Personal Data Protection

Personal Data Controller

The Personal Data Controller is the University of Information Science and Technology “St. Paul the Apostle” Ohrid (hereinafter – University) with headquarters at bb Partizanska Str., 6000 Ohrid, Republic of North Macedonia.
Contact by phone: 046/511-000


The University within its scope of work, and in order to realize its core activity in the field of education and science, collects, stores and processes personal data.


In terms of protection of data processing, the University is the data controller and the data subjects are candidates for enrollment, enrolled students and alumni, as well as current and former employees and contractually engaged individuals.


The Data Protection Procedure for Personal Data Subjects Rights describes the procedure for submitting request/s for issuing information on the scope of and purpose for processing of the data subject’s data by the University. (link)


Data Subject Rights

The University guarantees the realization of all legal rights regarding the processing of your personal data regarding the processing of your personal data. You have the right to request at any time from the University: 


Right to Access Personal Data (Law on Personal Data Protection, Article 19) – the right to submit a request for access to your personal data, i.e. to receive information about the processing of your data and to check if it is true and up-to-date;

Form 1. Request for Access to Personal Data


Right to Personal Data Correction (Law on Personal Data Protection, Article 20) – if you find that your personal data processed by the University are incorrect or incomplete, you have the right to request its correction.

Right to Personal Data Erasure i.e. “Right to be Forgotten” (Law on Personal Data Protection, Article 21) – the right to ask the University to erase your personal data under certain conditions determined by law. 

Form 2. Request for Personal Data Correction and Erasure


Right to Personal Data Processing Restriction (Law on Personal Data Protection, Article 22) – the right to request the University to restrict the processing of your personal data under certain conditions determined by law.

Form 3. Request for Personal Data Processing Restriction


Right to Data Portability (Law on Personal Data Protection, Article 24) – the right to receive your personal data in a structured, commonly used and machine readable format and to transfer it to another processor without the University’s interference.

Form 4. Request for Data Portability


Right to Object (Law on Personal Data Protection, Article 25) – the right to object on the basis of a specific situation if the processing of your personal data is based on a legitimate interest. The controller can no longer perform personal data processing, unless it proves that there is a relevant and legitimate processing interest, which prevails over interests, rights and freedoms of the data subject.

Form 5. Objection


Right to Submit Request to the Personal Data Protection Agency (PDPA) – the right to submit a request to the PDPA as a supervisory body, if you consider that the way the University processes your personal data violates the provisions of The Law on Personal Data Protection, you can.

The data subject may submit a request to the main unit (faculty, institute or other associate member) within the University or to the University’s Rectorate. The request is then forwarded to the University’s Data Protection Officer who gathers all necessary information on the data subject’s data processing and submits a response.

The University is obliged to respond to the data subject’s duly submitted request within 30 days of receipt. The University has the right to extend the deadline for another 2 (two) months taking into consideration the complexity and number of submitted requests. The University shall inform the data subject for any extensions within 1 (one) month from the day of receipt of the request, along with the reason for the delay. When the data subject submits a request in an electronic form, the information is provided by electronic means, where possible, unless the data subject requests otherwise.

In case the University has already replied once to the data subject’s same/similar request, then is no longer obliged to further respond, provided that there are no changes in the data subject’s data and six months have not passed since the last/previous request.


Data Retention

The data which the University collects is stored in accordance with applicable general and internal procedures for the period required to achieve the purpose of data processing. Personal data must not be kept longer than the period necessary for accomplishment of the purpose for which it was originally collected. This applies to all personal data, whether stored on core systems, local PCs, laptops or mobile devices or kept in hard copies (on paper). If the data is no longer needed it must be securely destroyed or erased. (link)

The University undertakes technical and organizational measures to ensure the highest level of confidentiality and protection of the processing of your personal data at its disposal, and to prevent unauthorized access, disclosure, and possible misuse. Access to your personal data is given only to authorized employees.


Data Sharing 

When personal data is transferred internally, the recipient must only process the data in a manner consistent with the original purpose for which the data was collected. When personal data is transferred externally, a legal basis must be determined and a data sharing agreement between the University and third party must be signed, unless data disclosure is obligatory by law or the third party requires the data for law enforcement purposes.


Data Protection Officer

Jordanka Cvetkoska – Atanasova –


Data Protection Rulebooks 

Additional information is available at the following LINK