HOW CEC USES YOUR INFORMATION
This notification on the protection of your privacy informs you what to expect when the Central Election Commission collects your personal data. It is worth for information collected in relation to:
- Complainers who submit complaints regarding their claims of personal data violations during processing by the controllers.
- Other individuals who submit requests for obtaining information, providing consultancy, etc.
- Visitors to CEC official website
- Controllers who notify under the Personal Data Protection Law.
- Job candidates for our current and former employees.
PEOPLE WHO SUBMIT A COMPLAINT TO THE CEC
When a person submits a complaint, it is recorded in a special register by a relevant employee, who has previously signed the confidentiality statement and is familiar with the content of the institution’s code of ethics approved by the Regulatory Commission as well as with law no. 9887/2008 “On the protection of personal data”, amended.
CEC uses the personal data it collects only for the complaint review process and to check the level of services it provides. CEC compiles and publishes statistics giving information such as the number of complaints it receives, but not in a form, that identifies any of them.
CEC holds personal data in complaint files per the law and our personal data retention policy. They are kept in a secure environment and access to it is limited based on the “need to know” principle.
PEOPLE WHO USE THE CEC SERVICES
The Central Election Commission offers various services to the public. Job Application Forms, election results, information on political parties’ funds gained and spent and expenses, location of voting centers, various reports related to elections, lists of candidates who run in elections, decriminalization forms, as well as other election information.
VISITORS TO CEC OFFICIAL WEBSITE
The Central Election Commission has its institution’s official website www.kqz.gov.al. Through the official website, the CEC transmits and collects information. The purpose of transmitting and collecting information via the Internet is to be as close as possible to the actors involved in the electoral process, the media, and the public. Through the official website, the CEC goes to controllers’ aid by presenting the law and letting them know their obligations and responsibilities in relation to the processing of personal data that they carry out, as well as by recognizing the subjects of personal data with their rights. The CEC also helps the subjects of personal data by publishing on its official website various information related to legislation, awareness-raising information regarding the protection of personal data in everyday life, the use of electronic communication tools, etc.
For visitors of www.kqz.gov.al, the system collects standard information related to clicks on materials or sections on this page. This information is gathered for statistical and research purposes (to show the approach of visitors, to see which are the most sensitive sections and therefore the interest of the subjects of personal data, always make them unidentified).
CEC collects this information in such a way that it does not identify any visitor. It makes no attempt to trace the identity of visitors who have visited its website.
CEC does not use (and does not allow any third party) statistical analytical tools to track or collect personally identifiable information about visitors to its official website. CEC does not link any data collected from this site to any personal data that makes the visitor identifiable from any incoming source as part of ITS use.
The search engine on the CEC official website is designed to be as powerful and easy to use as Google search. Search is made possible by a piece of hardware (a search ‘app’) supplied by Google which is locked on its server and continuously indexes the content on its site. All search requests are handled by the app and the information is not passed to any third party, including Google.
If CEC wants to collect personally identifiable information through its official website, will make it clear to you when CEC collects personal information and explain what intend to do with it.
SUBJECTS WHICH “NOTIFY” UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA
The Law on the Protection of Personal Data requires that controllers, whether public or private, notify to the Commissioner on Information and Personal Data Protection, of certain specific information according to a standard approved by the Commissioner’s Authority. This information may contain personal data of the persons who are charged by the controllers to fulfill this obligation, in order to authenticate the truthfulness of the declaration and to maintain contacts in order to exhaust the legal powers of the Commissioner’s Authority.
When companies complete their notification forms, they are asked to provide the contact details of a significant member of staff. The Commissioner’s Authority will use this for its purposes, for example when we have a query about a notification but do not make this data public.
These data, processed automatically (due to the computer system of notification registration) and manually (due to the legal requirements of the administrative procedures), are limited to access to a well-defined number of specialists, as well as maintaining the confidentiality of these data is guaranteed by law.
The information obtained from the notification procedures is then made public, as a legal requirement, on the pages of the Register of Controlling Entities, but in the content of these pages, there is no personal data. The only personal data that can appear on the pages of this register are the names of entities that are legally registered as natural persons and that must legally be made public if they process personal data.
However, in these cases, since the register is available to the public, the Commissioner’s Authority cannot give any guarantees about the data contained in it, if it is used by those who have access to it. Also, when we request information as part of the notification process, we have made it clear when providing the information is required by law and when it is voluntary.
JOB APPLICANTS, CURRENT AND FORMER EMPLOYEES OF CEC
When people apply to be employed by the Commissioner’s Authority, we use the information for their application process and to monitor recruitment statistics. When we want to spread the data to a third party, for example, when we want to receive a referral or receive some data from other relevant institutions (e.g. the Judiciary Authority), we do not do this without informing the subjects beforehand, only if this information is required by law.
Personal data relating to unsuccessful applicants is retained for 12 months after the recruitment competition has ended, and is then destroyed or deleted. We hold non-personalized information for statistical purposes about applicants to assist our recruitment activities, but no applicant is identifiable from this data.
When an employee is no longer employed by the CEC, we prepare a file for him regarding the period during which he was employed. The data contained therein is kept secure and used only for purposes directly relevant to the person’s employment. When their employment with the CEC ends, we keep the file in accordance with the law on the status of civil servants, the law on archives, and our internal rules.
ACCESS TO PERSONAL DATA
The CEC tries to be as open as possible to give individuals access to their personal data. Individuals can find out whether we hold any personal data by sending us a ‘personal data access request’ under the Personal Data Protection Act. If we hold your personal data, we will:
- We give a description of them;
- Reasoning why we keep them;
- We indicate to which recipient we can spread this data;
- Provide a copy of the information in an understandable form;
- We inform you whether the provision of personal data is mandatory or voluntary.
To make a request to the CEC, for any personal data that we may hold, it is necessary to make a request in writing to the Directorate of Communication and Coordination or send it to us at the address [email protected].
If we hold information about you, you can ask us to correct errors in it by once again contacting our Communications and Coordination Department.
DISSEMINATION OF PERSONAL DATA
The CEC does not disseminate personal data without your approval.
LINKS WITH OTHER SITES
This notification on maintaining privacy to achieve the protection of personal data does not include links between this site and other sites. We encourage you to read the privacy statements on other websites you visit
CHANGES TO THIS NOTIFICATION FOR THE PROTECTION OF PERSONAL DATA
We update this notification regularly by considering this independent policy as one of the most important in the CEC’s work activities.
QUESTIONS OR COMPLAINTS
CEC strives to meet the highest standards when collecting and using personal data. For this reason, we take complaints about this topic very seriously. We also welcome any suggestions for improving our procedures. This notice on the protection of personal data was designed to be clear and concise. Full details of all aspects of the collection and use of personal data by the CEC are not provided. However, we are ready to provide you with any additional information or explanation needed. Any request for this should be sent to the email address [email protected].
INFORMATION PRIVACY POLICIES
The CEC processes information in order to carry out its duties assigned by the Constitution, the Electoral Code, the law on Political Parties, and the law on decriminalization.
This may include confidential information about controllers and individuals. Information is a valuable asset. The continuity of work of controllers is dependent on their integrity and continued availability. Therefore, steps must be taken to protect the information from unauthorized use, alteration, disclosure, or destruction, whether accidental or intentional.
The CEC is committed to ensuring the use of information and information technology systems in order to maintain the integrity and confidentiality of information under its control.
CEC uses a risk-based approach when assessing and understanding risks, and uses all physical personnel, technical and procedural means to achieve appropriate security measures. The CEC takes into account developments in technology and implementation costs to achieve a level of security appropriate to the nature of the information and the damage that may result from a security breach.
The staff of KZQ is subject to the obligation to maintain the confidentiality of the information which is given to the latter to exercise its functions based on the Law and can disseminate it only to the legal authorities. CEC provides guidance and training to its staff to enable them to understand and implement their responsibilities in complying with security. The CEC assesses their integrity before they are hired and monitors their compliance with their security obligations.