Privacy and Data Protection Policy

Privacy and Data Protection Policy

1. Purpose and Scope

This Privacy and Data Protection Policy (“Policy”) sets out the principles and procedures by which Roma Versitas Albania (RVA) collects, processes, stores, and protects personal data in accordance with the GDPR (EU 2016/679) and Albanian legislation. It applies to all personal data processed by RVA in connection with its projects, programs, communications, and operations, including data of beneficiaries, applicants, employees, contractors, partners, and website users.

2. Data Controller

Roma Versitas Albania (RVA)
Rruga Princ Vidi Nd.7, H1, K.2, Tirane 1029, Albania
Email: [email protected]

RVA determines the purposes and means of processing personal data and ensures that such processing is lawful, fair, and transparent.

3. Principles of Data Processing

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

4. Categories of Personal Data Processed

  • Identification and contact details (name, address, email, phone)
  • Professional, educational, or employment information (CVs, qualifications, references)
  • Participation data in programs, projects, or events
  • Financial information, when required for contracts or payments
  • Technical data from website usage (IP address, browser, cookies)

5. Legal Basis for Processing

Data is processed based on consent, contractual necessity, legal obligation, vital interests, or legitimate interests pursued by RVA or a third party, provided rights and freedoms of the data subject are respected.

6. Data Retention

Data is kept only for as long as necessary to fulfill its purposes or as required by agreements or law, after which it is securely deleted, anonymized, or archived.

7. Data Sharing and Transfers

RVA may share data with donors, partners, service providers, or authorities, strictly under legal, contractual, or auditing requirements. Data will not be transferred outside the EEA without proper safeguards.

8. Data Security

RVA ensures secure processing through controlled access, encryption, staff training, and secure disposal of records.

9. Rights of Data Subjects

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent

Requests to exercise rights: [email protected]

10. Cookies and Website Analytics

The website uses cookies and analytics tools to collect anonymous information about user interactions. Users may configure browser settings to accept, reject, or delete cookies.

11. Updates to This Policy

RVA may modify this Policy to reflect legal or operational changes. The latest version is always published on the official website.

12. Contact and Complaints

Questions or complaints: [email protected]
If your data protection rights are violated, you may lodge a complaint with the Commissioner for the Right to Information and Protection of Personal Data in Albania.