Security Systems and Privacy

Updated: December 2025

1. Definitions

For the purposes of this document, the following terms have the meaning given below:

Platform / NAVA MARKET

Electronic platform for commercial purposes operating under the trade name NAVA MARKET. This platform includes the website, mobile applications and all services related to them.

Platform Holder

The legal or natural person, the legal owner of NAVA MARKET, who possesses all legal powers for strategic and operational decision-making.

Data Controller

NAVA MARKET, based in Tirana, which reserves the right to determine the purposes and means of processing personal data in accordance with Law no. 9887/2008.

Commissioner

The Commissioner for the Right to Information and Protection of Personal Data in the Republic of Albania.

IT Office

The specialized department within the organization responsible for managing information technology systems and data security.

Data Subject

The identified or identifiable natural person to whom the personal data refer.

2. Personal Data and Use

The management and use of all data included on the NAVA MARKET Platform website is carried out in accordance with law no. 9887. This notice applies to the information collected regarding:

Listed Items

Data related to the products, descriptions and specifications published on the platform.

Platform Users

Identifying data, preferences and interaction history.

The data collected by us, as the personal data controller, is not used for any purpose other than market experience personalization. The collection of these data is carried out in function of the activity that this Platform conducts.

3. Access to Personal Data

The Platform aims to be as transparent as possible in giving users access to their data. Anyone has the right to request information by sending a request to legal@nava.com.

✓ A description of the available data;
✓ The reason for their retention;
✓ The entities that have access to them;
✓ A copy of the information in an understandable form.

Any subject has the right to request the correction of inaccuracies or the deletion of data when they become aware that the data concerning them is not accurate or complete.

4. Visitors (Technical Data)

The system collects standard information: online registration, listing clicks, time spent and interactions.

In accordance with GDPR requirements, the platform does not allow the use of analytical tools that track or collect personal information that could identify visitors.

The search engine is contained entirely within NAVA and the services that enable NAVA to function, such as Cloud Computing (see the data processors listed below). All requests are handled by the application, and no information is transferred to any third party.

5. Data Dissemination

Disclosure or dissemination of data is carried out only in accordance with the purpose for which they were collected.

✓Use of data only according to the purpose(s) for which they are kept.
✓With the consent of the data subject.
✓According to legal requirements (e.g. criminal acts).
✓Based on acts issued by the Commissioner for Personal Data Protection.

6. Data Processors

The Platform uses certified third-party services:

Amazon Web Services (AWS)

Hosting & Cloud Computing

Platform hosting, data storage, backup. ISO 27001 certified.

ISO 27001

Data may be processed in data centers in the EU.

Stripe

Payment Processing

Processing of financial transactions (credit cards, billing).

PCI DSS Level 1

International Transfer: Uses EU adequacy decisions or Standard Contractual Clauses.

7. Market Analysis & Artificial Intelligence

NAVA MARKET develops research reports using the CRISP-DM standard (business understanding, data understanding, modeling, evaluation).

Bias Prevention

Implementation of rigorous measures for preventing biases (referencing ISO/IEC 24027): Historical, demographic and algorithmic and other biases.

Compliance with the EU AI Act (Articles 10 & 13):

Relevant, representative and complete data.
Error-free and with appropriate statistical properties.
Technical documentation for transparency and reliability.

8. Technical Security Measures

NAVA Market takes special security measures to protect data from unauthorized access and destruction:

Data use is allowed only by order of authorized operators.

Unauthorized persons are prohibited from accessing server environments.

Logging of modifications, deletions and transmissions (stored for 30 days).

Monitor protection: Personal data are not kept visible on monitors in the presence of unauthorized persons.

Personal passwords: Login/logout procedure with secret passwords and encryption keys.

Data sanitization and addition of synthetic data.

Automatic installation and updating of antivirus and firewall.

Backup procedures in case of damage.

9. Physical Security of Environments

Unauthorized persons are not allowed entry without permission from the holder.
Checking for surveillance, recording or filming devices.
Continuous monitoring with physical guards (day and night).
Maintenance personnel allowed only with special authorization.

10. Children’s Privacy

The NAVA MARKET Platform is aware of the importance of protecting the privacy of children, especially in the online environment.

We do not knowingly collect personal data from children under the age of 18 (or the relevant local age limit) without verifiable parental or legal guardian consent. Users aged 13-17 may create accounts with parental consent for browsing purposes only.

If we discover that we have collected personal data from a child without this consent, we will take immediate steps to delete such data from our servers. Parents are encouraged to monitor their children’s internet usage.

11. Changes and Contact

Any request or complaint related to privacy should be sent to our addresses:

Support Team Legal Department

NAVA Market will regularly update notifications, considering privacy policies extremely important.