Privacy Policy

Introduction and Contacts

This privacy policy for Retail Kosova Sh.p.k. (hereinafter referred to as “GiFi”) (“we”, “us”, “our”) describes the reasons and methods for processing data when you use our services, products, and websites.

• Visit our website at www.gifionline.com or any other page linked to this policy
• Communicate with us through various sales, marketing, and event channels

Questions or concerns: Reading this policy will help you understand your rights and choices. If you do not agree with it, please refrain from using our services. For any inquiries, contact us at info@gifi-koscom.

Recitals

GiFi processes personal data only to the extent necessary for the operation of its websites, content, and services. Processing is typically based on user consent, except in cases where the law permits processing without prior consent.

We respect data protection requirements when selling goods and providing services, whether through GiFi’s online platform, via email, or by other means, including simple website browsing.

By using our services and visiting our website, you agree to the terms of this policy. This includes authorizing the collection and processing of your data in compliance with applicable law.

This policy is aligned with Law No. 06/L-082 on the Protection of Personal Data in Kosovo as well as international standards such as the GDPR

The policy applies to prospective and existing customers, their representatives, potential buyers, and visitors to the platform and website.

Key Highlights

• What information we process: Personal data depending on how you interact with our services
• Sensitive information: Processed only with explicit consent and when strictly necessary.
• Third-party data: May be obtained from public databases, marketing partners, and social networks 
• Purposes: Service provision, improvement, security, communication, and compliance with applicable laws
• Data sharing: Only in specific cases and with authorized third parties 
• Security: Technical and organizational measures are applied (firewalls, encryption, access controls) 
• Your rights: Access, correction, deletion, restriction, portability, and objection

1. Information We Collect

Personal information provided by you

We collect data that you voluntarily provide during account registration, account updates, interest in products and services, participation in activities, orders, and communication with GiFi.

Examples include:

• Full name, phone number, email address, home address, authentication details, billing addresses, date of birth, and password
• Additional information legally required for verification and identification
• Information on preferences, age, gender, education, and professional experience, when shared with us 

We do not request data from children. The name of a minor may only be used for user identification and content customization purposes.

Sensitive information

We do not process sensitive data without your written consent and without a necessary legal basis.

Payment data

GiFi does not store credit card information. Payment processing is carried out by licensed third parties. We encourage you to review their respective privacy policies.

Social media logins

Registration may also be enabled via Facebook or Google. We receive limited profile data from the relevant provider, depending on your settings.

Automatically collected information

When you use our services, we automatically collect technical data such as IP address, browser type, operating system, language preferences, referring URL, device name, location, usage time, and marketing or communication preferences.

Logs and usage data may include device events, error reports, and actions within our services.

Device data may include identifiers, model, carrier, and configuration details.

Location data may be collected via GPS or IP address, depending on your device settings.

Cookies

When you visit our website, we use cookies stored in your browser through an opt-in procedure. These help with identification, preference settings, performance diagnostics, security, and personalization.

Types of cookies:

• Necessary cookies: For basic functionality without storing personal identifiers
• Performance cookies: For visit measurement and content improvement
• Marketing cookies: For more relevant advertising 

You can manage cookies through your browser. Blocking cookies may limit some functionalities.

Google API

Use of data obtained through Google API complies with the Google API Services User Data Policy including the Limited Use requirements.Please review the relevant policies on Google’s official pages.

Other sources

We may receive information from public databases, marketing partners, affiliate programs, data providers, and social media platforms to improve marketing accuracy and update our records.

We also use third-party services such as Google Analytics and Hotjar for usage analysis and application hosting.

2. How We Process Information

Our purposes for processing include:

• Creating and verifying user accounts
• Providing services and fulfilling orders
• Delivering customer support 
• Sending administrative notifications  
• Requesting feedback to improve our services 
• Conducting marketing activities with consent  
• Serving targeted advertisements 
• Protecting the security of our services 
• Identifying usage trends and behaviors 
• Measuring the effectiveness of campaigns 
• Safeguarding vital interests 
• Enabling secure login 
• Personalizing the user experience 

GiFi does not engage in fully automated decision-making that produces legal or similarly significant effects on users, except in cases where such processing is transparent and based on the user’s explicit consent.

3. Legal Basis

We process personal data under the following legal grounds:

• Consent: Processing takes place when the user has given explicit consent, which can be withdrawn at any time.
• Contract: Processing necessary for the performance of a contract or pre-contractual steps requested by the user.
• Legal obligation: Processing required to comply with legal obligations, cooperate with authorities, and protect rights. 
• Legitimate interests: Processing based on our legitimate business interests, such as communicating offers, analyzing usage, improving services, and ensuring security. A Legitimate Interest Assessment (LIA) is conducted to balance our interests against the rights and freedoms of data subjects. 
• Vital interests: Processing necessary to prevent harm or protect life. 
• Public interest: Processing carried out when necessary for the performance of a task in the public interest. 

4. Data Sharing with Third Parties

Data may be shared in the following circumstances:

• During business transfers or corporate restructuring
• With Google Maps Platform APIs
• With subsidiaries, business partners, vendors, or third-party service providers such as financial institutions, payment processors, consultants, accountants, IT administrators, and marketing agencies 

GiFi requires all third parties to comply with this policy and with applicable data protection laws. If data is transferred outside the Republic of Kosovo, GiFi ensures appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or other approved international agreements.

5. Third-Party Websites and Applications

Links to third-party websites and applications are not covered by this policy. GiFi is not responsible for their content or practices. We encourage you to review the privacy policies of those third parties.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and pixels to ensure security, stability, user preferences, and proper website functionality. Below are key references:

• Google Analytics for tracking and analyzing website usage
• Other similar technologies for monitoring performance and enhancing services

Cookies help us recognize users, store preferences, improve performance diagnostics, and provide tailored experiences. You may manage or disable cookies through your browser settings, although this may limit certain functionalities.

7. Social Media Logins

If you choose to register through social media platforms, we may receive limited information from your social media account, depending on your privacy settings with the provider.

The use of your data by these providers is governed by their own privacy policies, which we encourage you to review.

8. Data Retention Periods

Personal data is retained only as long as necessary for the purposes outlined in this policy or as required by law. Once data is no longer needed, it will be deleted, anonymized, or securely isolated until safe deletion is possible.

Retention periods include:

• Billing data: Retained for 7 years for tax purposes
• Marketing data: Retained until consent is withdrawn or for a maximum of 2 years after the last interaction
• Account data: Retained while the account is active and up to 1 year after closure 

9. Security Measures

We implement technical and organizational measures such as encryption, firewalls, and access controls to protect personal data. However, no technology can guarantee absolute security.

Use of our services remains at your own risk. We recommend that you use secure environments and notify us immediately if you suspect any data breach or compromise.

10. Children’s Data

The processing of a child’s personal data is lawful only if the child is at least sixteen (16) years old.

If processing involves children under sixteen (16) but at least fourteen (14) years old, GiFi makes reasonable efforts to verify that consent has been provided or authorized by the child’s parent or legal guardian, taking into account available technology.

11. Privacy Rights

Under Law No. 06/L-082, you are entitled to the following rights:

• Right of access to your personal data
• Right to obtain a copy of your data
• Right to rectification of inaccurate or incomplete data 
• Right to erasure (“right to be forgotten”) 
• Right to restrict processing 
• Right to data portability 
• Right not to be subject to automated decision-making  
• • Right to object to processing  

If you are located in Kosovo and believe that your data is being processed unlawfully, you may file a complaint with the Agency for Information and Privacy.

• Withdrawal of consent

  Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

• Marketing communications

  You may unsubscribe from marketing communications at any time through the opt-out link provided in emails or by contacting us directly. Operational communications may still continue.

• Account information

  You may log into your account to update settings or contact us to request account closure. After closure, certain data may be retained for fraud prevention, investigations, enforcement of rights, or legal obligations.

   

GiFi will respond to privacy rights requests within one (1) month. In complex cases, this period may be extended by up to two (2) additional months, with prior notice to the user.

12. Do Not Track

At present, there is no universally accepted standard for responding to Do Not Track (DNT) signals. For this reason, GiFi does not currently respond to such signals.

If a binding standard is adopted in the future, we will update this policy accordingly and provide appropriate notice.

13. Updates to This Policy

This policy is updated whenever necessary to remain compliant with applicable laws. The updated version becomes effective upon publication and is indicated by the date at the top of the document. Material changes may be communicated through prominent notices on our website or by direct contact with users.

If you choose not to accept substantial changes, this may affect our ability to provide services. The invalidity of any part of this policy does not affect the validity of the remaining sections.

14. Contact Information

GiFi has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this policy. For any requests or concerns, you may contact us at [email protected].

Retail Kosova Sh.p.k

Unique number: 811847667

Prishtina, Republic of Kosovo

Magjistralja Prishtinë – Mitrovicë, km 10, Mazgit, Obliq – Kosovo

Email: [email protected]

Phone: +383 45 100 865

15. Managing Your Data

You have the right to request access to, update, delete, export, or deactivate your account and associated personal data.

Requests can be submitted by emailing [email protected] or by using the contact channels provided on our website.