Data Privacy Notice
The purpose of this Data Privacy Notice (hereinafter referred to as the “Notice”) is to inform data subjects (hereinafter referred to as the “Subjects”) about how we collect, store and process their personal data.
- Entity Responsible for Processing and Principles
Auto Club Albania (hereinafter referred to as “ACA“) recognizes the importance of keeping Subjects’ data confidential and protecting their privacy rights. Therefore, all personal data and information (hereinafter referred to as “Data“) provided in connection with our services will be processed lawfully, fairly, transparently and confidentially.
ACA will seek Subjects prior and explicit approval when collecting, and before processing, for the purposes of keeping Subjects informed of ACA activities, registering for meetings and events or granting Subjects access to member-restricted areas or documents on ACA’s website.
By using the services offered by ACA (hereinafter referred to as the “Services“), and in accordance with the legal provisions in force, Subjects acknowledge that entering into an engagement with ACA means that they agree to the collection and processing of Data and agree to this Notice.
- Legal Basis and Purposes of Data Collection and Processing
- Legal Basis
The Subject acknowledges that the collection and processing of Data by ACA is necessary for providing specific Services the Subject might be using, but also for the preservation of the legitimate interests of ACA and for the fulfilment of legal obligations incumbent upon ACA.
The Data is collected and processed by ACA for the following purposes (hereinafter referred to as “Purposes“):
- ACA processes the personal data of individuals who enroll to participate in competitions and championships for the purpose of managing registrations and participation to such events.
- Similarly, ACA collects and processes personal data of contact persons working for providers of services required by the federation (e.g. hotels, interpreters, translators, technical companies, etc.) to successfully run meetings and events.
- ACA processes the personal data of individuals who register to attend meetings, conferences or other events it organizes for the purpose of managing registrations and participation to such events.
- Technical data, on the other hand, is processed automatically and anonymously to improve your browsing experience and collect use statistics.
- What Data is Collected?
4.1 Type of Data
As part of the Services, ACA collects the following Data (contemplative, non-exhaustive list) from Subjects:
- Identification data: personal identification data (name, surname, title, etc.).
- Identification data issued by public authorities and other registers: identity cards, passports, driver’s licenses.
- Location data: personal addresses of Subjects.
- Communication and electronic identification data: telephone number, e-mail address.
- Professional data: job title, function.
- Information Collected Directly from Subjects
Most of the time, ACA does not collect and store information identifying Subjects personally unless that data is voluntarily disclosed.
In some cases, however, ACA may request such information to provide specific Services.
- Subjects will be required to provide ACA with some personal information when registering for competitions.
- Subjects will be have to provide information to interact with our webstore.
- As external stakeholders, Subjects may be required to provide personal data when registering for ACA newsletter or events or otherwise interacting with our website.
- Information Collected from Third Parties – Subcontractors
As part of its Services, ACA may also collect data from third parties. Data collected from third parties is treated in the same way as Data collected directly from the Subjects (see paragraph 4.2 above).
ACA may be considered as a processor of personal data in the context of information collected from third parties, according to the applicable regulations. Should this be the case, ACA will enter into a data processing agreement with the third parties concerned to ensure compliance with the present Notice.
- Methods of Data Processing and Retention Schedule
Data is processed by ACA – or by third parties selected on the basis of their reliability and competence, as well as by duly appointed data controllers – solely for the purposes specified in paragraph 3 above.
ACA retains the Data for as long as necessary for the fulfilment of the Purposes for which it was collected. ACA will keep data for as long as Subjects continue to be a designated person within an organization or other entity that ACA is in contact with for reasons pertaining to championships, events, or research. ACA also will keep data for as long as Subjects agree to receive our newsletter. ACA will not retain data, when registering for ACA events and conferences, beyond their scheduled date.
Similarly, ACA deletes or anonymizes personal data (or takes equivalent measures) as soon as they are no longer necessary to achieve the Purposes, subject however (i) to legal or regulatory requirements applicable to the data retention for a longer period of time, or (ii) to ascertain, exercise and/ or defend actual or potential rights in legal proceedings, investigations or similar proceedings, including legal holds that ACA might impose to preserve relevant information.
Security measures are applied to prevent the risk of loss of data, unlawful or improper use and unauthorized access (see paragraph 8 (Confidentiality, Security and Data Protection) below).
ACA may evaluate certain characteristics of the Subjects on the basis of automatically processed Data in order, in particular, to offer them personalized offers and advice or information about its Services.
In contrast, ACA does not use automated decision making in relation to Subjects.
- Access to Data and Data Transfers
The Data transmitted to ACA will be known and used by ACA employees for the sole purpose of performing the Services that constitute the purpose for which the Data was collected.
As part of the performance of the Services, ACA may transmit the Data to third parties. The transmission of data to third parties abroad is alternatively based on (i) an adequacy decision based on the list of countries whose data protection legal standards are approved by the European Commission, (ii) appropriate safeguards or (iii) a waiver for specific situations (execution of a mandate related to the Services offered by ACA, in particular).
ACA does not sell or rent the Data to any third party.
Finally, ACA may have to share the personal data:
- To put the needed Services at the Subjects disposal;
- Where permitted or required by law to comply with a valid legal process;
- To protect and defend ACA ‘ rights or property, including the security of its products and services;
- To protect the personal safety, property or other rights of the public, ACA or its employees.
When ACA has the legal obligation to disclose Data to third parties, ACA will take all reasonable steps to notify the Subjects in advance, unless otherwise required by law.
- Privacy, Security and Data Protection
ACA undertakes to ensure that there are adequate levels of protection of Data.
Subjects’ Data will be transmitted to and stored on ACA ‘ servers, access to which is strictly limited. ACA has taken the appropriate technical and organizational precautions to ensure that its servers are accessible exclusively to duly authorized persons, as well as special precautions about the protection of its technical environment (e. g. use of anti-viruses and Firewalls).
- Rights of the Subjects
In accordance with the applicable regulations, Subjects may exercise the following rights with respect to their data in connection with the processing of Data:
- Right to request access to stored Data;
- Right to request the rectification of stored Data;
- Right to request the deletion of stored Data, subject to the applicable legal provisions on data retention;
- Right to request a limitation of the processing of stored Data, subject to the applicable legal provisions regarding the processing of data; and
- Right to request a prohibition on the processing of stored Data, subject to the applicable legal provisions regarding the processing of data.
Even if a Subject contests the processing of its Data, ACA is entitled to continue such processing if it is (i) legally binding, (ii) necessary for the performance of an Agreement to which the Subject might be party, (iii) necessary for the performance of legal obligations in compliance with proceeding of public interest or (iv) necessary for the legitimate interests that ACA pursues, including the finding, exercise or defense of a right in justice.
The exercise of any right set forth in the paragraph shall be carried out in accordance with the communication provisions of paragraph 11 (Communication and Remarks) below.
- Children’s privacy
The protection of personal data of children and adolescents is of particular concern to ACA. The ACA Platforms and their content are not directed at children under the age of 13. ACA recommends that parents discuss the use of the Internet and the provision of personal data on websites with their children before allowing minors between 13 and 16 to navigate through ACA Platforms.
ACA will never knowingly collect personal data from or about children under 13 and will only knowingly collect personal data from minors between 13 and 18 where parental permission has been obtained as required by applicable law.
Subjects may delete cookies via their browser settings and change their preferences anytime when visiting ACA’s website. However, this may impair the use of the website or social media. It may also prevent from accessing some content on our website, unless Subjects’ access credentials are submitted once again.
- Communication and Remarks
If you have any questions about ACA‘s data protection, a detailed message can be sent to firstname.lastname@example.org and ACA will address them as soon as possible.
You may exercise any of your rights related to Personal Data (paragraph 9) by sending your request to the aforementioned address.
ACA is constantly evolving and this Notice and the Terms and Conditions may change. Unless otherwise stated, our Notice applies to the use of all information collected about any Subject.