PRIVACY POLICY

Last updated: 23.02.2026

  1. Introduction

ITD sh.p.k. attaches particular importance to the protection of personal data and to their processing in a responsible and transparent manner, in compliance with the applicable legislation in the Republic of Albania, including Law no. 124/2024 “On the Protection of Personal Data”.

In the course of its activities and through the operation of its website, the Company may process personal data in a limited manner and only to the extent proportionate to the purposes for which such data are collected. Through this Privacy Policy, we aim to provide clear information on how personal data are processed, for which purposes, and what rights individuals have in relation to them.

We are committed to ensuring that any processing of personal data is carried out on a valid legal basis and in accordance with the principles of lawfulness, transparency, data minimisation, and security.

  1. Scope of application

This Privacy Policy applies to the processing of personal data carried out in connection with the use of the ITD sh.p.k. website, as well as to communications conducted through it, including contact requests, cooperation inquiries, or job applications, and to the technical and analytical processing necessary for the operation and security of the website.

This Policy does not govern or replace the Company’s internal policies and procedures relating to other personal data processing activities outside the context of the website, including processing related to employment relationships, contractual relationships, or other legal obligations.

  1. Identity of the Data Controller

The Data Controller of the personal data processed under this Privacy Policy is:

ITD sh.p.k.

NIPT: J61820049L

Registered office: Gjergji Center, Rruga Murat Toptani, Tirana 1001, Albania

ITD sh.p.k. determines the purposes and means of processing personal data in relation to the use of the website and the communications carried out through it.

For any matters related to the processing of personal data or the exercise of your rights, you may contact us at: dpo@itd-al.com.

  1. Data Protection Officer (DPO)

ITD sh.p.k. has appointed a Data Protection Officer (DPO), who acts independently and oversees compliance of personal data processing activities with the applicable data protection legislation.

The DPO is the main contact point for individuals and for the supervisory authority regarding any issues related to the processing of personal data.

DPO contact: dpo@itd-al.com

  1. Personal data we process

Within the operation of the website and the communications conducted through it, ITD sh.p.k. processes only those personal data that are necessary and proportionate to the purposes for which they are collected.

Communication and cooperation requests

When a website visitor contacts us via the contact form, the official email address, or other communication channels published on the website, we process the data that the individual voluntarily provides, such as: NIPT; name of the entity; entity email address; entity phone number; and the content of the message.

These data are used exclusively to review and manage the request, to communicate with the relevant entity, and, where applicable, to assess the possibility of establishing a cooperation relationship. Processing in this case is based on the Company’s legitimate interest in developing professional relationships and on taking steps prior to entering into an agreement.

Job applications

If you apply for a job position through the dedicated form on our website, you will be asked to provide identification and contact details and to upload supporting documentation (e.g. a CV or other professional documents).

The information submitted through the form is transmitted to the dedicated recruitment email address and is processed within the scope of the selection process, in accordance with this Privacy Policy and the Recruitment Privacy Policy.

The processing of these data is carried out for the purpose of the selection process and for taking steps prior to entering into an employment contract.

Before submitting the application, the applicant confirms that they have read this Privacy Policy and have been informed about the processing of personal data. This confirmation is informative in nature and does not constitute a waiver of any rights provided by law.

We recommend that applicants do not include special categories of personal data, unless this is necessary or required by applicable legislation.

Technical data related to website use

During navigation on our website, certain technical data are automatically processed, including the IP address, device type, operating system, browser, date and time of access, technical logs necessary for system operation, security and diagnostics, and information about visited pages.

These data are necessary for the technical operation of the website, its administration, and ensuring system security. They are not used for profiling, automated decision-making, or marketing purposes.

Some technical usage data may be collected and processed through scripts and technical services of third parties integrated into the website for functional, security, performance, and statistical analysis purposes (e.g. analytics services, content delivery services, or technical resources for the website interface). These services process only the technical data necessary for their operation and do not have access to the content of communications or other personal data provided by users through website forms. Such processing is carried out only on the basis of user consent, where required by applicable legislation.

“Newsletter” section

The ITD sh.p.k. website contains a section titled “Newsletter” for informational purposes only. This section does not include any form, subscription functionality, or registration mechanism; therefore, no email addresses or other personal data are collected or processed. No electronic communications are sent, and no profiling or marketing activities are carried out.

  1. Recipients and data processors

ITD sh.p.k. acts as the Data Controller for the personal data processed through the website.

In the context of job applications, the data submitted through the dedicated form are transmitted directly to an external entity contracted by the Company, which provides human resources management services, including recruitment. This entity acts as a data processor and processes the information solely on the basis of a contractual agreement and in accordance with the Company’s instructions, in compliance with data protection legislation.

At this stage of the recruitment process, applicant data are not accessed by other persons within the Company, unless this becomes necessary in subsequent stages of the selection process.

For technical maintenance and website hosting purposes, ITD sh.p.k. uses hosting services provided by contracted service providers acting as data processors. These providers operate solely in accordance with the Company’s instructions and are required to comply with confidentiality obligations and applicable data protection legislation.

Personal data are processed only for the purposes set out in this Policy and are not disclosed to third parties for marketing purposes or for other uses incompatible with the original purpose of processing.

Personal data may be disclosed to public authorities only where required by applicable legislation or in fulfilment of a legal obligation.

  1. International data transfers

Personal data processed in connection with the use of the website and communications conducted through it are processed and stored within the territory of the Republic of Albania and the European Union.

For hosting and technical maintenance purposes, ITD sh.p.k. uses hosting services provided by a contracted service provider in the Republic of Albania, which, in the provision of the service, uses server infrastructure located in EU Member States.

In certain cases, due to the use of third-party analytical or technical services, some technical data may be processed by entities located outside the territory of the Republic of Albania. Such processing is carried out on the basis of adequacy decisions, or standard contractual clauses, and additional technical and organisational measures, in accordance with the applicable data protection legal framework.

  1. Retention of personal data

ITD sh.p.k. retains personal data only for the period necessary and proportionate to the purposes for which they were collected, in accordance with the storage limitation principle provided by applicable legislation.

Data submitted through the contact form or in the context of cooperation requests are retained for up to 12 months from the last communication, unless a contractual relationship arises from the communication, in which case retention is governed by the relevant legal and contractual obligations.

With regard to job applications, personal data retention periods are regulated in detail by the Recruitment Privacy Policy, which is made available to and accepted by the applicant prior to submission of the application.

Technical data related to website use include, among others, the IP address, browser type, operating system, device used, pages visited, date and time of access, referrer URL, and technical error logs. These data are retained for limited periods, in accordance with the purposes for which they are processed. In particular, statistical data processed through analytics services are retained for up to 14 months, in accordance with the relevant retention configurations, while server technical logs are generally retained for up to 60 days and are automatically deleted by the hosting system.

After the relevant retention period expires, data are securely deleted or anonymised, unless further retention is required by law or is necessary for the protection of the Company’s legal rights.

  1. Security of personal data

ITD sh.p.k. implements appropriate organisational and technical measures to protect personal data against unauthorised access, loss, alteration, disclosure, or unlawful use.

Security measures are applied in accordance with the nature of the processed data and the level of risk associated with the processing. Access to data is restricted to authorised persons only and to the extent necessary for the performance of their duties.

Where external data processors are involved, ITD sh.p.k. ensures that such entities implement appropriate security and confidentiality standards in accordance with legal requirements and relevant contractual agreements.

While no method of transmission over the internet or electronic storage can guarantee absolute security, ITD sh.p.k. continuously applies and reviews its security measures to ensure an appropriate level of protection.

  1. Cookies and website functionality

The ITD sh.p.k. website uses cookies to ensure its proper functioning, to improve technical performance, and to collect anonymous statistics on website usage, in accordance with applicable legislation.

Cookies are small text files stored on the user’s device during website navigation.

The following categories of cookies are used:

  1. Strictly Necessary Cookies

These cookies are necessary for the technical operation of the website, session management, and security. They are placed automatically and do not require user consent.

  1. Performance and analytics cookies

The website uses third-party analytics services, including Google Analytics, to collect anonymous statistical information about website usage, such as the number of visitors, pages visited, time spent on the site, and traffic sources.

These cookies are placed and used only after the user has provided consent, through the cookie notice mechanism displayed upon initial access to the website. In this context, the IP address is anonymised, and the processed data are not used to identify individual users, for profiling, or for marketing purposes.

  1. Functional cookies

In limited cases, the website may use functional cookies to optimise the loading of interface elements, without storing users’ personal preferences.

Users have the right to give, refuse, or withdraw their consent for non-essential cookies at any time, through the cookie management mechanism or their browser settings. Disabling certain cookies may affect the functionality of some website elements.

  1. Your rights

In accordance with applicable personal data protection legislation, any individual whose personal data are processed by ITD sh.p.k. has the right to:

  • be informed whether or not personal data relating to them are being processed and to receive clear information about the nature of such processing;
  • access their personal data and obtain a copy thereof;
  • request the rectification of inaccurate personal data or the completion of incomplete data;
  • request the erasure of personal data (“right to be forgotten”), where the legal conditions are met;
  • request the restriction of processing, in the cases provided by law;
  • object to the processing of personal data where such processing is based on the Company’s legitimate interest, on grounds relating to their particular situation;
  • withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal;
  • request data portability, including receiving personal data in a structured, commonly used, and machine-readable format, and, where applicable, transmitting them to another controller.

Requests for the exercise of these rights may be sent to: dpo@itd-al.com. ITD sh.p.k. reviews each request in accordance with the deadlines and conditions provided by applicable legislation and may request verification of the requester’s identity in order to protect personal data from unauthorised access.

If you believe that the processing of your personal data is not in compliance with legal requirements, you have the right to lodge a complaint with the competent supervisory authority, the Commissioner for the Right to Information and Protection of Personal Data.

  1. Children / minors

The website is not intended for use by minors, and we do not knowingly collect personal data from individuals below the age defined by Albanian data protection legislation. If such processing is identified, we will take measures to immediately delete the data.

  1. Third-party links

The ITD sh.p.k. website may contain links to other websites or external resources operated by third parties.

These websites are not administered or controlled by ITD sh.p.k. Accordingly, we bear no responsibility for their content, privacy practices, or methods of personal data processing.

We recommend that users review the privacy policies of any third-party websites they visit through links published on our website.

  1. Policy updates

ITD sh.p.k. may update this Privacy Policy to reflect legal, technological, or organisational changes. The updated version is published on this website and enters into force upon publication. We recommend periodic review of this Policy to remain informed.

  1. Contact

For any questions regarding this Privacy Policy or for the exercise of your rights, you may contact us at:

Email: dpo@itd-al.com

Address: Gjergji Center, Rruga Murat Toptani, Tirana 1001, Albania