Privacy Policy

Last updated: February 2026

1. Introduction

PrivaxisOS ("we", "our", or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our privacy governance platform and visit our website.

We process personal data in accordance with Albanian Law No. 124/2024 "On Personal Data Protection" (LDP) and the General Data Protection Regulation (GDPR), where applicable.

2. Data Controller

The data controller for the personal data processed through this website and platform is:

PrivaxisOS
Email: support@itsoft.al
Phone: +355 69 569 7010

3. Personal Data We Collect

3.1 Information You Provide

• Account Information: Name, email address, organization name, and role when you register or request a demo.
• Contact Information: Name, email, phone number, and message content when you contact us through forms.
• Platform Usage Data: Data you input into the platform as part of your organization's privacy governance activities (DSR requests, ROPA records, assessments, etc.).

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps.
• Usage Data: How you interact with our platform, features used, and session duration.
• Cookies: We use essential cookies to ensure the proper functioning of our platform. See Section 8 for details.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Albanian LDP and GDPR:

• Contract Performance: Processing necessary to provide our platform services to you (Article 6(1)(b) GDPR).
• Legitimate Interests: Processing for our legitimate business interests, such as improving our services, ensuring security, and communicating with you (Article 6(1)(f) GDPR).
• Consent: Where you have given explicit consent for specific processing activities, such as marketing communications (Article 6(1)(a) GDPR).
• Legal Obligation: Processing necessary to comply with legal obligations (Article 6(1)(c) GDPR).

5. How We Use Your Data

We use your personal data for the following purposes:

• Providing and maintaining our privacy governance platform
• Processing demo requests and responding to inquiries
• Managing user accounts and authentication
• Ensuring platform security and preventing fraud
• Improving our services and developing new features
• Sending service-related communications (updates, maintenance notices)
• Complying with legal obligations and regulatory requirements

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

• Service Providers: Trusted third-party providers who assist us in operating our platform (hosting, authentication, email services), bound by data processing agreements.
• Legal Requirements: When required by law, regulation, or legal process, including requests from Albanian data protection authorities (IDP - Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale).
• Business Transfers: In connection with any merger, acquisition, or sale of assets, with appropriate safeguards.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specifically:

• Account Data: Retained for the duration of your active subscription, plus 30 days after termination.
• Contact Form Data: Retained for up to 12 months after your inquiry is resolved.
• Platform Data: Retained as configured by your organization's data retention policies within the platform.
• Technical Logs: Retained for up to 90 days for security and troubleshooting purposes.

8. Cookies

Our platform uses the following types of cookies:

• Essential Cookies: Required for the platform to function properly, including authentication and session management.
• Functional Cookies: Remember your preferences such as language settings and display options.

We do not use advertising or tracking cookies. You can manage cookie settings through your browser preferences.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Complete data isolation between organizations with secure access controls
• Role-based access controls and authentication via Auth0
• Regular security assessments and monitoring
• Secure cloud infrastructure with industry-standard certifications

10. Your Rights

Under Albanian LDP and GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data under certain conditions.
• Right to Restriction: Request that we limit the processing of your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to the processing of your data based on legitimate interests.
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the details below.

11. International Data Transfers

Your data may be processed in countries outside Albania and the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

12. Children's Privacy

Our platform is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. We encourage you to review this policy periodically.

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Albanian Information and Data Protection Commissioner (Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale) or the relevant supervisory authority in your jurisdiction.

15. Contact Us