not contain the personal data of any individual client, client’s employee or Site visitor. Such aggregated data only relating to Site visitors may be for example, the total number of Site visitors, the number of Site visitors per page, browser types, external websites linked to our Site, IP addresses etc.
5. Purposes we collect personal data for
5.1. We collect personal data only for legitimate business purposes. These include, but are not limited to, the following purposes:
a) to perform our obligations and exercise our rights under a contractual relationship with our clients, or to take the steps required prior to entering into a contractual relationship
b) to support our instructions for our third-party partners
c) to support clients’ use of our services
d) to provide services that meet our client’s needs, including new services
e) to provide services in an efficient, secure and personalized manner
f) to contact back and deal with inquiries, requests and complaints
g) to send relevant information about our company, services and business activities
h) to send personalized marketing communications, alerts, service updates, special offers and newsletters using our marketing channels, subject to your consent or otherwise as permitted by law
i) to better organize and administer our services and all orders
j) to better manage all the data subjects from Section 3 above (Who do we collect personal data from)
k) to carry out invoicing and accounting
l) to improve and further develop the content and general administration of our services, based on our clients’ interests
m) to better understand our clients’ needs
n) to compile or aggregate broad demographic data and other statistics about the use of our Site, to analyze such aggregated data for trends and developments in the aggregate and in order to improve our Site’s content, administration, performance and design, and do all necessary to ensure we develop it based on our Site visitors’ browsing behavior and a solid understanding of their needs and interests, while also ensuring that we present it in the best possible manner for them and their computer or device.
o) to prevent or detect fraud or abuses of our Site and services
p) to implement and enforce our Service and Website Terms and Conditions of Use or any other agreement between us and our clients
q) to communicate with and manage our employees
r) to carry out profiling for job recruitment purposes, allowing us to assess job applicants’ suitability for a specific role
s) to comply with the applicable laws and multinational regulations where we conduct business as well as in response to a request from a court, regulatory or other law enforcement body
t) to ensure the security of our business
5.2. We only process personal data in a way compatible with and relevant to the purpose for which it was originally collected or subsequently authorized by you.
5.3. We will not disclose personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by you.
5.4. Where we are legally obliged to obtain your consent to process your personal data for particular purposes, we will only process your data for such purposes to the extent that we have obtained such consent from you.
6. Your rights
6.1. You have the following rights concerning the personal data we hold about you:
a) the right to obtain confirmation that we are processing your personal data and request a copy thereof
b) the right to be informed about how we process your personal data
c) the right to access, change, update, block or delete any of the personal data we hold about you
d) the right to correct, amend or delete inaccurate, incorrect or incomplete personal data we hold about you
e) the right to object to the way in which we process your personal data
f) the right to restrict the way in which we process your personal data
g) the right to withdraw your consent to our processing of your personal data, to the extent such processing is based on your consent
h) the right to opt out whether your personal data is to be disclosed to a third party
i) the right to opt out whether your personal data is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you
j) the right to receive the personal data we hold about you in an appropriate and commonly used format with a view to transmitting such personal data to a third party
k) the right to contest a decision of ours concerning the automated processing of your personal data, which affects you in a significant manner
l) the right to opt out of receiving direct marketing communications, in which case your personal data will no longer be processed for such purposes
6.2. Should you wish to exercise any of the above rights or have questions concerning them, please contact us using our contact details from Section 15 below (Contacting us).
7. Recourse
7.1. In addition to the above rights from Section 6 (Your rights), you also have the right to file a complaint with your local Data Protection Authority (DPA) in your jurisdiction, if you are unhappy with the way we have handled your personal data or any privacy inquiry or request that you have raised with us. Please contact us using our contact details from Section 15 below (Contacting us) should you wish to be directed to your appropriate DPA.
8. Ways we obtain personal data
8.1. Generally speaking, we obtain personal data in two ways:
a) within the ordinary course of our business activities
b) by visiting or using our Site
8.2. We obtain personal data in the ordinary course of business through email, phone, chat, mail, fax or in person.
8.3. We obtain such data in the ordinary course of business because:
a) you give them to us
b) others give them to us, e.g. your employer or third-party service providers we use in the ordinary course of business, such as marketing services providers, credit agencies or background checks. Whenever we obtain personal data from external third-parties, we make reasonable efforts to enter into contractual clauses with these parties obliging them to comply with the data protection regulations. We do this by either obliging said party to provide you with all necessary information or if required, to obtain your consent for the processing of your personal data.
c) they are publicly available
8.4. Some examples of how we obtain said data in the ordinary course of business include:
a) requesting service information from us
b) issuing a request for proposal (RFP)
c) ordering from us
d) replying to our surveys
e) attending events or conferences we sponsor
f) applying for a job with us
g) providing services to us as our third-party partner
8.5. We automatically collect the personal data set out in provision 4.2. – a) above (Types of personal data we collect – electronic identification data about your computer or device) and store it in server log files whenever someone visits our Site. This online information is collected via so-called cookies (see our Cookie Policy for more details), in particular by using a website analysis service called Google Analytics. Google uses this information to evaluate your use of our Site, to compile reports on website activities for us as well as to provide other website and internet-related services. We use such data to analyze and evaluate our Site, and may share said data with third-party service providers on an aggregated basis in order to improve our Site, our advertising as well as the services we offer.
8.6. We may also obtain your personal data when you use our Site, in particular when you fill out our 1-click and standard order forms as well as our contact form.
9. Direct marketing
9.1. We may, from time to time, inform you about a new service or product we offer, changes to our existing services and value-added offerings using the information you provided us with either in person, by phone, email, chat, fax, mail or by using our Site, including data you provide to use our services.
9.2. We always strive to limit our direct marketing messages to those we think would greatly benefit you and you would appreciate receiving.
9.3. We comply with all applicable laws and regulations regarding “Do Not Call” lists. Generally, we are allowed to contact our clients, even if they are registered with federal or state “Do Not Call” lists, because of our relationship with you. We will, of course, honor any request to remove your name from our phone, mail or email solicitation lists and will delete your information from our files within a reasonable time period.
9.4. In case you prefer not to receive these value-added messages and wish to be removed from our solicitations lists, please either reply directly to our message or simply contact us at compliance@duemark.com.
10. Disclosures of personal data
10.1. We may disclose your personal data with the following third parties:
a) our own outsourcing partners (third-party partners) – these are external suppliers, service and software providers we use in connection with our business activities and services, and which if reasonably required may have access to your data, which they process on our behalf.
b) in limited circumstances, with other third parties as well:
1) if required to disclose your personal data in order to comply with any legal obligation as required by law or in response to lawful requests and requirements by public authorities, including to meet national security or law enforcement requirements, or as otherwise required by law, rule or regulation
2) to appropriate law enforcement, 911 centers or emergency services when we, in good faith, believe said disclosure is necessary to protect a person, our property or the public from an immediate threat of serious harm
3) to assist us in invoicing, payment collection, enforcing or applying our Services Terms and Conditions of Use as well as our Website Terms and Conditions of Use or any agreement between you and us, protecting from fraudulent, abusive or unlawful use by you of our services, enforcing and protecting our rights, property and safety as well as that of our clients or of others. This includes exchanging information with other companies and organizations for protecting against credit risk and fraud.
4) in the event that we sell or buy any business or assets in which case we may disclose your personal data to the seller or buyer of such business or assets, or if DueMark or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients will of course be one of the transferred assets. Also, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
5) to assist us in developing, promoting, establishing, maintaining and providing our services to you, including joint marketing efforts or promotions, but your personal data may not be used by the third parties for any other purpose
6) if we have your consent to do so
10.2. We do not disclose your personal data to anyone else except as set out above.
10.3. When disclosing your personal data to third parties, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the principles and standards of this Privacy Policy.
11. Security of your personal data
11.1. Taking account of the nature of your personal data as well as the risks involved in processing it, we are strongly committed to protecting the security of your data. To this end, we employ reasonable and appropriate technical as well as organizational security measures to protect your data from accidental loss, misuse, unauthorized access, disclosure, alteration, unlawful processing, destruction and damage both online and offline.
11.2. These security measures include:
a) all data is stored in our secure servers
b) limiting access to your data on a “need to know” basis i.e. to only those who require said data to perform their jobs or to assist us in providing our services to you
c) training our employees to ensure they are aware of our privacy obligations when handling your data. On top of that, all our employees are bound by obligations of confidentiality, in accordance with the Confidentiality clause from our Services Terms and Conditions of Use.
d) technological security measures, including firewalls, encryption, anti-virus software and access control procedures
e) physical security measures
11.3. While our goal is to prevent any and all of the security breaches set out under provision 12.1. above, and while we endeavor to protect your personal data by implementing the security measures set out under provision 12.2. above, we cannot always guarantee complete security. The transmission of data, especially over the Internet (including by email), is never completely secure. Unauthorized entry or use, hardware or software failures, events outside our control as well as other factors, may compromise your data’s security. We will make reasonable efforts to contact you in case we determine that a security breach has occurred and that there is a reasonable risk of identity theft or as otherwise required by law.
12. Links
12.1. Our Site may contain links to other external websites provided by third parties. While we always try to link only to websites that share our high standards for respecting privacy, we are neither responsible nor liable for the content, the privacy practices and the privacy policies of these other websites. We recommend that you review their privacy policy before disclosing your personal data to these websites.
12.2. We may advertise on other websites. The advertising companies placing our ads may use cookies or web beacons to track the effectiveness of our ads. The use of such technology is subject to the privacy policies of the advertising companies, and not this policy.
13. Data retention
13.1. We will retain your personal data only as long as is necessary for the purposes set out in Section 5 above (Purposes we collect personal data for) and for us to comply with business, tax and legal requirements. This retention period is likely to be the entire time you are in a relationship with us, the type of relationship in turn depending on the type of data subject you are.
13.2. After our relationship is terminated we will keep your personal data for a reasonable period, to maintain our records in accordance with the law and our legitimate business needs.
13.3. We may keep an anonymized form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful reason to do so.
14. Contacting us
14.1. We hope this privacy policy clarifies our privacy practices and makes you feel more confident about the way we process your personal data. If you have any questions, comments, concerns or complaints about this policy or our privacy practices, please do not hesitate to contact us at:
a) compliance@duemark.com – by email
b) +389 XXX – by phone
c) +389 XXX – by fax
d) DueMark dooel, Blvd. Jane Sandanski 43/3-5, 1000 Skopje, North Macedonia – by mail
15. Policy updates
15.1. We may update this privacy policy from time to time. Any such future revisions to our policy will be posted on this web page, with the revision date indicated at the top of the page. The new updated policy will apply as from that revision date. We encourage you to periodically check this policy.
15.2. Should any update constitute a material change to this policy, we will post a notice on our Site in a prominent position.
15.3. Should we decide to use personal data in a materially different manner from what is contained herein, we will post the update on this web page for 30 days before making the change.
