Last updated: 5 May 2026

Privacy Policy

This notice explains how we process personal data when you use our website and client portal, in line with the EU General Data Protection Regulation (GDPR) where it applies, and with applicable Albanian personal data legislation.

1. Data controller

The data controller responsible for processing personal data obtained through this website and related services is: Asqeri Law Office (Tirana, Albania).

You can contact us about privacy matters at: asqeribesjan@gmail.com. We will respond within a reasonable time and, where GDPR applies, within the periods required by law.

2. Scope and purpose

We process personal data only for defined purposes: to operate and secure this website; to respond to enquiries; to manage appointments and consultations you request; to operate the client portal (authentication, case messaging, documents, notifications); to meet legal and professional obligations applicable to a law practice; and to defend legal claims.

If we intend to use your data for a new purpose incompatible with the original one, we will inform you and, where required, seek your consent or another valid legal basis.

3. Legal bases (GDPR)

Where GDPR applies, we rely on the following bases, as appropriate:

Contract (Art. 6(1)(b)): providing services you request (e.g. consult booking, portal access, case communication).
Legitimate interests (Art. 6(1)(f)): operating and improving the site, security, fraud prevention, internal administration, and limited analytics compatible with your expectations — balanced against your rights.
Legal obligation (Art. 6(1)(c)): retention and disclosure where the law or a court/regulator requires it.
Consent (Art. 6(1)(a)): non-essential cookies and optional marketing where we use them and you have agreed — you may withdraw consent at any time without affecting lawfulness before withdrawal.

4. Categories of data

Depending on how you use our services, we may process: identity and contact data (name, email, phone); account credentials (handled via our authentication provider); messages and documents you upload in the portal; appointment details; technical data (IP address, browser type, approximate location from IP, device identifiers); and communications you send via contact forms or email.

5. Recipients and processors

We use trusted service providers (processors) strictly under contract and instructions — for example: hosting (e.g. our application platform), email delivery, file storage, and authentication. A list of main categories can be provided on request.

We do not sell your personal data. We may disclose information if required by law, by a competent authority, or to protect rights, safety, and the integrity of our services.

6. Transfers outside the EEA

Some processors may be located outside the European Economic Area (EEA) or the United Kingdom. Where GDPR applies, we ensure appropriate safeguards (e.g. Standard Contractual Clauses approved by the European Commission) unless an adequacy decision or specific derogation applies.

7. Retention

We keep personal data only as long as necessary for the purposes above, including statutory limitation periods and professional record-keeping rules for legal services. Retention periods vary by category (e.g. client files vs. server logs). When data is no longer needed, we delete or anonymise it unless a longer period is mandated by law.

8. Your rights

Subject to applicable law, you may have the right to: access your data; rectify inaccuracies; request erasure (‘right to be forgotten’) where applicable; restrict processing; object to processing based on legitimate interests or for direct marketing; data portability where processing is automated and based on contract or consent; and not to be subject to solely automated decisions with legal effects (we do not use such decisions on this platform).

Where GDPR applies, you may lodge a complaint with the data protection supervisory authority in your country of habitual residence, place of work, or the place of the alleged infringement. You may also contact the competent authority in Albania regarding domestic processing rules.

9. Security

We implement appropriate technical and organisational measures (including access controls, encryption in transit where standard for web traffic, and supplier due diligence). No method of transmission over the Internet is 100% secure; we continuously review our practices.

10. Children

Our services are not directed at children under 16. We do not knowingly collect their personal data. If you believe we have, please contact us so we can delete it.

11. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies are necessary for the site to function; other categories depend on your choices where required by law.

12. Changes

We may update this policy to reflect legal, technical, or organisational changes. The “Last updated” date will be revised and, where appropriate, we will provide a more prominent notice.