Edition dated 02.09.2022.
This personal data privacy policy (hereinafter referred to as the “Privacy Policy”) is addressed to an indefinite circle of individuals (hereinafter referred to as “Users”) – visitors and registered users of the website of the non-profit charitable organization Georgia Sons, identification code: 406369022, contact details: Georgia, Tbilisi, Samgori district, Ketevan Chilashvili Pass. No. 4, Apartment 17-18, tel.: +995599395448 (hereinafter referred to as the “Charity Organization”), on the Internet with a domain name (including all subdomains and individual pages) http://www.georgiasons.com/ (hereinafter referred to as “ Site”) and applies to all information that the Site can receive about the User during his use of the Site and / or individual services of the Site.
Links in the Privacy Policy to the Site mean employees of the Charitable Organization authorized to manage the Site, who organize and (or) carry out the processing of personal data, and also determine the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data , as well as other actions provided for by the Privacy Policy, in accordance with the requirements of current legislation and this Privacy Policy.
The Privacy Policy is designed to inform the User about what personal data is, what personal data the Site collects, how and why the Site uses personal data, to whom the Site can transfer personal data, how the Site protects the confidentiality of personal data, how to contact authorized persons of the Site and to whom contact if the User has any questions regarding the processing of personal data and other issues related to the use of personal data.
1. Terms and definitions:
1.1. Legislation – regulatory legal acts that are applied to regulate the processing of personal data. The processing of personal data is carried out in accordance with the requirements of the Law of Georgia on the Protection of Personal Data; the processing of personal data of Users who are located in the EU or are EU citizens is governed, in particular, by the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”). Additionally, the legislation of the countries of which other users of the Site are citizens (in whose territory they are located) may establish additional requirements.
1.2. Personal data controller – the natural or legal person who determines the purposes and means for the processing of personal data and is primarily responsible for their processing. The controller of personal data in accordance with the Privacy Policy is the Foundation.
1.3. Processing of personal data – any operation (set of operations) that is performed with personal data or arrays of personal data with or without the use of automatic procedures, such as collecting, recording, systematizing, structuring, storing, changing, ordering, viewing, using, distributing or any other type of granting access to third parties, including employees of the controller or processor of personal data, as well as deletion.
1.4. Special categories of personal data are so-called “sensitive” personal data that may harm the data subject at work, in an educational institution, in the environment of residence, or may lead to discrimination in society (personal data that contains information about racial origin, political or religious views, trade union membership, health status, sexual life, biometric or genetic data, etc.).
1.5. Personal data – any information of a personal nature that allows a third party to identify an individual (data subject). An identifiable natural person in this case means a natural person who can be directly or indirectly identified, in particular, by referring to a specific identifier (given name, surname, document number, other identifier).
1.6. User – a person who has access to the Site via the Internet and uses the Site (including, but not exclusively, using all or certain services of the Site).
1.7. Personal data processor – a natural or legal person who, on the basis of instructions (instructions, orders) of the controller, processes personal data for the controller. The processor of personal data in accordance with the Privacy Policy is HetznerOnlineGmbH.
1.8. The subject of personal data is a natural person to whom personal data relates and who can be identified by these personal data, or who has already been identified.
2. General provisions for the use of the Site
2.1. The use by the User of the Site (without going through the registration procedures on the Site / entering Personal Data otherwise) implies acceptance of certain provisions of the Privacy Policy, unless they relate to the processing of the User’s Personal Data, which requires the separate consent of the User. Otherwise, the User must stop using the Site.
2.2.The Privacy Policy applies only to the site http://www.georgiasons.com/ (including all subdomains and individual pages of the Site). The Site does not control and is not responsible for the sites of third parties to which the User can follow the links available on the Site.
2.3. The Site does not verify the accuracy of Personal Data (with the exception of the e-mail address (e-mail) of the User, which is necessary to confirm the registration of the User) provided by the Users of the Site.
3. Declaration on the protection of personal data
3.1. The Charitable Organization takes all necessary actions to protect the confidentiality of Personal Data and measures to prevent the abuse of Personal Data obtained by the Site. The processing of Personal Data is carried out in strict accordance with the requirements of the applicable Legislation and only if there are legal grounds for such processing.
3.2. The Charitable Organization controls how Personal Information is collected and determines the purposes for which Personal Information is used. The Foundation is a “data controller” for the purposes of the EU General Data Protection Regulation 2016/679 (EU General Data Protection Regulation, hereinafter “GDPR”) and other applicable European data protection law.
3.3. The Charitable Organization processes the User’s Personal Data only if one of the conditions specified in Article 6 of the GDPR is met, including, but not limited to: the User’s consent to the processing of Personal Data has been obtained, the processing is necessary for the purposes provided for in the Privacy Policy, such processing is required Legislation, etc. In the case of the processing of a Special Category of personal data (for example, health data), at least one of the conditions specified in Article 9 of the GDPR must be met.
3.4. The Site may update the Privacy Policy at its sole discretion, including if required by applicable law. The Registered User can receive information about updating the Privacy Policy directly on the Site (by receiving a message in the user’s account) by receiving an electronic message from the Site (via e-mail) or in any other way not prohibited by the Legislation.
4. Personal data processed by the Site
4.1. Personal data authorized for processing under this Privacy Policy is provided by Users by filling out separate forms on the Site and includes the following information:
4.1.1. Name and Surname;
4.1.2. Email address (e-mail);
4.1.3. Contact phone number of the User;
4.1.4. Date of Birth;
4.1.5. Country, region, district, locality (location or residence of the User);
4.1.6. Sex;
4.1.7. Photos (images that the User designates as his photos);
4.1.8. Links to the data of the account (accounts) of the User in social networks in the public profile (the data is publicly available or access to them is provided by the User);
4.1.9. Information about the amount of donations;
4.1.10. Bankcard number;
4.1.11. Other Personal Data that the User, on his own initiative, can additionally indicate (update) in an electronic / paper message / application / appeal, otherwise in the settings of his personal account.
4.2. Any other Personal Information not specified above (IP addresses, browsers and operating systems used, etc.) is subject to secure storage and non-distribution, except as provided by the Legislation and/or this Privacy Policy.
5. Purposes of personal data processing
5.1. The User’s personal data (provided that the User has consented to the processing of his Personal data for one or more of the specific purposes indicated below) the Site may use for the purposes indicated below:
5.1.1. Providing the User with effective client and technical support in resolving any issues related to the use of the Site.
5.1.2. Identification of the User for registration on the Site, establishing feedback with the User, including sending notifications, requests regarding the use of the Site, providing information, processing requests and requests from the User.
5.1.3. Providing the User with information by sending push messages, Skype, Viber, WhatsApp and other messages using various OTT applications, SMS messages, messages of another type / method of transmission in order to convey to the User information about the Site, existing and new projects, and also – find out the wishes and needs of the User.
5.1.4. Providing the User, with his consent, with updated information about the projects of the Site, statistics of the Site, special offers, including joint projects and promotions with partners, newsletters and other information on behalf of the Site or on behalf of the partners of the Site.
5.1.5. Collecting and entering Personal Data of Users into a special database of the Site.
5.1.5. Collecting and entering Personal Data of Users into a special database of the Site.
5.2. If the storage of the User’s Personal Data is not necessary for the provision of services/services to the User, subject to the conditions of clause 9.1. Privacy Policy, the Site deletes them.
6. Place of storage of personal data
6.1. In accordance with the Legislation of Georgia, the Charitable Organization provides for organizational and technical data security measures that ensure the protection of data from accidental or illegal destruction, alteration, disclosure of information, extortion and any other form of illegal use or accidental or illegal loss.
6.2. To ensure the security of the Website’s Personal Data databases, they are located in the data centers of HetznerOnlineGmbH (Industriestrasse 25, D-91710 Gunzenhausen, Germany). Access to the databases is exclusively for the Charitable Organization and the authorized person who owns the database. The authorized person of the Foundation (natural or legal person processing data for or on behalf of the Foundation) in accordance with this Privacy Policy is HetznerOnlineGmbH.
7. Transfer of personal data to third parties
7.1. The User agrees that the Site has the right to transfer Personal Data to third parties if this meets the requirements of the Legislation or is necessary to achieve the tasks assigned to the Site.
7.2. In order to achieve the goals of the operation of the Site (providing basic and additional services to the User), the Site may transfer Personal data to third parties, including, but not exclusively: state bodies (in cases provided for by the Legislation), partners of the Site, developers (for modification, improvements and adjustments to the Site, which may entail interaction with databases) of the Site otherwise.
8. Data protection measures
8.1. In order to securely store personal data, the Site uses a number of technical and organizational measures that protect Personal Data from unauthorized or illegal processing and from unintentional loss, destruction or damage.
8.2. The site complies with the principle of minimizing Personal Data, processing only the information about the User that is necessary, or information that the user provided additionally with his consent. The interface of the Site and applications is configured to provide services in a manner that respects maximum privacy.
8.3. Based on this, the User must provide only the minimum necessary Personal Data that is necessary to provide the necessary service / service, receive newsletters or respond to a request / claim. At the same time, if the User decides to provide the Site with additional Personal Data, the Site will process them with the necessary level of protection.
8.4. When transferring Personal Data to third parties, the most secure and proven methods of data transfer are used. When the User makes donations using bank cards, they can be made by redirecting to the websites of electronic payment systems, https://tbcpayments.ge/, as well as MoneyMovers, PayPal, WebMoney, Qiwi, GooglePay, ApplePay, etc. Security of payments and Personal data in this case, it is ensured by using the SSL protocol to transfer the User’s confidential information over closed banking networks of the highest degree of protection. The input of payment data in such a case is carried out through the services of payment services, without transferring data to the Site, respectively, payment data are not processed purposefully by the Site.
8.5. In case of loss or disclosure of Personal Data, the Site informs the User about the loss or disclosure of the User’s Personal Data. The Site, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s Personal Data.
8.6. In the event of a violation of the safety of Personal Data, the Site, without undue delay and, if possible, no later than 72 hours after it became aware of the fact of the violation, notifies the supervisory authority of the violation of Personal Data. The supervisory authority in this Privacy Policy means the supervisory authority in accordance with the provisions of the GDPR (if it is actually created by the state authorities of Georgia) or the Personal Data Protection Inspector of Georgia. If the notification to the supervisory authority is not sent within the specified period, the Site must justify the reasons for such a delay.
9. Methods and terms of processing (storage) of personal data
9.1. The processing of Users’ Personal Data is carried out as long as the User is registered on the Site, in any legal way, including in Personal Data information systems using automation tools (or without using such tools). The processing of the User’s Personal Data is terminated in the event that the User withdraws his consent to such processing, the final (not related to temporary technical malfunctions) termination of the Site and / or in other cases provided for by the Legislation.
9.2. The Site does not store the User’s data for longer than is necessary to fulfill the purpose for which it is processed, or to comply with the requirements established by the Legislation.
9.3. To determine the appropriate storage period, the Site determines the nature and category of Personal Data, the purposes of processing, and whether it is possible to achieve the goals by other means (without using Personal Data).
10. Rights of personal data subjects
10.1. Rights of personal data subjects in accordance with the legislation of Georgia:
10.1.1. Receive the following information (providing this information is not mandatory if the personal data subject already has it):
a) the identity and registered address of the person processing the information and the authorized person (if any);
b) the purpose of data processing;
c) whether the provision of data is mandatory or voluntary, if mandatory, the legal consequences of refusing it;
d) the right of the data subject to receive information about the processed data about him, to demand their correction, updating, addition, blocking, deletion or destruction.
10.1.2. Receive information about data processing (the form for providing information is chosen by the data subject), namely:
a) what data about the subject of personal data is processed;
b) the purposes of data processing;
c) legal grounds for data processing;
d) how the data was collected;
e) to whom the data were issued, the grounds and purposes for their issuance (providing information is not necessary if the specified data is public in accordance with the Legislation).
10.1.3. Information provided for in clause 10.1.2. The privacy policy must be provided to the subject of personal data at his request, immediately – or no later than 10 days after the request, if the response to the request for information requires:
10.1.3. Information provided for in clause 10.1.2. The privacy policy must be provided to the subject of personal data at his request, immediately – or no later than 10 days after the request, if the response to the request for information requires:
b) collection and processing of unrelated documents of considerable volume;
c) consultations with its structural unit located in another locality or other public institution.
10.1.4. Require correction, updating, addition, blocking, deletion or destruction of Personal Data if it is incomplete, inaccurate, not updated or collected and processed illegally. In this case, the data processor must notify all recipients of the correction, updating, addition, blocking, deletion or destruction of the data, unless the provision of such information is not possible due to the multitude of recipients and disproportionate costs (the latter circumstance must be notified to the protection officer personal data).
10.1.5. The specified rights of personal data subjects may be limited if their implementation may create additional threats provided for by the norms of the Legislation. In this case, the data subject must be notified of the decision of the person processing the Personal Data in such a way that it does not damage the purpose of the restriction of rights.
10.2. Rights of personal data subjects under the GDPR:
10.2.1. Right to information
10.2.1.1. The Site provides Users with information about which of their Personal Data is being processed (the list of data that must be provided is specified in Articles 13 and 14 of the GDPR). In order to obtain information, the User must submit an appropriate request with a statement of his specific requirements that will allow him to consider the request in the most efficient way and on the basis of the provisions of the GDPR and provide a response.
10.2.2. Right to rectification
10.2.2.1. If the User finds that some of the Personal Data processed by the Site is incorrect or outdated, he can report this to the Site and / or other authorized person, outlining his specific requirements.
10.2.2.2. If the Site provides for the possibility of self-correcting Personal Data (by entering the personal account), the User can make the correction independently.
10.2.3. Withdrawal of consent to the processing of personal data and the right to be forgotten.
10.2.3.1. If the Site processes the User’s Personal Data on the basis of consent to the processing of Personal Data, further processing may be terminated by withdrawing the User’s consent to such processing. In this case, the Site is obliged to stop processing data and (and) destroy the processed data within 5 days after receiving such an application, unless there is another reason for data processing.
10.2.3.2. If the User decides to exercise the right to be forgotten, according to the grounds provided for in Art. 17 GDPR, the Site destroys Personal Data processed by the Site, with the exception of those Personal Data that the Site is required to store in accordance with the requirements of the Legislation.
10.2.4. When the User applies to exercise the rights provided for by the GDPR, the identity of the data subject must be confirmed. This can be done by exchanging electronic messages using an electronic digital signature or in person; in case of reasonable doubts about the identity of the data subject, the Site has the right to ask for an identity document. These measures are necessary to protect Personal Data from unauthorized use (change) by third parties.
10.3. The Site processes the User’s requests as soon as reasonably necessary to identify and provide the necessary information, but not more than 1 (one) month.
11. Appeals regarding personal data
11.1. Applications from Users on any issues related to Personal Data and (or) this Privacy Policy (with questions, comments, complaints, wishes, and so on regarding the protection and processing of Personal Data) are accepted by an authorized person of the Charitable Organization e-mail mgeorgiasons@gmail.com or call +995599395448. Additionally, Users can address the above issues through the Site, by personal appeal, by sending a mail message or in any other form not prohibited by the Legislation.
11.2. With complaints or suggestions on the procedure for processing Personal data (if the personal data subject has found violations in the procedure for processing personal data), the User can also contact the Personal Data Protection Inspector of Georgia and / or the judicial authorities.