Privacy Policy

ATIS SHPK, a company established and operating in accordance with the legislation of the Republic of Albania, registered in the Commercial Register at the National Business Center with NUIS L31601024Q, with its registered office at “Bulevardi Zogu I, Tirana Business Center, 12th Floor, Tirana, Albania” (hereinafter referred to as “ATIS”), attaches particular importance to the protection of personal data and the preservation of its confidentiality.This Privacy Policy (hereinafter the “Policy”) is intended to inform you about the manner in which ATIS collects, uses, stores, and shares personal data, in accordance with Article 13 of Law No. 124/2024 “On the Protection of Personal Data.” The Policy applies whenever you use our official website and/or the services offered by ATIS.

Please read this Policy carefully before using our website or providing us with personal data. By using our website and/or our services, you agree that your data will be processed in accordance with this Policy. If you do not agree with its terms, please do not use our services.

I. PRINCIPLES ON WHICH THIS POLICY IS BASED

ATIS processes personal data in compliance with the principles of lawfulness, fairness, and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. These principles aim to ensure that every processing activity is carried out fairly, necessarily, and securely, while respecting the fundamental rights and freedoms of data subjects.

II. DATA WE MAY COLLECT

ATIS may collect personal data when it is provided directly by you, when it is collected automatically during the use of the website or services, and when it is obtained from lawful third-party sources. Depending on the case, such data may include first name, last name, email address, phone number, IP address, location, and other similar identifying or technical data.

2.1 Data provided directly by you
We collect data that you voluntarily make available to us, for example when you contact us, express interest in our services, or communicate with us through the website or other official channels. This data may include your first name, last name, email address, phone number, and other contact information.

2.2 Data collected automatically
During the use of the website or our services, ATIS may automatically collect technical data such as IP address, device type, browser used, operating system, data regarding the way you navigate the website, and other information necessary for its administration, security, and improvement.

ATIS may also use cookies and similar technologies to improve the user experience, better understand how the website is used, and optimize the services offered.

2.3 Data obtained from third parties
In cases permitted by law, ATIS may also receive data from third parties, including partners, service providers, or other lawful sources, where this is necessary for the provision of services, the fulfillment of legal obligations, or the conduct of its business activities.

III. PURPOSES OF DATA PROCESSING

ATIS processes personal data for lawful and clearly defined purposes, including managing relationships with users and clients, providing and improving services, communicating with you, ensuring system security, and fulfilling legal or contractual obligations.

Data processing is carried out only where there is a valid legal basis, such as the consent of the data subject, the necessity for the performance of a contract, compliance with a legal obligation, protection of vital interests, the performance of a task carried out in the public interest, or the legitimate interest of ATIS, where such interest does not override the rights and freedoms of the data subject.

IV. CASES IN WHICH DATA MAY BE SHARED

ATIS may share personal data with trusted service providers, partners involved in its activities, organizations within the network to which it belongs, as well as with public authorities or other entities where this is required by law or necessary for the provision of services, the management of contractual relationships, or the conduct of its business activities.

In all cases, such sharing is carried out only to the extent necessary and in accordance with the requirements of personal data protection legislation.

V. RIGHTS OF THE DATA SUBJECT

In accordance with the applicable legislation, you have the right to request information regarding the processing of your personal data, access such data, request its correction or deletion, restriction of processing, object to processing in the cases provided by law, as well as exercise any other right granted to you under Law No. 124/2024.

Requests to exercise these rights may be submitted by the data subject personally or by their authorized representative. ATIS reviews such requests and responds within the time limits provided by the legislation in force.

VI. INTERNATIONAL TRANSFER OF DATA

As part of its activities, ATIS may transfer personal data to service providers, partners, or affiliated organizations located outside the country of residence of the data subject. Such transfers are carried out only in accordance with the applicable legislation and with the necessary protective measures.

In the event of an international transfer, all processing is carried out in accordance with the provisions of Law No. 124/2024 and the relevant secondary legislation. The rights of the data subject remain guaranteed in such cases as well, and the relevant coordination is carried out by ATIS’s Personal Data Protection Officer.

VII. DATA SECURITY MEASURES

ATIS has adopted organizational, technical, and physical measures to protect personal data from loss, damage, unauthorized access, unlawful disclosure, or any other form of inappropriate processing. These measures vary depending on the nature and sensitivity of the data being processed.

Security measures include, among other things, restricting access only to authorized persons, monitoring and physically protecting the premises, using passwords and identification tools, documenting changes made to the data, and requiring persons who process data to maintain confidentiality and comply with security rules during their work.

As part of these measures, ATIS has appointed a Personal Data Protection Officer in accordance with the requirements of Law No. 124/2024. In the event of incidents affecting personal data, ATIS notifies the competent authority within 72 hours from becoming aware of the breach.

VIII. CHILDREN’S DATA

The ATIS website and services are intended for adult users. If ATIS becomes aware that it has collected personal data from children under the age of 16, the necessary measures will be taken to delete such data as soon as possible.

IX. CHANGES TO THIS POLICY

This Policy may be updated from time to time in accordance with the development of ATIS’s activities and the needs for legal and organizational compliance. Any changes will be published on the official website and/or attached to the relevant documentation where necessary.

X. CONTACT

For any questions regarding this Privacy Policy or ATIS’s practices concerning the protection of personal data, you may contact us at: dpo@atisgroup.co