The logo consists of a blue lettering of the brand name VERBUND.
  • About VERBUND
  • Projects

    Projects

    • Spille

      Albania’s First Wind Farm
  • Media
  • Contact
verbund.com
verbund.com

PRIVACY POLICY

  1. verbund.al
  2. PRIVACY POLICY

1. Introduction

This document (the “Privacy Policy”) sets out the basis as well as the terms and conditions applied by VERBUND Green Power Albania Wind Shpk., (“We”, “Us” “Our” or “Controller”) with respect to the collection, processing (jointly “Processing”) and protection of the personal data from individuals (“You”, “Your”, “User” or “Data Subject”) that use users of our website - https://www.verbund.al (the “Website”).

This Privacy Policy also covers information relating to other data processing activities performed outside of the Website, such contacting you through any means of communications managed by us, or through third party platforms.

We comply with the applicable legal regulations for the protection, lawful handling and secrecy of personal data as well as data security, in particular the Law no. 124/2024 “On the Protection of Personal Data”, as amended from time to time (the “Data Protection Act” or "DPA"), and to the extent applicable the Law no. 54/2024 “On electronic communications in the Republic of Albania” as amended from time to time (the “Electronic Communications Act” or “ECA”).

The rules of the General Regulation on Data Protection ("GDPR") shall apply to the processing of personal data of data subjects who are in the European Union (the “Union”) where our the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

For more information, or if you need more clarifications regarding this Privacy Policy you can write to us at the below indicated postal address or e-mail address. You can also consult the Albanian Data Protection Authority - the Commissioner for the Right to Information and the Protection of Personal Data - https://idp.al/.

2. Name and address of the data controller

The party responsible for the processing of your personal data in accordance with the data protection provisions (the “Controller”) is:

Name and company ID
VERBUND Green Power Albania Wind Shpk.
NUIS - M42412027B

Postal Address
Rr. Themistokli Gërmenji, Pallati 11, Kati 3, Ap.8, Tirana, Albania

3. Processing in the context of the "Website"

3.1. What kind of personal data will we process?

During your visit to the Website, we will process (automatically or if and as provided, as applicable) the following data and information (the “Personal Data”):

  • Contact information: name, surname, address, telephone number, e-mail address.
  • Identifying data: username or any other similar identifier in the case of a natural person, ID number, social address, your image, as well as information about your company or position.
  • Technical data: Session identifiers, such as date and time of access to the Website, data from your device, IP address, name and version of your browser.
  • Recruitment data: Any personal data that may include your Curriculum Vitae, among others, academic history, work experience, as well as any other information which is relevant to the selection process.
  • Social interactions: interactions via social networks, i.e. your (user) name, profile picture, IP address; and, if necessary, the personal data of invited or tagged third parties.

3.2. What is the legal basis for the processing of the personal data?

We process your personal data on the basis of:

  • Our legitimate interest, pursuant to Art. 7(1)(dh) of the DPA (or Art. 6(1)(f) GDPR, if you are in the Union), to provide the website a user-friendly design and protecting it against attacks, contacting you for the purpose of quality assurance and improvement of our website and services associated with it.
  • Your voluntary consent, pursuant to Art. 7(1)(a) of the DPA (or Art. 6(1)(a) GDPR, if you are in the Union) in conjunction with Art. 165(2) of the ECA, to contact you and provide you with information on our products and services, with updates and newsletters published by us, or for such other purposes and to such extent as stipulated and agreed in the declaration of consent, including interactions via social networks.
  • The necessity to perform a contract, pursuant to Art. 7(1)(b) of the DPA (or Art. 6(1)(b) GDPR, if you are in the Union), to which you are party or in order to take steps at your request, prior to entering into a contract with us, including to manage your registration in events we organise.
  • The necessity to comply with a legal obligation to which we are subject, pursuant to Art. 7(1)(c) of the DPA (or Art. 6(1)(c) GDPR, if you are in the Union), such as the prevention of fraud and money laundering, the communication of your data to public administrations with competence in the matter, courts and tribunals, State security forces and bodies and to attend eventual claims by third parties.

3.3. For what purpose do we process the personal data?

We will process your personal data in the context of you visiting our website for the following purposes:

  • to make our website, including its functions, available to you, and to improve and develop our website further, including to detect, prevent and investigate attacks on our website, as well as for the purpose of quality assurance and improvement of services associated with it;
  • to contact you and provide you with information on our products and services, and/or updates and newsletters published by us, or to interact with social network activities and/or respond to questions, comments or opinions of users in the context of such social interactions or on our website;
  • to receive and manage information, data and documents provided by interested business partners, by potential candidates for our employment recruitment activities or for the purpose of the registration in events we organise;
  • to prevent, mitigate and report crimes, protect rights, and diligently comply with legal obligations, including the preservation of evidence.

4. Data retention and storage

We will generally retain the personal data processed during your visit to our website for the period necessary to achieve the relevant purpose of processing. Notably, the personal data processed for the purpose of:

  • website functionally will be generally retained for a period not exceeding three months.
  • communications related to our products and services, new and events, will be generally retained until you withdraw your consent related to such communications.
  • your participation in recruitment activities, will be generally retained for one year; in order to keep the personal data up to date, we may ask you, whenever it is in your interest, to send us an updated data, proceeding in such case to delete the previous version and keeping only the updated version.
  • performance of contracts in which you are party or in order to take steps at your request, prior to entering into a contract with us, including to manage your registration in events we organise, will be generally retained for the period necessary for the performance of the relevant contract and/or event.

We may also be legally required to retain personal data for a specific period as may be required for tax and accounting purposes, for the management eventual legal disputes, to comply with other mandatory legal requirements, such as anti-money laundering laws, or as otherwise communicated to you.

When considering these retention periods, we will carefully assess whether it is necessary to retain the personal data collected and, if retention is required, we endeavour to retain the personal data for the shortest term required to investigate identified attacks on our website and beyond that only until the end of the relevant limitation periods, statutory retention periods or any legal disputes.

The personal data will be generally stored in secure data centers located in the Union, to which with appropriate security measures are applied, as required under the GDPR. In case of international transfers elsewhere, including onward transfers of personal data, we will ensure that the international transfer is carried out only with jurisdiction that ensure an adequate level of protection in accordance with Art. 40 of DPA (or Art. 45 of the GDPR, if you are in the Union), or in absence, in compliance with the conditions for international transfer, as set forth under the DPA (or under the GDPR, if you are in the Union).

4.1. Data recipients

In order to operate and administer the website and process the personal data pursuant to this policy, we may transmit the processed personal data to other companies directly or indirectly controlled by VERBUND AG, Am Hof 6a, 1010 Vienna, Austria (the “VERBUND Group Companies”).

The VERBUND Group Companies may on their end outsource activities to external IT service providers. Such external IT service providers under certain circumstances, to be able perform the service in accordance with the received orders and instructions, may also have access to the personal data. The outsourcing of IT services will be based on agreements to ensure that your personal data is kept safe at all times and that the processing is carried out in compliance with applicable laws and principles.
We will also transmit your personal data to the following recipients:

  • to our employees, to external third parties to the extent required by our legitimate interest (e.g. auditors, insurance companies in the event of an insured event, legal representatives as the occasion requires, etc.);
  • to authorities and other public bodies to the extent required by law (e.g. financial authorities, courts, etc.).
    Your personal data will not be passed to any other third party for their own purposes, without your consent.

As some of our service providers are global in nature, it is possible that the processing of the personal data may involve international transfers of data, in which case the conditions stated above regarding the data storage shall apply.

5. Cookies

Cookies and similar web storage technologies, such as scripts, web beacons, tracking URLs, pixels or tags (hereinafter referred to as "cookies") are used on a website.

Cookies are small files that are stored on your device (e.g. PC, smartphone or tablet) when you visit a website. Every time you visit a website, the cookie and the website "communicate" with each other so that your device can be recognized. This is useful for you as well as for the website owner: Cookies serve the purpose of enabling the correct functioning of a website, expanding the range of functions and optimizing the website functions. This enables the website to remember certain entries and settings (e.g. language, font size) over a certain period of time so that you do not have to enter them again each time you visit the website.

For clarity, our website does not use cookies to collect personal data from users, other than the necessary cookies for the purpose of the language selection.

If we will use other cookies in our website, other than necessary cookies, we will do so exclusively on the basis of your express consent in accordance with Art. 7(1)(a) of the DPA (or Art. 6(1)(a) GDPR, if you are in the Union), via a cookie banner.

6. User responsibility

It is your reasonability to provide us accurate data. When you provide us with your personal data, you declare that you are of legal age and that the information and personal data provided are accurate, true, complete and up to date.

To this effect, you are responsible for the veracity of all the personal data you provide us with, and you must keep the information provided conveniently updated, in such a way that it corresponds to your real situation.

You should refrain from providing us personal data about third parties.

7. Links to third party websites

Our website includes links to websites, such as the LinkedIn platform, other plug-ins and third-party applications. Clicking on those links or enabling those connections may give permission to third parties to collect or share data relating to you. The processing of personal data by the owners of these websites does not fall within the scope of this privacy policy.

Therefore, if you chose to connect to such third-party websites or applications, we have no responsibility or control over the information processed by third parties or over the protection and privacy of the information you provide through such websites or applications.

We encourage you to carefully review the privacy policies of all third-party websites or applications to understand how they process and share your information.

8. Safety measures

We treat your personal data confidentially and maintain the duty of secrecy with respect to them, adopting at all times the necessary technical and organizational measures to ensure the security of your data and thus avoid possible alterations, loss, destruction, processing or unauthorized access, according to the state of the art, the nature of the data stored and the processing thereof and the risks to which they are exposed.

In addition, all our suppliers in charge of the processing sign the corresponding contract to ensure, as far as possible, that they comply with the applicable regulations when processing your personal data.

9. Exercising your rights

In principle, you have the right to information (Art. 13 DPA, or Art. 13 GDPR, if you are in the Union), of access (Art. 14 DPA, or Art. 15 GDPR, if you are in the Union), of rectification (Art. 15 DPA, or Art. 16 GDPR, if you are in the Union), erasure (Art. 15 and 16 DPA, or Art. 17 GDPR, if you are in the Union), restriction (Art. 17 DPA, or Art. 18 GDPR, if you are in the Union), data portability (Art. 18 DPA, or Art. 20 GDPR, if you are in the Union), to withdraw the granted consent (Art. 8(3) DPA, or Art. 7(3) GDPR, if you are in the Union). and to object in respect of your data processed by us (Art. 19 and 20 DPA, or Art. 21 and 22 GDPR, if you are in the Union).

To exercise these rights, please write to us at al.greenpower@verbund.com.

In principle, we will not change you any cost in relation to the exercise of your rights. Where your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the requested action, or refuse to act on the request.

If you feel that your personal data were unlawfully processed, you may submit a complaint to the national supervisory authority where you live.

In Albania, this supervisory authority is the Albanian Data Protection Authority - the Commissioner for the Right to Information and the Protection of Personal Data - https://idp.al/.

10. Privacy Policy Update

We may update this Privacy Policy at any time. These updates might be, in particular, but not necessarily, needed to comply with regulatory changes, recommendations from competent authorities or changes in the processing of your personal data. Whenever we make such updates, you will find the latest version of our privacy policy here.

Na Kontaktoni

  • VERBUND Green Power Albania Wind Shpk.
  • verbund.com
  • LEGAL NOTICE
  • PRIVACY POLICY