NOTICE ON PRESERVATION OF PRIVACY
HOW WE USE IT IN YOUR INFORMATION
PERSONS FILING A COMPLAINT TO KDIMDP
PERSONS WHO USE KDIMDP SERVICES
VISITORS ON OUR WEBSITE
ENTITIES WHO “NOTIFY” ACCORDING TO THE LAW ON PERSONAL DATA PROTECTION
JOB APPLICANTS, CURRENT EMPLOYEES AND FORMER COMMISSIONER AUTHORITY EMPLOYEES
ACCESS TO PERSONAL DATA
DISSEMINATION OF PERSONAL DATA
LINKS TO OTHER PAGES
CHANGES TO THIS NOTICE ON PERSONAL DATA PROTECTION
COMPLAINTS OR QUESTIONS
HOW TO CONTACT US
INFORMATION SECURITY POLICY
HOW WE USE IT IN YOUR INFORMATION
This privacy notice tells you what to expect when the Authority for Information and Personal Data Protection Commissioner (hereinafter KDIMDP) collects your personal information. This applies to information collected in relation to:
Complainants who file complaints regarding their allegations of breach of personal data during processing by controllers.
Other individuals who submit various requests for information, consulting, etc.
Visitors to our site.
Controllers notifying under the Personal Data Protection Act.
Employment candidates and our current employees as well as former employees.
PERSONS FILING A COMPLAINT TO KDIMDP
When a complaint is filed by a person, it is recorded in a special register by a relevant employee who has previously signed the statement of confidentiality and is familiar with the content of the code of ethics of the institution approved by the Commissioner and the regulation on the right of information, this act approved by the Commissioner.
We use the personal data we collect only for the grievance review process and to check the level of services we provide. We compile and publish statistics showing information such as the number of complaints we receive, but not in a form that identifies any of them.
We old personal data contained in grievance files in accordance with the law and our personal data protection policy. They are kept in a safe environment and access to it is limited based on the “need to know and know” principle.
When giving recommendations or imposing sanctions on the controller we may publish the identity of the latter in the annual report or in periodic press releases. KDIMDP in no case makes such an identification before it is made public.
PERSONS WHO USE KDIMDP SERVICES
The Commissioner for the Right to Information and Personal Data Protection provides various services to the public. For example, KDIMDP sends various articles to be published in the print media in order to raise awareness of data subjects. In this case we use a third party which deals with the respective publication being allowed to use only the information provided by us for publication.
We use the details of the data provided and maintain it in order to provide service to the subject even in cases requested by the latter for other purposes closely related to it. For example, when we respond to a person who has previously requested information on completing a degree, we may use his or her data to test whether the person or persons are satisfied with the level of service they received. When persons register to receive services from KDIMDP, they can revoke their registration at any time and to achieve this, it is offered a fairly easy way.
VISITORS ON OUR WEBSITE
The Authority of the Commissioner for the Right to Information and Personal Data Protection has the official website of the institution www.harryfultz.edu.al. Through the official website, the Authority of the Commissioner transmits and collects information. The purpose of transmitting and collecting information via the Internet is to be as close as possible to the controller and the data subject. Through the official website, the Commissioner comes to the aid of the controllers by introducing them to the law and by presenting their obligations and responsibilities regarding the processing of personal data that they perform as well as acquainting personal data subjects with their rights. The Authority of the Commissioner for the Right to Information and Personal Data Protection also assists the subjects of personal data by publishing on the official website various information related to the legislation, sensitizing information regarding the storage of personal data in daily life, use of electronic means of communication, etc.
For the visitors of www.harryfultz.edu.al the system collects standard information which is related to the clicks of articles or sections on this page. This information is collected for statistical and study purposes (to show the access of visitors, to see which are the most sensitive sections and consequently the interest of personal data subjects, always without making them identifiable).
We collect this information in such a way that we do not identify any visitors. We make no attempt to find out the identity of the visitors who have visited our website.
The Commissioner’s authority does not use (and does not allow any third party) statistical analytical tools to track or collect personal information that makes visitors to our official website identifiabl. We do not link any data collected from this site to any personal data that makes the visitor identifiable from any source that comes as part of our use.
The search engine on our website is designed to be as powerful and easy to use as Google search. The search is made possible by a piece of hardware (a ‘search’ application) supplied by Google which is locked to our server and constantly indexes the content on our site. All search requests are handled by the app and the information is not passed on to any third party, including Google.
If we would like to collect personally identifiable information through our website, we will make it clear to you when we collect personal information and explain what we intend to do with it.
ENTITIES WHO “NOTIFY” ACCORDING TO THE LAW ON PERSONAL DATA PROTECTION
The Law on Personal Data Protection requires auditors, whether public or private, to report to KDIMDP some specific information according to a standard approved by the Commissioner’s Authority. This information may contain personal data of persons who are in charge of the controllers for the fulfillment of this obligation, in order to authenticate the veracity of the declaration and to maintain contacts in order to exhaust the legal competencies that the Authority of the Commissioner has. When companies complete their notification forms, they are required to provide the contact details of a key staff member. The Commissioner’s authority will use this for its own purposes, for example when we have a question about a notice but do not make this information public.
This data, processed automatically (due to the computer notification-registration system) and manually (due to the legal requirements of administrative procedures), is limited to the access of a well-defined number of specialists, as well as the protection of confidentiality over this data is guaranteed by law.
The information obtained from the notification procedures is then made public, as a legal requirement, on the pages of the Register of Controlling Entities, but there is no personal data in the content of these pages. The only personal data that may appear on the pages of this register are the names of entities that are legally registered as natural persons and that must legally be made public if they process personal data.
However, in these cases, since the register is available to the public, the Authority of the Commissioner cannot provide any guarantee for the data contained in it, if used by those who have access to it. Also, when we request information as part of the notification process, we have made clear the fact that the provision of information is required by law and when it is voluntary.
JOB APPLICANTS, CURRENT EMPLOYEES AND FORMER COMMISSIONER AUTHORITY EMPLOYEES
When individuals apply for employment with the Commissioner’s Authority, we use information about their application process and to monitor recruitment statistics. When we want to disseminate data to a third party, for example, when we want to get a reference, or get some data from other relevant institutions (e.g., Judicial Status Authority), we do not do this, without informing the subjects in advance, only if this information is required by law.
Personal data regarding unsuccessful applicants is kept for 12 months after the recruitment competition is completed, and then destroyed or deleted. We hold non-personalized information for statistical purposes about applicants, to assist in our recruitment activities, but no applicant is identifiable from this data.
When an employee is no longer in working relationship with the Authority of the Commissioner, for him we prepare a file regarding the period during which he has been employed. The data contained in it is kept secure and usable