Last updated: 17 January 2026

Introduction
This Privacy Policy explains how PixelCode (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you:
visit pixelcode.digital (the “Website”);
contact us via forms, email, or other communication channels;
engage our IT, digital, consulting, or technology-related services.

PixelCode is operated by:
Daniel Hamzai – Person Fizik
Trade Name: PixelCode
NUIS/NIPT: M51910011T
Registered Address: Rruga e Dibrës, Tower Bridge 1, Nr. 22, Tiranë, Albania
Email: info@pixelcode.digital
Phone: +355 69 6030862

PixelCode is committed to protecting your privacy and processes personal data in accordance with:
GDPR (EU Regulation 2016/679)
Albanian Law No. 9887/2008 “On Personal Data Protection”, as amended

1. Definitions

For the purposes of this Privacy Policy:
1.1 “Personal Data” means any information relating to an identified or identifiable natural person.
1.2 “Processing” means any operation performed on Personal Data (collection, storage, use, disclosure, deletion).
1.3 “Controller” means the entity that determines the purposes and means of processing Personal Data.
1.4 “Processor” means a third party that processes Personal Data on behalf of the Controller.

PixelCode acts primarily as a Data Controller for Website and client-related data, and as a Data Processor only where explicitly agreed in writing.

2. Categories of Personal Data We Collect

2.1 Data You Provide Directly
We may collect:
Name, email address, phone number (contact forms, email communication)
Business details provided during consultations or onboarding
Messages, requests, and uploaded documents
Billing and invoicing details (name, address, NIPT, company data)
Contractual and project-related communications
2.2 Data Collected Automatically
When you visit the Website, we may collect:
IP address
Browser type and version
Device and operating system information
Pages visited and interaction data
Date, time, and duration of visits
Referring URLs
2.3 Cookies & Tracking Technologies
We may use:
Essential cookies (Website functionality)
Analytics cookies (traffic and usage analysis)
Form cookies (e.g. via Forminator plugin)

3. Purposes of Processing

We process Personal Data for the following purposes:
3.1 Responding to inquiries and communications
3.2 Providing and managing Services
3.3 Project coordination and technical support
3.4 Website functionality, performance, and security
3.5 Preventing fraud and unauthorized access
3.6 Billing, accounting, and tax compliance
3.7 Compliance with legal and regulatory obligations

We do not sell, rent, or trade Personal Data.

4. Legal Basis for Processing (GDPR Art. 6)

We process Personal Data based on one or more of the following legal bases:
4.1 Consent (Art. 6(1)(a))
contact forms, voluntary inquiries, optional communications
4.2 Contractual necessity (Art. 6(1)(b))
service delivery, project execution, invoicing
4.3 Legal obligation (Art. 6(1)(c))
accounting, tax, regulatory requirements
4.4 Legitimate interest (Art. 6(1)(f))
Website security, system integrity, fraud prevention, service improvement

5. Data Retention

PixelCode retains Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, to perform contractual obligations, or to comply with applicable legal and regulatory requirements.

5.1 Contact and inquiry data
Personal Data submitted through contact forms, email inquiries, or initial communications is retained for up to 24 months from the date of the last interaction, unless a contractual relationship is established or a longer retention period is required by law.
5.2 Client and project-related data
Personal Data related to client projects, including communications, technical documentation, and project files, is retained for the duration of the project and for up to 2 years after project completion, unless a longer retention period is required for legal, accounting, or dispute-resolution purposes.
5.3 Billing and accounting data
Billing, invoicing, and accounting-related Personal Data is retained for up to 10 years, in accordance with applicable Albanian tax, accounting, and financial record-keeping laws.
5.4 Website analytics data
Personal Data collected through website analytics tools (where enabled) is retained for up to 26 months, after which it is automatically deleted or anonymized, in line with analytics provider settings and GDPR best practices.
5.5 Secure deletion and anonymization
Once the applicable retention period expires, Personal Data is securely deleted, anonymized, or irreversibly destroyed, unless continued storage is required by law or justified by a legitimate legal interest.

6. Data Sharing & Third-Party Processors

Personal Data may be processed by trusted third-party service providers acting as Data Processors, including but not limited to:
– Email & communication: Microsoft Outlook
– Contact forms: Forminator (WPMU DEV)
– Analytics: Google Analytics
– Hosting & infrastructure: Website hosting providers

All processors are bound by contractual obligations to protect Personal Data and process it only according to our instructions.

We do not disclose Personal Data to third parties unless required by law or
necessary for contractual service delivery.

7. International Data Transfers

Personal Data is primarily processed within the European Economic Area (EEA).
If Personal Data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:
– adequacy decisions by the European Commission; or
– Standard Contractual Clauses (SCCs); or
– equivalent GDPR-compliant mechanisms.

8. Data Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:
8.1 SSL/HTTPS encryption
8.2 Firewalls and anti-bot protection
8.3 Access control and role-based permissions
8.4 Regular software updates and security monitoring
8.5 Secure backups where applicable

No system is completely secure; however, we take reasonable steps to minimize risks.

9. Your Rights Under GDPR

You have the right to:
9.1 access your Personal Data
9.2 rectify inaccurate or incomplete data
9.3 request erasure (“right to be forgotten”)
9.4 restrict processing
9.5 object to processing
9.6 withdraw consent at any time (where applicable)
9.7 request data portability
9.8 lodge a complaint with the Albanian Information and Data Protection Commissioner (IDP)

To exercise your rights, contact us at:
📧 info@pixelcode.digital

We may request verification of identity before fulfilling requests.

10. Children’s Privacy

Our Website and Services are not intended for individuals under 16 years of age.
We do not knowingly collect Personal Data from minors. If such data is discovered, it will be deleted promptly.

11. Relationship With Other Policies & Agreements

This Privacy Policy forms part of our:
– Terms & Conditions
– contractual documentation (where applicable)

In the event of conflict, signed agreements or MSAs take precedence over this Privacy Policy for service-related processing.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes.

Updates will be published on this page with a revised “Last updated” date. Continued use of the Website constitutes acceptance of the updated policy.

13. Contact Information

For questions regarding your privacy or this policy:
Daniel Hamzai – PixelCode
📍 Rruga e Dibrës, Tower Bridge 1, Nr. 22, Tiranë, Albania
📧 Email: info@pixelcode.digital
📞 Phone: 0697714562