PRIVACY POLICY AND SERVICE TERMS FOR THE OMNIREP PLATFORM

In accordance with Law No. 06/L-082 on the Protection of Personal Data, its subordinate acts, and the guidelines of the Agency for Information and Privacy (AIP).

1. Definitions

For the purposes of these terms, the following terms have the following meanings:

• 1.1 “Personal Data” – any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable when they can be directly or indirectly identified, in particular by an identifier such as name, personal number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
• 1.2 “Data Subject” – the natural person to whom the personal data being processed via the OMNIREP platform belongs.
• 1.3 “Processing” – any operation or set of operations performed on personal data, whether or not by automated means: collection, recording, organization, storage, adaptation, retrieval, use, disclosure by transmission, dissemination, combination, restriction, erasure, or destruction.
• 1.4 “Controller” – the natural or legal person who determines the purposes and means of processing personal data. In this document, PBC Sh.P.K. acts as the Controller of personal data processed via the OMNIREP platform.
• 1.5 “Processor” – the natural or legal person who processes personal data on behalf of the Controller. In this document, PBC Sh.P.K. and IBAS Sh.A. act as the respective processors for technical and financial parts.
• 1.6 “Public Authority” – a state institution or public administration body performing official functions under the law.
• 1.7 “Platform” – the digital system OMNIREP, owned by PBC Sh.P.K., which allows citizens to report legal violations anonymously and securely, with financial rewards after case verification.
• 1.8 “User” or “Reporter” – any natural person using OMNIREP to report a legal violation. Reporters remain anonymous to PBC personnel; their data is stored in coded form for reward purposes.
• 1.9 “Reward” – 20% of the fine amount paid to the reporter after confirmation by the Kosovo Police and financial execution by the Municipality of Prishtina via IBAS Sh.A.
• 1.10 “IBAS Sh.A.” – a financial institution licensed by the Central Bank of Kosovo, acting as a secondary processor for handling reward payments and notifying users about withdrawal options and financial services related to OMNIREP.
• 1.11 “AIP” – the Agency for Information and Privacy, the independent authority responsible for implementing Law No. 06/L-082 and ensuring the protection of personal data in the Republic of Kosovo.

2. Controller and Processor

PBC Sh.P.K. is the Controller and Processor of personal data processed via the OMNIREP platform. PBC ensures legality, fairness, transparency, and security of processing. When processing is performed on behalf of public institutions, responsibilities are defined through a separate agreement between the parties.

3. Purposes of Processing

• Registration and verification of reports of legal violations submitted by citizens;
• Forwarding verified cases to the Public Authority for fines;
• Calculation and distribution of rewards to reporters (20% of the fine);
• Limited informative communication regarding financial services via IBAS Sh.A.;
• Improvement of system performance and statistical analysis without personal identification.

4. Legal Bases for Processing

• fulfilling a legal obligation (cooperation with public authorities);
• legitimate interest in law enforcement and public safety;
• consent of the data subject when required for additional processing.

5. Principles of Processing

• Lawfulness, fairness, and transparency;
• Purpose limitation;
• Data minimization;
• Accuracy and up-to-date data;
• Storage limitation;
• Integrity and confidentiality of personal data.

6. Reporter Anonymity

Reporters remain completely anonymous to PBC personnel. The OMNIREP system ensures that identifying data (name, contact information, documents) is not visible or accessible to PBC employees during verification. Identity is stored only in coded (anonymized) form. This mechanism complies with Articles 4 and 5 of the LPPD regarding data minimization and security.

7. Data Transfer and Sharing

• Data is stored in a secure infrastructure;
• Valid cases are sent to the Kosovo Public Authority for issuing fines;
• For reward payments (20%), PBC shares minimal data with IBAS Sh.A., a financial institution licensed by the Central Bank of Kosovo;
• IBAS processes this data only for financial purposes, including identifying the reporter for payment, without knowing the type of report;
• Informing reporters on how to withdraw funds;
• Providing opportunities to use other financial services;
• Neither PBC nor IBAS share personal data with third parties except as legally required.

8. 20% Reward

If a report results in a fine imposed by the public authority, the reporter receives 20% of the fine. Payment is made through IBAS Sh.A. anonymously and securely. Payment data is kept only for the necessary period for financial verification and is then deleted or anonymized.

9. Notification of Data Security Breach

• Immediately notifies the Agency for Information and Privacy (AIP);
• Takes measures to mitigate consequences;
• Notifies affected data subjects if there is a high risk to their rights, within legal deadlines.

10. Changes to Terms

PBC may update these terms at any time. Any material change is announced in advance through the OMNIREP platform or via email, and continued use is considered acceptance of the new terms.

11. Responsibilities and Oversight

• Compliance with Law No. 06/L-082;
• Implementation of technical and organizational measures for data protection;
• Proper handling of data subject requests;
• Cooperation with AIP and relevant authorities.

Data subjects have the right to submit complaints to AIP if they believe their data has been processed unlawfully.

12. Contacts

• PBC Sh.P.K. – Controller and Processor
  Address: Rr. Tirana No. 91, Prishtina
  Email: omnirep@pbc.group
  Phone: 038600200
• IBAS Sh.A. – Financial Partner and Secondary Processor
  Address: Rr. Tirana No. 91, Prishtina
  Email: omnirep@ibas.world
• Agency for Information and Privacy (AIP)
  Official complaints page: https://aip.rks-gov.net