Regulatory framework.
- Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
- Kosovo Law No. 06/L-082 on Protection of Personal Data
- Applicable sector-specific regulation (electronic communications, employment)
- Supervisory authority: Information and Privacy Agency of the Republic of Kosovo
HEXATECH as controller.
HEXATECH SH.P.K. is the data controller for personal data processed in connection with its business activities. The Privacy Notice published on this website (/legal/privacy/) describes the controller, purposes, legal bases, retention, and data-subject rights.
Data Protection Officer.
HEXATECH has appointed a Data Protection Officer (DPO) with independent responsibility for data-protection compliance. Contact the DPO at info@hexatech.biz (attention: Data Protection Officer) or at the registered-office postal address.
Records of processing.
HEXATECH maintains a Record of Processing Activities (RoPA) under GDPR Article 30, covering every processing activity: purpose, lawful basis, data categories, recipients, retention period, and security measures. The RoPA is available to the supervisory authority on request.
Data-subject rights.
Individuals whose personal data HEXATECH processes have the rights set out in GDPR and Kosovo Law No. 06/L-082 — access, rectification, erasure, restriction, portability, objection, and complaint to the supervisory authority. Requests are handled by the DPO within 30 days.
Security measures.
- Access control and role-based permissions on systems processing personal data
- Encryption in transit; encryption at rest where appropriate to the data category
- Staff training on data protection
- Breach-response procedure with Article 33 / Article 34 notification assessment
- Data Processing Agreements with all processors
- Transfer-mechanism assessment for transfers outside the EEA / Kosovo