Politikat e Privatësisë

Privacy Notice

Global Consulting & Development Associates (GC&DA) LLC respects your right to privacy. This Privacy Notice explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights. It applies to all individuals who access our website at http://gcda-ks.biz/, engage our consulting services, or participate in our recruitment activities.
We strongly encourage you to read this Privacy Notice in full to ensure you are fully informed.

Who We Are
Global Consulting & Development Associates (GC&DA) LLC is a privately owned company, egistered with the Kosovo Business Registry under the same trading name. GC&DA is established as a limited liability company, headquartered in Gjilan, with an operating office located in Pristina.

Detailed information about the services we provide to public and private clients can be found on our website: http://gcda-ks.biz/.

What Personal Information Do We Collect When You Visit Our Website, and Why?

When you visit our Website, the personal information we may collect about you generally falls into the following categories:

  1. Information You Provide Voluntarily
    We collect personal information that you choose to provide to us directly through our Website. This may occur, for example, when you:
  • Submit your CV,
  • Complete online forms to contact us, or
  • Register for events that we organize.

The types of personal information we may collect include:

  • Name and job title;
  • Company or organization affiliation;
  • Contact information, including email address and telephone number(s);
  • Demographic information, such as postal code, preferences, and interests;
  • Information relevant to client surveys or similar research initiatives;
  • Information necessary to fulfill our services to you; and
  • Any other personal information you voluntarily provide to us.

If we request personal information that is not described above, we will make the nature of the information and the reason for the request clear at the point of collection.

  1. Information We Collect Automatically

When you visit our Website, we may automatically collect certain information from your device.

This information may include:

  • IP address;
  • Device type and unique device identification number;
  • Browser type and version;
  • Broad geographic location (e.g., country or city-level location); and
  • Other technical information related to your device.

We may also collect details about your interaction with our Website, such as:

  • Pages accessed;
  • Links clicked; and
  • Navigation patterns on the site.

Collecting this information helps us better understand the visitors who come to our Website, where they come from, and what content interests them.
We use this information for internal analytics purposes and to improve the quality, functionality, and relevance of our Website for all visitors and potential clients.

Some of this information may be collected through cookies and similar tracking technologies, as explained further in our Cookie Notice at www.gcda-ks.biz .

What Personal Information Do We Collect When You Engage Our Services, and Why?

When you engage us to provide legal and consulting services, we collect and use personal information necessary to perform those services and to onboard you as a client.

Most of the personal information we collect is either provided voluntarily by you or collected from third-party sources at your request. As a client of GC&DA, it will generally be clear to you what personal information we collect and use. This information may include:

  • Basic information such as your name, the company you work for, your position, and your relationship to a relevant individual;
  • Contact details such as your postal address, email address, and telephone number(s);
  • Financial information, such as payment-related information;
  • Identification and background information provided by you or collected as part of our business acceptance process;
  • Special categories of personal information, such as information about physical or mental health, alleged criminal activities, or similar information, where necessary for the services we provide; and
  • Any other personal information you voluntarily provide to us or that relates to third parties for the purpose of receiving our services.

We use this information to deliver the services you have requested.
Additionally, we process identification and background information as part of our business acceptance, finance, administration, and marketing processes. This includes conducting anti-money laundering checks, conflict of interest reviews, reputational and financial assessments, and fulfilling other legal or regulatory requirements to which we may be subject.

In performing our services, client-provided information may be disclosed to third parties when reasonably necessary (for example, when seeking advice from external experts).

As part of our marketing activities, we may also collect and analyze information from responses to marketing campaigns. This information is used for internal analytics to improve the quality, relevance, and compliance of our marketing efforts.

What Information Do We Collect During Recruitment?

GC&DA collects personal information from and about candidates in connection with available employment opportunities at GC&DA. This information is collected directly from you and may include:

  • CVs;
  • Identification documents;
  • Academic qualifications (e.g., diplomas, certificates);
  • Employment history; and
  •  

Personal Information Collected from Other Sources
We may also collect personal information from third-party sources, including:

  • References provided by referees;
  • Background information provided or confirmed by academic institutions and training or certification providers;
  • Criminal records data obtained through criminal records checks;
  • Information provided by background checking agencies and other external database holders (e.g., credit reference agencies and professional or sanctions registries);
  • Information provided by recruitment or executive search agencies; and
  • Information collected from publicly available sources, including social media platforms and other online information.

In each case, we ensure that the collection and use of such information is permissible under the applicable laws of the Republic of Kosovo.

When and With Whom Might We Share Your Personal Information?

We may disclose your personal information to the following categories of recipients:

  • Third-party service providers and partners who perform data processing services on our behalf. For example, this includes providers who manage blog email deliveries, website spam security services, or recruitment agencies engaged during hiring processes;
  • Competent law enforcement bodies, regulators, government agencies, courts, or other third parties where disclosure is necessary:
    • to comply with applicable laws or regulations;
    • to exercise, establish, or defend our legal rights; or
    • to protect your vital interests or those of any other person.
  • A potential buyer (and its agents and advisers) in connection with any proposed purchase, merger, or acquisition of any part of our business. In such cases, we will inform the buyer that they may only use your personal information for the purposes disclosed in this Privacy Notice;
  • Any other person to whom you have provided your consent for disclosure.

Legal Basis for Processing Personal Information

Our legal basis for collecting and using the personal information described in this Privacy Notice depends on the personal information concerned and the specific context in which we collect it.

We may process your personal information based on the following legal grounds:

  • Performance of a Contract: When you enter into a contract with us for the provision of services, we process your personal information to manage and fulfill that contract. This includes activities such as processing employee data for payment purposes, communicating with you regarding the services, and notifying you by text message, email, or phone if unforeseen events require alternative arrangements under the contract.
    If you do not provide the necessary personal information, we may be unable to enter into or perform the contract.
  • Consent: We may collect and process your personal information based on your consent, particularly where we are required to do so by law.
  • Legitimate Interests: We may process your personal information where it is necessary for our legitimate business interests and these interests are not overridden by your data protection rights or fundamental freedoms. Examples include internal administrative purposes, service improvement, and marketing activities (subject to applicable laws).
  • Legal Obligations: In some instances, we may process your personal information to comply with a legal obligation (for example, anti-money laundering checks or other regulatory requirements).
  • Legal Claims: We may also process your personal information where it is necessary to exercise, establish, or defend legal claims.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract, we will inform you at the time of collection whether providing your personal information is mandatory, and explain the possible consequences if you do not provide it.

If you have any questions or need further information about the legal basis on which we collect and use your personal information (including any legitimate interests we rely upon), please contact us at info@glb-ks.com .

How Do We Keep Your Personal Information Secure?

We implement appropriate technical and organizational measures to protect the personal information we collect and process about you. These measures are designed to provide a level of security appropriate to the risks associated with processing your personal information.

In line with our internal regulations, we have established specific technical and organizational safeguards for the protection of the personal data we handle. These include access controls, secure storage solutions, data minimization practices, and staff training on data protection principles.

International Data Transfers

We do not routinely transfer or store personal data outside of Kosovo. Transfers of personal data abroad occur only when required by law, under a specific international agreement, or at your explicit request in connection with entering into or performing a contract. Such transfers are exceptions and are handled in full compliance with applicable law.

If an international transfer of personal data is necessary, we ensure that it is protected using one of the following safeguards:

  • Adequacy Decisions: Transfer to a country outside the European Economic Area (EEA) that offers an adequate level of data protection as recognized by the European Commission.
  • Contractual Safeguards: Entering into a contract with the data recipient that requires them to protect your personal information to the same standards required within the EEA. We may use standard data protection clauses approved by the EU and the applicable laws in Kosovo.

Data Retention: How Long Do We Keep Your Personal Data?

We retain your personal data for as long as necessary to:

  • Fulfill our contractual obligations to you;
  • Provide our services;
  • Comply with legal obligations, including tax and regulatory requirements;
  • Respond to inquiries or complaints;
  • Protect and enforce contractual or legal rights;
  • Safeguard vital interests;
  • Pursue our legitimate interests, unless your rights override them.

If we process personal data based on your consent, we retain it only for as long as needed to fulfill the purpose for which consent was given. Retention periods are determined by the purpose of processing; if the same data serves multiple purposes, we retain it for the longest applicable period.

For example:

  • Video surveillance recordings (CCTV): Retained for up to 48 hours;
  • Personal data processed for service delivery: Retained as necessary to fulfill the service and legal requirements;
  • Personal data related to inquiries, complaints, or feedback: Retained for up to 36 months after the issue is resolved;
  • Personal data processed for marketing purposes (including profiling): Retained for 3 years after your last contact with us, unless you request to opt-out earlier. Upon your request to stop receiving marketing materials, we will cease communications and honor your instructions indefinitely.

In certain circumstances, we may retain personal data longer if required for internal or external investigations, litigation, or to meet legal obligations. We also reserve the right to retain your data within statutory limitation periods or where deletion is not possible for legal, tax, or regulatory reasons.

Your Rights Regarding Data Deletion
You have the right to request the deletion of your personal data at any time. We may also delete personal data earlier than scheduled if it is no longer necessary for the purpose for which it was collected.

Website Server Log Files

When you access our website, certain data is transmitted automatically to our web server for technical reasons. The following information is collected during a persistent communication connection:

  • Date and time of the request;
  • Name of the requested file;
  • Page from which the file was requested (referrer URL);
  • Access status (e.g., file transferred, file not found);
  • Internet browser and operating system used;
  • Full IP address of the requesting computer;
  • Amount of data transferred.

This data is stored temporarily for technical security reasons, particularly to protect against potential attacks on our web server.
We do not use this data to identify individual users. After a maximum of seven days, the data is anonymized by truncating the IP address at the domain level, making personal identification impossible.

The anonymized data is processed solely for statistical analysis purposes and is not matched with other data or shared with third parties, even in part.

If you have questions about, or need further information concerning, our data retention practices, please contact us at info@glb-ks.com .

Your Data Protection Rights

You have the following rights regarding your personal information:

  • Access, Correction, Update, or Deletion: You may request access to, correction, update, or deletion of your personal information at any time by sending an email to info@glb-ks.com .
  • Objection, Restriction, and Portability: You may object to the processing of your personal information, request that we restrict its processing, or request the portability of your personal information. You can exercise these rights by contacting us via email at info@glb-ks.com .
  • Opt-Out of Marketing Communications: You can opt-out of marketing communications we send you at any time. To do so, you can click the “unsubscribe” or “opt-out” link included in our marketing emails. For opting out of other forms of marketing (such as postal marketing or telemarketing), please email info@glb-ks.com .
  • Withdrawal of Consent: If we have collected and processed your personal information with your consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal, nor will it affect processing based on other lawful grounds.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority concerning our collection and use of your personal information. In the Republic of Kosovo, the supervisory authority is the Information and Privacy Agency: https://aip.rks-gov.net/.

We respond to all requests received from individuals wishing to exercise their data protection rights in accordance with Law No. 06/L-082 on the Protection of Personal Data, which is fully aligned with Regulation (EU) 2016/679 of the European Parliament and Council (General Data Protection Regulation – GDPR).

Updates to This Privacy Notice

We may update this Privacy Notice from time to time in response to legal, technical, or business developments. When we make updates, we will take appropriate measures to inform you, depending on the significance of the changes.

You can determine when this Privacy Notice was last updated by checking the “Last Updated” date displayed at the end of this Notice.

How to Contact Us

If you have any questions or concerns about our use of your personal information, or if you wish to exercise your data protection rights, please contact us at info@glb-ks.com