Terms

Privacy Policy

The Bank respects and protects your personal data privacy in accordance with Law No.124/2024 “On the protection of personal data” and the GDPR Regulation (EU) 2016/679 of the European Parliament and the Council “On the protection of natural persons regarding the processing of personal data and the free movement of such data”.

Key Definitions of the Privacy Policy:                   
- Personal Data
- Data Processing
- Controller
- Processor
- Data Subject
- Consent
- Supervisory Authority
- Banking Secrecy
- Data Transfers
- Technical and Organizational Measures

This policy explains the collection, processing, storage and protection of your data.
The protection of personal data and privacy is very important aspect for “American Bank of Investments SHA” (the Bank) in providing various services (collection, storage, processing, transfer of personal data related to biometric data, education, address, etc.) and ensuring their protection in compliance with Law No 124/2024 “On the protection of personal data”, harmonized with the GDPR (Data Protection Directive).

Information regarding the processing of personal data (Article 5/16 of Law 124/2024).

Legal Framework

Constitution of the Republic of Albania
Law No.124/2024 “On the protection of personal data”
GDPR Regulation (EU) 2016/679
Law No.9662/20206 “On Banks in the Republic of Albania” as amended and relevant  regulations
Law No.9917/2008 “On the prevention of money laundering and financing of terrorism”.
The Bank applies Law No.124/2024 “On the protection of personal data” and its implementing acts, which are harmonized with the GDPR- Directive. The Bank’s aim is to protect privacy, the fundamental rights and freedoms of individuals, legality and transparency.

1. Collection and Processing of Personal Data

The Bank collects and processes the personal data of; internet banking users, clients and third parties, visitors, employees, in accordance with the law of protection of personal data. Personal data encompasses any information related to an identified or identifiable person, such as name, surname, date of birth, identification number, citizenship, residence, nationality, origin, signature, photographs or biometric data, voice recordings, fingerprints, behavioral patterns, or other physical, physiological, genetic, mental, economic, cultural, or social characteristics. This also includes location data and online identifiers like IP addresses, cookies, and device identifiers. The processing of this data is conducted in compliance with legal requirements and strictly for the purposes outlined herein. The bank guarantees the confidentiality and security of the personal data and retains it only for the duration necessary to fulfill the intended purposes.

How is the data collected?

• Through application forms in branches or online channels;
• Through digital banking applications;
• Through telephone communications or emails;
• Through third parties (public authorities, financial partners) where law permitted by law;
• Through information from web or applications linked to the person’s use.

2. Purpose of Personal Data Processing

The bank processes personal data related to clients, payment cardholders, employees, and other specified categories of individuals, including those involved in banking administration. This processing supports activities such as credit risk evaluation, product and service management, compliance with legal and regulatory obligations, marketing efforts, service enhancement, risk management, financial reporting, and internal audits. These activities are designed to ensure effective customer service and safeguard client interests.

The Bank stores the personal data only for as long as required to accomplish the purposes for which it was collected to comply with legal obligations.

3. Protection of Personal Data

The bank is committed to processing your personal data with the highest standards of confidentiality and security. It adheres to all applicable data protection legislation as per 124/2024 law, including the General Data Protection Regulation (GDPR) and the Police Act, which set forth requirements for lawful data processing ensuring transparency and safeguarding your rights as a data subject.

4. Information on the Processing of Data

The bank processes personal data in accordance with Law no.124/2024 “On the Protection of Personal Data” and the other relevant legal acts, and in accordance with the principles of legality, legitimacy, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, and accountability. Personal data is processed based on legal grounds, contractual obligations, or your consent when required. The bank ensures that data processing complies with applicable laws, including AML (Anti-Money Laundering), counter-terrorism financing laws, and other regulations to which the bank is subject. The bank has appointed a data protection officer to monitor the organization’s data protection activities and access rights to the data, who is responsible for monitoring data processing and confidentiality integrity.

Why do we process your data?

• To provide banking administration services
• To comply with legal obligations and regulatory authorities
• Marketing and bank services
• Statistical analysis for strategic decision-making
• Managing relationships with third parties

Who has access to the data?

Your data may be shared with:

• Regulatory authorities and competent institutions (Supervisory Authorities, Data Protection Commissioners, Tax Authorities, AML/CFT authorities, Courts, Prosecutors, Law Enforcement Agencies, Third Party Authorities authorized by law)
• Banking partners and payment system providers, IT service providers, consultants
• Credit bureaus and information agencies
• Only as justified for your data protection and security
• We do not sell your data or use it for purposes beyond what you have authorized

5. Your Rights as a Data Subject

You have the right to:

• Request access to your data
• Request correction, update, or deletion of your data
• Request restriction or object to the processing of your data
• Request data portability (to receive your data in a structured, commonly used, and machine-readable format)
• Withdraw consent at any time where processing is based on your consent without affecting the lawfulness of processing based on consent before its withdrawal
• File complaints with the Data Protection Commissioner or relevant authorities for protection of personal data, in www.idp.al

To submit a request for access, the user may contact the Bank through the designated communication channels or by completing the Request Form. If you have any complaints, in addition to contacting the Bank, you may also address the Commissioner for the Right to Information and Protection of Personal Data.

6. International Transfer

In specific cases, data may be transferred outside the Republic of Albania only when an adequate level of protection is guaranteed, in accordance with the conditions set forth by Law No. 124/2024.

How long do we retain the data?

The Bank retains the personal data of clients, users, third parties, and employees for as long as necessary to fulfill the purposes of processing and comply with legal obligations. In accordance with Albanian legislation and banking regulations.

Client data is usually retained for 10 (ten) years.

Longer in the event of legal proceedings or legal obligations.

7. Responsibilities of the User

The user, as the data subject, is responsible for informing the Bank of any changes to the personal data reported during the course of the banking services. Any information related to personal data submitted to the Bank later during the existence of the relationship must be accurate and up to date.

8. Data Controller

American Bank of Investmets SHA, headquartered at:

Rr. së Kavajës, Ndërtesa 27, Hyrja 1, Njësia Bashkiake Nr.10, Kodi Postar 1001, Tiranë. E-mail: [email protected] Tel: +355 42 258 755.

Data Protection Officer (DPO) Email: [email protected]

9. Measures for Data Security and Protection

The Bank takes significant steps to ensure the security of users’ personal data. It employs information protection systems to prevent unauthorized access and ensure that data remains secure. To protect user information, the Bank implements advanced security controls and continuously monitors its systems to prevent any potential risk. In case of potential security incident, the Bank has clear procedures in place for prompt responses and issue resolution.

10. Security Measures

The Bank applies continuous technical and organizational measures to ensure a high level of security in the processing of personal data, in accordance with the applicable data protection legislation and the best industry standards.

Such measures include, among others:

• Encryption of data during transmission and, when necessary, during storage;
• Pseudonymization of Information to limit the possibility of identifying individuals;
• Access controls, to ensure that only authorized individuals have access to the data;
• Periodic monitoring and auditing of systems and processes that handle personal data, etc.

This privacy policy outlines the comprehensive measures that must be followed to ensure the security and confidentiality of your data during the use of our services. Our goal is to provide you with a secure environment for your financial activity and to protect your personal data against unauthorized access use, or disclosure.

To ensure the secure use of the Bank’s electronic services, including Internet Banking and Mobile Banking, users are also advised to follow these security practices:

• Use complex passwords, different from one another, and update them regularly
• Maintain the confidentiality of login credentials and avoid sharing them with third parties
• Access the Bank’s platforms and services only from personal and protected devices
• Ensure access to services is made only through the official website: http://www.abi.al
• Avoid opening suspicious emails and refrain from clicking on links or downloading unauthorized attachments
• Do not use public or shared devices to perform banking transactions
• Always log out of your account after finishing a session and make sure to close the browser

WARNING: Do not be misled by fake messages!

ABI Bank never sends SMS or emails to clients containing links or attachments for:

• Changing passwords or access credentials
• Changing debit or card details
• Requesting additional or financial information

If you suspect that your personal data has been compromised or in the event of a potential security incident, we strongly encourage you to contact us immediately through the contact details published on our official website, by visiting one of our branches or via:
Email: [email protected]

11. Cookie Notification

We use cookies to enhance your experience on our website. These files help ensure the site functions more efficiently and provide us with information on how visitors interact with it.

• Essential Cookies: Ensure the basic functionality of the website.
• Performance Cookies: Help us understand visitor/user behavior to improve our services.
• Functionality Cookies: Used to personalize user settings.
• Targeting and Advertising Cookies: Deliver personalized and relevant content.

You can manage cookies through your browser settings. Disabling some cookies may affect the performance of the website. For more information, please visit: Cookie Policy.

12. Website Publisher

American Bank of Investments SHA, located at;

Rruga e Kavajës, Building 27, Entrance 1, Administrative Unit No. 10, Postal Code 1001, Tirana, Albania.
An Albanian Joint Stock Company, with a share capital of EUR 965,673.60, registered in the Commercial Register by Court Decision No. 20830, dated February 22, 1999, with Tax Identification Number J91725007P.

13. Website Holder

Impuls Studio Shpk

14. Legal refusals

The website editor encourages users to take into consideration the terms and conditions for accessing and using this website as follows:

• This website provides information to both clients and non-clients of the American Bank of Investments.
• The products and services described on this website are offered and used in accordance with the applicable contractual terms and pricing sheets, which are reserved for residents in Albania.
• This website is governed by Albanian legislation.

Information provided on this website. This website may include information provided by external companies, as well as links to other websites not developed by the American Bank of Investments. The content of these linked sites is intended for informational purposes only. A link to another site does not imply endorsement or acceptance of its content. You are solely responsible for the use of any third-party website linked to this one and for taking the necessary precautions against viruses or other potentially harmful elements.

The Bank accepts no responsibility for information, opinions, or recommendations provided by third parties. This includes any data related to the electronic transmission of information, including delays, deletions, or inaccuracies. All information is provided "as is", regardless of the source.

The material on this page has been translated from Albanian for the convenience of English-speaking readers. However, the Albanian text has legal value. As a result, the translation cannot be used to support any legal claim, nor can it be used as the basis for any legal opinion. The American Investment Bank expressly disclaims any liability for any inaccuracy herein.

15. Free use

Access to this page is free. This does not include the provision of internet services, and call charges are billed directly by the operators.

16. Changes in the Privacy Policy

The bank may update this policy from time to time. Any changes will be published on this page. We encourage you to check it periodically.