Privacy Policy

01Introduction & Scope

MakBPO provides business process outsourcing services, including healthcare revenue cycle management, customer service, software development, data management, and AI automation. This Policy applies to personal data we process as a data controller in the following contexts:

• Visitors to makbpo.com;
• Prospective clients who contact us through the website or other channels;
• Job applicants who apply through our careers page;
• Business contacts of our clients, partners, and vendors.

Our Contact Details

Data Protection Officer / Privacy Contact

We encourage you to read this Policy carefully to understand our practices regarding your data and how we treat it.

02Information We Collect

We collect only the data that is necessary for the purposes described in this Policy. The types and volume of data we collect depend on how you interact with us.

2.1 Personal Data You Provide Directly

This includes information you submit through our website contact form, by email or phone, or as part of a job application:

• Identifiers: name, email address, phone number, postal address.
• Professional or employment-related information: job title, company name, business sector (when you contact us as a prospective client).
• Recruitment data: CV/resume, cover letter, work history, education, references, and any other information you choose to provide when applying for a role at MakBPO. See Section 6.2 for retention.
• Communications: the content of inquiries, messages, support requests, and other correspondence you send to us.

2.2 Information Collected Automatically

When you visit makbpo.com, our servers and hosting infrastructure may automatically collect limited technical information:

• Device & connection data: IP address, browser type and version, operating system, device type.
• Server logs: pages requested, timestamps, referring URLs, and HTTP status codes — used for security, troubleshooting, and to maintain the integrity of the website.
• Approximate location: general country or region derived from your IP address.

2.3 Sensitive Personal Information

We do not collect sensitive personal information through makbpo.com (such as health data, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, or sexual orientation). If, in connection with a specific service or job application, we ever need to collect such data, we will clearly inform you, explain the purpose, and obtain your explicit consent or rely on another lawful basis as required by applicable law.

Where MakBPO processes sensitive data — including Protected Health Information (PHI) — in the course of providing services to a client, that processing is governed by the Business Associate Agreement and/or Data Processing Agreement with the relevant client, as described in Section 1.

2.4 Cookies & Tracking Technologies

MakBPO operates makbpo.com with a minimal-tracking approach. We do not use third-party analytics tools (such as Google Analytics), advertising pixels (such as the Meta Pixel or LinkedIn Insight Tag), or marketing automation trackers on our website.

We may use a small number of strictly necessary cookies and similar technologies required for the website to function (for example, to maintain session state, remember language preferences, or protect against abuse). These technologies do not track you across other websites and are not used for advertising or profiling.

You can control or delete cookies through your browser settings at any time. Disabling strictly necessary cookies may affect basic website functionality.

03How We Use Your Information

We use the personal data we collect for the following purposes, each based on a specific lawful basis under applicable data protection law:

• To respond to your inquiries. When you contact us through the website, by email, or by phone, we use your contact details and the content of your message to reply and provide the information you requested.
  performance of pre-contractual steps at your request, and our legitimate interest in responding to inbound communications.
• To evaluate and manage job applications. When you apply for a role at MakBPO, we use your application materials to assess your suitability, communicate with you about the process, and, where successful, to onboard you.
  performance of pre-contractual steps at your request, our legitimate interest in evaluating candidates, and, where required, your consent.
• To provide and manage our services to clients. Where you are a contact person at a current or prospective client organization, we use your business contact details to deliver, administer, and improve our services.
  performance of a contract, and our legitimate interest in maintaining client relationships.
• To secure and maintain our website and systems. We use technical and log data to detect, prevent, and address security incidents, fraud, abuse, and technical issues.
  our legitimate interest in protecting our business, our users, and the integrity of our systems; legal obligation.
• To comply with legal and regulatory obligations. Including obligations under HIPAA (where applicable), tax and accounting law, employment law, and lawful requests from competent authorities.
  compliance with a legal obligation.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, and we do not engage in profiling for advertising purposes.

04How We Share Your Information

We share personal data only in the limited circumstances described below, and only with appropriate safeguards in place.

4.1 Service Providers

We engage carefully selected third-party providers to support our operations — for example, cloud hosting, email infrastructure, IT security, professional advisors, and recruitment platforms. These providers process personal data only on our documented instructions, are bound by written contracts (including, where applicable, GDPR-compliant Data Processing Agreements and HIPAA Business Associate Agreements), and are not permitted to use your data for their own purposes.

4.2 Clients (where MakBPO acts as processor)

When MakBPO performs services on behalf of a client, personal data we process in that context is shared with, and processed for, that client in accordance with our agreement with them. See Section 1 for scope.

4.3 Legal Requirements

We may disclose personal data when we believe in good faith that disclosure is necessary to:

• comply with a legal obligation, court order, or lawful request from a public authority;
• protect and defend the rights, property, or safety of MakBPO, our personnel, our clients, or the public;
• investigate or prevent suspected fraud, abuse, or security incidents;
• establish, exercise, or defend legal claims.

4.4 Business Transfers

If MakBPO is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy, where required by law.

4.5 With Your Consent

We may share personal data for purposes other than those listed above with your explicit consent.

We do not sell or rent your personal data, and we do not share it for cross-context behavioral advertising.

05International Data Transfers

MakBPO operates from offices in North Macedonia and the United States and may use service providers in other jurisdictions. Your personal data may therefore be transferred to, stored in, and processed in countries other than your own, where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been recognized as providing an adequate level of protection, we implement appropriate safeguards, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by the UK International Data Transfer Addendum where applicable;
• Transfer Impact Assessments to evaluate the level of protection in the recipient country and to identify any necessary supplementary measures;
• Technical and organizational measures such as encryption in transit and at rest, and strict access controls.

You may request a copy of the relevant safeguards by contacting us at taner@makbpo.com.

06Data Security & Retention

6.1 Security

MakBPO is ISO/IEC 27001 certified and HIPAA compliant, and we maintain a documented information security program designed to protect personal data from unauthorized access, alteration, disclosure, or destruction. Our technical and organizational measures include:

• Encryption of data in transit (TLS) and at rest where appropriate;
• Role-based access controls and the principle of least privilege;
• Multi-factor authentication for systems handling sensitive data;
• Continuous monitoring, logging, and intrusion detection;
• Regular security audits, vulnerability management, and penetration testing;
• Mandatory security and privacy training for all personnel, with confidentiality obligations;
• Documented incident response and breach notification procedures;
• Data minimization, pseudonymization, and anonymization where feasible.

While we strive to use commercially reasonable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6.2 Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations:

• Website inquiries: retained for up to 24 months from last contact, unless a business relationship is established.
• Job applications (unsuccessful candidates): retained for up to 12 months after the conclusion of the recruitment process, unless you consent to a longer retention period to be considered for future roles.
• Client and vendor business contact data: retained for the duration of the relationship and for the period thereafter required by law or by our legitimate interest in defending legal claims.
• Server logs: retained for a short period (typically up to 12 months) for security and operational purposes.
• Client-directed processing (PHI and other client data): retained and deleted in accordance with the applicable BAA or DPA.

When personal data is no longer needed, we securely delete or anonymize it in accordance with applicable law.

07Your Data Protection Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

7.1 General Rights

• Right to be informed — about how we collect and use your data (this Policy serves this purpose).
• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to have inaccurate or incomplete data corrected.
• Right to erasure — to request deletion of your personal data in certain circumstances.
• Right to restrict processing — under certain conditions.
• Right to data portability — to receive your data in a structured, commonly used, machine-readable format.
• Right to object — to processing based on our legitimate interests, and to direct marketing at any time.
• Right to withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right not to be subject to solely automated decisions with legal or similarly significant effects.

7.2 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights:

• Right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it;
• Right to delete personal information we have collected, subject to certain exceptions;
• Right to correct inaccurate personal information;
• Right to opt out of sale or sharing — MakBPO does not sell or share personal information for cross-context behavioral advertising;
• Right to limit the use of sensitive personal information;
• Right to non-discrimination for exercising your CCPA/CPRA rights.

7.3 EU, EEA, and UK Residents

You have the right to lodge a complaint with your local data protection authority. For residents of North Macedonia, the competent authority is the Agency for Personal Data Protection (Агенција за заштита на личните податоци) — azlp.mk. For UK residents, the Information Commissioner’s Office (ICO) — ico.org.uk. For EU residents, a list of national authorities is available on the European Data Protection Board website.

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at taner@makbpo.com. We will respond within the timeframes required by applicable law (typically within 30 days under GDPR and 45 days under CCPA). We may need to verify your identity before fulfilling your request. There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive.

If you are an individual whose data is processed by MakBPO on behalf of a client (for example, a patient of one of our healthcare clients), please direct your request to the client organization that engaged us; we will support that client in responding.

08Children’s Privacy

Our website and services are directed to businesses and are not intended for individuals under the age of 16. We do not knowingly collect personal data directly from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at taner@makbpo.com, and we will take appropriate steps to delete such information.

09Links to Other Websites

Our website may contain links to third-party websites that we do not operate. We are not responsible for the content, privacy policies, or practices of any third-party site. We encourage you to review the privacy policy of every site you visit.

10Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where required by law, provide additional notice (such as by email or a prominent notice on our website). We encourage you to review this Policy periodically.

11Complaints & Supervisory Authorities

If you have any concerns about how we handle your personal data, we encourage you to contact us first at taner@makbpo.com so that we can address your concerns directly.

You also have the right to lodge a complaint with the relevant data protection authority:

• North Macedonia: Agency for Personal Data Protection — azlp.mk
• EU/EEA: the data protection authority of your Member State — see the EDPB for the full list
• United Kingdom: Information Commissioner’s Office — ico.org.uk
• California: California Privacy Protection Agency — cppa.ca.gov — or the California Attorney General