For the purpose of the Data Protection Act 2018 (the Act) and the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), Xplore Albania is the data controller of your personal information and is entered in the Information Commissioner’s Office (ICO) Register of Data Controllers with registration number Z249705X.
This policy explains how we may collect and process personal data about:
- clients and prospective clients;
- visitors to our website and subscribers to our online services;
- job and work experience applicants and current employees; and
- any other individual whose personal data we may hold.
- Depending on our relationship with you this policy may be supplemented with additional information, policies or guidelines relating to our use of your personal data, for example in our application forms, Terms and Conditions, and employment documentation including our staff manual (for job applicants and employees).
What personal information do we collect and why do we collect it?
We may collect and process personal information about you including information:
- that you provide by filling in forms on our website, posting material, requesting further services or reporting a problem with our website;
- that you provide when you use our professional services as a client;
- received in correspondence that you send to us;
- provided to us as part of a job or student placement application you make;
- received during certain calls to and from us (see under ‘Call Recording’ below); and
- concerning your visits to our website (including but not limited to traffic data) and the resources that you access.
We may also collect information about you in other ways, for example:
- if you are a customer of one of our clients, and we are undertaking our services on our client’s behalf;
- if you have any other dealings with one or more of our clients which are related to our services which we are providing to our client or on our client’s behalf;
- indirectly, through one of our people, a client or a third party;
- if you are a supplier of ours, from that supplier relationship; and
- from publicly available sources, for example the electoral roll or Companies House.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes your name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes addresses, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about our services that you have used with us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Profile Data includes your username and password, orders made by you, your interests, and preferences.
- Usage Data includes information about how you use our website and how you use our services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Special Categories of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
The way we process your personal data we collect as set out above varies depending on our relationship with you. In each case the purposes for which we request the information will be clear from the context in which it is acquired. These include:
- providing our services to you or an entity for which you work;
- verifying your identity;
- keeping a record of the services you have subscribed to and deliver services you may have requested;
- administration, billing and record-keeping purposes;
- communicating with you by telephone, email, fax or post;
- meeting our legal, regulatory and contractual obligations arising from our relationship with you;
- providing and improving customer service and support;
- administering our website, enhancing operational capabilities and for internal operations;
- verifying or enforcing compliance with this policy and applicable laws; and
- to inform you of developments that may affect you or to inform you of products, services or events.
Disclosure of your personal data
We will only disclose your personal information to another person or organisation where we:
- need to share the information to provide a product or service you have requested;
- need to send the information to persons or organisations who engage our services on their behalf, including where you are that third party’s customer;
- need to send the information to persons or organisations that work on our behalf to provide a product or service to you. Where such a person or organisation does work on our behalf we will ensure that they are contractually required to take appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing and against accidental loss or destruction of, or damage to, personal information and only use the information in order to provide a product or service on our behalf; and
- are required to disclose the information in order to comply with the law or the requirements of a regulatory authority.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our legal basis for using your personal data
Our use of your personal data as outlined above is subject to different legal bases for processing, including where necessary for:
- the purposes of the performance of any contract we enter into with you or to take steps at your request prior to entering into a contract with you;
- our legitimate interests, for example in providing our services to an entity you work for, managing and monitoring our website operation, preventing fraud and for our business compliance purposes; and
- compliance with our legal and regulatory responsibilities.
If you do not agree to provide your personal data to us we may not be able to provide you with our services or process your application for employment. Where our use of your data is not necessary for one of the purposes outlined above we may use it in a particular way with your consent. Where we ask for your consent you are free to refuse our use of your personal data for those purposes and you may withdraw your consent at any time by contacting us using the details set out below. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
To maintain customer service standards and to assist staff training, we may record and monitor incoming calls.
Storage and transfer of your personal data
The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers or in circumstances where you have requested us to provide a product or service with international considerations and/or parties related to your request are located overseas. Before we transfer your personal data outside the EEA we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your personal data, as required by the Act and Chapter V of the GDPR. Please contact us if you wish to obtain more information regarding relevant safeguards. By submitting your personal information you agree to this transfer, storing or processing outside the EEA.
Retention of your personal data
We will retain your personal information for a minimum of six years and so long as is reasonably necessary for the purpose for which it was obtained and in accordance with our legal obligations and follow our data destruction policy and processes thereafter. Your personal data may be retained by use for more than six years for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Links to other websites
This policy only extends to our website, which is owned and operated by Xplore Albania and does not, therefore, extend to your use of, provision of information to and collection of information on any website not connected to Xplore Albania to which you may link by using the hypertext links within our website.
Your personal information is protected under data protection law and you have a number of rights (see below) which you can seek to exercise. Please contact us in writing, by email or telephone using the details shown under ‘Contact’ below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.
Right of access – subject to certain exceptions, you have the right of access to your personal data that we hold (commonly known as a “data subject access request”).
Right to rectify your personal information – if you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
Right to be forgotten – you may ask us to delete information we hold about you in certain circumstances. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
Right to restriction of processing – in some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
Right to object to processing – you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to data portability – you have the right to receive, move, copy or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.
Right to withdraw consent – you have the right to withdraw your consent where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to collect aggregate information for us to use. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
What are cookies and why do we use them?
Cookies are small text files that are created and stored on your browser or the hard drive of your computer by websites that you visit to enable the website to operate properly to ‘remember’ who you are and to monitor website traffic. Cookies are generally only visible to the website that serves them and not to other websites.
Cookies are used on our website to ‘remember’ information so that it can be passed from page to page and to collect website statistics. This statistical data collected may be used to help improve our website and the services that we offer to you. Some of our cookies will also recognise you as a previous visitor the next time you visit our website to improve your experience.
How to manage cookies
Most internet browsers accept cookies automatically however, you can accept, delete or disable cookies if you wish; the process for which can usually be found in your internet browser’s ‘Help’ menu.
For more information about cookies and instructions on how to adjust your browsers settings to accept, delete or reject cookies, see the IAB website here: http://www.youronlinechoices.com/
Xplore Albania takes great care to ensure the security of our website and your personal information. Only authorised personnel and contractors have access to your information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We will keep your information secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing, accidental loss, destruction and damage.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information we cannot guarantee the security of your personal information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to this Policy
We may change this policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we have made, as they are binding on you. If we make any substantial changes in the way we use your personal information we will notify you by posting a prominent notice on our website.
If you have any questions about how we treat your personal data and protect your privacy, or if you have any comments or wish to seek to exercise any of your rights as outlined above, to opt-out of receiving marketing communications from us or to complain about our use of your personal data, please write to Data Officer, XploreAlbania, Rruga Barrikadave, Galeria 17 Nentori, Kati 2, Tirane, 1016, Albania, by email at email@example.com.
This website, www.xplorealbania.al (our website) is provided by Xplore Albania, a limited liability company registered in Albania.
All rights reserved. Design and content © Xplore Albania 2018.