Privacy Policy

Data Controller

The Data Controller (the "Data Controller") is Square Software SH.P.K. ("Square Software"), with registered office at Rruga Muhamet Gjollesha, Ndërtesa 30, 1001 Tirana, Albania (NIPT M51418039H), which can be contacted at [email protected].

Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes, for example, the IP addresses or domain names of the computers and terminals used by the Users, the URI / URL (Uniform Resource Identifier / Locator) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the User.

These data, necessary for the use of web services, are also processed for the purpose of:

• obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
• checking the correct functioning of the services offered.

The legal basis of this processing is the pursuit of the legitimate interest of the Data Controller, which is equally balanced with the legitimate interest of the Data Subjects, as the personal data processing activity is limited to what is strictly necessary for the execution of the operations and other processing indicated in this paragraph. The data will be processed until the legitimate interest of the Data Controller is exhausted, without prejudice to any need to ascertain crimes against the Site or to comply with requests from public authorities and/or supervisory bodies.

Data communicated by the User

The optional, explicit and voluntary sending of messages to the contact addresses published on the Site, the use of telephone/fax numbers, private messages sent by Users to the institutional profiles/pages of the Data Controller on social media (where this possibility is provided for), as well as the compilation and forwarding of the forms on the Site, entail the acquisition of the sender's contact data, necessary to respond to the requests of the same, as well as all personal data communicated by the Data Subject or requested as part of the compilation of any forms. The data thus acquired will be processed for the time necessary to respond to the Data Subject's request and will be deleted after 36 months at the latest.

Furthermore, where provided, the User can voluntarily provide the Data Controller with their personal data also by creating their own account. The personal data thus provided are collected and processed by the Data Controller to generate and manage the User's account. The data will be processed for the time in which the account is active and deleted following the request for deactivation of the same by the User or, automatically, in case of non-use of the account by the User for a certain period of time. The legal basis of this processing is the execution of the request of the Data Subjects.

Methods of processing

The processing of personal data takes place using IT and telematic tools and, residually, manual ones, with logic strictly related to the purposes highlighted above and, in any case, in compliance with the precautions, guarantees and necessary measures prescribed by the reference legislation, aimed at ensuring the confidentiality, integrity and availability of personal data, as well as avoiding damage, whether material or immaterial (e.g. loss of control of personal data or limitation of rights, discrimination, theft or usurpation of identity, financial loss, unauthorized decryption of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social damage).

Communication and diffusion

For the pursuit of the aforementioned purposes, the Data Controller reserves the right to communicate personal data to recipients belonging to the following categories:

• public authorities and/or supervisory bodies (e.g. judicial authorities, public security authorities, etc.);
• other companies of the group to which the Data Controller belongs, or in any case parent companies, subsidiaries or associates, also located abroad, in the context of the existing intercompany agreements for the management of the activities referred to in the aforementioned purposes;
• subjects who carry out data acquisition, processing and storage services;
• subjects that provide services for the management of the Data Controller’s information system and telecommunications networks (including chat and mailing services);
• subjects who carry out assistance activities to the Data Subject;
• professional firms or companies in the context of assistance and consultancy relationships;
• subjects who carry out communication assistance and consultancy activities;
• subjects who carry out operations of control, revision and certification of the activities carried out by the Data Controller;
• subjects who for various reasons succeed the Company in the ownership of legal relationships (e.g. transferees or potential transferees of goods, credits and/or contracts).

The subjects belonging to the categories listed above operate independently as separate data controllers, or as Data Processors appointed for this purpose by the Data Controller. The updated list of third parties to whom the data is transmitted is available by sending a request to [email protected]. The data may also be known, in relation to the performance of the assigned tasks, by the Data Controller's staff, specifically authorized by the Data Controller for processing.

Personal data, in any case, will not be disseminated and, therefore, will not be brought to the attention of indeterminate subjects, in any form, for example by making them available or consulting, without the express consent of the Data Subject, where required. However, Users who use the forums, or other channels, possibly made available by the Data Controller, to publish their contents, including their personal data, on the Site, acknowledge that the information made public can be read, collected and used by third parties who have no relationship with the Data Controller, even for sending unwanted messages. The Data Controller declares himself exempt from liability for any improper use that third parties may make of the personal data that Users choose to publish through the aforementioned channels.

Transfer of data outside Albania

The Data Controller acknowledges that, for the pursuit of the aforementioned purposes, the personal data of the Data Subjects may be disclosed to subjects located in countries outside the Republic of Albania. This transfer will take place solely if the receiving country ensures an adequate level of protection. A copy of any personal data transferred abroad, as well as the list of third countries / international organizations to which the personal data have been transferred, can be requested from the Data Controller at the email address [email protected].

Rights of the Data Subject

The Law confers on the Data Subjects the possibility to exercise specific rights. In particular, the Data Subject can obtain: a) confirmation of the existence of personal data processing concerning him and, in this case, access to such data; b) the correction of inaccurate personal data and the integration of incomplete personal data; c) the cancellation of personal data concerning him, in cases where this is permitted by the Law; d) the limitation of processing, in the cases provided for by the Law; e) the communication, to the recipients to whom the personal data have been transmitted, of requests for rectification / cancellation of personal data and for the limitation of processing received from the Data Subject, unless this proves impossible or involves a disproportionate effort.

The Data Subject also has the right to object at any time, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection, except in the case in which the Data Controller demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

The Data Subject also has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way, unless this decision: a) is necessary for the conclusion or execution of a contract between the Data Subject and the Data Controller; b) is authorized by the Law; c) is based on the explicit consent of the Data Subject.

The Data Subject may submit requests to the address [email protected] indicating in the subject "Privacy - exercise of privacy rights", detailing which right he/she intends to exercise and providing the Data Controller with the information needed to identify him. The Data Subject also has the right to lodge a complaint with the Commissioner for the Right to Information and Protection of Personal Data.

Nature of the provision

Except for what is specified on navigation data — the failure to provide which makes it impossible for the Data Controller to follow up on the interaction with the Site by the Data Subject and, for the Data Subject, to use the Site and all its features — the User is free to provide their personal data to use the features and services made available on the Site. The only consequence deriving from the failure to provide such data will be the impossibility for the Data Controller to provide the related services, without this entailing any injurious consequence.

Update of this page

The Data Controller reserves the right to periodically update the content of this page. The Data Subject is therefore invited to periodically consult the information contained herein so as to stay updated with respect to any changes that have occurred since the last consultation.