1. Policy for privacy and protection of personal data
1.1 All information received from members of the Program, including their personal data, will be treated in accordance with the publisher's internal rules for the protection of personal data and the relevant regulations in force in the Republic of North Macedonia.
1.2 By accepting the conditions of the Program, the members of the Program can choose whether the publisher will use their personal data for direct (SMS and/or e-mail) marketing, in accordance with the laws in the Republic of North Macedonia.
1.3 By accepting these rules, the Program member agrees that his personal data will be registered, saved and processed in accordance with the regulations in the Republic of North Macedonia and the internal rules of the publisher.
Link to active mobile application Android - https://play.google.com/store/apps/details?id=com.lucoil_loyalty_mk&hl=en
Huaweii- https://appgallery.huawei.com/app/C106730637
2. What personal data do we collect?
The following data are processed for using a personalized LUKOIL CLUB card:
• Name and surname, a mandatory field for customer registration (personalization of LUKOIL CLUB card or virtual LUKOIL CLUB card)
• Municipality, place of residence, optional field for customer registration (for the purpose of notifying the customer of possible promotions, bonus points at gas stations in the area in which he lives)
• Mobile phone, a mandatory field for client registration (the user receives an SMS code for registration)
• Email, a mandatory field for client registration (the user receives a registration code)
• Date of birth, optional field for client registration (for possible promotions, prizes, awarding of bonus points on the client's birthday)
If the subject wants to receive information about the actions and promotions of the gas stations as well as notification about the acquisition of additional bonus points), it is necessary to submit the following data:
• mobile phone (mandatory field during registration) and email addres
Personal data can be withdrawn by the user, that is, deleted by deactivating the profile from the mobile application or deactivating the profile on the website.
2
2.1 For what purposes?
We process personal data in order to enable our loyal customers to use the LUKOIL CLUB cards, which will give them certain conveniences and advantages when shopping.
Personal data will not be processed for any purpose other than the purpose for which it was collected.
Processing of the collected personal data for another purpose can only be carried out based on the prior consent of the subject of the personal data.
2.2 Data retention period
Personal data is stored until the owner of the personal data withdraws the consent or is stored in a form that allows the identification of the owner of personal data, not what is necessary for the purposes for which the personal data is processed or in accordance with Article 9 paragraph (1) paragraph 5 from the Law on Protection of Personal Data. The owner of personal data has the right at any time, free of charge and using simple means, to withdraw the given consent by deactivating the mobile application or deactivating the consent on the website in accordance with Article 96, and in connection with Article 11 of the Law on the Protection of Personal Data data.
2.3 Processing of personal data
The processing of personal data can be carried out:
• After previously accepted electronic consent of the subject of personal data;
• For direct marketing purposes, only if additional consent is given for the processing of personal data;
The subject's personal data will be deleted if for some reason the Program stops or ends;
The subject of personal data has the right at any time, free of charge and using simple means (one to two clicks in the section of his profile), to withdraw his consent to the processing of his personal data on the mobile application or on the website.
2.4 Obligation for secrecy and protection of personal data
• The personal data being processed are securely stored against loss, destruction, falsification and unauthorized access. Only authorized employees have access to this information.
• The transmission of personal data is protected by appropriate encryption methods, so that they will not be readable during transmission and protected according to the risk and nature of the data being transmitted.
• In order to prevent unauthorized access and misuse of personal data, all necessary technical and organizational measures will be taken to protect personal data.
• For all data and documents in LUKOIL, the technical and organizational measures for ensuring
confidentiality and protection of personal data processing must be applied.
• LUKOIL applies technical and organizational measures that are categorized at basic, intermediate and high
level for the protection of personal data that are processed in paper form, as well as through the internal information system.
Types of categories of information resources (s; c; p):
• secret information - classification code: s
• confidential information - classification code: c
• public information - classification code: p
Documentation for technical and organizational measures:
The system of technical and organizational measures to ensure confidentiality and protection of personal data processing in LUKOIL is based on the following internal acts:
• Rulebook for ensuring information security in LUKOIL Macedonia DOOEL Skopje;
• IT-plan for business continuity in the event of a disaster;
• Rulebook on the method of performing video surveillance in LUKOIL Macedonia DOOEL Skopje;
• Rules for digital certificates for work in an external system for employees in LUKOIL Macedonia DOOEL Skopje;
• Annual plan for auditing and procedure for technical service in LUKOIL Macedonia DOOEL Skopje.
Employees and hired persons in LUKOIL are obliged to respect and apply these internal acts within the framework of their work tasks.
The employee who performs the human resources tasks takes care of the orderliness of the signed and stored documentation for each employee in his own file, including a statement on confidentiality and protection of the processing of personal data through the data processing systems in LUKOIL Macedonia DOOEL Skopje, as well as
authorization to process personal data.
2.5 No data shared with third parties LUKOIL Macedonia does not sell, exchange or rent the data of the subject of personal data to third parties, except in the following situations:
Personal data can only be disclosed in accordance with the legal regulations specified in the regulation for the protection of personal data as well as other applicable regulations in NMK.
2.6 Security and storage of your personal data
To ensure maximum security of the personal data being processed, LUKOIL Macedonia takes all possible steps of protection. Multiple security technologies and procedures are used that contribute to the protection of personal data from unauthorized access, use or disclosure.
The employees of LUKOIL Macedonia are familiar with all legal and security rules relating to the protection of personal data and are obliged to act in accordance with them.
All personal data submitted to us by the subjects of personal data are stored on servers that have strictly defined and limited access rules and are located in security zones.
2.7 Rights of the subject of personal information to be informed
The subject of personal data has the right to ask the controller for information on whether his personal data is being processed;
What are the purposes and legal basis of the processing of personal data and the users or categories of users to whom the personal data is disclosed:
• Insight into the data, as well as additions, changes, deletion or stopping of further processing.
• The subject of personal data can contact the personal data protection officer at LUKOIL MACEDONIA at +389 2 3293-033, or by email at club@lukoil.com.mk.
The personal data protection officer acts in accordance with internal regulations with in order for the rights of the subject of personal data to be realized in a simple, fast and efficient way without causing unnecessary delay or costs. The controller undertakes that the subject of personal data receives a response to the request within 30 days from the day of receipt of the request.
• If the subject of personal data is not satisfied with the answer and with the information provided by the personal data protection officer of LUKOIL MACEDONIA and if he believes that his rights have been violated, he can submit a request to determine the violation of the right to the protection of personal data to The Directorate for the Protection of Personal Data.
• When the officer has responded to the subject's request for personal data, he is not obliged to respond again to the same or similar request of that subject, if there have been no changes in his personal data in the meantime, unless six months have passed since the date of delivery of the previous request to the new one. request.
3. Modification of the privacy policy
This Privacy Policy may be modified at any time by posting the modified text of the Privacy Policy on this application.
Changes to the Privacy Policy take effect immediately upon their publication. It is the responsibility of each user to
periodically review the Privacy Policy and read any changes. The continued use of our application by the user, after
the entry into force of such changes, implies that the user accepts the terms of the modified Privacy Policy.
