PRIVACY POLICY / PERSONAL DATA PROTECTION
NOTIFICATION REGARDING PRIVACY PROTECTION
HOW WE USE YOUR INFORMATION
PERSONS SUBMITTING A COMPLAINT TO ASIG
INDIVIDUALS USING ASIG SERVICES
VISITORS TO OUR WEBSITE
ENTITIES NOTIFIED UNDER THE LAW “ON THE PROTECTION OF PERSONAL DATA”
JOB APPLICANTS, CURRENT EMPLOYEES, AND FORMER EMPLOYEES OF ASIG
ACCESS TO PERSONAL DATA
DISSEMINATION OF PERSONAL DATA
LINKS TO OTHER PAGES CHANGES TO THIS PRIVACY NOTICE COMPLAINTS OR QUESTIONS
HOW TO CONTACT US
INFORMATION SECURITY POLICY
HOW WE USE YOUR INFORMATION
This privacy notice explains what to expect when the State Authority for Geospatial Information (ASIG) collects your personal data. This applies to information collected in relation to:
• Complainants submitting complaints regarding their claims for violations of personal data during processing by controllers of this data.
• Other individuals submitting various requests for information, consultations, etc.
• Visitors to our official website.
• Controllers notifying under the “Law on Personal Data Protection.”
• Job applicants, current employees, and former employees.
PERSONS SUBMITTING A COMPLAINT TO ASIG
When a complaint is submitted by an individual, it is recorded in a separate register by a designated employee who has previously signed the confidentiality declaration and is familiar with the content of the institution’s code of ethics, approved by the General Director of ASIG, as well as with the regulation on the right to information, also approved by the General Director of ASIG.
We use the personal data we collect solely for the complaint review process and to monitor the level of services we provide. We compile and publish statistics showing information such as the number of complaints we receive, but not in a form that identifies any individual.
We keep personal data included in complaint files in accordance with the law and our personal data retention policy. They are kept in a secure environment, and access to them is limited based on the principle of “need to know.”
INDIVIDUALS USING ASIG SERVICES
The State Authority for Geospatial Information provides geospatial data and services to the public.
We use the details provided and keep them with the purpose of providing the service to the subject, even for cases requested by the latter for other closely related purposes. For example, when we respond to a person who has previously requested information about the completion of a diploma topic, we may use their data to assess whether the person or persons are satisfied with the level of service they received. When individuals register to receive services from ASIG, they can revoke their registration at any time, and to do so, a straightforward method is provided. They can revoke their registration at any time, and to do so, they are offered a fairly easy way.
VISITORS TO OUR WEBSITE
Autoriteti Shtetëror për Informacionin Gjeohapësinor, disponon faqen zyrtare të institucionit www.asig.gov.al dhe https://geoportal.asig.gov.al/.
Through the official website, ASIG disseminates and collects information. The purpose of transmitting and collecting information via the internet is to be as close as possible to both the controller and the data subject. Through the official website, ASIG assists users by publishing various information related to legislation, its mission and objectives, vacant positions, fund management, various activities organized with public and private partners, projects with foreign donors, etc.
Through the National Geoportal, https://geoportal.asig.gov.al/, ASIG provides geospatial information for all topics under Article 11 of Law 72/2012 “On the organization and functioning of the national geospatial information infrastructure in the Republic of Albania.” The published information is obtained through depositing or linking from responsible Public Authorities for its collection, processing, and updating. The services offered comply with the standards of Directive 2007/2/EC INSPIRE of the EU. For visitors to this page, the system collects standard information related to clicks on data, requested services, or sections on this page. This information is collected for statistical and study purposes (to show visitor access, to see which sections are more sensitive, and consequently the interest of individuals without making them identifiable).
We collect this information to avoid identifying any visitor. We make no attempt to find the identity of visitors who have visited our website.
ASIG does not use (and does not allow any third party) analytical statistical tools to track or collect personally identifiable information that makes visitors to our official website identifiable. We do not link any data collected from this page with any personal data that makes the visitor identifiable from any source that comes, as part of our use. The search engine on our website is designed to be powerful and easy to use, whether searching for information (metadata) for data or services, or viewing or receiving the service, without the need for initial user registration as in Google search. The search and information viewing service we offer is open to everyone and free of charge. All searches on this page are processed by the application, and information is not passed on to any third party. If we want to collect personally identifiable information through our website, we will make it clear when we collect personal information and explain what we intend to do with it.
ENTITIES NOTIFIED UNDER THE LAW “ON THE PROTECTION OF PERSONAL DATA”
The Law “On the Protection of Personal Data” requires controllers, whether public or private, to notify the Commissioner for the Right to Information and Data Protection (CRIDP) of specific information according to a standard approved by the Commissioner’s Authority. This information may contain personal data of individuals appointed by the controllers to fulfill this obligation, for the purpose of authenticating the truthfulness of the declaration and maintaining contacts, for the exhaustion of legal competences of the Commissioner’s Authority. When companies or institutions complete their notification forms, they are required to provide the contact details of a key member of staff. The ASIG Authority will use this for its own purposes, for example, when we have a question regarding a notification, but we do not make this information public. This data, processed automatically (due to the notification-registration computer system) and manually (due to legal requirements of administrative procedures), is restricted in access to a predetermined number of specialists, and confidentiality is legally guaranteed over this data. The information received from notification procedures is later made public, as a legal requirement, on the pages of the Registry of Control Subjects, but there is no personal data content on these pages. The only personal data that may appear on the pages of this registry are the names of subjects who are legally registered as individuals and must be made public if they process personal data. However, in these cases, since the registry is available to the public, ASIG cannot provide any guarantee for the data contained in it if used by those who have access. Also, when we request information as part of the notification process, we have made it clear when the provision of information is required by law and when it is voluntary.
JOB APPLICANTS, CURRENT EMPLOYEES, AND FORMER EMPLOYEES OF ASIG
When identified individuals apply for employment at ASIG, we use their information for the recruitment process and to monitor recruitment statistics. When we want to exchange data with a third party, for example, when we want to obtain a reference or gather some information from other relevant institutions (e.g., the State Judicial Status Authority), we do not do so without informing the subjects in advance, only if this information is legally required.
Personal data related to unsuccessful applicants is retained for 12 months after the recruitment competition has ended and then destroyed or deleted. We maintain non-personalized information for statistical purposes regarding applicants to assist our recruitment activities, but no applicant is individually identifiable from this data. When an employee is no longer in employment with ASIG, we prepare a file regarding the period during which they were employed. The data included in it is kept secure and used only for directly relevant employment purposes. When their employment at ASIG ends, we keep the file in accordance with the law on the status of civil servants, archive law, and our internal rules.
ACCESS TO PERSONAL DATA
ASIG strives to be as open as possible in providing individuals access to their personal data. Individuals can find out if we hold any personal data about them by sending us a “request for access to personal data” in accordance with the “Law on the Protection of Personal Data.” If we hold your personal data, we will:
– Provide a description of it;
– Explain why we are holding it;
– Disclose to whom we might disclose that data;
– Provide you with a copy of the information in an intelligible form;
– Inform you if the provision of personal data is mandatory or voluntary.
To make a request to ASIG for any personal data we may hold, you need to make a written request to our institution, which you can send by mail or electronically to the address info@asig.gov.al. info@asig.gov.al.
If you agree, we will try to deal with your request informally, for example, by providing you with specific information over the phone.
If we hold information about you, you can ask us to correct any mistakes in it by contacting the Contact Person at ASIG again.
DISSEMINATION OF PERSONAL DATA
As a rule, we do not disclose personal data without your consent. However, when we investigate a complaint, for example, we may need to share personal information with other actors involved in its review.
You can get more information about:
– Agreements we have with other institutions for the exchange of information;
– Circumstances under which we may disclose personal data without consent, for example, to prevent and detect a crime and produce anonymous statistics;
– Our instructions to staff on how to collect, use, and delete personal data;
– How we ensure that the data we hold is accurate and up-to-date.
CONNECTIONS WITH THE OTHER PAGES
This privacy notice, to achieve the protection of personal data, does not include links to other pages. We encourage you to read the privacy statements on the other websites you visit.
CHANGES TO THIS PRIVACY NOTICE
We update this notice when necessary, considering the importance of privacy policy in ASIG’s work activities.
COMPLAINTS OR QUESTIONS
ASIG strives to meet the highest standards in the collection and use of personal data. For this reason, we take complaints on this subject very seriously. We also welcome any suggestions for improving our procedures. This privacy notice was drafted to be clear and concise. It does not provide complete details of all aspects of ASIG’s collection and use of personal data. However, we are ready to provide any additional information or explanation necessary. Any requests for this should be sent to the email address: info@asig.gov.al.
HOW TO CONTACT US
Requests for information regarding our privacy policy can be sent via email to the address info@asig.gov.al.
INFORMATION SECURITY POLICY
ASIG processes information to fulfill its functional duties. This may include confidential information about controllers and individuals. Information is a valuable asset. The continuity of the controllers’ work depends on the integrity and continuous availability of their information. Therefore, steps must be taken to protect information from unauthorized use, alteration, disclosure, or destruction, whether accidental or intentional.
ASIG is committed to ensuring the use of information and information technology systems, aiming to preserve the integrity and confidentiality of information under its control. ASIG uses a risk-based approach during the assessment and understanding of risks, employing all physical, technical, and procedural means to achieve the necessary security measures.
ASIG considers technological developments and implementation costs to achieve an appropriate level of security for the nature of the information and the harm that may result from a security breach. ASIG staff is duty-bound to maintain the confidentiality of information, given to them to perform their legal functions, and may only disclose it to lawful authorities. ASIG provides guidance and training to its staff (through ASPA) to enable them to understand and implement their responsibilities in respecting security. ASIG assesses the integrity of personnel dealing with personal data and monitors their compliance with security obligations.