PRIVACY POLICY
This Privacy Policy was last updates in January 2026
Changing the Privacy Policy
Under certain circumstances, LC WAIKIKI may, as a personal data controller, modify this policy on the processing of personal data to reflect changes in legislation, internal practices, and procedures for processing personal data, or technological advances made over a certain period of time. In the event that we make changes in the way your personal data is processed or used, they will be published in the updated policy and the date of entry into force of the policy so amended will be published at the beginning of the processing note updated personal data. Therefore, this Privacy Policy must be consulted periodically in order to keep up with the latest policies and practices in this field.
In accordance with the provisions of Law on Personal Data Protection ("Official Gazette of the Republic of North Macedonia" No. 42/2020, 294/2021 and 101/2025) (the “LPDP”) with regard to the processing of personal data and on the free movement of such data, we bring you the following aspects regarding the processing of your personal data:
Who we are
LC Waikiki is a global ready-made clothing retailer based in Turkey, operating in more than 30 countries with more than 40,000 employees. Thus, all related data processing activities are jointly operated and carried out by the following entities from the LC Waikiki Group of companies as joint controllers:
- Mainly by Company for trade and services LC WAIKIKI RETAIL MK DOOEL Skopje , daughter company registered and functioning under laws of North Macedonia, with headquarters at the address: str. “Maxim Gorki” no. 12, 1000 Skopje, Republic of North Macedonia, registered with Central Registry of the Republic of North Macedonia with registration number: 6872115 and VAT number: 4080013537133, for all operations related to the conclusion and execution of the distance sale agreement (orders, shipment, etc.) (hereinafter referred to as: the “LC WAIKIKI Macedonia”);
- In subsidiary by LC WAIKIKI MAĞAZACILIK HIZMETLERI TIC. A.Ş., mother company and sole shareholder of LC Waikiki Macedonia registered and functioning under Turkish laws, with headquarters in Republic of Turkey, 15 Temmuz Mahallesi Gülbahar Cad. No:41 Bağcılar, 34212 İstanbul, Turkey (hereinafter referred to as: “LC WAIKIKI Turkey”).
(LC WAIKIKI Macedonia and LC WAIKIKI Turkey shall hereinafter jointly be referred to as: “LC WAIKIKI” or the “Joint Controllers”).
What personal data do we process?
If you visit our Stores
For issuing product invoices, return invoices, and payment orders we will need your name, surname, address, and signature. For resolving complaints received from you through the Register of Complaints, you will process your full name, surname, e-mail address, and telephone number. To ensure store security, and monitor access routes and activity in LC WAIKIKI Macedonia’s brick-and-mortar stores in North Macedonia through video surveillance systems, we will process video footage in which you might appear. We also use the images to best organize the store activity for optimal customer satisfaction (making sure all the products are displayed and easy to access, completing empty shelves with new merchandise, clearing the hangers near the exchange cabins, etc.). For further information on the privacy practices of LC WAIKIKI Macedonia related to video surveillance please see LC WAIKIKI Macedonia’s Privacy Statement for Video Surveillance.
- If you book a product in the store or a product available in another LC WAIKIKI Macedonia store, we will need your name, surname, and phone number to inform you when you can pick up your product.
If you visit our website
- Data regarding your shopping account: name, surname, billing and delivery address, account ID and password, e-mail address, telephone number, shopping and payment history and preferences, shopping cart content, and your interactions with our online Customer Support Services.
- Data regarding the profiling of our website users according to the Cookies Policy you can access here: age, sex, IP, traffic data, geo-location data, device information (Device ID, software version, connection used, operating system, browser used), keywords searched by the user according to its interests;
If you want to be part of the Team
- Data of the recruitment process: name, surname, age, gender, nationality, address, CV data, level and specialization of studies required by a job description; recommendation letter, references from your past jobs (if applicable), specific test and evaluation results support documents.
If you access our social media platforms
Within social media pages such as Facebook and Instagram page we can process the following categories of personal data as follows:
- if you send a message to our page, we have access to your public profile (which includes your username) as well as the content and date/time of that message. Messages can be used, for example, if you request additional information about an order (delivery date) or you can use our page to apply to a job advertisement, in which case we have access to all the information you have filled in your Personal Profile by Facebook (name/surname, city, phone number, e-mail address, education, experience, etc.) or similar information on Instagram;
- if you comment on a page post, we have access to your public profile (which includes your username) as well as the content and date/time of that comment;
- if you interact with the content of the page (like, share), we can view your public profile (which includes your username) and the type of interaction.
- in case you participate to a contest or campaign we will collect your name and surname, phone number, e-mail address, order number if necessary, cargo tracking number if necessary, invoice of the product purchased when in case you have a query over an order, or we use the indicated information in order to send you the contest’s prize .
When you interact with the page, the social media platforms processes certain personal data based on which it provides us with aggregate statistics. This does not include personal data directly, but is limited to:
- the number of clicks on the contact data;
- the number of page views;
- the number of page previews by placing the mouse over the page name (hover);
- the number of page likes;
- the number of people to whom content from the page was displayed;
- the number of page recommendations made by people;
- the number of interactions with the page content (like, share, comment, etc.)
- the number of views of videos on the page for more than 3 seconds;
- the number of fans;
- the number of people viewing the promotional campaigns.
Also, when we customize the audience of our posts or advertising campaigns on Facebook, we set interest categories that may include you (for example male from Skopje, between 25 and 45 years old, interested in travel). Even if these categories are based on the processing of personal data, we do not have access to them, but only to the statistical results resulting from the analyses, since Facebook makes the results directly available to us.
To learn more about how Facebook processes your personal data to establish categories of interests, you can read the Facebook Data Use Policy at https://www.facebook.com/about/privacy/previous
To learn more about how Instagram processes your personal data to establish categories of interests, you can read the Instagram privacy policy at https://help.instagram.com/155833707900388
Where do we obtain personal data from
As a rule, the personal data we process is obtained directly from you. However, there are situations in which we will also be in possession of your personal data through other legitimate means, such as executing a contract to which you are not a party:
- If you are designated as an authorized person or business contact for our partners;
- If you purchase an LC WAIKIKI product from our partner online shop/marketplace;
- If you use our store's discounts or any other benefits won in our partner’s campaigns (shopping malls);
- If you work as a temporary agency worker in our stores;
- If you allow recruitment platforms to share your resume with us.
Purposes of the processing
Your personal data are processed by us for legitimate purposes, according to the LPDP currently in force in North Macedonia, as follows:
- We use a behavior analytics tool that helps us understand how users interact with our website. Supported features capture the user interactions on our website such as, how the page is rendered, and user interactions such as mouse movements, clicks, scrolls, and so on. So we will be to make data-driven decisions on what works and what doesn't, understand confusing elements of our webpage, identify user behavior and add required content to our page, test and publish new ideas on our webpage, study user clicks, and scrolling behavior, and provide better customer experience on our websites.
- Data gathered by Advertising Cookies, advertising technologies and other online identifiers, search history, and access content on our Website.
- To target our advertising banners, more precisely to show you ouradvertising on Social Media platforms as described above or on other websites you use.
We use for such purpose several digital marketing networks, ad exchanges, and advertising technologies such as advertising cookies, web beacons, pixels, online identifiers, and ad tags, including specific services offered by sites and Social Media, such as Facebook’s Custom Audience service.
Our banners and ads you may see will be based on your activity on our Website (search history and accessed content) or on banners and ads that you have clicked/accessed before. - We will do this only if you have consented, as per Article 10 paragraph (1) point 1 of the LPDP, to the use of advertising cookies on our Website. Please see our Cookie Policy for more details. You can withdraw your consent and manage your cookie settings at any time.
- Concluding and executing contracts with our partners;
- To process, confirm, and fulfill your order, including confirming payment, updating you on the status of your order, and shipping the order to you;
- For Customer support and general assistance;
- Managing communications systems and IT systems, conducting audit reports, managing database security and all IT systems;
- Drafting tax documents and collecting payment amounts from individuals, including recovering debts and invoices issued by suppliers;
- To issue product invoices, return invoices, and payment orders;
- To resolve complaints received from you through the Register of Complaints;
- To provide security for goods and people inside LC WAIKIKI’SMacedonia’s stores in North Macedonia by using the video surveillance system;
- Conducting recruitment/selection activities for filling vacancies and managing recruitment/contest files during the various stages of the procedure;
- Developing campaigns for customers or potential customers through an electronic newsletter or SMS for direct marketing purposes;
- Streamlining the services made available to the clients and constantly improving the quality of the services offered, in particular, web services and products by inviting you to complete our surveys;
- To register your user account on our website;
- Representation of the company in courts and before public authorities.
NOTE
If LC WAIKIKI wishes to process your personal data for purposes other than those originally declared, you will be provided with a separate information note detailing the subsequent purpose of the processing, the legal basis of the processing, and the retention period of your personal data, along with any other useful information in relation to further processing to enable you to express your consent freely, knowingly and expressly for each processing operation (if such processing is conditional upon your express consent being obtained).
Legal Basis of Processing
- Making steps at your request before concluding a contract (Article 10, paragraph (1), item 2 of the LPDP);
- The fulfillment of legal obligations by LC WAIKIKI (Article 10, paragraph (1), item 3 of the LPDP);
- The legitimate interest of LC WAIKIKI (Article 10, paragraph (1), item 6 of the LPDP), such as the organization of the entire LC WAIKIKI activity for the purpose of carrying out the activity; Scheduling of IT applications; solving complaints and requests received from clients or other interested persons; monitoring store access; initiating and conducting litigation by courts of law and (possibly) other public authorities;
- Your consent to the processing, when expressly granted, freely and unconditionally, in specific situations such as, for example, marketing processing (Article 10, paragraph (1), item 1 of the LPDP).
For how long do we keep personal data
- Personal data processed for accounting purposes, especially those related to billing and payments, will be stored for a period of 10 years starting on 1 January of the year following the end of the financial year in which they were drawn up according to legal provisions;
- Personal data from the recruitment process will be kept for a period of 6 months from the end of the recruitment/selection process for the vacancy;
- Video footage of store surveillance cameras is kept for a maximum of 30 days;
- Personal data submitted through the Register of Complaints, according to the legislation, shall be kept for 2 years following the final resolution of the matter;
- Product reservation forms will be kept in special compartments at the store where you requested the product until the product arrives;
- Personal data processed for concluding and performing the distances sales contract (online purchases) will be kept for the entire contractual period plus a period of 5 years during which related rights should reach prescription/statute of limitation;
- Personal data processed for user account purposes will be kept for as long as your account is valid. Your account shall be disabled and closed after a period of inactivity of 2 years calculated since the last log-in in that account;
- Data processed under your consent will be processed during the validity period of your consent or until you choose to withdraw your consent or the data is no longer necessary;
- Data processed under our legitimate interest will be processed for a maximum period of 5 years, after which it will be anonymized and processed for statistical purposes
When personal data processing conditions set forth in the legislation no longer apply, LC WAIKIKI has to delete, destroy, or anonymize personal data under the law, or upon request of the data subject. Personal data, which is processed in compliance with the legislation, is deleted, destroyed, or anonymized by LC WAIKIKI under the law, or upon request of the data subject, when such personal data is no longer necessary for the purposes of processing.
In some circumstances, such as to meet our legal or regulatory obligations, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may hold on to your personal data after we’ve finished providing services to you, or for longer than our general retention policy.
Who do we share personal data with
Under certain expressly regulated conditions, your personal data may be processed by LC WAIKIKI, through processors or jointly with other companies, in the latter case, as a relationship of the type of Joint Controllers who will establish in common goals and means of processing, according to the provisions of art. 30 of the LPDP.
In some situations, service providers such as, but not limited to, service providers and IT systems, various contractual partners such as Microsoft Corporation, Iron Mountain, etc. Also, we will be able to send your data to lawyers, accountants, auditors, or other professionals who are required to keep professional secrecy.
For reporting to state authorities, in accordance with the legal obligations in force, it will be necessary to transmit your data to various public institutions.
Personal data transfers to third countries
We share your personal data within LC Waikiki group of companies, especially with LC WAIKIKI MAĞAZACILIK HIZMETLERI TIC. A.Ş., mother company and sole shareholder of LC WAIKIKI Macedonia registered and functioning under Turkish laws, with headquarters in Republic of Turkey, 15 Temmuz Mahallesi Gülbahar Cad. No:41 Bağcılar, 34212 İstanbul, Turkey.
If some of these providers or other third parties are located in territories outside the European Economic Area that do not offer a level of data protection comparable to that of the European Union, we inform you that we will transfer your data using the most convenient international data transfer tools, for example the Standard Contractual Clauses for the transfer of personal data (the “SCCs”) determined by the Agency for Personal Data Protection in the Republic of North Macedonia (the “APDP”) or approved by the European Commission (the “EC”), as applicable. You may access the Standard Contractual Clauses adopted by the EC at the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. Additionally, the SCCs adopted by the APDP, are available at the following link: https://azlp.mk/en/controllers/forms-and-services/forms-and-forms/.
Transfers form North Macedonia to companies based in or outside the European Union, European Economic Area or NATO, shall occur in accordance with the data transfer mechanisms prescribed in the LPDP.
Personal data security
LC WAIKIKI takes all necessary measures to ensure that its employees, and all companies and organizations it works with, exercise due care and have awareness related to data security. LC WAIKIKI provides training on data security to its employees when they first start working at the company, and at later stages as well to update their knowledge on this matter. All employees that access personal or sensitive personal data are required to provide a letter of undertaking in relation to the security and privacy of such data.
In case of any non-conformity with policies and procedures, disciplinary action is taken. The security of personal data is provided with password-protected protocols, firewalls, and access control mechanisms. Data is classified and labeled. Physical security measures are taken against external and peripheral threats. Changes made in the information systems are recorded. To avoid data losses, the backup of personal data is taken according to the data backup policy. Information systems are regularly scanned for security vulnerabilities, and any detected vulnerability is eliminated. In case of any breach of information security, non-conformities are determined immediately and all necessary measures are taken to eliminate and prevent recurrence of such non-conformities.
We also hold an ISO/IEC 27001- Information Security Management System certificate meaning that we employ the highest standards in protecting all the data we process and we are periodically audited by an independent security auditor.
Technical measures are listed below:
- Internal IT controls are made for the systems operated by the company.
- Our servers are kept in secured locations with strict physical access (CCTV, ID Card Management, human security, secured access ways, etc.); we have mirroring solutions, periodical back-ups, and a Disaster Recovery Plan;
- IT risk assessment of the systems operated by the company is conducted as part of the Corporate Risk Management process.
- e-training on privacy and data security is provided to raise awareness of the personnel related to personal data and laws on the protection of personal data.
- Personnel are required to provide a letter of undertaking related to their responsibilities for data security. In case of any non-conformity with policies and procedures, disciplinary action is taken.
- Data processed by the company is classified based on its level of confidentiality, and information is shared in the company and out of the company using methods chosen according to the classification of data.
- Firewalls, proxy servers, networks, and sub-networks are used for the network and data security of the company.
- Firewall access rules are periodically reviewed to ensure password-protected protocol is used for the security of data at the application and service level.
- Multi-factor authentication is used to access critical systems of the company.
- There are systems to prevent or detect unauthorized transfer of data from the company, technical rules are identified for the operation of these systems, and compliance with these rules is monitored.
- Periodical general infiltration tests, application-based and general vulnerability scans, and code scans are carried out and if needed, corrective actions are taken.
- Access of IT employees to personal data is controlled and subject to approval; also any administrator account action is logged.
- There is an audit trail of any modification to be made on the systems operated by the company, in order to follow up any issue related to data security.
- Personal data is destroyed without leaving an audit trail and making it impossible to recover such data
- Hardening measures are taken for IT services and systems
- Central applications are used to prevent malware, and the malware database is updated in all end-users.
- Places where data is stored and backed up are physically secured. Environmental factors are monitored centrally.
- Under the applicable legislation, all kinds of digital medium, where personal data is stored, is protected with password or cryptographic methods to meet data security requirements.
- Backup of personal data is to avoid data losses, under the data backup policy
Your rights in relation to the personal data processing
You have the following rights in relation to the personal data we hold about you:
Your right to be informed about how your personal data is being used.You have the right to be provided with sufficient information, in a concise, transparent, and easily understandable form, in order for you to gain insight and understanding of our processing activities and thus to ensure transparency of personal data use. For such informational purposes, we have designed and made available to you this Privacy Policy.
This Privacy Policy will keep you informed about how we will use your personal data. All necessary details have been provided hereto, so please read it carefully.
- Your right to access
In brief
If you submit an access request to us, we shall confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details).
In detail
Upon your request, we will confirm that we process your personal data and, if so, we will provide you with a copy of your personal data that is subject to our processing and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom personal data has been or is to be disclosed, in particular recipients from third countries or international organizations;
- where possible, the period for which personal data are to be stored or, if that is not possible, the criteria used to determine that period;
- the existence of the right to require the operator to rectify or erase personal data or to restrict the processing of personal data relating to the data subject or the right to object to processing;
- the right to lodge a complaint with a responsible data protection authority (Agency for Personal Data Protection in North Macedonia);
- where personal data are not collected from the data subject, any available information on their source;
- the existence of an automated decision-making process including the creation of profiles and, in those cases, relevant information on the logic used and the significance and expected consequences of such processing for the data subject.
- If we transfer your data to a third country or to an international organization you have the right to be informed of the appropriate safeguards applied.
- The first copy of your personal data is provided free of charge. For additional specimens of the same personal data, we may charge a reasonable additional charge, taking into account the related administrative costs.
- Your right to correct personal data
- If the personal data that we hold about you is inaccurate or incomplete, you are entitled to have it corrected. You can personally do so by updating your user account information. If you do not want to personally update or you do not have a user account, you can submit a request and we shall perform the necessary changes within 15 days as of your request date.
- If we’ve shared your personal data with others, we’ll let them know about the changes where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
- In order to keep personal data accurate, we may request you reconfirm/renew your personal data from time to time.
- Your right to delete personal data (The right to be forgotten)
In brief
- This right enables you to request deletion of your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). We shall comply with your request unless we have a reason for keeping your personal data.
- If we’ve shared your personal data with others, we shall let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we shall also inform you who we’ve shared your personal data with so that you can contact them directly.
In detail
- You may ask us to delete your personal data and we will delete your processed personal data, within 30 days as of the receipt of your request, in case, of one of the following circumstances:
- Data is no longer required for the purposes for which it was collected or processed;
- You withdraw consent to the processing of your data when your data processing is based on your consent and there is no other legal basis on which to process your personal data;
- You oppose the processing of your data on our legitimate interest, including the creation of profiles based on this ground, or you oppose data processing for direct marketing purposes, including the creation of profiles for direct marketing purposes;
- Your data has been processed unlawfully;
- Personal data should be deleted to comply with a legal obligation under law;
- Personal data have been collected in connection with the provision of information services to children and the basis of processing is consent.
- Unless this proves impossible or involves disproportionate efforts, we shall notify each recipient to whom your personal data has been disclosed for erasure purposes. Upon your request, we shall inform you of those recipients.
- We reserve the right to refuse the deletion of your data when processing is required:
- For the exercise of the right to free expression and information;
- In order to comply with a legal obligation that applies to us as a personal data controller;
- For purposes of archiving in the public interest, scientific or historical research, or for statistical purposes, insofar as the deletion of the data is likely to render impossible or seriously impair the achievement of the objectives of the processing;
- To establish, exercise or defend a right in court.
- Your right to restrict us from using your data
In brief
- In certain circumstances (including where we use legitimate interests as set out below) you can ask us to stop processing your personal data or ask for us to limit the ways in which we process this data. However, we can refuse a request in some cases - we shall provide you with information explaining why we have refused your request if we do this.
In detail
- You may ask us to block and restrict the processing of your personal data in one of the following circumstances:
- Contest the accuracy of the data - in this case, at your request, we will restrict the processing for the period we perform the necessary checks on the accuracy of your data;
- Data processing is illegal and you do not want to delete your data;
- We no longer need your data for processing, but processed data about you is necessary to establish, exercise or defend a right in court;
- You opposed the processing of your data under our legitimate interest, including the creation of profiles based on this basis - in this case, at your request, we will restrict the processing for the period in which we verify that our legitimate rights do not prevail over your rights.
- If your data processing has been restricted, we shall only be able to store your data. Any other way of processing out of storage will be done only:
- after obtaining your consent;
- for finding, exercising, or defending a right in court;
- to protect the rights of another natural or legal person;
- for reasons of public interest.
- We will inform you before lifting any processing restriction as set out above.
- Unless this proves impossible or involves disproportionate efforts, we will communicate to each recipient to whom your data has been disclosed restricting the processing of such data. At your request, we will inform you of those recipients.
- Your right to data portability
- You have the right to receive the data that concerns you and that you have provided us with in order to transmit such data to another controller, in the following circumstances:
- Your data processing is based on your consent or on a contract between us and you;
- Your data is processed by automatic means.
We will provide your personal data in a structured, commonly used, and machine-readable format.
- If technically feasible, you can request that your personal data be transmitted directly to the controller indicated by you.
- You may request us not to further process your personal data by filing an objection for reasons relating to your particular circumstances and if the processing of your data is based on our legitimate interest. We will cease processing of your data unless we demonstrate that we have legitimate interests that justify processing and those reasons prevail over your interests, rights, and freedoms, or whether the purpose of the processing is to establish, exercise or defend a right in court.
- In addition to the above, you may request that we no longer process your personal data for direct marketing purposes, including the creation of profiles related to that direct marketing.
- Your rights in relation to automated decision-making and profiling
In brief
- You have the right not to be subject to a decision when it is based solely on automatic processing, including profiling, and if it produces a legal effect or similarly significantly affects you.
In detail
- You have the right not to be subject to a decision when it is based solely on automatic processing, including not being profiled, if ithas legal effects or significantly affects you, except in the following cases:
- the automatic decision is required to conclude or execute a contract between you and us;
- the automatic decision is authorized by law applicable to us as controller and also provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject;
- The automatic decision is based on your express consent.
- If the cases indicated in (a) and (c) above apply, you may request that you exercise the following correlative rights:
- the right to obtain human intervention on our part;
- the right to express your point of view;
- the right to challenge the automatic decision.
- Your right to withdraw consent
- If we rely on your consent as our legal ground for processing your personal data, you are entitled to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of your personal data on the basis of your consent prior to its withdrawal.
- Your right to stop direct marketing
- You are entitled to stop us from using your personal data for direct marketing purposes. You can do this by accessing the unsubscribe link at the bottom of our emails or by sending us a request.
- Your right to lodge a complaint with the supervisory authority
- You have the right to submit a request to the Agency for Personal Data Protection in North Macedonia, , with address at Blvd. "Goce Delcev" 18, 1000 Skopje, Republic of North Macedonia (the “DPA”)if you believe the processing of your data is not in compliance with the applicable law.
- More information about the APDP can be obtained by visiting the following website: https://azlp.mk/.
- Your right to seek judicial remedy
- Without prejudice to any other administrative or non-judicial remedy, you have the right to pursue an effective judicial remedy against:
- a controller/processor that infringed the rights granted to you by the LPDP;
- a legally binding decision of the APDP.
To the extent that you have suffered moral or material damage as a result of the LPDP infringement, you have the right to obtain compensation.
How You Can Exercise Your Rights as Data Subject and Our Data Subject Requests Procedure?
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microoft Privacy Statement.
- Submitting a request. For the exercise of any rights above, please submit your request in writing, using the contact details indicated below.
- Identification of the applicant. In order to be able to properly address and manage your request, we urge you to identify yourself as completely as possible. In case we have reasonable doubts as to the identity of the applicant, we will ask for further information to confirm the alleged identity.
- Response time. We will respond to your requests without undue delay (within legal deadlines), and in any case within one month from the receipt of the request. Insofar as your application is complex or we are in a position to process a large number of requests, we may reasonably postpone the delivery of your response for up to two months with your prior notice.
- Providing our answer. We will provide you with our response and any requested information in electronic format unless you request them to be provided in another format.
- In case of refusal. In so far as we refuse to meet your request, we will inform you of the reasons which led to this decision and of the possibility to submit a complaint to the APDP and to apply for a judicial remedy.
- Taxes. Exercising your rights as a data subject is free. However, to the extent that your claims are manifestly unfounded or excessive, especially by taking into account their repetitive character, we reserve the right to refuse the fulfillment of such requests.