Privacy Policy

1. Introduction

Purpose of the Privacy Policy

This Privacy Policy explains how Dokumente Ligjore (“we,” “our,” or “us”), implemented by PEN and supported by USAID Justice Activity, collects, uses, discloses, and protects your personal information when you use our Digital Legal Document Generation Platform (“Platform”). The purpose of this Privacy Policy is to provide transparency about our data practices and to protect your privacy.

Scope and Applicability

This Privacy Policy applies to all users of the Platform, including visitors and registered users. It covers all personal information collected through the Platform, including information provided directly by you and information collected automatically.

2. Definitions

• Platform: Refers to the Digital Legal Document Generation Platform, known as Dokumente Ligjore, implemented by PEN and supported by USAID Justice Activity.
• User: Any individual or entity that accesses or uses the Platform.
• Personal Information: Any information that identifies or can be used to identify a User, such as name, email address, phone number, IP address, and other similar information.
• Service Providers: Third-party companies or individuals engaged by Dokumente Ligjore to perform services on our behalf, such as hosting, data analysis, customer service, and marketing assistance.
• Cookies: Small data files stored on your device that help us to improve your experience on the Platform and track certain information about your usage.
• Data Controller: The entity that determines the purposes and means of processing personal data. For the purposes of this Privacy Policy, Dokumente Ligjore is the data controller.
• Data Processor: The entity that processes personal data on behalf of the data controller. Our service providers may act as data processors.

3. Information We Collect

Information You Provide Directly

We collect information that you provide directly to us when you create an account, fill out forms, or communicate with us. This may include:

• Name: Used to identify you on the Platform.
• Email address: Used for account creation, login, and communication purposes.
• Any other information you choose to provide: Such as feedback, inquiries, or additional personal details you include in your communication with us.

Information We Collect Automatically

When you use our Platform, we automatically collect certain information to improve your experience and ensure the functionality of our services. This includes:

• IP address: Helps us understand where our users are located geographically and enhances security measures.
• Browser type and version: Helps us optimize the Platform for different browsers.
• Time and date of access: Used for security and troubleshooting purposes.
• Pages visited and actions taken on the Platform: Helps us understand how users interact with our Platform and improve the user experience.

Information Not Collected

It is important to note that we do not collect any data you use or input in your legal documents. Dokumente Ligjore has no access to the content of the documents you generate or store using the Platform. The content you create remains private and secure, and we do not have the capability to view or retrieve it.

4. Use of Information

How the Collected Information is Used

We use the information we collect for various purposes to enhance your experience and improve our services:

Providing and Improving Services

• To provide and maintain our Platform: Ensuring that all features and functionalities are available and operating correctly.
• To improve our services: Analyzing usage patterns to identify areas for enhancement and developing new features based on user feedback.
• To personalize your experience: Customizing content and recommendations based on your preferences and usage history.
• To respond to inquiries and provide customer support: Ensuring that any questions or issues are addressed promptly and effectively.
• To communicate with you: Sending you updates, promotional offers, and news related to our services. You can opt out of receiving promotional communications at any time.

Legal and Compliance

• To comply with applicable laws and regulations: Ensuring that our practices are in line with legal requirements.
• To protect our rights and interests: Safeguarding our Platform, users, and affiliates from fraudulent activities, security threats, and other risks.
• To respond to legal requests and prevent harm: Cooperating with legal authorities and taking necessary actions to protect the safety and rights of users and others.

5. Sharing of Information

With Your Consent

We may share your information with third parties when we have your explicit consent to do so. This may include instances where you authorize us to share your information for specific purposes or with specific partners.

Service Providers

We may share your information with third-party service providers who perform services on our behalf. These services may include:

• Hosting and maintenance: Ensuring the Platform is available and operational.
• Data analysis: Analyzing usage data to improve our services.
• Customer support: Assisting with user inquiries and issues.
• Marketing and communications: Managing email communications and promotional campaigns.

Our service providers are contractually obligated to use your information only as necessary to provide these services to us and to protect the confidentiality and security of your information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). This includes:

• Compliance with legal obligations: Responding to subpoenas, court orders, or other legal processes.
• Protection of rights and safety: Disclosing information to protect the rights, property, or safety of Dokumente Ligjore, our users, or others.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring company. In such cases, we will notify you of the change in ownership and the new entity's privacy practices.

6. Data Security

Measures to Protect Your Information

We implement a comprehensive range of technical and organizational measures designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to:

• Encryption: We use SSL/TLS encryption to protect the transmission of data to and from our Platform. This ensures that any data transmitted is secure and cannot be easily intercepted by unauthorized parties.
• Access Controls: We restrict access to personal information to authorized personnel only. Access to sensitive information is granted on a need-to-know basis and is protected by multi-factor authentication where possible.
• Data Anonymization: Where feasible, we anonymize data to reduce the risk of exposure in the event of a data breach. Anonymized data cannot be traced back to an individual without additional information.
• Secure Storage: Personal information is stored in secure environments protected by firewalls, intrusion detection systems, and other advanced security technologies.
• Regular Security Audits: We conduct regular security assessments and audits to identify and address vulnerabilities in our systems. This includes both internal audits and external penetration testing.
• Employee Training: Our employees receive regular training on data protection and privacy practices to ensure they understand the importance of safeguarding personal information and are equipped to implement our security measures effectively.
• Incident Response Plan: We have an incident response plan in place to address potential data breaches or security incidents promptly. This plan includes steps for containing the breach, assessing its impact, notifying affected users, and preventing future incidents.

Limitations and No Guarantee of Absolute Security

While we strive to use commercially acceptable means to protect your personal information, it is important to understand that no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee the absolute security of your information. Users are encouraged to take additional precautions to protect their information, such as:

• Creating Strong Passwords: Use complex passwords that include a combination of letters, numbers, and special characters. Avoid using easily guessable information, such as birthdates or common words.
• Keeping Passwords Confidential: Do not share your passwords with others and avoid writing them down where they can be easily found. Consider using a password manager to keep track of your passwords securely.
• Monitoring Account Activity: Regularly check your account for any unauthorized activity and report any suspicious behavior to us immediately.
• Updating Software: Keep your software, including your operating system and browser, up to date to protect against security vulnerabilities.

You acknowledge and accept that any transmission of personal information is at your own risk. In the unlikely event of a data breach, we will promptly notify you and take all necessary steps to mitigate any potential harm. Your trust and the security of your data are of utmost importance to us, and we are committed to continuously improving our security practices to protect your information.

7. Retention of Data

How Long Data is Kept

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Once the retention period has expired, we will securely delete or anonymize your personal information, ensuring that it cannot be reconstructed or read.

Criteria for Data Retention

The specific duration for which we retain your personal information depends on various factors, including:

• Nature of the Information: Different types of personal information may be retained for different periods depending on their sensitivity and the purpose for which they were collected. For example, account information may be retained for as long as your account is active, whereas non-personally identifiable information may be retained for a shorter period.
• Legal Obligations: We may be required to retain certain information for specific periods to comply with legal and regulatory obligations. This includes records related to financial transactions, legal disputes, and investigations.
• Business Needs: Information necessary for the operation and improvement of our Platform and services may be retained for longer periods. This includes data used for analytics, research, and business planning.
• User Requests: We honor requests for the deletion or anonymization of personal information in accordance with applicable laws. However, we may retain certain information to comply with legal obligations or for legitimate business purposes, even after a deletion request has been fulfilled.

Data Retention Practices

To ensure that your personal information is retained only for as long as necessary, we implement the following practices:

• Regular Reviews: We conduct regular reviews of the personal information we hold and assess whether it is still necessary for the purposes for which it was collected. Data that is no longer needed is securely deleted or anonymized.
• Data Minimization: We aim to collect and retain only the minimum amount of personal information necessary to achieve the purposes outlined in this Privacy Policy.
• Secure Disposal: When personal information is no longer needed, we ensure that it is securely deleted or destroyed using industry-standard methods to prevent unauthorized access or use.

You have the right to request access to your personal information and to request its correction or deletion. If you would like to exercise these rights, please contact us using the contact information provided in this Privacy Policy. We will respond to your request in accordance with applicable data protection laws and regulations.

8. Your Rights

Introduction

Per the Data Protection Law in Kosovo, users have specific rights concerning their personal data. These rights are in line with those provided under the General Data Protection Regulation (GDPR) of the European Union. These rights ensure that users have control over their personal information and can hold organizations accountable for how they process and manage that data. Below is a detailed explanation of these rights and how you can exercise them through Dokumente Ligjore.

Access and Update

Right to Access:
You have the right to request confirmation as to whether or not your personal data is being processed and, if so, to access that data and receive information regarding:

• The purposes of the processing.
• The categories of personal data concerned.
• The recipients or categories of recipients to whom the personal data has been or will be disclosed.
• The envisaged period for which the personal data will be stored or the criteria used to determine that period.
• The existence of your right to request rectification, erasure, restriction of processing, or objection to processing.

Right to Rectification:
You have the right to have inaccurate personal data rectified and to have incomplete personal data completed. You can update your personal information by logging into your account on the Platform or by contacting us directly.

Deletion

Right to Erasure (Right to be Forgotten):
You have the right to request the deletion of your personal data under certain circumstances, including:

• When the data is no longer necessary for the purposes for which it was collected.
• When you withdraw your consent (where the processing was based on consent).
• When you object to the processing and there are no overriding legitimate grounds for the processing.
• When the data has been unlawfully processed.
• When the data must be erased to comply with a legal obligation.

Upon receiving your request, we will delete your personal data unless we are required to retain it for legal, regulatory, or legitimate business purposes. In cases where complete deletion is not feasible, we will anonymize your personal data.

Restriction of Processing

Right to Restriction of Processing:
You have the right to request the restriction of processing your personal data under certain conditions, such as:

• When you contest the accuracy of the personal data, for a period enabling us to verify the accuracy.
• When the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead.
• When we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims.
• When you have objected to processing pending the verification of whether our legitimate grounds override yours.

Data Portability

Right to Data Portability:
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where:

• The processing is based on your consent or a contract.
• The processing is carried out by automated means.

Objection

Right to Object:
You have the right to object to the processing of your personal data on grounds relating to your particular situation, where the processing is based on our legitimate interests. If you object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Right to Object to Direct Marketing:
You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you exercise this right, we will stop processing your personal data for such purposes.

Automated Decision-Making and Profiling

Right Not to be Subject to Automated Decision-Making:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless:

• It is necessary for entering into, or the performance of, a contract between you and us.
• It is authorized by law.
• You have given your explicit consent.

How to Exercise Your Rights

To exercise any of your rights, you can contact us at:

• Email: Email: dokumenteligjore@gmail.com

When contacting us, please provide sufficient information to verify your identity and specify the information or actions you are requesting. We will respond to your request in accordance with applicable data protection laws and regulations.

9. Changes to This Policy

Right to Update the Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, and other factors. We encourage you to review this Privacy Policy periodically to stay informed about our data protection practices.

Notification of Changes

In the event of significant changes to this Privacy Policy, we will notify you through the following means:

• Posting a prominent notice on our Platform.
• Sending an email to the address associated with your account (if applicable).

The notice will explain the changes made and their implications. We will also indicate the date of the last update at the beginning of this Privacy Policy.

User Acceptance of Changes

By continuing to use our Platform after any changes to this Privacy Policy have been posted, you acknowledge and agree to the updated terms. If you do not agree with the changes, you must discontinue your use of the Platform and may contact us to request the deletion of your personal information.

10. Contact Us

Contact Information for Questions or Support

If you have any questions, concerns, or need further information about this Privacy Policy or our data protection practices, please contact us at:

• Email: dokumenteligjore@gmail.com

We are committed to addressing your inquiries promptly and transparently, ensuring that your privacy and data protection concerns are adequately resolved.