Privacy Policy

Privacy policies

This document is intended to inform the subjects of personal data on the method of collection, processing, dissemination, protection of privacy and security measures, for the data processed by our website, processes which are carried out in full accordance with determinations of the legal and sub-legal framework for the protection of personal data.

Legal basis:

• The Constitution of the Republic of Albania.
• Law No. 9887 dated 10.03.2008 “On the protection of personal data”, amended.
• Law No. 9918 dated 19.05.2008 “On electronic and postal communications” as well as other supplementary bylaws.
• Instruction no. 47 dated 14.09.2018 of the commissioner “On determining the rules for maintaining the security of personal data processed by large processing entities.
• Recommendation of the commissioner for the right to information and protection of personal data, no. 2, dated 11.05.2020 “On the publication of ‘privacy policies’ on official websites by state administration institutions”.
• Regulation “On the protection, processing, storage and security of personal data, approved by order of the Minister of Defense, no. 1369, dated 25.08.2015.
• The instruction “Policies for the security of communication systems and information technology”, approved by order of the Minister of Defense, no. 770, dated 12.05.2015.

The Ministry of Defense and the Armed Forces, as part of the state administration, are major processors of personal data, in the sense of Law No. 9887 dated 10.03.2008 “On the protection of personal data”, as amended.

They are obliged to comply with all the above legal provisions in collecting and processing personal data while respecting and guaranteeing basic human rights and freedoms and, in particular, the right to privacy.

Processing of personal data

Protection of personal data

Xpert System collects and processes personal data, fairly, according to the requirements of Law No. 9887 dated 10.03.2008, “On the protection of personal data”, amended, focusing on:

Collection and processing of personal data, for specific purposes, clearly defined by law.

Protection of the vital interest of the data subject during data collection and processing, not exceeding the purpose of processing.

Fulfilling the legal obligation of Xpert Systemt in the accuracy of the data, updating, deleting and correcting incorrect data, in relation to the purpose of their collection or processing.

Pursuing the legitimate interests of Xpert Systemt or of a third party to whom the data has been disclosed, except when these interests violate the privacy of the subject of personal data.

Keeping and storing the subjects’ data for as long as they are valid for the purpose for which they were collected or further processed.

The processing of personal data is done:

– to protect the vital interests of the data subject;

– for the fulfillment of a legal obligation of Xpert Systemt;

– for the protection of vital interests of the data subject;

– for the performance of a legal duty of public interest or the exercise of a competence of Xpert Systemt or of a third party, to which the data has been disseminated;

– for the fulfillment of a contract, for which the subject of personal data is a contracting party, or for changes to a contract with the proposal of the subject of data.

Categories of personal data

The personal data collected and processed by Xpert Systemt are sensitive data and shared data. For sensitive data, there is a special obligation for Xpert System to obtain the written consent of the subject of personal data.

Data transfer

The controlling entity carries out international transfer of personal data, with the consent of the subjects of personal data in countries with a sufficient level of protection of personal data, based on the provisions of Article 8 and 9 of Law no. 9887/2008 and by-laws issued in its implementation.

With the consent of the subjects of personal data, data is transferred to countries that do not provide a sufficient level of protection of personal data, but that is authorized by international acts, ratified by the Republic of Croatia and that are directly applicable as well as agreements of cooperation, connected by the Ministry of Defense, provided that these data are handled and stored, in accordance with the legislation for the protection of personal data.

Rights of the data subject

The subject of personal data has the right to be familiar at any time with his personal data collected and processed by Xpert System.

The subject of personal data is informed by Xpert System about the categories of personal data being processed, the purpose, the way and any other information to ensure fair processing.

Right to access and information

The subject of personal data has the right to request access to his data, when he is informed that his data is being processed;

– request the blocking, correction or deletion of data, upon request, free of charge, when it becomes known that the data about him are not regular, true, complete or have been collected and processed in violation of the provisions of the law;

– to be informed by Xpert System within 30 days, whether or not the blocking, correction or deletion has been carried out, giving the relevant explanations;

– to oppose, at any time, based on the law, the processing of data about him, according to the letters “d” and “dh” of article 6, of law no. 9887/2008, except when changes are foreseen by law;

– to complain in case he claims that his rights, freedoms and legal interests for personal data have been violated, or to notify the commissioner for the protection of personal data and request his intervention.

Security of personal data

The controlling entity is aware of the importance and sensitivity of personal data, with dedicated staff, trained in the knowledge of the legal framework and certified for this purpose.

Subjects’ personal data are processed manually and electronically, in full compliance with the measures of physical information security and electronic security from spy files, defined in separate regulations and instructions.

At the time of application, applicants are informed of the period of storage of personal data.

Personal data of applicants who are not declared winners are stored until the end of the specified period, then destroyed (destroyed) and deleted from the system.

Any person acting under the authority of Xpert Systemt, processing personal data, signs a co-confidentiality statement, by which he undertakes to comply with the requirements of the law and this policy for the preservation of privacy, and the security of personal data during the exercise of the task and after its completion.

Others

The controlling entity identifies the addresses and contact numbers of the data subjects, for certain purposes or for any complaints on their part.

The controlling entity allows the subject of personal data the right to refuse the given consent in writing, at any time.

The controlling entity requires the approval (consent) from the subject of the personal data that the latter has received and consents to the processing of the data according to the provisions in the privacy policy.

The controlling entity maintains the privacy of personal data, updating the privacy policy from time to time, notifying the data subjects of the changes made.