Privacy Policy

PRIVACY POLICY

Dear visitor!

This document on Personal Data Protection explains how “Rubicon” Sh.a processes your data in the role of:

  1. Requesters – individuals who contact “Rubicon” for various information;
  2. Complainants – individuals who direct a concern or complaint to “Rubicon”;
  3. Visitors to the rbcn.al and pago.al websites and the “Pago” application (customers or potential customers);
  4. Job applications.

The following information is in accordance with and in accordance with the provisions of Law No. 124/2024 dated 19.12.2024 “On the Protection of Personal Data” as well as the internal regulations of the company “Rubicon” Sha, which are mandatory for implementation.

Pala përgjegjëse për përpunimin e të dhënave personale është “Rubicon” me NUIS M02129014T dhe seli në Tiranë, Rr. “Donika Kastrioti”, Pallati “Teknoprojekt”, Kati 6, Dera 3, Tiranë, Shqipëri, e cila ka një strukturë të posaçme (DPO) për çështjet e të dhënave personale.

Kjo Politikë mund të ndryshojë në raste ndryshimesh ligjore, apo të kushteve të punës në “Rubicon”. Ndryshimet hyjnë në fuqi, 15 ditë pas publikimit.

[A] PURPOSE OF PERSONAL DATA PROCESSING

  1. Identification and provision of services: Data is processed to identify clients, fulfill legal obligations, and carry out the “Know Your Customer” procedure, including periodic monitoring, risk assessment, and data updates. Data processed includes but is not limited to: name, surname, ID number, address, date of birth, nationality, video recording, email, and information on professional and financial activity.

For this purpose, depending on the case, personal data such as: name, surname, identification number, address, date of birth, citizenship, video recording, e-mail address, professional and financial activity, etc. are processed, which are stored in accordance with the requirements of the Archives Law.

Does the customer have to provide their personal data? Yes. As part of the business relationship, the customer must provide the personal information necessary to establish and continue the business relationship with “Rubicon”. If the customer does not agree to make this data available to us, it is impossible for us to establish/continue the business relationship.

However, in any case, the customer is not obliged to give us consent to the processing of data, if this data is not necessary for the fulfillment of a contract, or if it is not required by law or regulations. The customer’s will is always free and it is his right to choose whether to give consent to the processing of personal data.

  1. Handling of complaintsPersonal data under this purpose is processed in order to resolve customer complaints, disputes, or to initiate claims, requests, legal actions, etc. We retain personal data related to complaints in accordance with the applicable law and our personal data retention policy. This data is kept secure, and access to it is restricted based on the principle of “need to know and to be known only for the purpose of resolving the concern.”
  2. Statistical analysis for service/product quality improvement – Personal data under this purpose is processed for statistical and research purposes (to show visitor behavior, identify the most sensitive sections, and thus assess the interest of data subjects), always in a way that does not render individuals identifiable.
  3. Communication and Marketing – To maintain proactive communication with customers, support and manage customer relationships, inform them of changes to existing services, and announce new products. The processing of personal data for sending advertising materials or commercial information regarding the sale of products or services by Rubicon Sh.a requires the prior consent of the data subject.
  4. Provision of services through third parties – In cases where “Rubicon” services are provided by third-party agents, the client is regularly informed of any data processing for the purpose of delivering services through these third parties, and the data is processed only with the client’s express consent.
  5. For additional security measures at Rubicon and the client – The internal premises of “Rubicon” are monitored by cameras to comply with legal requirements for public safety and to protect the life and health of clients, visitors, and recruited staff. This data is stored in accordance with the retention period specified in Law 19/2016.

Personal data of the data subject are used for the purposes mentioned above and are transmitted to third parties (BoA, AIF, Court, DPT, Auditor, etc.) only when necessary for these purposes. The data are processed only for the time required to fulfill the purposes for which they were collected. Specific security measures are implemented to prevent data loss, illegal or improper use, and unauthorized access.

[B] SECURITY MEASURES AND CONFIDENTIALITY PROTECTION

“Rubicon” Sh.a guarantees each data subject that, upon submitting information and data to the servers of our websites, a high-standard security system is applied for the storage and further processing of these data, in compliance with the requirements set forth by Law no. 124/2024 dated 19.12.2024 (previously Law no. 9887, dated 10/03/2008) “On the Protection of Personal Data.”

“Rubicon” Sh.a uses a risk-based approach in assessing and understanding risks and employs all physical, personnel, technical, and procedural measures to achieve appropriate security safeguards. The institution takes into account technological developments and implementation costs to achieve a suitable level of security appropriate to the nature of the information and the potential harm resulting from a security breach, strictly protecting data from manipulation, loss, destruction, unauthorized access, and disclosure.

To protect the security of information and assets, we have an Information Security Management System (ISMS) compliant with the ISO 27001 Standard.

“Rubicon” assesses staff integrity prior to the start of employment and monitors their compliance with security obligations. All staff are strictly bound by confidentiality obligations regarding the information entrusted to them to perform their duties. “Rubicon” provides guidance and training to its staff to enable them to understand and fulfill their responsibilities in maintaining security.

[C] TRANSFER OF DATA TO THIRD COUNTRIES

Every customer who opens an account on the “Pago” platform, if they wish, can be issued a debit card (which may be of Mastercard or Visa type). For this purpose, basic customer data such as Name, Surname, and Pago account number are transferred to countries that meet the requirements of adequate personal data protection, according to decisions approved by the Commissioner for the Right to Information and Personal Data Protection.

Currently, companies providing debit card services are headquartered in the United States, Great Britain, and Belgium.

Additionally, to comply with the legal obligations of the Foreign Account Tax Compliance Act (“FATCA”), as a Financial Institution, reporting is carried out annually to the U.S. tax authority, the Internal Revenue Service (IRS).

[D] RIGHTS OF PERSONAL DATA SUBJECTS

In accordance with the provisions of Law No. 124/2024 “On the Protection of Personal Data,” the data subject has the following individual rights:

  • The right to be informed about the data being processed about themselves.
  • The right to withdraw consent for the processing of personal data.
  • The right to access personal data and obtain a copy of it.
  • The right to correct processed data if it is incomplete or inaccurate.
  • The right to request deletion of data when it is no longer necessary, when the purpose and duration for which it was collected have ended, when the data subject withdraws consent, or when the processing was unlawful.
  • The right to object to and restrict data processing in legally specified cases.
  • The right to file a complaint. This right may be exercised by any person who claims their rights, freedoms, and legitimate interests have been violated as follows:
    • Before Rubicon
    • by e-mail to the service email address [email protected];
    • Call the phone number: +355 4 562 0560. Customer service hours are 09:00 – 17:00;
    • By writing to its official address: “Donika Kastrioti” Street, PLL. Teknoprojekt Floor 6, Tirana 1005, Albania;
  1. “To the Commissioner for the Right to Information and Personal Data Protection”
  • by email at [email protected].
  • Call the phone number: +35542237200 or Toll-Free No.: 08002050. Service hours are 08:00-16:30 (Monday – Thursday) and 08:00-14:00 Friday.
  • By writing to the official address: Rr. “Abdi Toptani”, No. 5, 1001, Tirana

In case the data subject has filed a complaint, Rubicon Sh.a will not make any changes to their personal data until a decision is made.

[E] KUKIT (COOKIES)

Our website uses cookies. Cookies are text fragments that are stored on your device during your visit. We use cookies primarily for anonymous analysis of website usage. We also use cookies to provide you with additional features on the website, to make it easier to interact with the website and to ensure error-free use (e.g. to enable navigation on the website or to save your preferences for the next visit).

No personal data of users is collected from the website. Cookies are not used to transmit personal data, and no cookies of any kind, so-called persistent cookies, nor any other system is used to track users. The use of so-called session cookies (which are not stored permanently on the user’s computer and are destroyed when the website browser is closed) is strictly limited to the transmission of session identification data (composed of random numbers generated by the server) which is necessary to enable secure and efficient browsing on the website. The so-called session cookies used on this site constitute an alternative to the use of other ICT techniques which may violate the confidentiality of users’ searches and do not allow the acquisition of the user’s personal identification data.

  1. Necessary Cookies:Cookies that are required for basic functions of the website are stored by us due to contractual obligations.
  2. Functional Cookies: Cookies that allow us to analyze the use of the website are used by us based on legitimate interest.
  3. Marketing Cookies: Cookies that allow us to provide you with advertising tailored to your interests are used by us based on legitimate interest.

Some cookies are stored on the device until the visitor deletes them. The visitor has the right to choose whether to block, disable, or delete them. For this purpose, a variety of tools are available (including browser control settings). You can find information on this in the “help section” of your browser. If all cookies used by us are disabled, their display to the visitor may be limited.

  • Programming language and tracing

Our website uses Cookies and other market controls, in particular to control and improve our online presence (JavaScript and tracking pixels). All data is recorded in an anonymous manner.

  • Google Analytics

This website uses Google Analytics (provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)). Google Analytics uses cookies that are stored on your computer. Google uses this information on our behalf to evaluate the use of the website or to generate reports on website activity. You can prevent the storage of cookies by adjusting your browser settings; however, in this case, you may not be able to fully use all the functionalities of this website.

You can prevent Google from collecting your data related to Google Analytics by downloading and installing the browser add-on available at the following link:
http://tools.google.com/dlpage/gaoptout

For more information on Google’s terms of use and privacy policies, please visit: https://www.google.com/analytics/terms/
https://policies.google.com/privacy/partners?hl=en

  • Google Maps

On this website and the “Pago” app, we use the services of the Google Maps API (provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). By integrating this service on our website, minimal data such as: IP, time of visit, screen resolution of the visitor, URL (referrer), browser identification and search terms are transferred to Google. For more information on the purpose and scope of data collection and processing by Google, Inc., visit https://policies.google.com/privacy?hl=en&gl .

We generally retain data for a period of one month to ensure the security of our homepage. Retention for a longer period may be necessary in the event of an investigation into attacks against our website, or due to legal claims.

For any changes to this Policy, customers will be notified 15 days prior to the changes, via e-mail, sms or notification in the “Pago” app.

Last updated February 19, 2025 .

Për Individë

Për Biznese

Rreth Kompanisë

Shkarko Tani

Pago është e regjistruar në Shqipëri si markë e Rubicon Sh.a.

Ne jemi të licencuar (Nr. 52, datë 22.01.2022) nga Këshilli i Mbikqyrjes pranë Bankës së Shqipërisë si institucion financiar i parasë elektronike.

© All rights reserved Rubicon 2025