PRIVACY POLICY

PRIVACY POLICY FOR THE PROCESSING OF PERSONAL DATA HAPPY Sh.p.k

Who Are We:

HAPPY Shpk is a company primarily engaged in providing "Loyalty Program" services for retail businesses and offering statistical data processing, telemarketing, market research, customer care services, and related fields.
In this Privacy Policy, we describe how we collect, use, and protect your personal data when you interact with our website, engage with our services, or communicate with us, as well as the data we collect during the processing activities we perform in the course of our operations.
We recognize the importance of transparency and trust in our relationship with you, and we are committed to ensuring that your personal data is handled responsibly and in compliance with applicable laws and regulations for data protection.

  1. INFORMATION ABOUT DATA CONTROLLER

HAPPY Shpk

Adress: Rruga "Reshit Çollaku", Tiranë, Shqipëri

Telephone Number: +35544803999

E-mail: loyalty@happy.al

  1. CATEGORIES OF PERSONAL DATA WE PROCESS

HAPPY Shpk, in the context of its activities and processing processes, is considered a "controller" (in cases where data is processed for purposes defined by the company itself) but also as a 'processor' (in cases where it provides services to other companies which it considers as clients)."

As the "Controller", we collect and process the following categories of personal data:

  1. Within the Loyalty program, for Happy members, at the time of registration, we collect and process, with the consent of the members/data subjects (by informing them in advance, according to each form of registration), the following data:

- Name

- Last Name

- Gender

- Telephone Number

- E-mail

- Town

- Address

- Birthdate.

Happy Loyalty Program is an innovative loyalty scheme aimed primarily at rewarding customers based on their purchases in all stores of companies that are part of the partner network.
Only members aged 16 and above are eligible to join the Program and its privileges.
Data is collected through the website www.happy.al as well as through the HAPPY application.

2. As part of the processing of personal data for interested individuals/visitors,through the website, in the "Contact Us" section, which allows them to obtain information about membership procedures in Happy and services, we collect data such as:

- Name

- Last Name

- E-mail

- Telephone Number

- Address

- Message

3. Steps Data: When you connect your Happy Mobile App with a step counter application, we collect and process data about the number of steps you take each day, but customers total steps are not stored in our database. We use this information only to check if the user has pass the limits of steps in order to give him a reward of points.

This data is accessed only when you activate the step-counting feature within the app

Your data will be handled in accordance with this Privacy Policy, ensuring confidentiality and security. We do not sell personal or sensitive data to third parties. Steps data will be displayed in the app and retrieved from the step counter application only with your consent. It will not be stored or used for purposes other than rewarding customers for reaching their monthly targets.

  1. LEGAL BASIS FOR PROCESSING, PURPOSES OF PROCESSING, AND DATA RETENTION PERIODS

1. We process your membership data based solely on your consent in accordance with the provisions of Article 6(1)(a) of Law No. 9887, dated 10.03.2008 "On the Protection of Personal Data", as amended.

- The purposes for which we process the member's data are as follows:

- Earning and redeeming points collected by the member.

- Notifications via email, SMS, Viber, and/or phone calls regarding our news, new products, and general offers.

- Sending personalized special offers exclusively for the member as additional privileges for cardholders, based on their preferences.

- Handling complaints related to points, benefits, etc. In this context, members may be contacted via phone number, WhatsApp, Viber, email, etc.

- "Gender" is processed for personalized campaigns.

- "Address" is processed for personalized campaigns.

- "City" is processed for personalized campaigns.

- "Date of birth" is processed for personalized campaigns.

- "Steps" for tracking daily activity and rewarding loyalty points based on the number of steps.

The company maintains and processes your data for as long as your membership card remains active, and after that, deletes it from its database, not using it for any purpose until reactivation with the client's consent.

This data is stored by the company, but it is automatically and periodically deleted by the system after a 5-year period from the last purchase (being inactive for 5 years results in the total deletion of the client's data).

2. Personal Data of Interested Parties (website visitors) are processed as part of providing them with information regarding the services of Happy Shpk. The legal basis for processing is your consent according to the provisions of Article 6(1)(a) of Law No. 9887, dated 10.03.2008 "On the Protection of Personal Data," as amended.

The data of interested parties/visitors, related to requests via the website, will be retained for as long as the purpose of their processing exists (i.e., they will be kept until the request clarification is completed). After this, they will be deleted and destroyed. Based on experience, these cases are handled within a period of 30 days.

  1. HOW DO WE STORE YOUR PERSONAL DATA?

Your personal data will be stored electronically on the company’s servers located in Albania, as well as on the INTELIQUA servers, which are also located in Greece, a country within the European Union. Our company and INTELIQUA have implemented measures to protect the security of your personal information, including necessary security measures to prevent accidental loss, unauthorized use or access, alteration, or disclosure. These measures include encrypted servers, restricted access to each database only for individuals who need it, and secure backup copies of all data.
Individuals who have access (company employees with certain access levels, as well as employees of INTELIQUA, as provided for in the service contract) will maintain personal data in accordance with Albanian legislation on data protection, and in the case of INTELIQUA, also in accordance with the General Data Protection Regulation (GDPR), as well as the rules specified in the contract regarding the controller-processor relationship, and the internal regulations for the protection of personal data.

  1. TECHNICS AND ORGANIZATIONAL MEASURES FOR THE PROTECTION OF PERSONAL DATA

Data Security is essential for protecting information and personal data, maintaining integrity, and complying with legal and ethical standards. Our company conducts its activities in accordance with the applicable legislation for the protection of personal data and has implemented the necessary policies and systems for this purpose.

We have implemented strict security measures to reduce the risk of data breaches and misuse of your personal data, such as unauthorized disclosure and unauthorized access to your data.
We ensure the privacy and protection of personal data by anonymizing your data for the service provider INTELIQUA, and by obtaining your informed consent before collecting data. Personal information will not be disclosed to any third parties outside the company. Individuals have rights arising from applicable legislation, such as access, correction, and deletion.

To protect personal data and preserve the integrity of processing activities, we implement the following approaches:

  • Data Storage – we use encrypted storage solutions and restricted access databases to protect personal data.
  • Access Control – we implement strict access controls to limit access to personal data, ensuring that only authorized personnel can view/access, modify, or delete specific information or data.
  • Secure Communication Channels – we use secure channels for exchanging/communicating information, including encrypted email services to prevent data interception.
  • Devices/Environments – the environments where we store personal data are secured with restricted physical access (e.g., locked rooms).
  • Security Measures – we use firewalls, strong passwords, antivirus programs, and other measures to protect personal data (such as encryption and pseudonymization).
  • Data Retention Policy – we have adopted rules for the duration of data retention and secure disposal to mitigate the risk of unauthorized access to outdated (expired) or unnecessary data.
  • Data Security Training – before starting the job, we ensure that the relevant personnel is trained and certified in data protection, is updated on our data security standards and rules, practices, and specific data management protocols."
  1. YOUR RIGHTS

According to Articles 12-17 of Law No. 9887, dated 10.03.2008 'On the Protection of Personal Data', as amended, you have several rights concerning your personal data, and you may request additional information at any time regarding the processing of your personal data.
In accordance with Law No. 9887, dated 10.03.2008 'On the Protection of Personal Data', as amended, regarding the personal data processed by HAPPY Shpk, you have the following rights:

• Right to Access – You have the right to request at any time confirmation on whether your personal data is being processed by HAPPY Shpk, and to access these data and information regarding the purpose, retention period, legal basis for processing, categories of data being processed, as well as categories of recipients.
• Right to Request Blocking, Correction, or Deletion – If you are informed that your data is incorrect, false, or inaccurate, or has been collected and processed in violation of the law, you have the right to request correction or deletion of your personal data, as well as immediate cessation of processing.

• The right to disable the step-counting feature – you have the right to disable the step-reading option at any time.
• Automated Decision-Making – You have the right to request not to be subject to decisions that have legal effects on you or significantly affect you when the decision is based on automated processing of your data.

• Right to Object – In certain circumstances, you have the right to object to the processing of your personal data for specific purposes, according to the provisions of Article 15 of Law No. 9887, dated 10.03.2008 'On the Protection of Personal Data.'
• Right to Complain – If you believe that your rights, freedoms, or legitimate interests regarding personal data have been violated, you can file a written complaint to our official address and email, published on our website.
• Right to Compensation – If you prove that damage has been caused to you as a result of unlawful processing of personal data, you have the right to request compensation, according to the rules established in the Civil Code.

The written request must include your signature and be accompanied by a valid copy of your identification document, in order to prevent potential abuse by third parties.

The request must be sent in writing to the appropriate address of HAPPY Shpk, addressed to the Data Protection Officer, or by email to: loyalty@happy.al.
You may exercise your rights freely.
Within 30 days of receiving your request, we will send you the requested information or provide a reason for not granting or executing your request.
In case of dissatisfaction with the handling of requests by HAPPY Shpk, you always have the right to contact the Office of the Commissioner for Personal Data Protection, at: Rr. "Abdi Toptani", building 5, Tirana. For more information, visit the Commissioner’s website at www.idp.al.
If the processing of personal data is based on consent, you may withdraw it at any time. To withdraw consent, you can contact us at: Email: loyalty@happy.al, Phone Number: +35544803999.

  1. RECIPIENTS OF DATA, INTERNATIONAL DATA TRANSFERS TO THIRD COUNTRIES

We share your personal data with our service providers, contracted by our company to perform lawful services on behalf of our company, under our supervision and according to our instructions, to ensure the best quality service for you.
Service contracts with the service providers include specific rules regarding their obligations for data protection.
This includes:

  • System registration service – Company INTELIQUA (service agreement)
  • IT services – GRUPI Balfin, of which our company is a part (service agreement)
  • Data sharing within the framework of collaboration for citizen/member benefit projects.
  • Data sharing with client companies for point transfers when purchases are made at customer stores (data such as: first name, last name, phone number, card holder's details). The data appears on the HAPPY platform, and the customer simply views the data when the card is used.
  • Agreement for IT services with Balfin Group to ensure network security.

We may share your data with third parties, such as anti-crime, fraud prevention, money laundering authorities, and law enforcement agencies, in order to comply with our legal obligations.
When we transfer your personal data to third countries, we take all necessary steps and additional safeguards to ensure that the level of data protection and your rights is equivalent to that in Albania.

  1. COOKIES

Our website uses technical cookies, which are mandatory cookies that cannot be disabled and are necessary for its operation. We do not need to ask for your consent for such cookies. All information about how we process your personal data through cookies can be found on our website: www.happy.al

  1. THE RIGHT TO FILE A COMPLAINT REGARDING THE PROCESSING OF YOUR PERSONAL DATA

If you have any complaints or concerns, you can address them in writing to the appropriate address of HAPPY Shpk, directed to the Data Protection Officer, or by email at: loyalty@happy.al.

The complaint should include your signature and be accompanied by a valid copy of your identification document to prevent the possibility of abuse by third parties.

Within 30 days of receiving the complaint, we will send you the appropriate response.

If you are dissatisfied with how the complaint is handled by HAPPY Shpk, you always have the right to address the Commissioner for Personal Data Protection at the following address: "Abdi Toptani" street, building 5, Tirana. For more information, please visit the Commissioner's website at www.idp.al.

  1. CHANGES TO THE PRIVACY POLICY

We regularly update our privacy policy to ensure that it is accurate and up-to-date, and we reserve the right to modify its content if we deem it necessary.

For all changes and additions, you will be informed in a timely manner through our website, in accordance with the principle of transparency.

Last update: July, 2025