Facility Management Services FMS DOOEL Skopje

Effective Date: 23 May 2026
Last Modified: 23 May 2026

Article 1. Data Controller

Facility Management Services FMS DOOEL Skopje, with registered office at 20th October no.4, Skopje 1000, Republic of North Macedonia, email: contact@fms.com.mk, telephone: +389 (2) 3 222 246 (hereinafter: the Company), acts as data controller within the meaning of the Law on Personal Data Protection of the Republic of North Macedonia (Official Gazette of North Macedonia no. 42/2020 and subsequent amendments; hereinafter: LPDP) in respect of all personal data it collects and processes in connection with the operation of the website https://fms.mk/ and the provision of its services.

This Privacy Policy (hereinafter: the Policy) describes the categories of personal data the Company collects, the legal bases and purposes of their processing, retention periods, the rights of data subjects and the manner in which those rights may be exercised, the recipients of personal data, and the security measures the Company applies.

This Policy applies to all natural persons whose personal data the Company processes, including website visitors, persons submitting service requests, employees and associates, unless a separate policy has been adopted for a specific category of persons.

Article 2. Categories of Personal Data Collected

2.1 Data provided directly by the data subject

When a data subject voluntarily enters their data through the contact form on the website, by email, by telephone or in any other manner when communicating with the Company, the Company collects: first name and surname; name of the legal entity and job title, where the data subject acts in a professional capacity; email address; telephone number; postal address, where required for the conclusion or performance of a contract; and the content of the message or request.

The data subject is under no obligation to provide the above data; however, failure to do so may prevent or limit the Company’s ability to respond to the request submitted.

2.2 Data collected automatically when visiting the website

When visiting the website https://fms.mk/, the Company’s servers and analytics tools automatically collect certain technical data: IP address; browser type and version; device operating system; the page from which the visitor arrived (referrer URL); pages visited within the website and duration of the visit; and date and time of access. These data are processed exclusively for the purposes of technical security and website stability. The Company’s Cookie Policy, available on the website, governs the details of processing related to cookies.

2.3 Data collected in the context of a contractual relationship

When concluding and performing a service contract, the Company collects additional personal data necessary for the performance of contractual obligations, including: national identification number or tax identification number, where required for the issuance of fiscal documentation; bank account details, where payment is made by direct transfer; and the address of the real property or commercial premises that is the subject of the contract.

Article 3. Legal Bases and Purposes of Processing

3.1 Performance of a contract or pre-contractual measures

The Company processes the Client’s personal data where this is necessary for the conclusion, performance or termination of a service contract, or for taking steps at the request of the data subject prior to the conclusion of a contract. This legal basis covers, for example, the processing of contact and identification data in the preparation of a quotation, invoicing and project coordination.

3.2 Compliance with a legal obligation

The Company processes personal data where processing is necessary for compliance with a legal obligation, including: retention of accounting and fiscal documentation in accordance with the Law on Accounting, the Law on Value Added Tax and the Law on Income Taxes; registration and processing of employees’ personal data in accordance with the Law on Labour Relations; and compliance with obligations imposed by acts of the Agency for Personal Data Protection of the Republic of North Macedonia.

3.3 Legitimate interests

The Company processes personal data where this is necessary for the purposes of its legitimate business interests, provided that those interests are not overridden by the interests or fundamental rights and freedoms of the data subject. The Company’s legitimate interests include: maintaining business communication with existing and prospective clients; protecting the Company’s property, systems and employees; fraud prevention and abuse prevention; and improving service quality on the basis of feedback.

3.4 Consent

Where the Company relies on the consent of the data subject as the legal basis for processing, for example for sending business news, event invitations or promotional materials, the data subject gives free, specific, informed and unambiguous consent. The data subject has the right to withdraw their consent at any time by sending a written notice to contact@fms.com.mk, without this affecting the lawfulness of processing carried out prior to the withdrawal.

Article 4. Retention Periods

The Company retains personal data only for as long as is necessary for the purposes for which they were collected, unless a longer period is prescribed by law. The following retention periods apply:

Personal data collected in connection with the performance of a service contract are retained for the duration of the contractual relationship and for a further 5 (five) years after its termination, on account of potential contractual or commercial claims.

Accounting and fiscal documentation containing personal data is retained for 10 (ten) years in accordance with the Law on Accounting.

Personal data contained in pre-contractual communications that did not result in the conclusion of a contract are retained for up to 2 (two) years after the last communication.

Personal data processed on the basis of consent are retained until the consent is withdrawn.

Technical log files held on the website server are retained for up to 12 (twelve) months.

Upon expiry of the applicable retention period, personal data are deleted or anonymised in a manner that makes it impossible to link the information to an identified individual.

Article 5. Recipients of Personal Data

The Company does not sell and does not transfer personal data to third parties for their own independent commercial purposes. Personal data may be made available to the following categories of recipients, exclusively to the extent necessary for the specific business purpose:

Employees and associates of the Company who, by reason of their duties, need to process personal data in order to fulfil the Company’s contractual or legal obligations. All such persons are bound by a confidentiality obligation.

Data processors who carry out specific technical or business tasks on behalf of the Company, including: the provider of website hosting and maintenance services; the email service provider; the accounting firm or licensed accountant; and legal advisers. The Company concludes a data processing agreement with each processor containing the guarantees required under the LPDP.

Competent state authorities, courts and regulatory bodies, where disclosure is prescribed by law or ordered by an enforceable decision.

Contractual partners and subcontractors of the Company, to the extent necessary for the execution of a specific project, provided that those persons are bound by an appropriate confidentiality obligation.

Article 6. Transfer of Personal Data Outside the Republic of North Macedonia

As a rule, the Company processes personal data within the territory of the Republic of North Macedonia. Should personal data be transferred outside the territory of the Republic of North Macedonia as a result of the use of a particular cloud service provider or technological solution, the Company ensures that such transfer is based on appropriate legal safeguards as required by the LPDP, including standard contractual clauses or an adequacy decision issued by a competent authority.

Article 7. Rights of Data Subjects

Every data subject whose personal data are processed by the Company has the right to request from the Company:

Right of access: to receive confirmation as to whether the Company is processing their personal data and, if so, to obtain access to the personal data and information regarding the purposes, categories, recipients and retention periods of the processing.

Right to rectification: to request, without undue delay, the correction of inaccurate personal data or the completion of incomplete personal data.

Right to erasure: to request the erasure of their personal data where: the personal data are no longer necessary for the purposes for which they were collected; the data subject has withdrawn the consent on which the processing was based; or the personal data have been processed unlawfully. This right does not apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.

Right to restriction of processing: to request the restriction of processing in the cases provided for by the LPDP, including where the accuracy of the personal data is contested or where the processing is unlawful and the data subject opposes their erasure.

Right to data portability: to receive the personal data they have provided to the Company in a structured, commonly used and machine-readable format, where the processing is based on consent or a contract and is carried out by automated means.

Right to object: to object to the processing of their personal data where that processing is based on the Company’s legitimate interests. The Company shall cease the processing unless it demonstrates compelling legitimate grounds that override the interests, rights and freedoms of the data subject.

Right to lodge a complaint: to lodge a complaint with the Agency for Personal Data Protection of the Republic of North Macedonia if they consider that the processing of their personal data infringes the provisions of the LPDP.

Requests for the exercise of the above rights are submitted in writing to contact@fms.com.mk or by post to the Company’s registered address. The Company shall respond to the request within 30 (thirty) days. Where the request is complex or numerous, this period may be extended by a further 60 (sixty) days, of which the Company shall inform the data subject.

Article 8. Security of Personal Data

The Company implements technical and organisational measures appropriate to the risks associated with the processing of personal data, with a view to ensuring a level of security appropriate to those risks. The measures include, inter alia: restricted access to personal data processing systems limited to authorised persons only; use of secure communication channels for the transmission of personal data; regular data backups; and physical security measures for business premises.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the Company shall notify the Agency for Personal Data Protection within the period prescribed by the LPDP. Where the breach is likely to result in a high risk, the Company shall also notify the affected data subjects without undue delay.

Article 9. Cookies

The details of the use of cookies on the website https://fms.mk/, including the types of cookies, the purposes of processing, retention periods and the manner of managing cookie settings, are governed by the Company’s separate Cookie Policy, published on the website.

Article 10. Minors

The Company’s services and the website https://fms.mk/ are not directed at minors under the age of 16 (sixteen) years. The Company does not knowingly collect personal data from minors. Should the Company inadvertently collect personal data belonging to a minor, those data shall be deleted at the earliest possible opportunity upon becoming aware of this.

Article 11. Amendments to the Privacy Policy

The Company reserves the right to amend this Policy at any time. The amended Policy shall be published on the website https://fms.mk/ and shall take effect on the date of its publication. Data subjects with whom the Company has an existing contractual relationship shall be notified of material amendments by email or in such other manner as is specified in the contract. Continued use of the Company’s website or services after any amendment constitutes acceptance of the amended Policy.

Article 12. Contact for Privacy Matters

All questions, requests and complaints relating to the processing of personal data should be directed to the Company at the following contact details:

Facility Management Services FMS DOOEL Skopje

20th October no.4, Skopje 1000, Republic of North Macedonia

Email: contact@fms.com.mk

Telephone: +389 (2) 3 222 246

Business hours: Monday to Friday, 08:00 to 16:00