This Privacy Statement explains the type of personal data that HTL MACEDONIA DOOEL Skopje, 16th Macedonian Brigade No. 25, Gazi Baba, Skopje (hereinafter: the Controller), collects from you when you visit the official/business premises, and how the Controller uses this data. 1. Why do we collect (process) personal data? The Controller collects personal data through the video surveillance system for the following reasons (purposes): • to control access to the facility (building, entrance, premises, etc.) and to ensure the security of the facility, the safety of the Controller’s employees and visitors, as well as the protection of property and information located or stored within the premises; • to prevent, deter and, if necessary, investigate unauthorized physical access, including unauthorized access to security and protected areas, IT infrastructure, or operational information; and • to prevent, detect, and investigate theft of equipment or assets owned by the Controller, visitors or employees, or threats to the safety of personnel working in the premises (e.g., fire, physical assault). The video surveillance system is not used for any other purpose, such as monitoring the work of employees or their attendance. The cameras are installed in a way that does not record surrounding public areas. The purpose of the cameras is to provide a general overview of what is happening in specific locations, but not to identify individuals. The video surveillance system is also not used as an investigative tool or to gather evidence for internal investigations or disciplinary procedures, unless it concerns a security incident for which the video surveillance was established in accordance with the Law on Personal Data Protection. (In exceptional circumstances, data may be transferred to investigative authorities within a formal disciplinary or criminal investigation.) Video surveillance cameras are installed at the entrances and hallways in the facility and are positioned and focused so they record only individuals accessing the official/business premises (facilities), including property (e.g., parking areas). The video surveillance system covers: building entry and exit points, hallways, entry and exit points in the warehouse, and the exterior area of the building. 2. What data does the Controller collect?

The Controller collects only images captured by the cameras, with no audio recording. 3. Who is responsible for data processing? The Controller is the entity that processes personal data and determines the purposes of processing, solely in accordance with the Law on Personal Data Protection. Additionally, Aleksandar Lazarevski is the contact person responsible for video surveillance (a.lazarevski@htl.mk). 4. What is the legal basis for processing personal data through the video surveillance system? The Controller uses video surveillance equipment for: • protecting human life or health; • protecting property; • protecting the life and health of employees due to the nature of work; or • ensuring control over entry and exit from the official or business premises. Therefore, the processing is lawful according to Article 90 of the Law on Personal Data Protection. Additionally, at the entrance of the administrative building at 16th Macedonian Brigade No. 25, Gazi Baba, Skopje, a clear and visible notice about video surveillance is displayed, allowing personal data subjects to be informed about the video surveillance, the name of the controller conducting it, and how they can obtain information on where and how long the recorded footage is stored. 5. Who can see my personal data? Access to video recordings is granted only to authorized personnel responsible for video surveillance. Access to the digital device or disk where the recordings are stored is restricted and protected by technical data security measures (password, logging of events or actions performed by employees or authorized persons). Access to data or video recordings is not possible without authorization from the managers of HTL Macedonia DOOEL Skopje. 6. How can you control your data? You may send a request to the Controller at info@htl.mk or by mail to: 16th Macedonian Brigade No. 25, Gazi Baba, Skopje. 7. Can I access my data? You have the right to access your data at any time and free of charge by sending a request to the Controller at info@htl.mk or by postal mail to: 16th Macedonian Brigade No. 25, Gazi Baba, Skopje.

8. Can I change my data? Modification of video surveillance footage is not permitted. 9. Can I request restriction of processing of my data? You have the right to restrict the processing of your personal data at any time by sending a request to the Controller at info@htl.mk or by mail to: 16th Macedonian Brigade No. 25, Gazi Baba, Skopje: • when you contest the accuracy of your personal data, • when the Controller no longer needs the data to perform its tasks. You may also block the processing when the processing is unlawful and you oppose deletion of the data. However, blocking is not possible in every case of an official investigation. 10. Can I request deletion of my data? You have the right to request deletion of your data at any time by sending a request to info@htl.mk or by mail to the above-listed address, but only when the processing is unlawful. 11. Are my personal data shared with third parties? Your data is kept by the Controller unless you request or consent to it being shared. In the event your data is shared with third parties, you will be informed about to whom it was disclosed, for what purpose, and under which legal basis.

12. Do I have the right to object? Yes, you have the right to object and oppose processing at any time by sending a request to info@htl.mk or by mail to the stated address, but only when you have legitimate reasons relating to your specific situation. The Controller will act upon your request within 15 days from the date of submission. 13. What can I do in case of a problem? a) First step: notify the Controller by emailing info@htl.mk and request action. b) Second step: if you do not receive a response or are not satisfied, contact our Data Protection Officer at d.georgievski@casino-f.com c) At any time, you may submit a request to the Personal Data Protection Agency at www.azlp.mk, which will act on your request and take the necessary measures. 14. When does the processing of my personal data through the video surveillance system begin? Processing begins at the moment you enter the Controller’s premises. 15. Personal data security The Controller is committed to protecting your personal data. Therefore, it uses security technologies and procedures to protect your personal data from unauthorized access, use, or disclosure. Your data is stored on computer systems with limited access and in a controlled environment. 16. How long do we keep your data? If device capacity allows, the Controller will store your personal data for no longer than 30 (thirty) calendar days after your visit to the premises, after which all recorded video footage is automatically deleted.