Menu
It is extremely important for us to protect your personal data.
We therefore comply with the applicable legal regulations for the protection, lawful handling and secrecy of personal data as well as data security, in particular the Law no. 124/2024 “On the Protection of Personal Data”, as it may be amended from time to time (the “Data Protection Act” or “DPA”).
The following information describes which personal data we will process if necessary when you visit our website at https://energji-ashta.al (“website”).
1. Name and address of the Data Controller
Responsible for the processing of your personal data in accordance with the data protection provisions is:
Energji Ashta Shpk.
NUIS – K82417005V
Ashta HPP, Spathara Village, Bushat,
Municipality of Vau i Dejës,
Shkodra District,
Albania,
Email: office@energji-ashta.al
(hereinafter “Energji Ashta”, “EA”, “we”, “us”)
2. Processing in the context of “website”
2.1. What kind of personal data will we process?
During your visit to our website, we will automatically collect the following personal data:
Date and time of access to a page of our website
Device Type
IP address
Name and version of your internet browser
Session ID
2.2. Legal basis of the data processing
Where the data of your visit to our website are concerned, we justify the processing on the basis of our legitimate interest in accordance with Art. 7(1)(dh) of the DPA, which consists of giving our website a user-friendly design and protecting our website against attacks.
2.3. Purpose of data processing
We process your data relating to the visit to our website for the following purposes:
in order to make our website and its functions available to you, and to improve and develop this website further;
in order to be able to compile statistics on the use of our website;
in order to be able to identify, prevent and investigate attacks on our website;
2.4. Data retention period
We will generally store your data relating to the visit to our website for a period of three months. A longer retention period will apply only to the extent this is required to investigate identified attacks on our website and beyond that only until the end of the relevant limitation periods, statutory retention periods or any legal disputes.
2.5. Data recipients
In order to operate and administer the website, we regularly use IT service providers which, in accordance with our order and instructions, may under certain circumstances also have access to personal data in order to be able to render the commissioned IT services.
We will also transmit your personal data to the following recipients:
to external third parties to the extent required by our legitimate interest (e.g. auditors, insurance companies in the event of an insured event, legal representatives as the occasion requires, etc.);
to authorities and other public bodies to the extent required by law (e.g. financial authorities, courts, etc.).
Your data will not be passed to any other third parties for their own purposes without your consent.
3. Processing in the context of “making contact/enquiries”
3.1. What kind of personal data will we process?
When you contact us by email or telephone, we will process the personal data you give us (email, name, telephone number, as well your enquiry or the associated documents) for the purposes of processing your enquiry and respond to you accordingly.
These data are provided by you on a voluntary basis; they are neither legally nor contractually prescribed, nor are they required in order to enter into a contract with us. However, if you do not provide these data, EA will not be able to process your enquiry accordingly.
3.2. Legal basis and purpose of the data processing
The legal basis for the processing of the data is our legitimate interest in accordance with Art. 7(1)(dh) of the DPA, which lies in processing and dealing with your enquiry.
3.3. Retention period
Your data will be stored until your enquiry has been dealt with and beyond that for a period of one year, so that we can respond appropriately to subsequent questions. A longer retention period will be applied only on the basis of statutory retention periods or for defence purposes in any legal disputes.
3.4. Data recipients
We use service providers (e.g. IT service providers) which, in accordance with our orders and instructions, may under certain circumstances also have access to personal data in order to be able to render the commissioned services.
We may also transmit your personal data to the following recipients:
on the basis of our legitimate interests, to VERBUND Group companies or other third parties involved, for example, in the project or cooperation (e.g. experts, specialists) to the extent required,
as the occasion requires, also to external third parties such as, for example, legal representatives, insurance companies in the event of an insured event, auditors;
to authorities and other public bodies to the extent required by law (e.g. financial authorities, courts, etc.).
4. Cookies
Cookies and similar web storage technologies, such as scripts, web beacons, tracking URLs, pixels or tags (hereinafter referred to as “cookies”) are used on websites, enabling the correct functioning of websites.
Broadly speaking, cookies may be categorised as technically necessary for the functioning of a website (“essential” or “necessary” cookies) and optional, for other purposes, such as for tracking, such as for marketing / advertising purposes (“non-essential” cookies).
For clarity, our website does not use cookies to collect personal data from users, other than the necessary cookies for the purpose of the language selection.
If we will use other cookies in our website, other than necessary cookies, we will do so exclusively on the basis of your express consent in accordance with Art. 7(1)(a) of the DPA, via the cookie banner.
5. International transfers
As some of our service providers are global in nature, it is possible that the processing of the personal data may involve international transfers of data, in which case the conditions stated above regarding the data storage shall apply.
The personal data will be generally stored in secure data centres located in the European Union, to which with appropriate security measures are applied, as required under the DPA. In case of international transfers elsewhere, including onward transfers of personal data, we will ensure that the international transfer is carried out only with jurisdiction that ensure an adequate level of protection of personal data, in accordance with Art. 40 of DPA, or in absence, in compliance with the conditions for international transfer, as set forth under the DPA.
6. Your rights
In principle, you have the right to information (Art. 13 of the DPA), the right of access (Art. 14 of the DPA), correction (Art. 15 of the DPA), erasure (Art. 15 and 16 of the DPA), restriction (Art. 17 of the DPA), data portability (art. 18 of the DPA), revocation of a granted consent (Art. 8(3) of the DPA) and right objection in respect of your data processed by EA (Art. 19 and 20 of the DPA). To exercise these rights, please contact office@energji-ashta.al. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can submit a complaint to Albanian Data Protection Authority – the Commissioner for the Right to Information and the Protection of Personal Data – https://idp.al/.