Privacy Policy

HOW TO USE IT IN YOUR INFORMATION
All data included in the website of the Sports University of Tirana, are subject to law no. 9887, dated 10.03.2008 “On the protection of personal data”, as amended. This privacy notice tells you what to expect when the university collects your personal information. This applies to information collected in relation to:

Academic and non-academic staff and students;
Visitors to our university website.

We, as the controller of personal data, maintain personal data in accordance with the law and our policy of personal data protection. They are kept in secure environments and access to them is limited. Every data subject has the right to request the correction or deletion of data when it becomes aware that the data about it are not regular, true, complete or have been processed and collected in violation of legal provisions. The controller, within 30 days from the date of receipt of the request of the data subject, must inform him of the lawful processing of the data, whether or not to perform the correction or deletion. When the controller does not correct or delete the data requested by him, the data subject has the right to complain to the Commissioner.

ACADEMIC AND NON-ACADEMIC STAFF AND STUDENTS
The Sports University of Tirana has the official website of the institution, www.ust.edu.al. Through the official website, the Sports University of Tirana transmits and collects information.
The data collected by us, as a controller of personal data, in relation to academic and non-academic staff, as well as students are not used for other purposes, which are not consistent with the purpose of collection. Specifically, for academic and non-academic staff the system collects personal data, which consist of: identification data and email address, while for students the system collects personal data, which consist of: identification data, email address, address, identification document number, as well as the number of the high school diploma or university diploma with which they enroll in a study program at the Sports University of Tirana.
The collection of these data is done in function of the activity that this university exercises in accordance with law no. 80/2015 ‘On Higher Education and Scientific Research in Higher Education Institutions in the Republic of Albania” and bylaws issued in its implementation, as well as the Statute and Regulations of the institution.
The collection and processing of this data through the digital system of the university network is done in the framework of the digitalization of the administration of the database maintained by the teaching secretaries. Data on students are also collected for the purpose of statistical information required by the Ministry of Education and Sports. In some cases, students can also collect sensitive data, based on the Decisions of the relevant Council of Ministers, which are issued for each academic year regarding admission quotas and tuition fees, as these decisions also provide for exemptions from the tuition fee. or its payment in the amount of 50%, for students belonging to certain social categories such as: invalids, children belonging to Roma / Balkan-Egyptian communities, etc. Recognition or any processing of recorded data for a purpose other than that for which this data was collected is prohibited. Excluded from this rule is the case when the data are used to prevent or prosecute a criminal offense or other cases provided by law.
Data documentation is kept for as long as is necessary for the purpose for which it was collected.
The right of access is exercised in accordance with the constitutional principles of freedom of expression and information, freedom of the press and professional secrecy. The right of access may be restricted if it violates the national security interests, foreign policy, economic and financial interests of the state, the prevention and prosecution of criminal offenses.

ACCESS TO PERSONAL DATA
The Sports University of Tirana, as a controller of personal data, strives to be as open as possible to give students and academic or non-academic staff access to their personal data. Individuals may disclose whether we hold any personal data by sending us a “request for access to personal data” under the amended Personal Data Protection Act. If we hold your personal information:

We will give you a description of them;
We will let you know why we keep them;
We will show you to which recipient we can spread this information;
We will give you a copy of the information in a comprehensible form;
We will inform you whether the provision of personal data is mandatory or voluntary.

To make a request to the Sports University of Tirana, for any personal data we may hold, it is necessary to make a written request to the Legal Department, Human Resources and Archive or send it to us at fjasa @ ust .edu.al. If we hold information about you, you can ask us to correct any errors in it by contacting the Legal, Human Resources and Archives Department once again.

VISITORS ON OUR WEBSITE
The Sports University of Tirana has the official website of the institution, www.ust.edu.al. Through the official website, the Sports University of Tirana, as a controller of personal data, transmits and collects information. For visitors to our website www.ust.edu.al, the system collects standard information, which are related to their online registration, clicks on articles or sections on this site. This information is collected for statistical purposes (to show the access of visitors, to see which are the most sensitive sections and consequently the interest of personal data subjects, always without making them identifiable).
We, as personal data controllers, collect this information in such a way that we do not identify any visitors. We make no attempt to find out the identities of the visitors who have visited our website. The Sports University of Tirana, as a controller of personal data, does not use (and does not allow any third party) statistical analytical tools to track or collect personal information that makes the visitors of our official site identifiable. We do not link no data collected from this site with any personal data that makes the visitor identifiable from any source to come, as part of our use.
The search engine on our website is designed to be easy to use, which is locked to our server and constantly indexes the content on our site. All search requests are handled by the application and the information is not passed to any third party. If we would like to collect personally identifiable information through our website, we will make it clear to you when we collect personal information and explain what we intend to do with it.

PERSONAL DATA SECURITY MEASURES
We, as controllers of personal data, take appropriate organizational and technical measures to protect personal data from illegal destruction, accidental, accidental loss, to protect access or dissemination by unauthorized persons, especially when data processing is done in the network, as well as from any other illegal form of processing. SUT, as the controller of personal data, also takes these special security measures:

Defines the functions between organizational units and operators for data use;
The use of data is done by order of organizational units or authorized operators;
Instructs operators, without exception, on their obligations, in accordance with the law on personal data protection and internal regulations on data protection, including data security regulations;
Prohibits the entry of unauthorized persons into the premises of the controller or data processor;
Access to data and programs is made only by authorized persons, prohibits access to archiving tools and their use by unauthorized persons;
Commissioning of data processing equipment is done only by an authorized person and any means is provided with preventive measures against unauthorized commissioning;
Records and documents modifications, corrections, deletions, transmissions, updates, etc.

Whenever SUT employees leave their workplace, they must lock their computers, lockers, safes and office, in which personal data is stored;

They should not leave the workplace when there is data protected on the desk, and located in the presence of persons who are not employed by SUT;
They do not keep personal data on the monitor, when an unauthorized person is present and especially in non-public places;
Do not take out of the office, in any case, computers, laptops, flash drives or other devices containing personal data and should not leave them in unsafe places, without making sure to delete or destroy data;
Data is protected by verifying the identity of the user and allowing access only to authorized individuals;
Instructions for using the computer must be stored in such a way that they are not accessible to unauthorized persons;
Continuously perform login and logout procedures using personal passwords at the beginning and end of their access to protected data stored in SUT databases;
Recognition and registration of terminal operators and users is performed using passwords for entering the database. Passwords are considered secret and are personal;
In documents containing protected data, they must ensure the destruction of supporting materials (eg evidence or papers, matrices, calculations, diagrams and sketches) used or produced to create the document;
Documented data are not used for other purposes, which are not in line with the purpose of collection;
Recognition or any processing of data recorded in the file for a purpose other than the right to enter data is prohibited. Excluded from this rule is the case when data are used to prevent or prosecute a criminal offense;
Preserve the data documentation for as long as it is necessary for the purpose for which it was collected;
The level of security should be appropriate to the nature of the processing of personal data;
Respect other laws and bylaws that determine how personal data should be used;

The protection of personal data is realized, among others, by taking security measures, as follows:

Through automatic installation and updating of the antivirus system and the firewall system, which is managed through the system and network devices;
Operating system update and software update;
Allowing staff access only to those materials they need to perform the task;
Use of passwords;
Specification of system recreation procedures (backup), in case of damage.

The premises in which personal data will be processed must be protected by organizational, physical and technical measures to prevent the access of unauthorized persons to the premises and equipment with which personal data will be processed. The implementation of security measures should be done in accordance with the level of security of data and information administered, as well as indicators of the level of risk that may arise from unauthorized exposure of stored information.
The following security measures are applied in the premises where personal data are processed:

The entry of unauthorized persons is prohibited.
Persons entering these premises must be provided with the appropriate authorization by the holder.
The premises are equipped with safes and automatic locks with keys and padlocks separate from those of ordinary use, safe to protect files from damage.
A check is made to prevent the placement or use of eavesdropping, recording or filming tools.
Continuous surveillance is provided, day and night with physical guards.

In the premises where protected (personal) data are processed are allowed to stay:

Employees of the institution, only if they are employed in this environment or if their presence is essential for the performance of work duties.
The maintenance personnel of the telecommunication system or equipment are allowed to enter these premises, only with the permission of the head of the institution.

Electronic data processing and information equipment in SUT structures is used only for the performance of the tasks defined in the regulations. These devices are used only by SUT employees, previously trained for their use. Training of personnel dealing with automatic processing of data is done by the Information Technology Sector. For any error or defect in the systems / databases of the institution, the system administrator is notified, who on the basis of the request makes the relevant adjustment.
Programs for handling data and information purchased or donated by various donors are managed by the Information Technology Sector. When a program intended for the processing of personal data is created at the initiative of an external employee or a contracting entity, which is not involved in the development of the organization and planning of programs, before being involved in the use of the program must be approved by the Rectorate. After approval, the Rectorate organizes its installation in electronic devices.
For each program the Information Technology Sector can determine:

Who can delete, copy or modify it;
Where to keep a copy of the program and who is responsible for keeping it up to date.

Furthermore, regarding the personal data security measures at SUT, you can read the Regulation “On the protection, processing, storage and security of personal data” of this university, published on the official website www.ust.edu .al, in the section “Privacy policies”.

DISSEMINATION OF PERSONAL DATA
The extraction or dissemination of data by us, as controllers of personal data is done in accordance with the purpose (s) for which they were collected, retained or processed. This compatibility consists of:

Use of data only according to the purpose / s for which it is kept.
Extracting or disseminating data according to this purpose or purposes.
Extraction or dissemination of data to the data subject itself or to other controlling entities with the consent of the data subject itself.
Extraction or dissemination of data according to the requirements provided by law.
Data processing based on the law, as well as the acts issued for this purpose by the Commissioner for Personal Data Protection.

CHANGES TO THIS NOTICE ON PERSONAL DATA PROTECTION
We, as controllers of personal data, will update this announcement regularly, evaluating the privacy policies as extremely important during the activity that the Sports University of Tirana carries out based on law no. 80/2015 ‘On Education of Higher Education and Scientific Research in Higher Education Institutions in the Republic of Albania ”, bylaws issued in its implementation, the Statute and internal regulations of the institution.

COMPLAINTS OR QUESTIONS
The Sports University of Tirana, as a personal data controller, strives to meet the highest standards in the collection and use of personal data. This notice on personal data protection was drafted in order to be clear and concise . It does not provide full details of all aspects of the collection and use of personal data by the Sports University of Tirana. However, we are ready to give you any additional information or explanation you need. Any request for this should be sent to the email address: fjasa@ust.edu.al.
Also, for more information on the collection and use of personal data by the Sports University of Tirana, as a controller of personal data, you can read the Regulation “On the protection, processing, storage and security of personal data”, of this university, published on the official website www.ust.edu.al, in the section “Privacy policies”.

INFORMATION SECURITY POLICY
The Sports University of Tirana, as a personal data controller, processes the information in order to perform its legal and statutory duties. This may include confidential information for students and academic or non-academic staff. The Sports University of Tirana uses a risk-based approach, during the assessment and understanding of risks, as well as uses all physical means of staff, technical and procedural to achieve appropriate safety measures. The Sports University of Tirana, as a controller of personal data, takes into account developments in technology and implementation costs to achieve a level of security appropriate to the nature of the information and the damage that may result from a security breach. The staff of the Sports University of Tirana is subject to the obligation to maintain the confidentiality of information, which is given to the latter to exercise its functions in accordance with the law, and may disseminate it only to lawful authorities. The Sports University of Tirana offers guidance and training to its staff to enable them to understand and implement their responsibilities in respecting safety. The Sports University of Tirana assesses their integrity before they are hired, as well as monitors their compliance with their safety obligations.

Law 9887 as amended, “On the protection of personal data”
Regulation on the protection, processing, storage and security of personal data at the Sports University of Tirana.