Privacy Policy Regarding the Processing of Personal Data
1. General Provisions
This personal data processing policy has been prepared in accordance with the requirements of the "Personal Data Law" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data implemented by Maria Chumakova (hereinafter referred to as the Operator).
1.1. The Operator considers adherence to human and civil rights and freedoms, including the protection of the right to privacy, personal and family confidentiality, as a fundamental goal and condition for conducting its activities when processing personal data.
1.2. This Operator’s policy on personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the website https://webcreator.ge/.
2. Key Terms Used in the Policy
2.1. Automated processing of personal data – processing of personal data using computing technology.
2.2. Blocking of personal data – temporary suspension of personal data processing (except where processing is necessary for personal data clarification).
2.3. Website – a collection of graphical and informational materials, as well as computer programs and databases, ensuring their availability online at the network address https://webcreator.ge/.
2.4. Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data – actions that make it impossible to identify personal data belonging to a specific User or other subject without additional information.
2.6. Personal data processing – any action (operation) or a set of actions (operations) performed with or without the use of automation tools involving personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator – a government body, municipal body, legal or individual entity, which independently or jointly organizes and/or conducts personal data processing and determines the purposes of personal data processing, the scope of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data – any information directly or indirectly related to an identified or identifiable User of the website https://webcreator.ge/.
2.9. Personal data authorized by the subject for dissemination – personal data available to an unlimited range of individuals granted by the subject through consent in accordance with the Personal Data Law (hereinafter referred to as personal data authorized for dissemination).
2.10. User – any visitor to the website https://webcreator.ge/.
2.11. Provision of personal data – actions aimed at disclosing personal data to a specific individual or a specific group of individuals.
2.12. Distribution of personal data – any actions aimed at disclosing personal data to an undefined range of individuals (transfer of personal data) or making personal data available to an undefined range of individuals, including publication in mass media, posting in information and telecommunication networks, or granting access to personal data in any other way.
2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state, to a foreign state’s authority, or a foreign legal or individual entity.
2.14. Destruction of personal data – any actions that result in irreversible destruction of personal data with no possibility of further recovery of personal data content within the information system, and/or physical destruction of personal data carriers.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to: – Receive accurate information and/or documents containing personal data from the subject of personal data; – Continue processing personal data without the subject’s consent if there are grounds specified in the Personal Data Law; – Independently determine the scope and list of measures necessary and sufficient to ensure compliance with obligations under the Personal Data Law and related legal acts, unless otherwise stipulated by the Personal Data Law or other federal laws.
3.2. The Operator is obligated to: – Provide the subject of personal data, upon request, with information related to the processing of their personal data; – Organize personal data processing in accordance with the laws of Georgia; – Respond to requests and inquiries from personal data subjects and their legal representatives as per the Personal Data Law; – Notify the authorized body for the protection of personal data subjects' rights with required information within 30 days upon request; – Publish or otherwise provide unrestricted access to this Policy concerning personal data processing; – Take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution, and other unlawful actions; – Cease the dissemination of personal data, halt processing, and destroy personal data as stipulated by the Personal Data Law; – Fulfill other obligations provided by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to: – Obtain information concerning the processing of their personal data, except as provided by federal laws. Information is provided by the Operator in an accessible form, not containing data relating to other personal data subjects unless lawful grounds for disclosure exist. The list and procedure for obtaining such information are established by the Personal Data Law; – Request the Operator to clarify, block, or delete their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated processing purposes, and take legal measures to protect their rights; – Impose a condition of prior consent when processing personal data for marketing goods, works, and services; – Withdraw consent to the processing of personal data; – Lodge complaints with the authorized body for protecting personal data rights or in court against unlawful actions or inactions of the Operator; – Exercise other rights provided by law.
4.2. Personal data subjects are obligated to: – Provide the Operator with accurate data about themselves; – Notify the Operator about clarifications (updates, changes) of their personal data.
4.3. Individuals providing inaccurate information about themselves or other personal data subjects without consent bear responsibility in accordance with the law.
5. Personal Data Processed by the Operator
5.1. Email address.
5.2. The website also collects and processes anonymized visitor data (e.g., cookies) using internet statistics services (Yandex Metrica, Google Analytics, etc.).
5.3. The above-mentioned data are collectively referred to as Personal Data in this Policy.
5.4. Processing of special categories of personal data regarding race, nationality, political views, religious or philosophical beliefs, or intimate life is not carried out by the Operator.
5.5. Processing of special categories of personal data authorized for dissemination is permissible if the prohibitions and conditions provided by the Personal Data Law are observed.
5.6. User consent for processing personal data authorized for dissemination is obtained separately from other consents for processing their personal data. The conditions specified in the Personal Data Law apply, and the content requirements for such consent are determined by the authorized body for the protection of personal data rights.
5.6.1. The User provides consent for processing personal data authorized for dissemination directly to the Operator.
5.6.2. The Operator must publish information about the processing conditions, restrictions, and prohibitions regarding the dissemination of authorized personal data no later than three business days after receiving the User’s consent.
5.6.3. The transmission (distribution, provision, access) of personal data authorized by the subject for dissemination must cease at any time upon the subject’s request. This request must include the subject’s full name, contact information (phone number, email address, or mailing address), and a list of personal data to be ceased from processing. These data may only be processed by the Operator to whom the request is directed.
5.6.4. Consent for the processing of personal data authorized for dissemination ceases upon receipt of the request specified in clause 5.6.3 of this Policy by the Operator.
6. Principles of Personal Data Processing
6.1. Personal data processing is conducted on a lawful and fair basis.
6.2. Processing is limited to achieving specific, predetermined, and lawful purposes. Processing incompatible with the purposes of data collection is not allowed.
6.3. Combining databases containing personal data for purposes incompatible with each other is prohibited.
6.4. Only personal data relevant to the purposes of their processing are subject to processing.
6.5. The scope and content of processed personal data correspond to the stated purposes of processing. Excessive processing of personal data in relation to the stated purposes is not permitted.
6.6. Personal data must be accurate, sufficient, and, if necessary, updated in relation to the purposes of their processing. The Operator takes measures to delete or clarify incomplete or inaccurate data.
6.7. The storage of personal data is carried out in a form that allows the identification of the personal data subject, no longer than required by the purposes of processing the personal data, unless the storage period is established by federal law or a contract to which the personal data subject is a party, beneficiary, or guarantor. The processed personal data is destroyed or anonymized upon achieving the purposes of processing or when it is no longer necessary to achieve these purposes unless otherwise provided by law.
7. Purposes of Personal Data Processing
7.1. The purpose of processing the User's personal data:
– informing the User via email communication.
7.2. The Operator is also entitled to send notifications to the User about new products and services, special offers, and various events. The User may opt out of receiving informational messages at any time by sending an email to the Operator at wcreatorgeorgia@gmail.com with the subject "Unsubscribe from notifications about new products, services, and special offers."
7.3. Anonymized User data collected through internet statistics services is used to gather information about User actions on the website and to improve the quality and content of the website.
8. Legal Grounds for Personal Data Processing
8.1. The legal grounds for processing personal data by the Operator include:
– the Operator’s statutory (founding) documents;
– federal laws and other regulatory legal acts in the field of personal data protection;
– User consent for the processing of their personal data, including consent to the processing of personal data permitted for dissemination.
8.2. The Operator processes the User's personal data only if the User submits such data voluntarily through special forms on the website https://webcreator.ge/ or via email. By filling out the respective forms or submitting their personal data to the Operator, the User consents to this Policy.
8.3. The Operator processes anonymized User data if this is permitted by the User’s browser settings (enabled cookie saving and JavaScript use).
8.4. The personal data subject independently decides to provide their personal data and gives consent freely, willingly, and in their own interest.
9. Conditions for Processing Personal Data
9.1. Personal data is processed with the consent of the personal data subject.
9.2. Processing is necessary for the purposes provided for by an international treaty or law, or for performing functions, powers, and duties imposed on the Operator by law.
9.3. Processing is necessary for the administration of justice or execution of a judicial act, or an act of another authority or official, enforceable under legislation on enforcement proceedings.
9.4. Processing is necessary for the performance of a contract to which the personal data subject is a party, a beneficiary, or a guarantor, or for the conclusion of a contract initiated by the personal data subject.
9.5. Processing is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant purposes, provided this does not violate the rights and freedoms of the personal data subject.
9.6. Processing of personal data is carried out for data made publicly available by the personal data subject or at their request (hereinafter, "public personal data").
9.7. Processing of personal data is carried out when required to be published or disclosed by federal law.
10. Collection, Storage, Transfer, and Other Types of Personal Data Processing
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with applicable personal data protection laws.
10.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access to it.
10.2. Personal data will never be disclosed to third parties under any circumstances, except as required by applicable law or if the personal data subject consents to such disclosure for fulfilling obligations under a civil contract.
10.3. If inaccuracies in personal data are detected, the User can update their data by sending a notification to the Operator's email at wcreatorgeorgia@gmail.com with the subject "Update of personal data."
10.4. The period of personal data processing is determined by achieving the purposes for which the personal data was collected, unless otherwise stipulated by the contract or applicable law. The User may revoke their consent to personal data processing at any time by sending a notification to the Operator via email at wcreatorgeorgia@gmail.com with the subject "Withdrawal of consent for personal data processing."
10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these parties in accordance with their User Agreements and Privacy Policies. The personal data subject and/or User must independently review these documents in a timely manner. The Operator is not responsible for third-party actions, including those of the service providers mentioned in this clause.
10.6. Restrictions established by the personal data subject on the transfer (except for providing access), as well as processing or conditions of processing (except for access), of personal data permitted for dissemination do not apply to cases of processing for state, public, or other public interests as determined by Russian law.
10.7. The Operator ensures the confidentiality of personal data during processing.
10.8. The Operator stores personal data in a form that allows the identification of the personal data subject, no longer than necessary for the purposes of processing personal data, unless a longer storage period is required by federal law or a contract to which the personal data subject is a party.
10.9. Processing of personal data may be terminated upon achieving the purposes of personal data processing, expiration of the personal data subject’s consent, or its withdrawal, as well as in cases of unlawful personal data processing.
11. List of Actions Performed by the Operator with Collected Personal Data
11.1. The Operator performs the collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
11.2. The Operator conducts automated processing of personal data, including the receipt and/or transfer of obtained information through telecommunication networks or without such means.
12. Cross-Border Transfer of Personal Data
12.1. Before starting the cross-border transfer of personal data, the Operator must ensure that the foreign state to which the transfer is planned provides reliable protection of the rights of personal data subjects.
12.2. Cross-border transfer of personal data to foreign states that do not meet these requirements may be carried out only with the written consent of the personal data subject or for the performance of a contract to which the personal data subject is a party.
13. Confidentiality of Personal Data
The Operator and other persons who have gained access to personal data are required not to disclose or distribute personal data to third parties without the personal data subject’s consent, unless otherwise required by law.
14. Final Provisions
14.1. The User may obtain any clarification on questions related to the processing of their personal data by contacting the Operator via email at wcreatorgeorgia@gmail.com.
14.2. This document will reflect any changes to the Operator's personal data processing policy. The policy is effective indefinitely until replaced by a new version.
14.3. The current version of the Policy is freely available on the Internet at https://webcreator.ge/politics.
