Privacy Policy
1. Who We Are
This Privacy Policy explains how VEOZORA SHPK ("we", "us", "our") processes personal data in the course of our business activities.
Data Controller: VEOZORA SHPK, a limited liability company incorporated in the Republic of Albania, registered office in Tirana, Albania.
Contact (data protection enquiries): privacy@veozora.com
General contact: info@veozora.com · +355 68 922 7574
2. What Data We Collect
2.1 Data you give us directly
- Identification: name, date of birth, nationality, passport / national ID copy.
- Contact: email, phone, postal address.
- Professional: company name, role, CV / LinkedIn profile.
- Financial (where engagement requires): source-of-funds documentation, bank statements, tax residency certificates.
- Beneficial-ownership: UBO declarations for company-formation engagements.
2.2 Data we collect automatically
- Website usage: IP address, browser type, device, pages visited, time spent, referral source, cookies.
- Communication metadata: date / time / subject of emails exchanged (content retained per Section 6).
2.3 Data from third parties
- Sanctions / PEP screening: public records (OFAC, EU, UN, UK HMT consolidated sanctions lists; OpenSanctions database).
- Credit / background: where legally required or with your explicit consent.
3. Why We Process Your Data — Legal Bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the services you engage us for (formation, accounting, legal, banking, logistics) | Performance of a contract — Art. 6(1)(b) |
| Comply with Albanian and international anti-money-laundering law (KYC, sanctions, record-keeping) | Legal obligation — Art. 6(1)(c) |
| Respond to business enquiries before a contract is signed | Pre-contractual steps at your request — Art. 6(1)(b) |
| Protect against fraud, misuse, or unauthorised access | Legitimate interest — Art. 6(1)(f) |
| Send you marketing communications | Consent — Art. 6(1)(a) — withdrawable any time |
| Website analytics (aggregated) | Legitimate interest / consent for non-essential cookies |
Where we process special-category data (e.g. copy of ID containing sensitive markers), we rely on your explicit consent or a legal obligation.
4. Who We Share Data With
We only share what is necessary, and only with parties bound by confidentiality and data-protection obligations:
- Albanian authorities — QKB, DPT, General Directorate for Prevention of Money Laundering, municipality, courts — where legally required.
- Service partners — accounting firm, law firm, banking partner, notary, logistics partner — only the minimum needed for the engagement you asked us to deliver.
- IT and platform vendors — Apple iCloud (EU), Google Workspace (EU), AI providers (US, under Standard Contractual Clauses), hosting provider.
- Professional advisers — auditors, external counsel — under confidentiality.
- Successor entity — in the unlikely event of a corporate sale or restructuring; affected data subjects will be informed.
We never sell personal data.
5. International Transfers
Some processors are outside Albania and the EEA (notably US-based AI providers). Transfers rely on: (a) EU Standard Contractual Clauses, or (b) explicit informed consent for specific processing. We perform Transfer Impact Assessments where clauses are relied on.
6. How Long We Keep Your Data
| Data class | Retention |
|---|---|
| Tax and corporate records | 10 years (Albanian statutory minimum) |
| Engagement files, contracts, correspondence | 7 years after close |
| KYC / UBO / source-of-funds pack | 5 years after engagement close |
| AML / SAR records | 5 years minimum (FATF) |
| Marketing contact data | 3 years from last interaction |
| Website analytics | 26 months |
After retention expires, data is securely destroyed (NIST 800-88 standard).
7. Your Rights
You have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase data where legal retention does not apply;
- Restrict processing in certain cases;
- Object to processing based on legitimate interest;
- Portability — receive your data in machine-readable form;
- Withdraw consent at any time, without affecting prior lawful processing;
- Complain to the Albanian Information and Data Protection Commissioner or your local supervisory authority.
To exercise any right: email privacy@veozora.com. We respond within one month.
8. Security
We maintain appropriate technical and organisational measures: encryption in transit (TLS 1.2+) and at rest, 2-factor authentication, role-based access, backup with off-site copy, password-manager credential storage, logging of privileged access, annual access review, and staff confidentiality training.
9. Data Breaches
In the event of a personal-data breach, we will notify the Albanian Information and Data Protection Commissioner within 72 hours where required, and notify affected data subjects without undue delay where there is a high risk to their rights and freedoms.
10. Changes to This Policy
We may update this Policy; material changes will be notified by email to active clients and posted on veozora.com with a new effective date. The current version is always available at veozora.com/privacy-policy.
11. Contact
privacy@veozora.com · VEOZORA SHPK · Tirana · Albania · +355 68 922 7574