PLUTO.AL ONLINE STORE AND WEBSITE
- PERSONAL DATA CONTROLLER
1.1. Personal data of the Buyers shall be processed by the Seller, i.e. Pluto.al, a business in ownership of Manderina Shpk with its registered seat in Tirana, at Rruga Tish Dahia, Kompleksi Kika 2 Shk. 8, Ap.11 Tirana, registered in National Business Center on 10 June 2014 with tax identification number (NUIS) L41810019J (hereafter the ‘Controller’).
1.2. The data are gathered and treated in compliance with the law “For Personal Data Protection” Nr. 9887, date 10.03.2008, changed with the law Nr. 48/2012.
2. SCOPE AND TERM OF PROCESSING
2.1. The scope of personal data processed by the Seller shall be determined by data supplemented and sent by the Buyer on an appropriate form. Buyer’s personal data subject to processing may include their e-mail address, name and surname, telephone number, address of residence/ delivery, computer’s IP address, name and surname of the Buyer’s child.
2.2. In case the Seller shall obtain information that the services are used by the Buyer in a way contrary to the Terms and Conditions or applicable provisions of law (unauthorized use), the Seller may process the Buyer’s personal data to the extent necessary to establish their liability.
2.3. The Buyer’s personal data shall be processed for a period of 5 years from the date of placing of the last Order, while in the case of Newsletter subscribers data shall be processed until the termination of the Newsletter contract, and after that data shall be deleted unless its processing is necessary due to another legal basis.
2.4. Seller shall not transfer personal data to third countries.
2.5. Buyers’ personal data shall not be processed in an automated way.
3. PURPOSE AND GROUNDS FOR PROCESSING
3.1. Buyers’ personal data shall be processed in order to: (a) comply with the applicable provisions of the law, (b) perform contracts of sale, provide services by electronic means, in particular User Accounts maintenance and other activities indicated in the Terms and Conditions; (c) perform Seller’s promotional and commercial activities.
3.2. The legal basis for personal data processing in the case:
3.2.1. referred to in 3.1(a) shall be the statutory authorization to process data necessary for the purpose of complying with the applicable law,
3.2.2. referred to in 3.1(b) shall be the statutory authorization for processing necessary for the performance of the contract, if the data subject is a party to it or if it shall be necessary to take action before the conclusion of the contract at the request of the data subject,
3.2.3. referred to in 3.1(c) shall be the voluntary consent of the Buyer.
3.3. Providing personal data is voluntary, however lack of consent for processing of personal data labelled as mandatory shall prevent the Seller from processing Orders and providing services to the Buyer.
4. DATA RECEIPIENTS
5. THE RIGHTS OF THE DATA SUBJECT
5.1. Each Buyer shall have the right to: (a) delete personal data collected about them, either from the system belonging to the Seller as well as from databases of entities with which the Seller cooperates or cooperated, (b) restrict personal data processing, (c) transfer personal data pertaining to the Buyer and collected by the Seller, including to receive them in a structured form, (d) demand access to their personal data and their rectification from the Seller, (e) raise objections regarding processing, (f) withdraw consent granted to the Seller, at any time and without affecting the compliance with the applicable law of personal data processing which was performed prior to the withdrawal of consent; (g) lodge a complaint against the Seller to a supervisory authority.
6. OTHER DATA
6.1. The pluto.al Online Store may store http queries, therefore some information may be stored in the server’s log files, including the IP address of the computer from which the query came from, the name of the Buyer’s station – the identification performed by the http protocol, if possible, date and system time of registration on the whisbear.al Online Store website and the arrival of a query, the number of bytes sent by the server, the URL of the page previously visited by the Buyer in case the Buyer entered by clicking on a link, information about the Buyer’s browser, information regarding errors that occurred during the execution of the http transaction. Logs can be collected as material required for proper administration of the whisbear.al Online Store. Only the persons authorized to administer the information system shall have access to that information. Log files can be analyzed in order to compile traffic statistics on the whisbear.al Online Store page and in order to compile statistics regarding the errors that occur. Summary of such information shall not identify the Buyer.
7. INFORMATION SECURITY
7.1. Seller shall apply technical and organizational measures ensuring protection of personal data being processed shall be appropriate to threats and categories of data protected. Seller shall, in particular, secure data technically and organizationally against unauthorized access, removal by an unauthorized person, processing infringing the provisions of the Act as well as their change, loss, damage or destruction. Among others, SSL (Secure Socket Layer) certificates shall be used. Seller has also implemented appropriate technical and organizational measures, such as pseudonymization, which are designed to effectively implement data protection principles (such as data minimization) and to provide the necessary safeguards in order to meet the requirements of the GDPR and protect the rights of data subjects.
7.2. Seller shall implement all adequate technical measures which provide increased protection and security of Buyer’s personal data being processed.
7.3. In order to log in to an Account, respective login and password shall be entered. In order to ensure an adequate level of security, the Account password shall exist – within the scope of the pluto.al Online Story – only in an encrypted form. Moreover, registration and logging in to the Account shall be executed over a secure https connection. Communication between the Buyer’s device and servers shall be encrypted using the SSL protocol.
7.4. At the same time, the Seller points out that the use of the Internet and services provided by electronic means, especially the use of publicly available Wi-Fi networks, may involve specific ICT risks, such as: the presence and operation of worms, spyware or malware , including computer viruses, as well as the possibility of being exposed to cracking or phishing (password hunting), and others. In order to obtain detailed and professional information about maintaining security on the Internet, the Seller recommends that entities specializing in IT services shall be consulted.
8.2. Seller shall use two types of cookies: session cookies which shall be permanently deleted the moment the browser is shut down; and permanent cookies, which shall remain after the browser on the Buyer’s device was shut down, and remain on the Buyer’s device until they are deleted.
8.3. Based on cookies, both session cookies and permanent cookies, it shall not be possible to determine the identity of the Buyer. Cookies do not allow any personal data to be downloaded. Pluto.al Online Store cookies are safe for the Buyer’s device, in particular they do not allow any viruses or other software to be installed on the device.
8.4. Files generated directly by the pluto.al Online Store can not be read by other websites. External cookies (i.e. cookies placed by the Seller’s partners) can be read by an external server.
8.5. Buyer may enable external cookies to be saved on their device, in accordance with the browser manufacturer’s manual, however this may result in some parts or features of the pluto.al Online Store becoming unavailable.
8.6. Seller shall use their own Cookies for the following purposes: authentication of the Buyer at the pluto.al Online Store and maintenance of the Buyer’s session; configuration of the pluto.al Online Store and adjustment of the website content to the Buyer’s preferences, such as: recognition of the Buyer’s device, saving the settings selected by the Buyer; ensuring data security and the use of pluto.al Online Store; audience analysis and research; providing advertising services.
8.7. Seller shall use external cookies for the following purposes: creating statistics (anonymous) which allow the usability of the Whisbear.al Online Store to be optimized via analytical tools such as Google Analytics; the use of interactive features using social networks, including: Facebook, Instagram, Pinterest and YouTube.
8.8. Buyer may independently change the cookies’ settings at any time, specifying the conditions for their storage through the web browser settings or by otherwise configuring the service. Buyer may also delete cookies stored on his device at any time, in accordance with the browser manufacturer’s manual.
8.9. Detailed information about cookies is available in the web browser settings.