Artiwa Nova

Privacy Policy

Effective Date / Last Updated: 16 February 2026

This Privacy Policy explains how personal data is processed within the scope of the websites operated by Artiwa Nova L.L.C ("Artiwa Nova", the "Company", "we", "us") and the mobile applications published by the Company (the "Services").

This policy has been prepared in accordance with the Law on Personal Data Protection in force in the Republic of Kosovo (Law No. 06/L-082) and the relevant secondary legislation. The supervisory authority is the Information and Privacy Agency (AIP).

1) Data Controller and Contact

Data Controller: Artiwa Nova L.L.C

Artiwa Nova L.L.C

2 Uke Bytyci K/B2/2, Prizren 20000

Email: [email protected]

Tel: +383 48 216 727

DPO: Seyit Deniz Karademir[email protected]

Note: If a "Data Protection Officer (DPO)" has been appointed under the applicable legislation: DPO/Authorized Person: Seyit Deniz Karademir[email protected]

2) What Data Do We Collect?

When you use the Services, we may process the following types of data (depending on the product/feature you use):

  • Identity and contact data: full name, email, phone number (account creation/communication).
  • Account and customer support information: support requests, correspondence, feedback.
  • Transaction and contract data: purchase/subscription information (we do not store card details; the payment provider may process them).
  • Device and technical data: device model, operating system version, app version, language settings, IP address, diagnostic/error logs.
  • Usage data: in-app interactions, page/screen views, performance metrics (analytics).
  • Location data (if any): only if the relevant feature explicitly requires location and you have granted permission.
  • Marketing preferences: newsletter/announcement consents, communication preferences.

As a rule, we do not process special categories of personal data (health, biometric, etc.); however, in exceptional cases where required by a feature, explicit consent and the relevant legal conditions apply.

3) For What Purposes and on What Legal Basis Do We Process Data?

The law provides certain legal bases for lawful processing of personal data (consent, necessity for a contract, legal obligation, legitimate interest, etc.). Within this scope, we process data for the following purposes:

  • Providing and operating the Service (account creation, login, core functions) — necessary for the establishment/performance of a contract
  • Support and communication (handling requests/complaints, communicating with the user) — contract / legitimate interest
  • Security, fraud prevention, system integrity — legitimate interest / legal obligation
  • Performance and quality improvement (debugging, analytics, product improvement) — legitimate interest
  • Marketing and informational communications (awareness/announcements) — consent or legitimate interest (to the extent applicable); you have the right to object/unsubscribe at any time
  • Legal obligations (accounting, tax, responding to official requests) — legal obligation

4) Children's Privacy

If the Services are not intended for children, we do not knowingly aim to collect data from persons under the age of 16. The law regulates that, within the scope of information society services, if a child is under 16, the consent of the parent/guardian is required.

5) With Whom Do We Share Data?

We do not sell personal data. We may share data only with the following categories of recipients, to the extent necessary:

  • Infrastructure and hosting providers (servers, cloud, databases)
  • Analytics and crash/error monitoring services (app performance/crashes)
  • Customer support tools (ticket/communication management)
  • Payment providers (purchase/subscription transactions)
  • Legally authorized institutions (in case of legal request/obligation)

In all cases, we act in accordance with the principles of data minimization and security.

6) International Data Transfers

Our service providers may be located outside Kosovo. In such cases, we implement the necessary administrative/technical measures to ensure transfers are carried out in compliance with the law, and where necessary, we follow the procedures of the competent authority.

7) Retention Periods

We retain personal data for as long as necessary for the relevant purpose; when the purpose no longer exists, we delete, anonymize, or dispose of the data in a manner permitted by the legislation.

8) Security

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, misuse, and disclosure (such as access control, authorization, encryption/masking).

9) Your Rights (Data Subject Rights)

Under the law, you have the following rights: to be informed, access, rectification, erasure, restriction of processing, data portability, objection, and not to be subject to decisions based solely on automated processing.

You may also object at any time to processing activities carried out for direct marketing purposes; following an objection, processing for this purpose will be stopped.

To exercise your rights, you may contact us through the channels in Section 1. If you believe there has been an infringement, you may file a complaint with the AIP.

10) Cookies and Similar Technologies

On our website, essential cookies may be used for basic functions, and (if any) analytics/preference cookies may be used. For non-essential cookies, we provide a preference/consent mechanism to the extent applicable.

11) Changes to This Policy

We may update this policy from time to time. The current version becomes effective as of the date it is published on our website / within the application.