as of June 6, 2025
Personal Data and Privacy Protection Policy
Article 1. General Provisions
1.1. This Privacy and Personal Data Protection Policy (hereinafter – "Policy") is a document of LLC "Aisith" (identification number: 405115797) – an official document of the company, established and operating in accordance with Georgian legislation, which defines the rules, principles, and guarantees for the processing of personal data of data subjects (customers, employees, partners, and other persons) rules, principles, and guarantees for the processing of personal data.
1.2. The purpose of the policy is to ensure a high level of protection for the personal data of customers and other individuals, transparency, and compliance with legal, technical, and organizational requirements during data processing.
1.3. The scope of this policy applies to all data that Aisit possesses or may possess in the course of its communication with a customer or any data subject, including from websites, information obtained through websites, applications, services, products, or partnerships.
1.4. This Policy is an integral part of the Terms of Use for the Aisith website, services, and products, and the user's acceptance of it constitutes agreement to the terms described in this document.
1.5. This policy may be amended from time to time. The new version will be posted on the website and will become effective immediately upon posting. The user is obligated to periodically check for the updated version of the policy.
Article 2. Definition of Terms
The terms used in this policy have the following meanings:
- „Legislation” – The Law of Georgia "On Personal Data Protection" and other regulatory and normative acts in force in Georgia;
- „Politics“ – this Privacy and Personal Data Protection document, which defines Aithesis's approaches to data processing;
- „Personal data“ – Any information relating to an identified or identifiable natural person. "Personal data" shall be defined in accordance with Georgian legislation;
- „"data subject" – A natural person whose personal data is processed by Aisiitii;
- „Processing“ – any action with respect to personal data, including collection, recording, organizing, storage, alteration, use, disclosure, blocking, erasure, and destruction;
- „Person responsible for processing“ – a natural or legal person who determines the purposes and means of processing data and carries out the processing independently or through another person;
- „"Authorized person for processing" – a person who processes personal data on behalf of the person responsible for the processing in accordance with a contract or other legal basis;
- „Agreement“ – Consent is the freely given, specific, informed and unambiguous indication of the data subject's wishes by a statement, written (including electronic) or oral, with respect to the processing of their personal data for a specific purpose.;
- „Third person“ – a natural or legal person who is neither the data subject, nor responsible for the processing, nor a person authorized to process;
- „Direct marketing“ – Communication aimed at providing the customer with information about a product, service, or offer through direct communication channels (email, SMS, telephone call, etc.);
- „Cookies“ Small text files that are stored on a user's device while using a website and provide technical, analytical, and marketing functions.
- „Informed consent“ – consent based on clear and comprehensive information provided to the data subject in advance on all significant aspects of the processing of personal data;
Article 3. Legal Bases for Data Processing
3.1. Aisithy processes personal data based on the following legal bases:
- a) with the prior, voluntary, and informed consent of the subject;
- b) for the purpose of fulfilling the contract concluded with the data subject;
- c) for the purpose of fulfilling the obligations defined by the company's legislation;
- d) for the protection of the legitimate interests of the data subject or a third party, provided that this does not violate the rights and freedoms of the data subject;
- e) When obtained from public sources of data – in accordance with Georgian legislation.
Article 4. Sources of Data Collection
4.1. Aisithy collects data:
- a) when the user registers on the website or in the application;
- b) When purchasing products and services;
- c) through various communication channels (email, telephone, chat); d) from public registers and platforms;
- e) from partner companies or service providers on a proper legal basis.
Article 5. Categories of data processed
5.1. AIS may process the following categories of data:
- a) Identification data (first name, last name, personal number, date of birth);
- b) Contact information (email, phone, address);
- c) Financial information (account number, card type);
- d) Technical data (IP address, cookies, device ID);
- e) Behavioral and analytical data (navigation, user activities);
- e) Audio/video recordings (telephone conversation or camera footage);
- z) Correspondence (chats, written communications);
- d) Information obtained from public sources;
- i) Other information voluntarily provided by the user.
Article 6. Purposes of data processing
The purposes of processing personal data include:
6.1. To effectively provide services and orders – to ensure the receipt, processing, and delivery of orders placed by the customer, including for the purposes of updating order-related information and appropriate communication with the customer;
6.2. Managing customer communications – to establish contact with the customer, messages, information, for providing communications related to feedback and other types of service, including for the purpose of improving service quality and resolving issues;
6.3. Marketing activities – to communicate via personalized advertisements, offers, promotional campaigns, and various advertising channels with the customer's consent;
6.4. Product improvement and development – optimizing services and creating new products based on analysis of user behavior, feedback, and usage;
6.5. Internal analytics and market research – analysis of user requirements and market trends based on statistical and anonymous data;
6.6. Security and Fraud Prevention – to detect the misuse of our services, and to monitor and prevent security incidents;
6.7. Responding to user requests – to process and respond to user complaints, questions, and requests;
6.8. Fulfillment of statutory obligations – to comply with legal obligations in Georgia and internationally, including tax, accounting, consumer protection, and data protection regulations.
Article 7. Processing of data for direct marketing purposes
7.1. Aisith is authorized to process the user's personal data for direct marketing purposes only if the user's prior, voluntary, and informed consent has been obtained.
7.2. Processing includes sending promotional, informational, or marketing messages to the user.
7.3. Based on the data processed for direct marketing purposes, AIS has the ability to provide the customer with individually tailored offers. This may include discounts, news, and recommendations for new products and services based on the user's interests and behavioral patterns. Messages are sent via email, text messages (SMS), or other electronic communication channels.
7.4. Consent can be given by the user on the Aisitii website, in the application, or on the registration form by clicking the appropriate field (the "I agree to the Privacy and Personal Data Protection Policy" button). by checking the appropriate box.
7.5. With the user's consent, Aisith has the right to transfer the user's personal data to selected third parties (including advertising agencies, marketing platforms, and messaging systems). for direct marketing purposes, only to the extent and for the period necessary for the provision of the service.
7.6. The user has the right to object to the processing of data for direct marketing purposes or to withdraw previously given consent. The refusal can be recorded at the time of contract signing by leaving the relevant marketing addendum unsigned or by expressing a choice in another form.
7.7. Already Issued agreement Cancel It is possible user Request From the moment it was recorded No later than 7 (seven) Work of the day. The request should be sent to the following email info@icity.ge In such a case I see it Obligated Stop user Data Processing Direct Marketing For purposes And Stop Appropriate Communication.
Article 8. Cookie Policy
8.1. Aisithy uses "Cookies" and other supporting technologies to operate, improve, and enhance the application/website and the user experience.
8.2. Cookies may collect data about your device, browser type, number of visits, time spent on the website, pages opened, and your behavior.
8.3. In addition to strictly necessary Cookies, we use the following types of Cookies:
- a) Analytical Cookies – for site statistics and improvement purposes;
- b) Functional Cookies – to provide website personalization and additional functionality;
- c) Marketing Cookies – for personalization and targeting of advertising;
- d) Social Media Cookies – To simplify interaction with social networks.
8.4. By clicking the "Agree" button of the "Privacy and Personal Data Protection Policy," the user confirms the use of all types of Cookies, including:
- a) Collection of information from the user's browser and IP address;
- b) the transfer of data to third parties for both technical and marketing purposes;
- c) Processing of personal data in accordance with cookies.
8.5. The user can at any time modify their cookie settings or withdraw consent by using the "Cookie Preferences" link available on the site.
8.6. Detailed information about the categories of Cookies, their durations, and third parties is provided in our "Cookie Privacy Policy".
Article 9. Data Retention Period
9.1. Aisithy retains personal data only for the period necessary to achieve the purpose of data processing, as well as for the period stipulated by applicable law. Specifically:
9.1.1. During the service period – while the customer is using the ICT service and the contractual relationship exists;
9.1.2. for a period of no more than 3 years from the date of service termination, except in cases where the law requires a longer period;
9.1.3. Documentation is retained and data is archived for the period specified by the statutes of limitations or administrative control periods provided for in Georgian legislation (for example, in the case of tax or civil disputes);
9.1.4. After the expiration date, the data will be destroyed in a secure and non-commercial manner that eliminates the possibility of their recovery.
Article 10. Data Security
10.1. Aisithii takes appropriate physical, technical, and administrative measures to ensure data security and to protect against unauthorized access, use, modification, or destruction. Specifically:
- Ensures the physical security of servers, workstations, and other infrastructure;
- Data access is granted only to authorized employees through appropriate passwords and identification mechanisms.;
- Employees undergo regular information security training.;
- Systematic monitoring, risk assessment, and incident response mechanisms are in place;
- Security audits and system updates are conducted regularly.
Article 11. Rights of the data subject
11.1. Request information regarding the personal data processed about them, including the origin of the data, the purpose of the processing, and the legal basis;
11.2. Request the correction, update, or completion of data if it is found to be inaccurate or incomplete;
11.3. request the deletion, cessation, or blocking of data, including in cases where the purpose of processing has been fulfilled or the data is being processed unlawfully;
11.4. To object to the processing of data at any time to the extent it is based on their voluntary consent;
11.5. Request data portability – to receive the data in a structured, commonly used format or to have it transmitted to another processor;
11.6. To appeal to the Personal Data Protection Service or a court in case of a violation of their rights.
Article 12. Limitation of Rights
12.1. The exercise of the data subject's aforementioned rights may be restricted under the exceptions provided for by law, specifically in cases where their implementation:
11.1. Threatens state or public safety;
11.2. Violates the interests of criminal proceedings or the administration of justice;
11.3. Restricts the lawful rights of other natural or legal persons;
11.4. Violates requirements of professional, commercial, or state secrecy;
11.5. Contradicts the requirement to comply with applicable legal requirements or a legal mandate.
12.2. The restriction shall be applied only to the extent necessary to achieve the objective and only for as long as the statutory basis remains in effect.
Article 13. Changes to the Policy
13.1. AISIT reserves the right to periodically update or change this Policy in response to legal, technological, or administrative changes. Changes will be posted on the website and will become effective as soon as they are posted.
13.2. The user is recommended to regularly review updates to the policy.
Article 14. Contact
14.1. For additional information, to exercise your rights, or to clarify an issue related to data processing, please contact us at the following address: Email info@icity.ge
LLC "Aisit" continues to uphold the highest standards for the protection of customer personal data.
