Back

Privacy Policy

This notice explains how we process personal data when you use our website and services in line with the GDPR and, where applicable, TTDSG-equivalent consent requirements. Bissolux L.L.C. is based in the Republic of Kosovo and also provides services within Germany/EU.

Last updated
06/11/2025
Contact
Bissolux L.L.C., Rr. Kroi i Vashave 15, 23060 Studencan, Republic of Kosovo
info@bissolux.com

1. Controller & EU Representative

Controller (Art. 4(7) GDPR): Bissolux L.L.C., Rr. Kroi i Vashave 15, 23060 Studencan, Republic of Kosovo. Email: info@bissolux.com. Representative: Managing Director Alban Berisha.

EU Representative (Art. 27 GDPR)
Alban Berisha, Berliner Straße 104, 53757 Sankt Augustin, Germany
info@bissolux.com

Note: As a controller not established in the EU, Bissolux L.L.C. appoints an EU representative unless an exception under Art. 27(2) GDPR applies.

2. Scope, definitions & legal bases

  • Territorial scope: GDPR applies because we offer services to individuals in the EU (Art. 3(2) GDPR).
  • Legal bases (examples): Art. 6(1) lit. a (consent), lit. b (contract/pre-contract), lit. c (legal obligation), lit. f (legitimate interests); end-device access: TTDSG-equivalent consent where applicable.
  • Definitions: personal data (Art. 4(1)), processing (Art. 4(2)), etc.

3. Hosting & provisioning

Hosting/CDN in Germany/EU (e.g., Hetzner) (plus EU/EEA CDN with EU routing). When visiting the site we process server log data (IP address, timestamp, request, referrer, user-agent, status/volume). Legal basis: Art. 6(1) lit. f GDPR (operation, security, error analysis). Deletion usually after 7-30 days.

4. Cookies, local storage & consent

Technically necessary cookies without consent; analytics/marketing only after your consent (Art. 6(1) lit. a GDPR; TTDSG-equivalent consent) via our consent banner (CMP). Consents can be withdrawn at any time.

5. Web analytics & tag management

Google Analytics 4 (Google Ireland Ltd.) (with IP truncation & Consent Mode) is managed via Google Tag Manager (Google Ireland Ltd.). Events (page views, leads, clicks) only after consent. Legal basis: Art. 6(1) lit. a GDPR; TTDSG where applicable.

6. Advertising (Ads) & pixels

Depending on the package, we use Meta Ads / Google Ads / TikTok Ads (consent only). Pixels/tags are only loaded after consent. Legal basis: Art. 6(1) lit. a GDPR; TTDSG where applicable. Accounts may be associated via IDs/cookies.

7. Contact & inquiries

When you contact us (form/email), we process the data you provide (name, contact details, message, company) to handle your request. Legal basis: Art. 6(1) lit. b GDPR (contract/pre-contract), alternatively lit. f (communication). Stored until completion; statutory retention obligations remain unaffected.

8. Review service (active outreach)

If you book our review service, we process provided existing-customer contact data (e.g., email/WhatsApp) to request reviews (e.g., Google Business Profile). Legal basis: Art. 6(1) lit. f GDPR (legitimate interest in reputation/feedback) or, where required, lit. a (consent). Opt-out is possible at any time; negative feedback is routed internally, positive feedback is directed to the review link.

9. Email & domains

We use Business email (e.g., Microsoft 365 / Google Workspace) for business communications. Metadata/content are processed. Legal bases: Art. 6(1) lit. b and lit. f GDPR; statutory archiving may apply.

10. Social media & Google Business Profile

We operate profiles (e.g., LinkedIn, Instagram, Facebook) and a Google Business Profile. The platforms’ privacy terms apply. Depending on the platform, joint controllership under Art. 26 GDPR may apply.

11. Third-country transfers (Kosovo)

As a controller established in Kosovo, data may be transferred to a third country without an adequacy decision. We rely on appropriate safeguards (e.g., EU Standard Contractual Clauses) and additional measures (pseudonymization, EU hosting, access controls) where required. Data processing agreements are in place for EU/EEA processors used.

Data subjects in the EU may contact any competent EU data protection supervisory authority (e.g., at the EU representative’s location).

12. Storage periods

Data are processed only as long as necessary for the purposes or as required by law. Afterwards, we delete or anonymize the data.

13. Security

Appropriate technical and organizational measures (TOMs): TLS encryption, role/access concepts, logging, backups, system hardening.

14. Obligation to provide data

Certain data are required for contract/performance (e.g., contact details). Without them, processing may not be possible.

15. Automated decisions

No automated decision-making/profiling within the meaning of Art. 22 GDPR.

16. Your rights

  • Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18)
  • Data portability (Art. 20)
  • Objection (Art. 21) to processing based on legitimate interests
  • Withdrawal of consent (Art. 7(3))
  • Complaint with a supervisory authority in the EU (e.g., at the EU representative’s location)

17. Processors & recipients

Depending on the service, we use processors (Art. 28 GDPR): hosting/CDN, email/collab, analytics/ads (after consent), API mail, project/ticket tools. Data processing agreements are in place; only necessary data are transmitted.

Providers & services (short info)
  • Hosting/CDN: Germany/EU (e.g., Hetzner); EU/EEA CDN with EU routing
  • Analytics/Tag manager: Google Analytics 4 (Google Ireland Ltd.); Google Tag Manager (Google Ireland Ltd.)
  • Advertising/Pixels: Meta Ads / Google Ads / TikTok Ads (consent only)
  • Email/Collab: Business email (e.g., Microsoft 365 / Google Workspace)
  • Contact form: Contact form (own server/API mail service)

18. Changes to this notice

We adapt this privacy notice whenever laws, services or purposes change. Status: 06/11/2025.

Back
Privacy Policy - Bissolux L.L.C.