Personal data processing policy

Personal data processing policy

“Gorgia” LLC

I/C:  245621288

Add: N140 Tsereteli ave., Tbilisi/ N10 Sukhumi str., c. Batumi, Georgia

E-mail: web@gorgia.ge.

Tel: 032 2 960 960

1. Definition of the terms

1.1. Personal data (hereinafter – the data) – any information, which is related to the identified or identifiable natural person. Natural person is identifiable, when identification is possible directly or indirectly, including, with name, surname, identification number, geo location data, and identifiable data of electronic communication, physical, physiological

1.2 The person responsible for processing – means “Gorgia” LLC which individually or with others defines the objectives and tools of data processing, directly or through the person responsible for the processing implements a data processing.

1.3. The person responsible on processing – means a legal entity or public institution, which processes the data for us or on behalf of us;

1.4 Subject of the data – means the natural person (implies the customer, employee, contractor), which uses, has intended or expressed an interest, to use our product or services, also the representatives and third entities, which are related to you and about which you notified us or properly mentioned;

1.5 Data processing – any action performed toward the data, including, collection of them, obtaining, access to them, photo shooting of them, video monitoring or/and audio monitoring, organizing, grouping, mutual connecting, save, change, restore, request, use, blocking, delete or destroy, also disclosure of data by transferring, publication or otherwise making available of them. Grouping, mutual linking, saving, changing, restoring, requesting, using, blocking, deleting or destroying, also disclosing of the data through transferring, publicizing, distributing or otherwise making it available.

1.6. Data processing by automated means – data processing by using of the information technologies.

1.7. Data processing by non-automated means − data processing without using of the information technologies.

1.8. Data processing by semi-automatic means − Data processing by using of combination of automated and non-automated means.

1.9. Consent of the data subject − after receiving a relevant information by the data subject, a freely and clearly expressed will to the processing of data about him/her for a specific purpose by active action, in writing (including electronically) or orally.

1.10. Direct marketing – direct supply of the information by phone, post, electronic mail or other electronic means to the data subject for the purpose of formation, maintenance, realization and/or support of the individual and/or legal entity, goods, idea, service, work and/or initiative, as well as interest in image and social topics.

1.11. Video monitoring − Visual image data processing by using of technical means placed/installed in public or private space, in particular, video control and/or video recording (except for covert investigative activity).

1.12. Audio monitoring − Audio signal data processing by using of technical means placed/installed in public or private space, in particular, audio control and/or audio recording (except for covert investigative activity).

2. Data processing principles:

2.1. a) Data should be processed legally, fairly, transparently for the data subject and without violating the dignity;

b) Data should be collected/obtained only for the specific, clearly defined and legitimate purposes. Further processing of data for other purposes incompatible with the original purpose of data processing is not allowed;

c) Data should be processed only in the volume, which is required for reaching the relevant legitimate purpose. Data must be proportionate to the purpose for which they are processed;

d) Data should be true, accurate and, if necessary, updated. With consideration of the purposes of data processing, inaccurate data must be corrected, deleted or destroyed without undue delay;

e) Data may be saved only for the term, which is required for reaching the legitimate purpose of the data processing;

f) In order to protect the data safety, during the data processing should be taken such technical and organizational measures, which properly will ensure protection of the data;

3. Data processing basics:

3.1. a) Consent of the data subject to the processing of data about him/her for one or more specific purposes;

b) Data processing is required to fulfill the obligation assumed by the transaction concluded to the data subject or for conclusion of the transaction at the request of the data subject;

c) Data processing is considered by law;

d) Data processing is required by the person responsible for processing to fulfill the duties assigned to him/her under the legislation of Georgia;

e) According to the law, the data is publicly available or is made publicly available by the data subject;

f) Data processing is required to protect the vital interests of the data subject or another person, including monitoring the epidemic and/or preventing its spread, managing humanitarian crises, natural and man-made disasters;

g) Data processing is required for protection of the important public interest;

h) Data processing is required to fulfill the tasks belonged to the public interest field defined by the legislation of Georgia;

i) Data processing is required to protect important legitimate interests of the person responsible for processing or the third person;

j) Data processing is required for review of the data subject’s application (for conduction of the service to him/her).  

4. Data processing for the purpose of the direct marketing

4.1. Data processing for the purpose of the data collection/obtain basics and their availability, direct marketing may be implemented only with the consent of the data subject.

4.2. In addition to the name, surname, address, telephone number and e-mail address of the data subject, the processing of other data for direct marketing purposes requires a written consent of the data subject.

4.3. The person responsible for the processing (“Gorgia” LLC) is obliged to cancel the data processing for the purpose of the direct marketing after receiving the relevant request of the data subject, in the reasonable term but not later than 7 business days.

4.4. The person responsible for the processing (“Gorgia” LLC) is obliged to ensure, to have the opportunity to the data subject to request the termination of data processing for direct marketing purposes in the same manner in which direct marketing is carried out, or to determine another available and adequate means to request the termination of data processing.

5. Implementation of the video monitoring

5.1  For the purpose of crime prevention, detection, public safety, protection of personal safety and property, protection of secret information, examination/testing, and in order to perform tasks belonging to other legitimate interests of “Gorgia” LLC, at the external perimeter of the company in the entrance, in the lobby and in the corridor, in the administration building, in the branches of "Gorgia" LLC , video monitoring is carried out, and warning signs are placed in a visible place in the company.

6. Implementation of audio monitoring

6.1 With the consent of the data subject, to carry out the minute’s entry, for protection of important interest of “Gorgia” LLC, in other cases considered under the legislation of Georgia is implemented the audio monitoring, about what at the visible place of the company are placed the warning signs.

7. Rights of the data subject:

7.1. The right of receiving the information on data processing;

7.2. The right to introduce the data and receive the copies;

7.3. The right to correct, update and complete data;

7.4. The right to cancel, delete or destroy the data processing;

7.5. The right of data blocking;

7.6. Data transferring right;

7.7. Automated individual decision-making and related rights;

7.8. Consent requesting right;

7.9. The right of appeal;

7.10. The rights of the data subject may be limited, if it is not directly considered under the legislation of Georgia, this will not violate the human rights and freedoms, it is a necessary and proportionate measure in a democratic society;

8. Data safety:

8.1. In the company is preserved the personal data safety and confidentiality of the data subject. In order to protect the data safety, during the data processing is taken such technical and organizational, measures, which properly will ensure protection of the data (in order to increase a safety, at the web page is linked by using of https, which is an extension of the http protocol. Also, at the web page are preserved the types of safety vulnerabilities (XSS, CSRF)).

8.2. Access to the personal data processing have only the employees of the organization, which need the mentioned for fulfillment of their job duty imposed to them.