.webp)
Last updated: April 2026
1. Introduction and controller identity
REXHA GOLD SH.P.K., a limited liability company duly registered with the National Business Center (QKB) under NUIS K92702205O, with its registered office at: “Dyli Haxhire Myzyri” Neighborhood, “Aqif Pasha” Blvd., Building no.10/1, Floor 11, Apt.44, Elbasan, Albania (the “Company”, “We”, “Us”), is the data controller of personal data collected through the website www.rexhagold.com (the “Website”).
The Company is committed to protecting your privacy and processing your personal data with full transparency, in accordance with Law No. 124/2024 "On the Protection of Personal Data" of the Republic of Albania, which is fully aligned with the General Data Protection Regulation (GDPR) of the European Union.
For any questions or requests regarding the processing of your personal data, please contact us at sales@rexhagold.com.
2. What personal data we collect
The Company collects only the minimum data necessary for the performance of our services, in accordance with the principle of data minimisation set out in Law No. 124/2024.
2.1 Order data
When you place an order on www.rexhagold.com, we collect:
- First and last name;
- Full billing and delivery address;
- Email address;
- Phone number;
- Payment method (without storing bank card details — see Section 2.3);
- Order history.
2.2 Account data
If you create a customer account on the Website, we also collect:
- First and last name;
- Email address;
- Password (stored in encrypted form — inaccessible to the Company);
- Order history associated with the account;
- Saved account preferences.
2.3 Payment data
Rexha Gold Sh.p.k. does not store and never has access to your bank card details. Payments are processed through secure third-party platforms:
- PayPal — PayPal's privacy policy is available at www.paypal.com;
- Mastercard/banking networks — data is processed directly by your bank and payment networks via the encrypted HTTPS protocol.
2.4 Browsing data
When you visit the Website, we automatically collect:
- IP address;
- Browser and device type;
- Pages visited and duration of visit;
- Source of visit (how you arrived at the Website).
This data is collected via Google Analytics for statistical purposes and Website improvement (see Section 5).
2.5 Gift Card service data
When you order a Gift Card through www.rexhagold.com, we collect the following mandatory details:
Sender’s details:
- First and last name;
- Phone number;
- Email address.
Recipient’s details:
- First and last name;
- Phone number;
- Email address.
During the Gift Card checkout process, additional data necessary for delivery and invoicing is also collected, in accordance with Section 2.1 of this Policy. The recipient's data is used exclusively for the delivery of the Gift Card and is not used for any other purpose without the express consent of the parties.
2.6 Newsletter data
When the Newsletter service is activated, we collect only:
- Email address;
- Communication preferences (where applicable).
This data is collected exclusively with your prior and express consent, in accordance with Article 9 of Law No. 10128/2009 and Law No. 54/2024 "On Electronic Communications". You may unsubscribe at any time via the "unsubscribe" link in any email or by contacting us at sales@rexhagold.com. Unsubscription is immediate and free of charge.
3. How we use your data
The Company does not sell, rent or exchange your personal data with third parties for commercial purposes. Your data remains with the Company and is transmitted to third parties only to the extent necessary for the fulfilment of your order (see Section 4).
4. Who we share your data with
4.1 Carrier
Your contact details and delivery address are transmitted to DHL solely for the purpose of delivering your order. DHL has no right to use this data for any other purpose and is required to delete it following completion of the delivery.
4.2 Payment platforms
Data necessary for payment processing is transmitted to PayPal and applicable banking networks, exclusively for transaction processing purposes. These parties are subject to their own security and privacy standards.
4.3 Google Analytics
Browsing data (anonymised) is transmitted to Google Analytics for statistical purposes. Google does not have access to your personally identifiable data (see Section 5).
4.4 Authorities
The Company may transmit your data to the competent Albanian authorities where required by law or court order.
5. Cookies
5.1 What are cookies
When you visit the Website, information relating to your browsing may be recorded through files called "cookies" installed on your device (computer, tablet, smartphone).
5.2 Cookies we use
The Website www.rexhagold.com uses the following types of cookies:
Essential cookies — necessary for the operation of the Website:
- Saving your shopping cart;
- Managing your account session;
- Transaction security.
Analytical cookies (Google Analytics) — with your consent:
- Measuring Website traffic;
- Analysing pages visited;
- Improving the browsing experience.
Data collected by Google Analytics is anonymised and does not allow your personal identification.
5.3 Cookie management
You have the right to accept or refuse non-essential cookies via the cookie banner displayed on your first visit to the Website. You may also change your preferences at any time through your browser settings:
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Settings → Privacy and security
- Safari: Preferences → Privacy
Disabling certain cookies may affect the functioning of some Website services. For detailed information on cookies, please refer to our Cookie Policy, available on the Website.
6. How long we retain your data
The Company retains your personal data only for the period necessary to achieve the purpose for which it was collected, in accordance with the timeframes prescribed by law:
Upon expiry of the retention period, your data is permanently deleted or anonymised.
7. Your rights
In accordance with Law No. 124/2024 "On the Protection of Personal Data", you hold the following rights over your personal data:
- (I) Right of access — to request a copy of the personal data we process about you;
- (II) Right of rectification — to request the correction of inaccurate or incomplete data;
- (III) Right to erasure ("right to be forgotten") — to request the deletion of your data when it is no longer necessary for the purpose for which it was collected;
- (IV) Right to restriction of processing — to request the restriction of processing of your data in certain circumstances;
- (V) Right to data portability — to receive your data in a structured, machine-readable format;
- (VI) Right to object — to object to the processing of your data for legitimate interest or direct marketing purposes;
- (VII) Right to withdraw consent — to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
How to exercise your rights:
To exercise the above rights, please send a written request to sales@rexhagold.com. Your request must include your first and last name and a copy of your identity document. The Company will respond to your request within 30 (thirty) calendar days of receipt.
8. Security of your data
The Company implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration, including:
- Encryption of transmitted data via the HTTPS protocol;
- Storage of passwords in encrypted form, inaccessible to the Company;
- Restriction of access to personal data to authorised personnel only;
- Servers located exclusively in Albania.
In the event of a security breach that may affect your rights and freedoms, the Company will notify you and the Commissioner for the Right to Information and Protection of Personal Data within 72 hours of discovering the breach, in accordance with Article 29 of Law No. 124/2024.
9. International data transfers
Your data is stored on servers located exclusively in the territory of the Republic of Albania. Transfers of data outside Albania are carried out only where strictly necessary for the fulfilment of your order (e.g. payment platforms and Google Analytics), which are subject to their own data protection standards aligned with the GDPR.
10. Marketing communications and newsletter
The Company does not currently send newsletters or periodic marketing communications. Should this service be activated in the future, the Company will:
- Request your prior and express consent before any communication;
- Provide you with the option to unsubscribe immediately via a link included in every communication;
- Fully comply with Article 9 of Law No. 10128/2009 and Law No. 54/2024 "On Electronic Communications".
11. Supervisory authority
If you consider that the processing of your personal data by the Company infringes applicable law, you have the right to lodge a complaint with the competent supervisory authority:
Commissioner for the Right to Information and Protection of Personal Data
Website: www.idp.al
Email: info@idp.al
Address: “Abdi Toptani” Street, Tirana, Albania
12. Changes to the privacy policy
The Company reserves the right to modify this Privacy Policy at any time, in accordance with legislative or operational changes. The updated version will be published on the Website with its effective date. We encourage you to check this Policy regularly. Continued use of the Website following the publication of any changes constitutes acceptance of the updated Policy.
