Privacy Policy
Article 1. Application on personal data protection.
1.1 Our company is dedicated to upholding fundamental human rights and freedoms, including the protection of privacy and personal information. The company attaches great importance to the protection of users' personal data. Accordingly, when processing personal data, the company acts in accordance with the Law of Georgia "On Personal Data Protection", other normative acts and the Personal Data Protection Policy (hereinafter - Policy).
Article 2. Purpose of the policy.
2.1 The purpose of this policy is to determine the rules and procedures for the protection and processing of personal data collected by the company, taking into account its goals and activities, to guarantee that the processing is lawfully conducted, to protect the rights of individuals and to ensure the transparency of processing.
Article 3. Definition of terms.
3.1. The terminology used in this document are only descriptive and are understood in light of the particulars of the work done by the company. The definitions are in compliance with the law of Georgia "On personal data protection" and their interpretation contrary to the law is not allowed;
3.2. Personal data (hereinafter - data) - Any information pertaining to an identified or identifiable physical person and used for the purposes of the company's activity;
3.3. Special category data - Data relating to an identified or identifiable natural person, utilized for the purposes of the company's activities and exposing, among other things, the physical person's health status, conviction information, and biometric information;
3.4. Data subject - user and any phisical person about whom the existing data is used by the company for its own purposes. A natural person can be identified or identifiable;
3.5. Company - data processor, which decides the aims and means of data processing, methods, formats, organizational and technological security measures, and methods of realizing the data subject's rights;
3.6. Authorized person - a person involved in the process of data processing by the company, based on the law or contract, who processes data on behalf of the company and/or based on its goals. a person associated in the firm's data processing process who processes data on behalf of the company and/or in accordance with its aims, as defined by law or contract.
3.7. Data recipient - any person to whom personal data has been transferred for the purposes of the company's activities,
3.8. Data processing - any active and/or passive acts taken on personal data, including video and audio monitoring. Processing can also be done totally automatically, semi-automatically, or manually.
Article 4. Data processed within the scope of the company's activities.
The company may process the following data about users:
4.1. Name, surname, personal number, series and number of identity document, date of issue of identity document, photograph, phone number, e-mail address, date of birth, knowledge of foreign languages, gender, education information, citizenship, time of entering and leaving the building , time spent on the website, vehicle state registration number; Data from the device used to access the website.
4.2. The terms of data storage at the university are governed by Georgian legislation.
Article 5. Purposes of using processed data.
The data processed in the company is used for various purposes, namely:
5.1. Ensure and prevent security on the company's premises and website.
5.2. Improving the quality of the company's services.
5.3. Marketing objectives, generating and presenting offerings to customers
5.4. Fulfillment of duties directly assigned by law.
5.5. Creation of customer base, sorting, research.
5.6. legal provision of proceedings, organization and control of document circulation,
5.7. Research, appraisal, planning, and quality control of the company's activities.
Article 6. Entities with the right to access data.
Access to the data processed in the company, within the scope of their own competence, may be granted to the relevant company employee, as well as to the company's contractors, from whom a guarantee of data protection and processing will be obtained in advance; State bodies defined by legislation.
Article 7. Personal data processing rules.
7.1. Personal data is processed by the company in compliance with the following principles:
7.1.1. Justice, transparency, legality, accountability to the data subject and protection of his dignity;
7.1.2. Targeting - prior determination of an appropriate, clear and specific goal;
7.1.3. Proportionality -processing of data in the proper amount for the purpose;
7.1.4. Ensuring data accuracy and correctness, including targeted updating or information deletion/destruction;
7.1.5. Storage of data for an appropriate period;
7.1.6. The overall safety of the processing process, including adherence to organizational and technical security standards.
7.2. In addition to the aforementioned principles, the company follows the legal bases of processing, both for non-sensitive and special categories of data, in particular, processing can be based on:
7.2.1. Oral or written consent of the data subject;
7.2.2. The requirements stipulated by the law, which the company is obliged to fulfill;
7.2.3. Superior legitimate interests of the company;
7.2.4. Public interests;
Article 8. Person responsible for personal data processing of the company
8.1. The university has designated a person responsible for personal data processing in order to effectively protect subjects' rights and meet the requirements of personal data protection legislation.
Article 9. Implementation of video and audio control.
9.1. In order to ensure security, protect property and/or protect confidential information, the external perimeter of the company's building(s) and corridors of the building(s) may be subject to video surveillance; Additionally, the devices and IP addresses used to access the Company's website may be tracked and data logged.
9.2. The implementation of audio control is permitted only when the implementation of remote services by the company or based on service enhancement goals, with prior notification of the subject.
9.7. Records obtained as a result of video/audio monitoring are kept for no more than 3 months.
Article 10. Registration of entry and exit to the building, entry and exit to the website
10.1. For the security purposes of users, other physical persons coming to the company, as well as for the security of the company, it may be possible to monitor, control, and log data entering and exiting the building and/or the website.
Article 11. Use of e-mail and telephone number.
11.1. The organization handles consumers' e-mail addresses and phone numbers in order to communicate efficiently and quickly.
11.2. The use of e-mail and telephone number for the purpose of providing news and sending advertising messages (direct marketing) is allowed only with the subject's consent;
11.3. The data subject has the right to request that the use of his or her e-mail address and/or phone number for marketing purposes be discontinued, which must be carried out immediately.
Article 12. Rights of the data subject.
12.1. The data subject has the right to get information about the data processed about him at any time, namely:
12.1.1. which data is processed and for what purpose;
12.1.2. source of data acquisition;
12.1.3. data retention period;
12.1.4. What rights does the data subject have during processing;
12.1.5. whether the processing is profiling-based;
12.1.6. to whom his data may be transferred (transferred) and on what basis;
12.1.7. whether its data will be transferred to an international organization or another state and on what basis;
12.2. Additionally, it is possible to obtain information about the processing process, its forms and methods;
12.3. The data subject chooses the method of receiving (delivery) of information (electronic or written).
12.4. The requested information must be provided to the subject immediately upon request, unless the provision of information requires their retrieval in an archive, another structural unit, or consolidation and processing of documents is required. In this case, the information must be delivered within 10 working days at the latest;
12.5. If the data is erroneous or incomplete, the data subject has the right to request that it be corrected, updated, completed, or added to. If the organization believes that the data needs to be corrected, updated, completed, or added, and there is a justifiable purpose, necessary actions must be made within 15 days to correct, add, complete, and/or update them.
12.6. In the event that the aims and/or grounds for data processing, their validity or correctness are contested, the data subject has the right to request a temporary suspension (blocking) of data processing. The data is blocked by the company within three days of the data subject's request.
12.7. The data subject has the right to request the termination of processing, erasure and/or destruction of existing data about him;
12.8. To exercise the data subject's rights, an application should be filed to the company's personal data protection officer.
12.9. Limitation of the subject's rights provided for in this article is permissible if the realization of these rights may damage and/or endanger:
12.9.1. Public safety interests;
12.9.2. Crime prevention, investigation, operative-search activities;
12.9.3. Important financial and economic interests for the country;
12.9.4. To fulfill the powers of the state regulatory bodies, including the regulatory bodies of the education system;
12.9.5. The rights and freedoms of the data subject and/or others;
12.9.6. State, commercial, professional, and other forms of secrets are legally protected.
12.9.7. Implementation of justice.
12.10. In the event of a breach of the rights and stated norms established by the law and this policy, the data subject has the right to make a complaint with the company's personal data protection officer.
12.11. In the cases provided for in the paragraph, a complaint can also be submitted to the State Inspector's Office.