Who we are and purpose of this document

SMARTWORK Sh.p.k is committed to protecting and respecting the personal data of Clients and of anyone who relates to it, ensuring the compliance with current legislation such as the Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”)

“Personal data”, are “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”; as per GDPR art. 4.1

The GDPR provides that before proceeding with the processing of Personal data (where “Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as per GDPR art. 4.2) the natural person to whom the Personal data refers, is duly informed about reasons for which such data are requested and how they are used.

With this Privacy Notice we want to tell you the purposes of the processing for which your personal data are intended, how we may use your personal data and how we protect them, according to GDPR.

Where necessary, this notice may be supplemented by a form for the release of your consent pursuant to and for the purposes of art. 7 of GDPR.

Who will process your Personal data

The Data controller is “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”, as per GDPR art. 4.7.

The Data controller is SMARTWORK Sh.p.k con sede legale in Rruga ‘’Jordan Misja’’, Kompleksi ‘’Usluga’’, Kati 2 – Tirana (Albania).

Personal data processing purposes

The Controller will process your Personal data that are necessary for the performance of one or more contracts to which you are party, or in order to take steps at your requests even before entering into a contract (e.g. downloading of informative material, participation in events and webinars, etc.) (GDPR, art. 6.1.b) and for compliance with legal obligations to which the Controller is subject (e.g. administrative, accounting and tax obligations) (GDPR, art. 6.1.c).

Additional purposes

The following additional Processing will be performed by the Controller without your consent, as it is necessary for the purposes of the legitimate interests pursued by the Controller, as per GDPR, art. 6.1.f:

  1. Direct marketing: promotional and marketing activities performed by the Controller, through communications relating to services, products, initiatives and offers similar to those you have already received by the Controller. Each email sent to you will contain the link to click to refuse further submissions.The following data processing by the Controller, will be performed only with your consent, as per GDPR, art. 6.1.a and 7:
  2. Indirect marketing: promotional and marketing activities performed by the Controller, through communications relating to services and products provided to you by third parties with whom the Controller has legal relations
  3. Profiling: evaluation of your personal preferences, needs and consumer habits, also in relation to market surveys and statistical analysis. This data processing will be done to better understand your needs, to provide you customized offers and services and to offer you ever more relevant and competitive products and services.

Direct and Indirect marketing can be carried out both with traditional methods (e.g. paper mail, call from an operator, etc.) and with automated methods and/or assimilated (es. e-mail).

Personal data processing methods

Your Personal data will be processed:

  1. in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency so as to guarantee the security and confidentiality of data, through the adoption of the measures envisaged by article 32 of GDPR in order to preserve the integrity of the processed data and prevent access to the same by unauthorized parties
  2. by authorised and specialized persons, by means of paper, IT and electronic tools and with any other type of suitable technology.
Categories of Personal data

The data processed by the Controller will be personal data such as: name, surname, your company, your professional email and phone numbers.

Recipients or categories of recipients of your Personal data

The Controller may communicate your data to the following Recipients.

A “Recipient” is “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, as per GDPR, art. 4.9:

  • Third parties who carry out part of the data processing and / or activities related to them on behalf of the Controller. Prior to processing, these third parties will be appointed as “Data processors”. A “Data processor” is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller”, as per GDPR, art. 4.8
  • Employees, collaborators or individual consultants of the Controller, to whom specific processing activities have been assigned; these persons are identified as “Authorised persons”.
  • Legal authorities and other public authorities, where required by law.
Where the Personal data are processed. Transfer of Personal data to third countries or international organisations.

Personal Data will be processed by the Data Controller within and outside the territory of the European Union. The Data Controller ensures from now on that the processing will take place in compliance with the applicable legal provisions. To protect your data in the context of any extra-EU transfers, appropriate safeguards will be adopted, including adequacy decisions and standard contractual clauses approved by the European Commission.

Retention period of your Personal data

Your data will be retained by the Controller to the extent necessary and sufficient for the accomplishment of the purposes described in Art. 3 above, or until the termination of the relationship with the Controller except for a further retention period which may be imposed by law.

With reference to the purposes described in Art. 4 above, the Joint controllers will process your Personal data until you communicate your will to revoke your consent to one or all of the purposes for which it was requested.

Your data protection rights

Under GDPR, you have rights we need to make you aware of. They are described in GDPR, art. 15-22 (click here to view them). Here is a summary:

  • Your right of access (art. 15 GDPR). You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access your personal data and ask to us a copy of your personal data.
  • Your right to rectification (art. 16 GDPR). You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure (art. 17 GDPR). You have the right to ask us to erase your personal information in certain circumstances (“right to be forgotten”).
  • Your right to restriction of processing (art. 18 GDPR). You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to data portability (art. 20 GDPR). This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
  • Your right to object to processing (art. 21 GDPR). You have the right to object to processing for legitimate reasons, including, direct and indirect marketing, surveys, profiling.
  • Your right to not be subject to a decision based solely on automated processing, including profiling, in certain circumstances (art. 22 GDPR).
  • Your right to withdraw your consent at any time (art. 7, para 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before the withdrawal.

Your object to processing your Personal data for marketing purposes by automated means (e.g. email), will also be extended to the traditional means (e.g. paper mail), unless specific requests.

To execute any of these rights, please contact the Controller

  • by e-mail:
  • by phone: +355 69 600 0306

Finally, you have the right to lodge a complaint with a supervisory authority and the right to bridge if you think that the processing of your personal data is not compliant with the relevant laws.

Further methods to object to processing your Personal data for marketing purposes

It is always possible to withdraw your consent to receive commercial information from us, using the dedicated link in the e-mails we send you, or by sending a written communication to the Controller.


Data Controller: SMARTWORK Sh.p.k con sede legale in Rruga ‘’Jordan Misja’’, Kompleksi ‘’Usluga’’, Kati 2 – Tirana (Albania).

The list of data processors and of authorised persons is kept at the Controller’s offices

This Privacy Notice may be changed. For update, we invite you to consult our websites and other channels made available by SMARTWORK Sh.p.k.