• main
  • PRIVACY POLICY

Privacy Policy

ABOUT US

The Personal Data Protection Service is an independent state body.

As part of our activities, we monitor the legality of personal data processing in Georgia.

Among other things, we supervise the process of investigative actions defined by law and the activities carried out in the Central Data Bank of the Operational-Technical Agency.

Please find more information about our main areas of activity here:

Office telephone number: +995 32 242 1000

Office address: Tbilisi, N. Vachnadze St. No. 7 / Batumi, Bako St. No. 48

Office email address: office@pdps.ge

Data Protection Officer: Tengiz Mamulia

Data Protection Officer contact details: +995 32 242 1000 (146); dpo@pdps.ge

 

PURPOSE OF THIS POLICY


We respect and protect your right to be fully informed about the processing of your personal data.

We aim to share with you what information we collect about you, for what purposes we collect it and the ways in which we use it.

 

  1. SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL INFORMATION

We collect information about you directly from you when you:

  • Submit an application or notification asking us to review the lawfulness of personal data processing;
  • Contact us to request consultation related to personal data processing;
  • Request permission for the transfer of personal data to another country or international organization;
  • Apply for registration as a special representative;
  • Request legal expertise on draft legal acts.
  • Provide information regarding the appointment, designation, or change of the Data Protection Officer;
  • Notify us about an incident related to personal data;
  • Provide information upon our request within the scope of an ongoing review;
  • Provide information about the implementation of tasks and recommendations we have issued;
  • Submit a complaint related to matters within our competence;
  • Request disclosure of public information;
  • Participate in a competition announced for a vacant position;
  • Submit a tender proposal within the framework of a public procurement procedure;
  • Register to attend an event organized by us;
  • Attend events where your attendance is recorded and photos/videos are taken;
  • Are present in our administrative buildings or their external perimeter covered by our surveillance cameras;
  • Contact us via our telephone number;
  • Register your entry to our administrative buildings;
  • Visit our websites;
  • Provide information about alleged disciplinary violations by our employees;
  • Contact us to exercise your rights as a data subject.

We may also obtain your personal data when:

  • Information about you is provided in an application submitted by another person;
  • During a review initiated based on your or another person’s application, we contact various parties and receive information about you from them;
  • During an investigation initiated based on your or another person’s application, we obtain information about you from publicly available sources.

 

  1. WHY AND HOW WE USE YOUR DATA
    2.1 REVIEW OF APPLICATIONS SUBMITTED FOR THE EXAMINATION OF THE LAWFULNESS OF PERSONAL DATA PROCESSING

WHERE WE OBTAIN DATA

When you submit an application or notification to us for the examination of the lawfulness of personal data processing, we process the information about you and other individuals included in your application and the attached materials.

Your data may also be included in applications submitted by other individuals—for example, when the applicant indicates an alleged violation committed by you.

To thoroughly review matters within our competence, we contact all persons or institutions holding relevant information and obtain additional information about you from them. For instance, if we cannot reach a party involved in the review using the contact details we have, we may obtain their address from the LEPL State Services Development Agency. Additionally, when necessary, we may request further information from you to properly assess the matter.

If required, we may also obtain information about you from publicly available sources.

WHAT DATA WE PROCESS

Within the scope of reviewing applications and notifications, we obtain the following information:

  • From the applicant/their representative, as well as from the data controller or data processor identified during the review, and/or their representative: 
    • Information and signature as indicated in the identity document;
    • Actual and legal addresses, email address, and telephone number;
    • Information regarding the delivery status of correspondence sent by us;
    • Information on the annual turnover of the data controller or processor registered as an individual entrepreneur;
    • Other information specified in the application/notification, attached documentation, statements and documents submitted by the parties and witnesses, and evidence obtained from other sources;
  • Information about the author of the notification and their representative as specified in the notification, attached documentation, statements and documents submitted by parties and witnesses, and evidence obtained from other sources;
  • Information regarding the delivery of correspondence sent by us to the author of the notification/their representative;
  • Information about other individuals contained in evidence submitted by parties and witnesses or obtained by us from other sources.

If necessary, for obtaining appropriate evidence during the review of an application or notification, we may produce audio, video, and/or photographic materials containing the personal data of the individuals involved in the review.

The list of mandatory information to be provided for accepting an application for review, as well as the procedure for obtaining evidence during the review, are defined by the Order of the Head of the Personal Data Protection Service (Order No. 34 of the Head of the Personal Data Protection Service)

When submitting a notification, you are not required to provide information about your identity or any specific personal data about yourself. Notifications can be submitted anonymously. However, in order for us to react to the notification, it must include sufficient information to identify the alleged violation.

WHAT WE USE IT FOR

The data collected during the examination of applications and notifications is used in accordance with the authority granted by law to monitor the lawfulness of personal data processing activities.

Specifically, based on the collected information, we assess the legality of the data processing activities indicated in your applications, identify violations, ensure that appropriate responsibility is imposed on the offenders, issue instructions and recommendations to address the identified shortcomings, and inform you about the decisions made.

ON WHAT GROUNDS WE PROCESS DATA

When processing data collected during the examination of applications and notifications, we rely on the following legal grounds:

Article 5(1)(g) of the Law of Georgia “On Personal Data Protection” — law provides for data processing;

Article 5(1)(d) of the Law of Georgia “On Personal Data Protection” — data processing is necessary to fulfill obligations imposed to us by Georgian legislation;

Article 5(1)(J) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for the consideration of your application.

When processing special category data collected during the examination of applications and notifications, we rely on the following legal ground:

Article 6(1)(b) of the Law of Georgia “On Personal Data Protection” — processing of special category data is directly and specifically regulated by law and is necessary and proportionate in a democratic society.

TO WHOM WE TRANSFER DATA

If, as a result of the review, it is determined that violation has been committed, we notify the Ministry of Internal Affairs of Georgia in accordance with the procedure established by law.

Data collected during the examination of applications and notifications may be disclosed to:

  • Parties involved in the review, in accordance with the procedure established by the Order of the Head of the Service;
  • Individuals from whom information is requested during the review, if necessary to obtain the information;
  • Competent investigative authorities, if signs of a crime are detected;
  • Courts, in cases of appeal against our decision;
  • The postal service provider who is data processor;
  • Data processors involved in storing information received through our websites.

We do not transfer data collected during the examination of applications and notifications to other states or international organizations.

 

2.2 REVIEW OF REQUESTS FOR DATA PROCESSING CONSULTATIONS AND LEGAL EXAMINATION OF LEGISLATIVE ACTS

WHERE WE OBTAIN DATA

When you request a consultation related to data processing or a legal review of a legislative act, we process the information about you and other individuals included in your request and the attached materials.

Your data may also be provided to us through such requests submitted by other individuals.

WHAT DATA WE PROCESS

In the course of reviewing requests for consultations and legal examination of legislative acts, we collect the following information about the requester and/or their representative:

  • First and last name;
  • Contact details provided in the request;
  • Information regarding the delivery of correspondence sent by us;
  • Social media username, if the request is received via a social media platform;
  • Telephone number, call initiation time, and call duration, if you contact us by phone;
  • Any other data specified in the request and the attached documents.

WHAT WE USE IT FOR

Based on the collected data, we review your request and ensure that you receive a consultative response to your inquiry.

ON WHAT GROUNDS WE PROCESS DATA

When processing data collected during the review of requests for consultations and legal examination of legislative acts, we rely on the following legal grounds:

  • Article 5(1)(c) of the Law of Georgia “On Personal Data Protection” — data processing is provided for by law;
  • Article 5(1)(d) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for us to fulfill obligations imposed by Georgian legislation.
  • Article 5(1)(j) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for the consideration of your request.

TO WHOM WE TRANSFER DATA

Data collected during the review of requests for consultations and legal examination of legislative acts may be disclosed to the postal service provider who is the data processor.

 

2.3 REVIEW OF REQUESTS FOR AUTHORISATION OF DATA TRANSFERS TO OTHER STATES AND INTERNATIONAL ORGANISATIONS AND FOR REGISTRATION OF A SPECIAL REPRESENTATIVE

WHERE WE OBTAIN THE DATA

When you request authorization for the transfer of data to another state or an international organization, or when you apply for the registration of a special representative, we collect the information about you and other individuals included in your request and the attached documents.
Your data may also be provided to us through such requests submitted by other individuals.
In addition, to thoroughly review the matter, we contact all persons or institutions holding relevant information and obtain additional information about you from them.
If necessary, we may also obtain information relevant to the review from publicly available sources.
To properly assess the matter, we may also request additional information from you.

WHAT DATA WE PROCESS

In the course of reviewing applications for authorization of international data transfers and registration of a special representative, we collect the following:

  • From the applicant/their representative, the data recipient, and the special representative:
    • Information and signature as indicated in the identity document;
    • Actual and legal addresses, email address, and telephone number;
  • Information regarding the delivery of correspondence sent by us;
  • Other information contained in the application and attached documents, as well as in any additional evidence obtained by us;
  • Information about other individuals as indicated in evidence submitted by the applicant or obtained by us from other sources;
  • Information about the field of activity of the data recipient;
  • Information about the field of activity of the person requesting the registration of a special representative.

As part of reviewing an application for authorization, we may hold an oral hearing, the content of which will be recorded in writing or as an audio record. An audio record will only be made if all participants in the oral hearing give their consent.

The list of mandatory data to be provided along with an application for authorisation of international data transfers can be found here:(Order No. 33 of the Head of the Personal Data Protection Service of March 1, 2024), and the list of mandatory data to be submitted with an application for registration of a special representative can be found here: (Order No. 20 of the Head of the Personal Data Protection Service 28 February 2024)

WHAT WE USE IT FOR

Based on the collected information, we assess whether your applications for authorisation of data transfers to other states and international organisations, or for registration of a special representative, comply with the requirements established by law. We then make appropriate decisions and inform you accordingly.

ON WHAT GROUNDS WE PROCESS DATA

When processing data collected during the review of applications for authorisation of international data transfers and registration of a special representative, we rely on the following legal grounds:

  • Article 5(1)(c) of the Law of Georgia “On Personal Data Protection” — data processing is provided for by law;
  • Article 5(1)(d) of the Law of Georgia “On Personal Data Protection”— data processing is necessary for us to fulfil obligations imposed by Georgian legislation;
  • Article 5(1)(j) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for the consideration of your application.

When processing special category data collected during the application review, we rely on the following legal ground:

  • Article 6(1) (b) of the Law of Georgia “On Personal Data Protection” — the processing of special category data is directly and specifically regulated by law and constitutes a necessary and proportionate measure in a democratic society.

TO WHOM WE TRANSFER DATA

Data collected during the review of applications for authorisation of international data transfers and registration of a special representative may be disclosed to:

  • Individuals from whom we request information as part of the review, if necessary to obtain the information;
  • Courts, in cases of appeal against our decision;
  • The postal service provider as a data processor.

Data collected during the review of applications will not be disclosed to other states or international organisations.

 

2.4 REVIEW OF REQUESTS FOR THE PROVISION OF PUBLIC INFORMATION

WHERE WE OBTAIN THE DATA

When you submit a request to us for the disclosure of public information held by us, we collect the information about you and other individuals included in your request and the attached materials.

Your data may also be provided to us through similar requests submitted by other individuals.

WHAT DATA WE PROCESS

During the review of requests for disclosure of public information, we collect the following information about the requester and/or their representative:

  • First and last name;
  • Personal identification number;
  • Address;
  • Email address and contact telephone number;
  • Information regarding the delivery of correspondence sent by us;
  • Other data specified in the request and attached documents.

Additionally, during the review, we have access to personal data contained in the documents and materials requested by the application.

The list of mandatory data to be provided when requesting public information in electronic form can be found here:(Order No. 24 of the Head of the Personal Data Protection Service
29 February 2024).

WHAT WE USE IT FOR

We use the data to ensure access to public information held by us in accordance with the procedures established by law. Specifically, we review requests for information disclosure, make relevant decisions, and inform you accordingly.

ON WHAT GROUNDS WE PROCESS DATA

  • Article 5(1)(c) of the Law of Georgia “On Personal Data Protection” — data processing is provided for by law;
  • Article 5(1)(d) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for us to fulfill obligations imposed by Georgian legislation;
  • Article 5(1)(j) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for the consideration of your request.

TO WHOM WE TRANSFER DATA

Data processed during the review of requests for disclosure of public information may be disclosed to:

  • The applicant, in accordance with the procedures established by law;
  • Courts, in cases of appeal against our decision;
  • The postal service provider (data processor).

Data processed during the review will not be disclosed to other states or international organisations.

 

2.5 REVIEW OF COMPLAINTS RELATED TO MATTERS WITHIN OUR COMPETENCE

WHERE WE OBTAIN THE DATA FROM

When you submit a complaint, for example, to appeal a decision made by the head of our structural unit, we collect the information about you and other individuals included in your complaint and the attached materials.

Your data may also be provided to us through similar complaints submitted by other individuals.

WHAT DATA WE PROCESS

Within the scope of reviewing complaints related to matters within our competence, we collect the following information about the complainant and/or their representative:

  • Information indicated in the identity document;
  • Address;
  • Email address and contact telephone number;
  • Information regarding the delivery of correspondence sent by us;
  • Other data specified in the complaint and attached documents.

Additionally, during the review, we process data specified in the appealed decision and related case materials.

The list of mandatory information to be provided for the acceptance of a complaint for review, as well as the procedure for the review, are defined by the Order of the Head of the Personal Data Protection Service).

WHAT WE USE IT FOR

We use the data to assess the validity of the complaints submitted to us, make appropriate decisions, and inform you accordingly.

ON WHAT GROUNDS WE PROCESS DATA

When processing data during the review of complaints, we rely on the following legal grounds:

  • Article 5(1)(c) of the Law of Georgia “On Personal Data Protection” — data processing is provided for by law;
  • Article 5(1)(d) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for us to fulfill obligations imposed by Georgian legislation;
  • Article 5(1)(j) of the Law of Georgia “On Personal Data Protection” — data processing is necessary for the consideration of your complaint.

When processing special category data collected during the complaint review, we rely on the following legal ground:

  • Article 6(1)(b) of the Law of Georgia “On Personal Data Protection” — processing of special category data is directly and specifically regulated by law and constitutes a necessary and proportionate measure in a democratic society.

TO WHOM WE TRANSFER DATA

Data processed during the review of complaints may be disclosed to:

  • Courts, in cases of appeal against our decision;
  • The postal service provider as a data processor.

Data processed during the review will not be disclosed to other states or international organisations.

 

2.6 RECEIVING AND PUBLISHING INFORMATION ON THE APPOINTMENT, DESIGNATION, OR REPLACEMENT OF A DATA PROTECTION OFFICER

WHERE WE OBTAIN DATA

When submitting information on the appointment, designation, or replacement of a Data Protection Officer, we receive the data of you and other persons indicated in your application and the attached materials.

Your data may also be provided to us through similar applications submitted by other persons.

WHAT DATA WE PROCESS

In the course of receiving information on the appointment/designation or replacement of a Data Protection Officer, we obtain:

  • Of the person appointed/designated as a Data Protection Officer:
  • First and last name;
  • Information about the place of employment;
  • Address, email address, and telephone number;
  • Information on the date of appointment/designation;
  • Of the person submitting the information on the appointment/designation of the officer:
  • First name, last name, and personal identification number;
  • Address, email address, and telephone number;
  • Information on the field of activity;
  • Other personal data indicated in the correspondence submitted regarding the appointment of the officer.

WHAT WE USE IT FOR

In the event of the appointment, designation, or replacement of a Data Protection Officer, it is mandatory under the law to provide us with this information.
We use the information obtained to monitor the fulfilment of obligations set out by law to the responsible parties.

Once we receive the name and contact details of the appointed/designated Data Protection Officer, we will publish them publicly on our website.

We will use the name and contact details of the Data Protection Officer to contact them, if communication is required within the scope of monitoring the lawfulness of data processing.

ON WHAT GROUNDS WE PROCESS DATA

For the purposes of receiving and publishing information on the appointment/designation or change of the Data Protection Officer, we rely on the following legal bases:

  • Article 5(1)(c) of the Law of Georgia “On Personal Data Protection” – the data processing is provided for by law;
  • Article 5(1)(d) of the Law of Georgia “On Personal Data Protection” – the data processing is necessary for the fulfilment of obligations imposed on us under the legislation of Georgia.

TO WHOM WE TRANSFER DATA

We publicly disclose on our website the information provided regarding the identity and contact details of the Data Protection Officer, thereby making it accessible to any person using the website.

 The data submitted to us via the website is transferred for storage to our data processor.

 

2.7 RECEIVING NOTIFICATIONS REGARDING PERSONAL DATA–RELATED INCIDENTS

WHERE WE OBTAIN THE DATA FROM

In accordance with the law, when submitting a notification regarding an incident related to personal data, we receive the information indicated in your notification and its accompanying materials concerning you and other individuals.

Your data may also be provided to us through similar notifications submitted by other persons.

WHAT DATA WE PROCESS

In the course of receiving notifications regarding incidents related to personal data, we collect the following:

Of the Data controller:

  • First and last name, personal identification number, and address;
  • Information on the field of activity;

Of the person responsible for completing the notification form or other contact person:

  • First and last name;
  • Information on their position;
  • Email address and telephone number;

Of the Data Protection Officer/their representative:

  • First and last name;
  • Information on their position;
  • Email address and telephone number;
  • Other personal data indicated in the notification and its enclosed documents.

The list of mandatory data to be provided along with a personal data incident notification can be found here: (Order No. 19 of the Head of the Personal Data Protection Service
28 February 2024).

WHAT WE USE IT FOR

The data collected through notifications regarding incidents are used to assess, within our competence, the circumstances described in the notification and, if necessary, to make decisions on additional measures, such as conducting inspection of the responsible data processor and disclosing information about the incident.

ON WHAT GROUNDS WE PROCESS DATA

In processing data collected through notifications regarding incidents, we rely on the following legal bases:

  • Article 5(1)(c) of the Law of Georgia “On Personal Data Protection” – the data processing is provided for by law;
  • Article 5(1)(d) of the Law of Georgia “On Personal Data Protection”– the data processing is necessary for the fulfilment of obligations imposed on us under the legislation of Georgia.

TO WHOM WE TRANSFER DATA

Data submitted to us through the website is transferred for storage to our data processor.

 

2.8 OVERSIGHT OF INVESTIGATIVE ACTIONS

WHERE WE OBTAIN THE DATA FROM

Within the framework of oversight of investigative actions provided for by Articles 136–138 of the Criminal Procedure Code of Georgia and covert investigative actions provided for by Article 143¹ point 1, we receive information from the court, the Prosecutor’s Office, the Operational-Technical Agency, and electronic communications companies.

WHAT DATA WE PROCESS

Within the framework of oversight of investigative actions, we process the following data:

Provided by the court:

  • Data specified in the details and operative parts of court orders regarding the issuance of authorization for conducting covert investigative actions or the denial of such authorization;
  • Data specified in the details and operative parts of court orders regarding the legality or illegality of covert investigative actions conducted by law enforcement without court authorization.

Provided by the Prosecutor’s Office:

  • Data specified in the details and operative parts of prosecutor’s orders for conducting covert investigative actions in cases of urgent necessity.

Provided by the Operational-Technical Agency:

  • Data specified in the details and operative parts of court orders authorizing covert investigative actions;
  • Data specified in the details and operative parts of prosecutor’s orders authorizing covert investigative actions.

Other sources:

  • Data contained in the electronic control system and the special electronic control system;
  • Data in the special electronic system for real-time geolocation monitoring;
  • Information obtained from the court, the Prosecutor’s Office, and electronic communications service providers regarding investigative actions conducted under Articles 136–138 of the Criminal Procedure Code of Georgia.

WHAT WE USE IT FOR

We process data to monitor, in accordance with the procedure established by law, the lawfulness of actions carried out by bodies authorized to conduct investigative activities. In particular, if a comparison of the information obtained or any other examination reveals an alleged case of unlawful data processing, we are authorized to carry out an inspection.

We use information obtained in connection with covert investigative activities—such as covert wiretapping and recording of telephone conversations—to suspend ongoing investigative actions through the electronic control system and the special electronic control system, when the circumstances defined by law are present.

ON WHAT GROUNDS WE PROCESS

When processing data within the framework of controlling investigative actions, we rely on the following legal grounds:

Subparagraph “c” of paragraph 1 of Article 5 of the Law of Georgia “On Personal Data Protection” — data processing is provided for by law;

Subparagraph “d” of paragraph 1 of Article 5 of the Law of Georgia “On Personal Data Protection” — data processing is necessary for us to fulfill the obligations imposed on us by the legislation of Georgia.

TO WHOM WE TRANSFER DATA

We do not transfer data processed within the framework of controlling investigative actions to any other persons.

 

2.9. CONDUCTING COMPETITIONS FOR VACANT POSITIONS

WHERE WE OBTAIN DATA

When you submit an application to participate in a competition for a vacant position, we receive information about you and other persons specified in your application and in the documents attached to it.

If you progress to subsequent stages of the competition, we will obtain additional information from you as part of the relevant stage.

Your data may also be provided to us through applications submitted by other persons — for example, if a candidate has listed you as a recommender, or if you have signed a document submitted by the candidate to confirm work experience.

WHAT DATA DO WE PROCESS

In the framework of conducting competitions for vacant positions, we process the following data:

  • Name, surname, and personal identification number;
  • Date of birth;
  • Email address and telephone number;
  • Information about citizenship;
  • Information about education and work experience;
  • Information regarding participation in the next stages of the competition;
  • Information contained in works created while performing written or other types of tasks;
  • Other information about the candidate and other persons specified in the submitted application and attached documents.

Other information about the candidate and other persons specified in the submitted application and attached documents.

In parallel with the candidate’s participation in the various stages of the competition, we collect information regarding the assessments and results received by the candidate at each stage.

Along with your identity, date of birth, citizenship, and contact details, you should submit only such data in the application as is necessary to assess your compliance with the qualification requirements set out for the specific competition.

WHAT DO WE USE IT FOR

We process data within the framework of conducting competitions in order to assess candidates’ compliance with the established competition requirements, select the best candidates, and inform each candidate of the decision made regarding their application.

ON WHAT GROUNDS DO WE PROCESS

When processing data for competitions for vacant positions, we rely on the following legal grounds:

Article 5, paragraph 1, subparagraph “c” of the Law of Georgia On Personal Data Protection — data processing is provided for by law;

Article 5, paragraph 1, subparagraph “d” of the Law of Georgia On Personal Data Protection — data processing is necessary to fulfill obligations imposed on us by Georgian legislation;

Article 5, paragraph 1, subparagraph “j” of the Law of Georgia On Personal Data Protection — data processing is necessary for considering your application.

For processing information containing special categories of data obtained during the competition, we rely on:

Subparagraph “b” of paragraph 1 of Article 6 of the Law of Georgia “On Personal Data Protection” — processing of special categories of data is directly and specifically regulated by law and is a necessary and proportionate measure in a democratic society.

TO WHOM WE TRANSFER DATA

We accept applications for competitions through the website administered by the Administration of the Government of Georgia — hr.gov.ge — where the submitted application and attached documents also become accessible to the Administration of the Government of Georgia.

Additionally, we may transfer data processed within the competitions to:

  • The court, in case of an appeal against our decision;
  • Our processor involved in organizing and conducting written assignments within the competitions.

We do not transfer data processed within the competitions to any other state or international organization.

 

2.10 IMPLEMENTATION AND MANAGEMENT OF PUBLIC PROCUREMENT

WHERE WE OBTAIN DATA

When you submit a tender proposal to participate in a tender published by us for the implementation of public procurement, we receive information about you and other persons specified in your proposal and the attached documents.

We also receive information from you when you ask questions during the tender process or when we contact you to clarify issues related to your tender proposal.
Additionally, your data may be provided to us through tender proposals submitted by other persons.

WHAT DATA DO WE PROCESS

Within the framework of implementing and managing public procurement, we collect the following data about bidders wishing to participate in the procurement:

  • Name, surname, and personal identification number;
  • Address, email address, and telephone number;
  • Bank account details;
  • Identity and contact details of the representative/contact person;
  • Other data specified in the tender proposal and attached documents;
  • Correspondence between the bidder/supplier and us.

After identifying the winning bidder, we conclude an agreement with them, which includes information specified in the Law of Georgia “On Public Procurement”.

WHAT DO WE USE IT FOR

We process data to assess compliance of submitted proposals with tender conditions, identify the winning bidder, ensure contract conclusion and payment, and monitor compliance with the contract terms.

ON WHAT GROUNDS DO WE PROCESS

When processing data within the framework of implementing and managing public procurements, we rely on the following legal grounds:

Article 5, paragraph 1, subparagraph “c” of the Law of Georgia “On Personal Data Protection” — data processing is provided for by law;

Article 5, paragraph 1, subparagraph “d” of the Law of Georgia “On Personal Data Protection” — data processing is necessary to fulfill obligations imposed by Georgian legislation.

TO WHOM WE TRANSFER DATA

We accept tender proposals through the electronic portal administered by the State Procurement Agency — tenders.procurement.gov.ge — where submitted proposals and attached documentation become accessible to both the agency and any portal users.

In accordance with the obligation to proactively publish public information, we publish on our website information about the supplier’s identity, procurement object, procurement method, contract value, and amounts paid to the supplier.

Additionally, we transfer data processed within the framework of public procurement to:

  • The Treasury Service of the Ministry of Finance of Georgia, to facilitate settlements with the supplier;
  • The LEPL Revenue Service, pursuant to reporting obligations;
  • The court, in the event of an appeal against decisions made by us.

We do not transfer processed data to any other state or international organization.

 

2.11 ORGANIZATION AND CONDUCT OF INFORMATIONAL AND EDUCATIONAL EVENTS

WHERE DO WE OBTAIN DATA

When you register to attend an informational or educational event organized by us, we obtain the data you provide in the registration form.

We also collect your data when registering your attendance at the event. In addition, we may obtain your data when taking photos and videos during the event.

WHAT DATA DO WE PROCESS

During the registration process for an event, we collect the following information from the person wishing to attend:

  • Name and surname;
  • Email address and phone number;
  • Other data specified in the registration form.

When registering your attendance at the event, we collect:

  • Name, surname, and signature;
  • Other data specified in the attendance registration form.

If photographs or videos of you are taken during the event, you will be informed in advance and, if necessary, your consent will be obtained.

WHAT WE USE IT FOR

We process data for registration and attendance purposes in order to effectively organize and conduct informational events, fulfill our obligation to raise public awareness regarding data protection, and enable your participation in such events.

Photographs and videos taken at the events may be published on our website and social media channels to inform the public about our activities.

ON WHAT GROUNDS DO WE PROCESS

When processing data for event registration and attendance purposes, we rely on the following legal grounds:

Subparagraph “d” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to fulfill obligations imposed on us by the legislation of Georgia;

Subparagraph “j” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to consider your application.

When publishing photographs, videos, and related materials from events on our website and social media channels, we rely on:

Subparagraph “a” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – we have your consent; and/or

Subparagraph “d” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to fulfill obligations imposed on us by the legislation of Georgia.

TO WHOM WE TRANSFER DATA

Photographs and videos of event attendees published on our website and social media channels become accessible to any person who visits our website or our official social media pages.

 

2.12 VIDEO MONITORING OF OUR BUILDINGS

WHERE WE OBTAIN DATA

Video cameras are installed at the entrances, in the corridors, and along the outer perimeter of our administrative buildings.

Accordingly, if you move within these areas, a video recording containing your image will be captured.

WHAT DATA WE PROCESS

We only collect video recordings containing images through the video monitoring system.
No audio recording is conducted through this system.

WHAT WE USE IT FOR

The data obtained through video monitoring is used for the following purposes:

  • To protect the safety of our employees and visitors;
  • To protect our property, as well as the property of employees and visitors;
  • To protect confidential information held by us.

TO WHOM WE TRANSFER DATA

Recordings obtained through the video monitoring system may be shared with a law enforcement agency or a court if necessary for the purposes listed above or to fulfill an obligation imposed on us by law.

 

2.13 RECORDING OF TELEPHONE COMMUNICATIONS

WHERE WE OBTAIN DATA

When communicating via our telephone number, we record information about the telephone call.

WHAT DATA WE PROCESS

Within the framework of recording telephone calls, we store the following information:

  • The telephone numbers of the caller and the recipient;
  • The time the call was initiated;
  • The duration of the call.

If it becomes necessary to make an audio recording of a telephone conversation, we will inform you in advance, explain the purposes of the recording, and proceed only with your consent.

WHAT WE USE IT FOR

We process data within the framework of recording telephone calls in order to accurately document the fact of communications made via telephone and to ensure an appropriate response to such communications.

ON WHAT GROUNDS WE PROCESS DATA

When processing data within the framework of recording telephone calls, we rely on the following legal grounds:

Subparagraph “d” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to fulfill the obligations imposed on us by the legislation of Georgia;

Subparagraph “i” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to protect our legitimate interests.

 

2.14 RECORDING ACCESS TO OUR ADMINISTRATIVE BUILDINGS

WHERE WE OBTAIN DATA

When you visit the interior spaces of our administrative buildings, we record your access to the premises.

WHAT DATA WE PROCESS

As part of recording access to the buildings, we collect the following information:

  • Name and surname of the visitor;
  • Visitor’s personal number;
  • Date and time of pass issuance;
  • Reason for visiting the building;
  • Pass number issued to the visitor;
  • Date and time of entry to and exit from the building.

WHAT WE USE IT FOR

We record access to our administrative buildings to control entry to interior spaces in order to protect:

  • The safety of our employees and visitors;
  • Our property, as well as the property of employees and visitors;
  • Confidential information held by us.

ON WHAT GROUNDS WE PROCESS DATA

When processing data within the framework of recording access to our administrative buildings, we rely on the following legal grounds:

Subparagraph “d” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to fulfill the obligations imposed on us by the legislation of Georgia;

Subparagraph “i” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to protect our legitimate interests.

TO WHOM WE TRANSFER DATA

We may transfer the data processed within the framework of recording access to our administrative buildings to a law enforcement agency or a court if necessary for the purposes specified above, or to fulfill obligations imposed on us by law.

 

2.15 LOGGING OF VISITS TO OUR WEBSITE

WHERE WE OBTAIN DATA

When you visit our website, we record information about your visit.

WHAT DATA WE PROCESS

When you visit the website, we collect the following information:

  • Date and time of access to the website;
  • Internet Protocol (IP) address;
  • Type of device used;
  • Name of the web browser used.

WHAT WE USE IT FOR

We use the data obtained as part of logging visits to the website to detect and respond to possible information security incidents. This is necessary, among other things, to ensure the integrity of our electronic systems and maintain business continuity.

ON WHAT GROUNDS WE PROCESS DATA

When processing data within the framework of logging visits to the website, we rely on the following legal ground:

Subparagraph “i” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to protect our legitimate interests.

TO WHOM WE TRANSFER DATA

We may transfer data about website visitors to our processor for storage.
If there are signs of a crime, we may transfer the data to an authorized investigative body.

 

2.16 REVIEW OF APPLICATIONS CONCERNING ALLEGED DISCIPLINARY MISCONDUCT BY OUR EMPLOYEES

WHERE WE OBTAIN DATA

When you submit information about an alleged disciplinary misconduct by our employee, we receive data about you and other persons specified in your application and in the materials attached to it.
If necessary to assess the matter, we may also obtain information about you from the alleged perpetrator of the disciplinary misconduct and from other persons who possess information relevant to the review.

WHAT DATA WE PROCESS

As part of reviewing applications concerning alleged disciplinary misconduct by an employee, we process:

  • Data about you and other persons specified in your application and the attached materials;
  • Information about you obtained from the alleged perpetrator of the disciplinary misconduct and from witnesses.

WHAT WE USE IT FOR

We process the data obtained in the course of reviewing your application regarding alleged disciplinary misconduct by our employee in order to:

  • Assess whether to initiate disciplinary proceedings in accordance with the established procedure;
  • Conduct disciplinary proceedings;
  • Make an appropriate decision.

ON WHAT GROUNDS WE PROCESS DATA

When processing data obtained in the course of reviewing your application regarding alleged disciplinary misconduct by an employee, we rely on the following legal grounds:

  • Subparagraph “d” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to fulfill the obligations imposed on us by the legislation of Georgia;
  • Subparagraph “k” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary for the consideration of your application;
  • Subparagraph “i” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to protect our legitimate interests.

TO WHOM WE TRANSFER DATA

We may transfer the data obtained in the course of reviewing your application regarding alleged disciplinary misconduct by an employee:

  • To the alleged perpetrator of the disciplinary misconduct;
  • To the authorized investigative body, if signs of a crime are identified;
  • To the court, in the event of an appeal against our decision.

 

2.17 CONSIDERATION OF DATA SUBJECTS’ REQUESTS

WHERE WE OBTAIN DATA

When you submit a request to exercise any of the data subject’s rights provided for by the Law of Georgia “On Personal Data Protection,” we receive your data and, if applicable, the data of other persons specified in your request and in the materials attached to it.

WHAT DATA WE PROCESS

As part of considering requests to exercise the rights of data subjects, we process:

  • Data about you and other persons specified in your request and the attached materials;
  • Additional information, if required, to properly identify you and/or confirm the representation rights granted to you.

WHAT WE USE IT FOR

We process the data obtained in the course of considering your request in order to respond in accordance with the procedure established by law and to inform you of our decision.

ON WHAT GROUNDS WE PROCESS DATA

When processing data in the course of considering requests to exercise the rights of data subjects, we rely on the following legal grounds:

  • Subparagraph “d” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary to fulfill the obligations imposed on us by the legislation of Georgia;
  • Subparagraph “j” of paragraph 1, Article 5 of the Law of Georgia “On Personal Data Protection” – data processing is necessary for the consideration of your application.

TO WHOM WE TRANSFER DATA

We may transfer the data obtained in the course of considering requests to exercise the rights of data subjects:

  • To the processors who provide postal services;
  • In the event of a decision to rectify, update, supplement, terminate processing, delete, or destroy the data – to persons specified by law;
  • To the court, in the event of an appeal against our decision.

 

3. HOW LONG WE STORE YOUR DATA

We store the data we receive only for the period necessary to achieve the purposes described above and/or to fulfill the data retention obligations imposed on us by law.

The specific retention periods are determined in accordance with the procedure established by the Unified Nomenclature of Cases of the Personal Data Protection Service.

 

4. PROCESSORS WE ENGAGE FOR DATA PROCESSING

We use the services of the following data processors to process data on our behalf:

  • LLC Information Communication Systems – for providing postal services;
  • N(N)LE - Georgian Scientific-Educational Computer Networks Association “Grena” – for storing information received through our websites;
  • LEPL Training Center of Justice of Georgia – for organizing and conducting written assignments as part of competitions announced for vacant positions with us;
  • Facebook Messenger – for communication with interested parties;
  • Our official pages on Facebook, X, YouTube, and LinkedInfor informing the public about our activities;
  • Microsoft Booking – for managing registration for informational and educational events.

 

5. YOUR RIGHTS

You have the following rights in relation to your data held by us:

  • The right to receive information about data processing;
  • The right to access and obtain a copy of your data;
  • The right to rectify, update, and complete your data;
  • The right to terminate, delete, or destroy the processing of your data;
  • The right to block your data;
  • The right to data portability;
  • Rights related to automated individual decisions;
  • The right to withdraw consent;
  • The right to appeal.

More information about your rights can be found here.

Your rights may be restricted if exercising them could pose a threat to:

  • State security, information security, cybersecurity, and/or defense interests;
  • Public security interests;
  • Crime prevention, investigation, prosecution, administration of justice, execution of imprisonment or other custodial/non-custodial sentences, probation, or operational-detective activities;
  • National financial or economic (including monetary, budgetary, and tax) interests, public health, or social security;
  • Detection of violations of professional, including regulated profession, ethical norms, and imposition of liability for such violations;
  • The rights and freedoms of yourself or others, including freedom of expression;
  • The substantiation of or response to a legal claim;
  • The exercise of the functions and powers of regulatory and/or supervisory bodies in the above areas;
  • The protection of state, commercial, professional or other legally protected secrets.

If it is necessary to restrict your rights, we will do so only to the extent required to achieve the purpose of the restriction.

​​​​​​​

6. AMENDMENTS

We will periodically update this information and make changes as necessary.