Legal analysis of the law
1. Title of the law and Official Gazette number (last change or modification)
Law for prevention of money laundering and financing of terrorism („Official Gazette of the Republic of Macedonia“ n.130/2014
2. Does the Law envisage processing of personal data and in what type of Collection? (Evidence, Register, Database)
Registries are being kept for:
- persons for which a report for suspicious activities has been filed
- persons for which a report for cash transactions has been filed
- persons for which a report for related cash transactions has been filed
- persons for which a report for paid credits has been filed
- persons for which a report for notary certified legal act has been filed
- persons for which a report for taking a life insurance policy which amount exceeds 15000 euros (in denars) has been filed
- persons for which a report for purchase of vehicles whose value exceeds 15000 euros (in denars) has been filed
- persons for which a report for suspicion of money laundering and financing of terrorism has been filed to the competent authorities
- persons for which a report for notification on suspicion of another crime to the authorities has been filed
- persons for which a warrant has been issued for monitoring their business relationship
- persons for which a warrant has been issued for use of temporary measures
- persons whose data has been exchanged with the authorities in Republic of Macedonia
- persons whose data has been exchanged with the authorities and organizations of other states and international organizations and
- persons who transferred money or physically transferable means of payment.
The registries contain personal data, in accordance with this law and other data and information’s about the subject and third-parties.
3. What is the purpose of collecting personal data? Is that purpose clear?
Defining the measures and actions to detect and prevent money laundering, related criminal acts and terrorist financing (hereinafter: money laundering and financing of terrorism).
4. What categories of personal data are collected? Is the scope in compliance with the purpose?
Personal data, in relation with this law, is: name, date of birth (day, month, year and location), residence or domicile, PIN, residence address and citizenship, as well as other data through which directly or indirectly a specific person can be identified.
5. Who collects the personal data at first instance? (company, institution)
The financial institutions, which in accordance with this law, are:
- Banks, in accordance with the Banking Law;
- Exchange offices in accordance with the Foreign Exchange Law;
- Savings offices in accordance with the Banking Law;
- Brokerage offices in accordance with the Law on Securities;
- Providers of fast money transfer and subagents in accordance with the Law on fast money transfer;
- Posts or other legal entities that carry out financial transactions, wire transfers of money or delivery of valuable items;
- insurance companies, insurance brokerage companies, companies representing the insurance, insurance brokers and insurance agents, who are working in life insurance, or perform advocacy and mediation in insurance in contracts for life insurance in accordance with the Law on Insurance Supervision;
- management companies of investment funds in accordance with the Law on Investment Funds;
- Companies for mandatory and voluntary pension funds in accordance with the regulations for pension insurance;
- and other physical or legal persons who, under the law, perform one or more activities in connection with loan approval, issuance of electronic money, issuance and administration of credit cards, financial leasing, factoring, forfeiting, providing services to the investment adviser, mediation in micro-transactions and other financial services specified by law.
6. Is the Consent of the data subject for personal data protection envisaged by this law?
No.
7. Is the keeping period of personal data clearly defined?
The data in the registries of this law are being kept for 5 years from the day of their submission.
8. Does the law contain separate provision for personal data protection that clearly states the implementation of technical and organizational measures?
Data provided under this Act shall be confidential and may be used only for the detection and prevention of money laundering and financing of terrorism. The submission of the data to the Department and to the supervisory authorities for law enforcement is not considered disclosing the confidentiality. Entities, persons who manage the entities and their employees must not notify the client or third person of the data submission to the Office or on the measures and actions to detect and prevent money laundering and financing of terrorism undertaken under this Act. The prohibition also applies to cases when the submission of data is to the supervisory authorities and law enforcement. Employees of entities and persons who manage the entities are obliged to take measures and actions to detect and prevent money laundering and financing of terrorism, in accordance with the law, must not use the personal data of the clients’ files for other purposes except for the implementation of activities designed to detect and prevent money laundering and financing of terrorism.
The personal data gathered for this law are being used in accordance with this law and the principles of personal data protection.
9. Is the processing of personal data prescribed by this law connected to implementation of another law?
- Banking Law;
- Foreign Exchange Law;
- Law on Securities;
- Law on fast money transfer;
- Postal Law;
- Law on Insurance Supervision;
- Law on Investment Funds;
- Regulations for pension insurance;
10. Are there any exceptions for processing of sensitive data? (PIN, biometrics, video surveillance)
PIN, bank account data.