Terms and Conditions
Personal Data Protection Policy
LLC “ASBC” processes personal data in accordance with the Law of Georgia on Personal Data Protection.
The company applies all necessary organizational, administrative, technical, physical, and other security measures to ensure the protection of personal data.
The purpose of this policy is to safeguard the personal data of the company’s employees, contractors, and customers against unlawful or unauthorized use and, at the same time, to minimize/eliminate the risk of accidental loss or damage of personal data and to ensure proper incident registration and response.
In case of detecting a violation of personal data protection rules, the company is obliged to immediately notify the relevant supervisory authorities.
1. User Account Data
If you open a user account on the company’s platform, LLC “ASBC” assumes responsibility for the protection of the data stored in your account in accordance with the applicable legislation of Georgia and the Law of Georgia on Personal Data Protection.
2. Platform Operation
Controller responsible for personal data processing:
ASBC LLC
ID No.: 402083311
Address: Tbilisi, Akaki Beliashvili Street, N104
Tel.: +995 322235323
E-mail: Info@prestigioplaza.ge
3. Purposes and Legal Grounds for Data Processing
3.1 Conclusion, Performance, and/or Termination of a Contract
3.1.1 Data provided during the contract conclusion process
If you register on the company’s platform or conclude a contract with the company, the following personal data will be processed for the conclusion, performance, or termination of the contract:
First name, last name
Delivery address
E-mail address
Date of birth
Telephone number
Personal ID number
Information on placed orders
The legal grounds for processing these data are defined under Article 5(1) of the Law of Georgia on Personal Data Protection, in particular:
(b) Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject.
(c) Processing is provided for by law.
(i) Processing is necessary for the protection of significant legitimate interests of the controller or a third party, except where there is an overriding interest in protecting the rights of the data subject (including minors).
For the execution of the sales contract between you and the company, the following types of data must also be processed:
Residential address
E-mail address
Telephone number
Data Collected During Your Visit to Our Website
The data recorded during your visit to our website are anonymous and cannot identify you. However, from your profile you may access detailed information, including:
· Your IP address or proxy server IP address
· The domain name you requested
· Your device name and serial number
· Your Internet Service Provider’s name (sometimes recorded depending on your ISP configuration)
· Date and time of your website visit
· Duration of your session
· Company’s web pages you visited
· Number of times you accessed our website during a month/year
· URLs you viewed and related information
· Website that redirected you to our site
· Operating system used by your computer
3.2 Data Sharing with Courier Companies
For the delivery of orders to your address, we cooperate with courier and logistics companies, to whom the following data may be transferred:
· First name, last name
· Postal code
· E-mail address
· Telephone number
· Personal ID number
The legal grounds for processing these data are defined under Article 5(1)(b) of the Law of Georgia on Personal Data Protection:
“Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject.”
3.3 Other Third Parties
Where necessary, the company cooperates with various partners for the provision of services and other purposes. In such cases, the company may transfer personal data to them in order to ensure the proper provision of services
The legal grounds for processing these data are defined under Article 5(1)(b) and (i) of the Law of Georgia on Personal Data Protection:
· (b) Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject;
· (i) Processing is necessary for the protection of significant legitimate interests of the controller or a third party, except where there is an overriding interest in protecting the rights of the data subject (including minors).
3.4 Processing of Data for Marketing Purposes
Based on your consent, ASBC LLC is entitled to process and use your data for direct marketing purposes, including: first name, last name, address, e-mail address, and telephone number. Using these data, the company will provide you with information about ongoing promotions and offers.
The processing of your data for marketing purposes may also be carried out by companies affiliated with ASBC LLC, including:
· Subsidiary and parent companies
· Companies in which ASBC LLC holds shares
Data processing for such purposes is carried out exclusively based on your consent, as provided in Article 5(1)(a) of the Law of Georgia on Personal Data Protection:
(a) The data subject has given consent for their data to be processed for one or more specific purposes.
In accordance with the law, ASBC LLC (the data controller) is obliged to stop processing data for direct marketing purposes within a reasonable time after receiving the data subject’s request, but no later than 7 working days.
To fulfill this obligation, ASBC LLC must ensure an accessible mechanism for the data subject to withdraw consent.
If you wish to withdraw your consent for data processing for marketing purposes, you may send a notification from the e-mail address registered in the system to the following e-mail: Info@prestigioplaza.ge
4. Website Access and Optimization (Cookies)4.1 Cookies and Device Identifiers – General Information and Consent Requirement
The website uses cookies and similar technologies.
A “cookie” is a small text file automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.). A cookie contains information linked to a specific device; however, this does not mean we directly obtain information about your identity.
· Some cookies are deleted immediately after your browser session ends (“session cookies”). These allow, for example, the display of your shopping cart so you can see how many products you currently have and the total value of your order.
· Other cookies remain on your device for longer and allow us to recognize your device during your next visit (“persistent” or “cross-device cookies”). These help us tailor our offers to your preferences.
These cookies are essential for the optimal functioning and navigation of the website. They also store certain inputs and settings so you do not need to re-enter them and so content can be better adjusted to your interests. Without essential cookies, the use of the website may be significantly limited.
ASBC LLC uses the following types of cookies:
· Session Cookies: Identify the user and track activity during a session. They are deleted when the browser is closed.
· Persistent Cookies: Remain on the device after the browser is closed (e.g., remembering login details or access settings).
· First-Party Cookies: Set by the website to remember preferences (e.g., site language).
· Third-Party Cookies: Used by third parties to analyze user activity and provide tailored offers.
· Web Performance and Analytics Tools: Collect statistics and analyze user behavior to improve the website and assess the effectiveness of marketing channels.
The company collects and processes such data based on your consent. You provide consent by accepting the banner message: “By using this site, you agree to the use of cookies.” By continuing to use the website or clicking “I Agree,” you consent to the storage of cookies on your device or access to information from your device.
The legal grounds for processing cookies are defined under Article 5(1)(a) and (b) of the Law of Georgia on Personal Data Protection:
· (a) The data subject has given consent for their data to be processed for one or more specific purposes;
· (b) Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject.
5. Consent for Data Transfer to Third Parties5.1 Meta (Facebook/Instagram)
Our platform uses the advertising services of Meta Platforms Ireland Limited (Address: 4 Grand Canal Square, Dublin, Ireland).
Through the use of cookies, device identifiers, or similar technologies, ASBC LLC and Meta Platforms Ireland Limited act as joint controllers in collecting information about your use of the website/application (for example, which articles you viewed).
The website integrates Meta’s Website Custom Audience Pixel, which allows Meta to receive data when you use the company’s platform. Specifically, your device ID is recorded (without including your name, surname, or other personal data). Personalization of data is possible only if you are a registered user of Facebook or Instagram, since these platforms may link the data to your account.
By registering, you automatically agree to the processing of your personal data by Meta for marketing purposes.
In addition, we share with Meta information about the orders you place. We also transmit the email address stored in your account to Meta in encrypted form, provided that you are logged into the company’s platform and you consent to the transfer of data. The encrypted email address is used by Meta solely for identifying website visitors and for offering personalized advertising.
Based on the information collected on the website, you may receive personalized offers from the company on Facebook and Instagram. The collected information may be processed by Meta and combined with other data, so that Meta may use it for its own website purposes or for third-party marketing purposes. For example, Meta may determine your interests and, based on the analysis of your behavior on the website, process information for third-party advertising offers.
In addition, Meta may link data obtained through Pixel with other data it has collected about you through the use of different websites and social networks (Facebook, Instagram), which enables Meta Platforms Ireland Limited to create and store your profile that may be used for advertising purposes. Meta Platforms Ireland Limited is responsible for the storage and further processing of user data collected via Pixel. As a data processor, Meta Platforms Ireland Limited may store data about you in the United States.
The legal basis for this data processing is Article 5, paragraph 1, subparagraph “a” of the Law of Georgia on Personal Data Protection:
“a) The data subject has given consent to the processing of data relating to him/her for one or more specific purposes.”
5.2. The company also uses Google Analytics, based on your consent, for the adaptation and continuous optimization of the company’s platform. Google Analytics Basic is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Ireland Limited, as the sole processor of the data transferred to it, may store data about you in the United States.
Additional information about withdrawing your consent can be found here:
The legal basis for this data processing is Article 5, paragraph 1, subparagraph “a” of the Law of Georgia on Personal Data Protection:
“a) The data subject has given consent to the processing of data relating to him/her for one or more specific purposes.”
Data retention period and data deletion
We retain your personal data for as long as it is necessary for the purposes specified in this privacy policy, particularly to fulfill our contractual and legal obligations. We may also retain your personal data for other purposes if permitted by law, including for the purpose of defending against legal claims.
If it is impossible or required to retain your data in full due to legal requirements, the relevant data will be blocked from further processing.
What does blocking mean?
If data is blocked, access rights restrictions and other technical and organizational measures are applied so that only a few employees can access the relevant data. Blocked information can only be used for legally required purposes, such as submission to the tax office for verification, but it will no longer be processed for marketing purposes.
In addition to the above, the following conditions apply to the data retention period:
6. Data subject rights
According to the Law of Georgia on Personal Data Protection, the consumer/data subject has the following rights:
Article 13. Right to receive information about data processing
The data subject has the right to request from the controller confirmation of whether or not data concerning him/her are being processed, whether the processing is justified, and, upon request, to receive the following information free of charge:
• The controller (data processor) is authorized to provide the data subject with any information necessary to ensure transparency of data processing, in accordance with Article 4, Paragraph 1, Subparagraph "a" of this Law, except in cases where providing such information contradicts the law.
• Unless otherwise provided by the legislation of Georgia, the data subject has the right to choose the form of information provision as stipulated in Paragraph 1 of this Article. Moreover, if the data subject does not request information in a different form, the information will be provided in the same form in which it was requested.
Article 14. Right to access and obtain copies of data
• The data subject has the right to access personal data held about them by the controller and to receive copies of such data free of charge, except in cases where:
a) A fee is prescribed by the legislation of Georgia;
b) The controller has established a reasonable fee due to the resources spent in providing the data in a different format than it is stored, and/or due to the frequency of requests.
• The data subject has the right to access the data and/or receive copies within no later than 10 working days from the request, unless otherwise established by Georgian law.
• In exceptional cases, and with proper justification, the timeframe specified in Paragraph 2 of this Article may be extended by no more than 10 additional working days, of which the data subject must be notified immediately.
• The data subject has the right to access the data or receive copies in the format in which they are stored with the controller and/or authorized processor. The data subject also has the right to request copies in a different format, subject to a reasonable fee set by the controller, if technically feasible.
• The fee determined by the controller under Subparagraph "b" of Paragraph 1 of this Article must not exceed the actual cost of resources spent. The burden of proof for the reasonableness of the fee lies with the controller.
Article 15. Right to rectification, updating, and completion of data
• The data subject has the right to request rectification, updating, or completion of incorrect, inaccurate, or incomplete data.
• Within no later than 10 working days from the request (unless otherwise provided by Georgian law), the data must be corrected, updated, or completed, or the data subject must be informed of the grounds for refusal and the procedure for appeal.
• If the controller independently identifies that the data they hold is incorrect, inaccurate, or incomplete, they must rectify, update, or complete the data within a reasonable timeframe and inform the data subject within 10 working days after the correction.
• The obligation to inform the data subject under Paragraph 3 of this Article does not apply if the correction concerns only a technical error.
• If objective circumstances prevent the fulfillment of the notification obligation within the period established by Paragraph 3, the controller must notify the data subject of the change at the first subsequent communication.
• The controller must notify all data recipients and authorized processors to whom the data has been transferred about the rectification, updating, or completion, unless the number of recipients is so large or the cost is so disproportionately high that it is impossible.
• Upon receiving such notification, the recipients are obliged to rectify, update, or complete the data within a reasonable period.
Article 16. Right to cease processing, deletion, or destruction of data
• The data subject has the right to request that the controller cease processing (including “profiling”), delete, or destroy their data.
• Within no later than 10 working days from such a request (unless otherwise provided by Georgian law), the data must be ceased from processing, deleted, or destroyed, or the data subject must be informed of the grounds for refusal and the appeal procedure.
• The controller has the right to refuse such a request if:
1. Data processing is based on grounds specified in Articles 5 or 6 of this Law;
2. The data is processed for the purpose of legal claims or defense;
3. Data processing is necessary for exercising the right to freedom of expression or information;
4. The data is processed for archiving, scientific or historical research, or statistical purposes in the public interest, and stopping processing or deleting the data would make achieving those purposes impossible or seriously impair them.
5. In such cases, the controller must substantiate the grounds for refusal.
6. The data subject has the right to be informed of the cessation, deletion, or destruction immediately upon such action, but no later than 10 working days.
7. If the data has been made publicly available, the data subject additionally has the right to request restriction of access, or deletion of copies or links.
8. The controller must notify all recipients and processors of the cessation, deletion, or destruction, except when the number of recipients is so large or the cost is disproportionately high.
9. Upon receiving such notice, recipients must cease processing and delete or destroy the data.
Article 17. Right to block data
1. The data subject has the right to request blocking of data if:
a) They contest its accuracy;
b) Processing is unlawful, but the data subject opposes deletion and requests blocking instead;
c) The data is no longer needed for processing but is required for claims or legal proceedings;
d) The data subject requests cessation/deletion, and the request is under review;
e) There is a need to retain the data as evidence.
2. The controller must block the data in these cases unless blocking creates a threat to:
a) The controller’s obligations under law or regulations;
b) Execution of public interest tasks;
c) Legitimate interests of the controller or a third party, except where overriding interests of the data subject (especially minors) exist;
d) Protection of interests specified in Article 50, Paragraph 6.
3. The controller may unblock data if grounds listed above arise.
4. Data must remain blocked for the duration of the reason for blocking, and if technically possible, the blocking decision must be attached to the data.
5. The data subject has the right to be informed of blocking or refusal within no later than 3 working days.
6. During blocking, data may only be processed:
a) With the data subject’s consent;
b) For legal claims or defenses;
c) To protect interests of the controller or third parties;
d) For public interest as required by law.
Article 18. Right to data portability
In cases of automated data processing under Article 5(1)(a)-(b) and Article 6(1)(a), the data subject has the right, where technically possible, to receive their data in a structured, commonly used, and machine-readable format, or request its transfer to another controller.
Article 19. Automated decision-making and related rights
1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, except when:
a) The decision is based on the subject’s explicit consent;
b) The decision is necessary for a contract between the subject and controller;
c) The decision is prescribed by law or regulations.
2. Upon request, the controller must take measures to protect the subject’s rights, freedoms, and legitimate interests, including human involvement in the decision process (except in case “c”), the right to express views, and the right to appeal.
3. Special category data may only be used in automated decisions under Article 6(1)(a), (v), or (k), with appropriate safeguards in place.
Article 20. Right to withdraw consent
1. The data subject may withdraw consent at any time without explanation. In this case, processing must cease, and/or data must be deleted/destroyed within no later than 10 working days, unless other grounds for processing exist.
2. Consent may be withdrawn in the same form in which it was given.
3. Prior to withdrawal, the data subject has the right to request information about the possible consequences of withdrawal.
Article 21. Restriction of data subject rights
1. The rights in Articles 13, 20, 24, and 25 may be restricted if explicitly prescribed by Georgian law, provided fundamental human rights are not violated, and the restriction is necessary and proportionate in a democratic society, where exercising these rights may endanger:
a) National security, information/cybersecurity, or defense interests;
b) Public safety;
c) Prevention, investigation, prosecution of crimes, justice, imprisonment, probation, or investigative activities;
d) Significant national financial, economic, monetary, budgetary, tax, public health, or social protection interests;
e) Detection of professional or ethical misconduct and accountability;
f) Regulatory or supervisory authority functions in these areas;
g) Rights and freedoms of the data subject or others, including freedom of expression;
h) State, commercial, professional, or other legally protected secrets;
i) Legal claims or defenses.
2. Restrictions must apply only to the extent necessary to achieve their purpose.
3. If rights are restricted, the data subject must be notified, unless notification itself jeopardizes the purpose.
4. Rights under Articles 13, 20, 24, and 25 must be provided free of charge, except for exceptions prescribed by law. If requests are made excessively frequently, the controller may refuse, but must notify the subject in writing and explain the right to appeal.
5. The burden of proof for restriction lies with the controller.
Article 22. Right to appeal
1. The data subject has the right, in case of violation of rights or procedures under this Law, to appeal to the Personal Data Protection Service, the courts, and/or a higher administrative authority.
2. The data subject may request the Personal Data Protection Service to order blocking of data until a final decision is made on their complaint.
3. The data subject may appeal decisions of the Personal Data Protection Service in court, in accordance with Georgian law.
To exercise these rights, the data subject (user) must send a notification from the email address registered on their account to the following email: Info@prestigioplaza.ge
The company applies all necessary organizational, administrative, technical, physical, and other security measures to ensure the protection of personal data.
The purpose of this policy is to safeguard the personal data of the company’s employees, contractors, and customers against unlawful or unauthorized use and, at the same time, to minimize/eliminate the risk of accidental loss or damage of personal data and to ensure proper incident registration and response.
In case of detecting a violation of personal data protection rules, the company is obliged to immediately notify the relevant supervisory authorities.
1. User Account Data
If you open a user account on the company’s platform, LLC “ASBC” assumes responsibility for the protection of the data stored in your account in accordance with the applicable legislation of Georgia and the Law of Georgia on Personal Data Protection.
2. Platform Operation
Controller responsible for personal data processing:
ASBC LLC
ID No.: 402083311
Address: Tbilisi, Akaki Beliashvili Street, N104
Tel.: +995 322235323
E-mail: Info@prestigioplaza.ge
3. Purposes and Legal Grounds for Data Processing
3.1 Conclusion, Performance, and/or Termination of a Contract
3.1.1 Data provided during the contract conclusion process
If you register on the company’s platform or conclude a contract with the company, the following personal data will be processed for the conclusion, performance, or termination of the contract:
First name, last name
Delivery address
E-mail address
Date of birth
Telephone number
Personal ID number
Information on placed orders
The legal grounds for processing these data are defined under Article 5(1) of the Law of Georgia on Personal Data Protection, in particular:
(b) Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject.
(c) Processing is provided for by law.
(i) Processing is necessary for the protection of significant legitimate interests of the controller or a third party, except where there is an overriding interest in protecting the rights of the data subject (including minors).
For the execution of the sales contract between you and the company, the following types of data must also be processed:
Residential address
E-mail address
Telephone number
Data Collected During Your Visit to Our Website
The data recorded during your visit to our website are anonymous and cannot identify you. However, from your profile you may access detailed information, including:
· Your IP address or proxy server IP address
· The domain name you requested
· Your device name and serial number
· Your Internet Service Provider’s name (sometimes recorded depending on your ISP configuration)
· Date and time of your website visit
· Duration of your session
· Company’s web pages you visited
· Number of times you accessed our website during a month/year
· URLs you viewed and related information
· Website that redirected you to our site
· Operating system used by your computer
3.2 Data Sharing with Courier Companies
For the delivery of orders to your address, we cooperate with courier and logistics companies, to whom the following data may be transferred:
· First name, last name
· Postal code
· E-mail address
· Telephone number
· Personal ID number
The legal grounds for processing these data are defined under Article 5(1)(b) of the Law of Georgia on Personal Data Protection:
“Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject.”
3.3 Other Third Parties
Where necessary, the company cooperates with various partners for the provision of services and other purposes. In such cases, the company may transfer personal data to them in order to ensure the proper provision of services
The legal grounds for processing these data are defined under Article 5(1)(b) and (i) of the Law of Georgia on Personal Data Protection:
· (b) Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject;
· (i) Processing is necessary for the protection of significant legitimate interests of the controller or a third party, except where there is an overriding interest in protecting the rights of the data subject (including minors).
3.4 Processing of Data for Marketing Purposes
Based on your consent, ASBC LLC is entitled to process and use your data for direct marketing purposes, including: first name, last name, address, e-mail address, and telephone number. Using these data, the company will provide you with information about ongoing promotions and offers.
The processing of your data for marketing purposes may also be carried out by companies affiliated with ASBC LLC, including:
· Subsidiary and parent companies
· Companies in which ASBC LLC holds shares
Data processing for such purposes is carried out exclusively based on your consent, as provided in Article 5(1)(a) of the Law of Georgia on Personal Data Protection:
(a) The data subject has given consent for their data to be processed for one or more specific purposes.
In accordance with the law, ASBC LLC (the data controller) is obliged to stop processing data for direct marketing purposes within a reasonable time after receiving the data subject’s request, but no later than 7 working days.
To fulfill this obligation, ASBC LLC must ensure an accessible mechanism for the data subject to withdraw consent.
If you wish to withdraw your consent for data processing for marketing purposes, you may send a notification from the e-mail address registered in the system to the following e-mail: Info@prestigioplaza.ge
4. Website Access and Optimization (Cookies)4.1 Cookies and Device Identifiers – General Information and Consent Requirement
The website uses cookies and similar technologies.
A “cookie” is a small text file automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.). A cookie contains information linked to a specific device; however, this does not mean we directly obtain information about your identity.
· Some cookies are deleted immediately after your browser session ends (“session cookies”). These allow, for example, the display of your shopping cart so you can see how many products you currently have and the total value of your order.
· Other cookies remain on your device for longer and allow us to recognize your device during your next visit (“persistent” or “cross-device cookies”). These help us tailor our offers to your preferences.
These cookies are essential for the optimal functioning and navigation of the website. They also store certain inputs and settings so you do not need to re-enter them and so content can be better adjusted to your interests. Without essential cookies, the use of the website may be significantly limited.
ASBC LLC uses the following types of cookies:
· Session Cookies: Identify the user and track activity during a session. They are deleted when the browser is closed.
· Persistent Cookies: Remain on the device after the browser is closed (e.g., remembering login details or access settings).
· First-Party Cookies: Set by the website to remember preferences (e.g., site language).
· Third-Party Cookies: Used by third parties to analyze user activity and provide tailored offers.
· Web Performance and Analytics Tools: Collect statistics and analyze user behavior to improve the website and assess the effectiveness of marketing channels.
The company collects and processes such data based on your consent. You provide consent by accepting the banner message: “By using this site, you agree to the use of cookies.” By continuing to use the website or clicking “I Agree,” you consent to the storage of cookies on your device or access to information from your device.
The legal grounds for processing cookies are defined under Article 5(1)(a) and (b) of the Law of Georgia on Personal Data Protection:
· (a) The data subject has given consent for their data to be processed for one or more specific purposes;
· (b) Processing is necessary for the performance of an obligation arising out of a transaction concluded with the data subject or for entering into a transaction at the request of the data subject.
5. Consent for Data Transfer to Third Parties5.1 Meta (Facebook/Instagram)
Our platform uses the advertising services of Meta Platforms Ireland Limited (Address: 4 Grand Canal Square, Dublin, Ireland).
Through the use of cookies, device identifiers, or similar technologies, ASBC LLC and Meta Platforms Ireland Limited act as joint controllers in collecting information about your use of the website/application (for example, which articles you viewed).
The website integrates Meta’s Website Custom Audience Pixel, which allows Meta to receive data when you use the company’s platform. Specifically, your device ID is recorded (without including your name, surname, or other personal data). Personalization of data is possible only if you are a registered user of Facebook or Instagram, since these platforms may link the data to your account.
By registering, you automatically agree to the processing of your personal data by Meta for marketing purposes.
In addition, we share with Meta information about the orders you place. We also transmit the email address stored in your account to Meta in encrypted form, provided that you are logged into the company’s platform and you consent to the transfer of data. The encrypted email address is used by Meta solely for identifying website visitors and for offering personalized advertising.
Based on the information collected on the website, you may receive personalized offers from the company on Facebook and Instagram. The collected information may be processed by Meta and combined with other data, so that Meta may use it for its own website purposes or for third-party marketing purposes. For example, Meta may determine your interests and, based on the analysis of your behavior on the website, process information for third-party advertising offers.
In addition, Meta may link data obtained through Pixel with other data it has collected about you through the use of different websites and social networks (Facebook, Instagram), which enables Meta Platforms Ireland Limited to create and store your profile that may be used for advertising purposes. Meta Platforms Ireland Limited is responsible for the storage and further processing of user data collected via Pixel. As a data processor, Meta Platforms Ireland Limited may store data about you in the United States.
The legal basis for this data processing is Article 5, paragraph 1, subparagraph “a” of the Law of Georgia on Personal Data Protection:
“a) The data subject has given consent to the processing of data relating to him/her for one or more specific purposes.”
5.2. The company also uses Google Analytics, based on your consent, for the adaptation and continuous optimization of the company’s platform. Google Analytics Basic is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Ireland Limited, as the sole processor of the data transferred to it, may store data about you in the United States.
Additional information about withdrawing your consent can be found here:
The legal basis for this data processing is Article 5, paragraph 1, subparagraph “a” of the Law of Georgia on Personal Data Protection:
“a) The data subject has given consent to the processing of data relating to him/her for one or more specific purposes.”
Data retention period and data deletion
We retain your personal data for as long as it is necessary for the purposes specified in this privacy policy, particularly to fulfill our contractual and legal obligations. We may also retain your personal data for other purposes if permitted by law, including for the purpose of defending against legal claims.
If it is impossible or required to retain your data in full due to legal requirements, the relevant data will be blocked from further processing.
What does blocking mean?
If data is blocked, access rights restrictions and other technical and organizational measures are applied so that only a few employees can access the relevant data. Blocked information can only be used for legally required purposes, such as submission to the tax office for verification, but it will no longer be processed for marketing purposes.
In addition to the above, the following conditions apply to the data retention period:
- Data is stored for the duration of the user’s registration on the website.
- Use of data for marketing purposes (mobile number and email address): Data is used for marketing purposes until the user deletes the account or withdraws consent, whichever occurs first.
- “Tracking data” (cookies, identifiers, and others): The storage period for tracking data is set at 2 years.
6. Data subject rights
According to the Law of Georgia on Personal Data Protection, the consumer/data subject has the following rights:
Article 13. Right to receive information about data processing
The data subject has the right to request from the controller confirmation of whether or not data concerning him/her are being processed, whether the processing is justified, and, upon request, to receive the following information free of charge:
- About the legal basis and purpose of current or potential data processing of the user’s data;
- About the source of data collection/acquisition;
- About the data retention period, or if it is not possible to specify a definite period, the criteria for defining the period;
- About the rights of the data subject under this chapter;
- About the legal basis and purpose of data transfer, as well as the appropriate safeguards for data protection, if data is transferred to another country or international organization;
- About the identity or categories of data recipients, including information about the basis and purpose of data transfer if data is transferred to third parties;
- About the decision resulting from automated processing, including “profiling,” and the reasoning used to make such a decision, as well as its impact on data processing and the expected/probable consequences of such processing.
• The controller (data processor) is authorized to provide the data subject with any information necessary to ensure transparency of data processing, in accordance with Article 4, Paragraph 1, Subparagraph "a" of this Law, except in cases where providing such information contradicts the law.
• Unless otherwise provided by the legislation of Georgia, the data subject has the right to choose the form of information provision as stipulated in Paragraph 1 of this Article. Moreover, if the data subject does not request information in a different form, the information will be provided in the same form in which it was requested.
Article 14. Right to access and obtain copies of data
• The data subject has the right to access personal data held about them by the controller and to receive copies of such data free of charge, except in cases where:
a) A fee is prescribed by the legislation of Georgia;
b) The controller has established a reasonable fee due to the resources spent in providing the data in a different format than it is stored, and/or due to the frequency of requests.
• The data subject has the right to access the data and/or receive copies within no later than 10 working days from the request, unless otherwise established by Georgian law.
• In exceptional cases, and with proper justification, the timeframe specified in Paragraph 2 of this Article may be extended by no more than 10 additional working days, of which the data subject must be notified immediately.
• The data subject has the right to access the data or receive copies in the format in which they are stored with the controller and/or authorized processor. The data subject also has the right to request copies in a different format, subject to a reasonable fee set by the controller, if technically feasible.
• The fee determined by the controller under Subparagraph "b" of Paragraph 1 of this Article must not exceed the actual cost of resources spent. The burden of proof for the reasonableness of the fee lies with the controller.
Article 15. Right to rectification, updating, and completion of data
• The data subject has the right to request rectification, updating, or completion of incorrect, inaccurate, or incomplete data.
• Within no later than 10 working days from the request (unless otherwise provided by Georgian law), the data must be corrected, updated, or completed, or the data subject must be informed of the grounds for refusal and the procedure for appeal.
• If the controller independently identifies that the data they hold is incorrect, inaccurate, or incomplete, they must rectify, update, or complete the data within a reasonable timeframe and inform the data subject within 10 working days after the correction.
• The obligation to inform the data subject under Paragraph 3 of this Article does not apply if the correction concerns only a technical error.
• If objective circumstances prevent the fulfillment of the notification obligation within the period established by Paragraph 3, the controller must notify the data subject of the change at the first subsequent communication.
• The controller must notify all data recipients and authorized processors to whom the data has been transferred about the rectification, updating, or completion, unless the number of recipients is so large or the cost is so disproportionately high that it is impossible.
• Upon receiving such notification, the recipients are obliged to rectify, update, or complete the data within a reasonable period.
Article 16. Right to cease processing, deletion, or destruction of data
• The data subject has the right to request that the controller cease processing (including “profiling”), delete, or destroy their data.
• Within no later than 10 working days from such a request (unless otherwise provided by Georgian law), the data must be ceased from processing, deleted, or destroyed, or the data subject must be informed of the grounds for refusal and the appeal procedure.
• The controller has the right to refuse such a request if:
1. Data processing is based on grounds specified in Articles 5 or 6 of this Law;
2. The data is processed for the purpose of legal claims or defense;
3. Data processing is necessary for exercising the right to freedom of expression or information;
4. The data is processed for archiving, scientific or historical research, or statistical purposes in the public interest, and stopping processing or deleting the data would make achieving those purposes impossible or seriously impair them.
5. In such cases, the controller must substantiate the grounds for refusal.
6. The data subject has the right to be informed of the cessation, deletion, or destruction immediately upon such action, but no later than 10 working days.
7. If the data has been made publicly available, the data subject additionally has the right to request restriction of access, or deletion of copies or links.
8. The controller must notify all recipients and processors of the cessation, deletion, or destruction, except when the number of recipients is so large or the cost is disproportionately high.
9. Upon receiving such notice, recipients must cease processing and delete or destroy the data.
Article 17. Right to block data
1. The data subject has the right to request blocking of data if:
a) They contest its accuracy;
b) Processing is unlawful, but the data subject opposes deletion and requests blocking instead;
c) The data is no longer needed for processing but is required for claims or legal proceedings;
d) The data subject requests cessation/deletion, and the request is under review;
e) There is a need to retain the data as evidence.
2. The controller must block the data in these cases unless blocking creates a threat to:
a) The controller’s obligations under law or regulations;
b) Execution of public interest tasks;
c) Legitimate interests of the controller or a third party, except where overriding interests of the data subject (especially minors) exist;
d) Protection of interests specified in Article 50, Paragraph 6.
3. The controller may unblock data if grounds listed above arise.
4. Data must remain blocked for the duration of the reason for blocking, and if technically possible, the blocking decision must be attached to the data.
5. The data subject has the right to be informed of blocking or refusal within no later than 3 working days.
6. During blocking, data may only be processed:
a) With the data subject’s consent;
b) For legal claims or defenses;
c) To protect interests of the controller or third parties;
d) For public interest as required by law.
Article 18. Right to data portability
In cases of automated data processing under Article 5(1)(a)-(b) and Article 6(1)(a), the data subject has the right, where technically possible, to receive their data in a structured, commonly used, and machine-readable format, or request its transfer to another controller.
Article 19. Automated decision-making and related rights
1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, except when:
a) The decision is based on the subject’s explicit consent;
b) The decision is necessary for a contract between the subject and controller;
c) The decision is prescribed by law or regulations.
2. Upon request, the controller must take measures to protect the subject’s rights, freedoms, and legitimate interests, including human involvement in the decision process (except in case “c”), the right to express views, and the right to appeal.
3. Special category data may only be used in automated decisions under Article 6(1)(a), (v), or (k), with appropriate safeguards in place.
Article 20. Right to withdraw consent
1. The data subject may withdraw consent at any time without explanation. In this case, processing must cease, and/or data must be deleted/destroyed within no later than 10 working days, unless other grounds for processing exist.
2. Consent may be withdrawn in the same form in which it was given.
3. Prior to withdrawal, the data subject has the right to request information about the possible consequences of withdrawal.
Article 21. Restriction of data subject rights
1. The rights in Articles 13, 20, 24, and 25 may be restricted if explicitly prescribed by Georgian law, provided fundamental human rights are not violated, and the restriction is necessary and proportionate in a democratic society, where exercising these rights may endanger:
a) National security, information/cybersecurity, or defense interests;
b) Public safety;
c) Prevention, investigation, prosecution of crimes, justice, imprisonment, probation, or investigative activities;
d) Significant national financial, economic, monetary, budgetary, tax, public health, or social protection interests;
e) Detection of professional or ethical misconduct and accountability;
f) Regulatory or supervisory authority functions in these areas;
g) Rights and freedoms of the data subject or others, including freedom of expression;
h) State, commercial, professional, or other legally protected secrets;
i) Legal claims or defenses.
2. Restrictions must apply only to the extent necessary to achieve their purpose.
3. If rights are restricted, the data subject must be notified, unless notification itself jeopardizes the purpose.
4. Rights under Articles 13, 20, 24, and 25 must be provided free of charge, except for exceptions prescribed by law. If requests are made excessively frequently, the controller may refuse, but must notify the subject in writing and explain the right to appeal.
5. The burden of proof for restriction lies with the controller.
Article 22. Right to appeal
1. The data subject has the right, in case of violation of rights or procedures under this Law, to appeal to the Personal Data Protection Service, the courts, and/or a higher administrative authority.
2. The data subject may request the Personal Data Protection Service to order blocking of data until a final decision is made on their complaint.
3. The data subject may appeal decisions of the Personal Data Protection Service in court, in accordance with Georgian law.
To exercise these rights, the data subject (user) must send a notification from the email address registered on their account to the following email: Info@prestigioplaza.ge
Purpose of processing such information is:
- to analyze trends
- to compile statistics
- track user actions to guarantee the best experience
- to design and implement effective marketing activities
- to give advice and recommendations
When starting to use the website, the user has the option to accept Cookies. If the user does not press the appropriate button and continues to use the website despite the notification, such action will be considered as consent by the user.
User can manage Cookie settings through the browser settings.
