top of page

Personal Data Protection Policy

The Personal Data Protection Policy (hereinafter, the „Policy“) of Duty Free Georgia LLC (hereinafter, the „Company“) establishes the rules for the collection, processing, and storage of personal data, as well as the purposes and scope of its use.

The purpose of this Policy is to establish the fundamental principles and procedures governing the transparent and lawful collection and processing of personal data, and to ensure the protection of the rights of data subjects.

This Policy applies to any data subject whose personal data becomes accessible to the Company. It also applies to any recipients of the data and to any individuals authorized to process personal data on behalf of or for the Company.

  1. The Purpose of Personal Data Processing

The Company processes personal data to the extent necessary for the conduct of its business, including the offering and provision of products and services to its customers. Additionally, personal data is processed to ensure the proper functioning of the Company’s website, to enhance service standards, and to maintain security.

The Company collects and processes personal data for the following specific purposes:

  • To provide customers with information regarding products and services;

  • To enable prompt communication with customers;

  • To improve service quality and take customer preferences into account;

  • For analytical, statistical, and marketing purposes;

  • To ensure security and protect property;

  2. The Principles of Data Processing

Personal data shall be processed lawfully, fairly, and in a transparent manner for the data subject, without interfering inviolability of human dignity of the data subject.

Personal data shall be collected and processed solely for specific, legitimate purposes and only to the extent necessary to achieve these purposes. The data obtained shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Personal data shall be valid and accurate and, where necessary, kept up to date. Having regard to the purposes of data processing, inaccurate data shall be rectified, erased or destroyed without undue delay.

Appropriate technical and organizational measures shall be implemented to ensure the security and protection of personal data.

 3. Personal Data Defined by the Policy

3.1. Upon visiting the Company’s website, the following types of information shall be automatically, lawfully collected and processed:

  • The date and time of the website visit;

  • The Internet Protocol (IP) address;

  • The type of device used;

  • The name of the web browser used;

 

3.2. In the event that a user wishes to leave a notice for the Company via the website, the following identification/personal data will be required:

  • First and last name;

  • Email address;

  • Phone number;

 

The data specified in section 3.1. shall be collected automatically, whereas the data specified in section 3.2. must be provided by the user.

 

The legal basis for the processing of the aforementioned data is subparagraph „i“ of article 5 of the Law of Georgia on Personal Data Protection, according to which the processing of data is necessary to protect important legitimate interest pursued by the Company. 

 4. Retention Period of Personal Data

The Company shall retain customers’ personal data for a period of (*). Upon the expiration of this period, the Company shall destroy the collected personal data in accordance with the procedures prescribed by law.

 5. Responsible Party for Personal Data Processing

Data regarding visitors to the website shall be transferred for processing to the person authorized to process personal data – (*). In the event of indications of a crime, the data may be transferred to the relevant investigative authorities.

 6. Rights and Obligations of Data Subjects

Regardless of the content or nature of the personal data collected, data subjects shall have the following rights:

  • The right to receive information regarding the processing of personal data – a data subject shall have the right to request from the person responsible for processing confirmation as to whether their personal data is being processed and whether the processing is based on a legitimate purpose. Additionally, the data subject shall have the right to receive, free of charge, other information related to the processing of their personal data.

  • The right to access and obtain a copy of personal data – Upon request for access to and a copy of personal data, such data shall be provided to the data subject free of charge.

  • The right to rectification, updating, and completion of personal data – In the event that personal data is incorrect, inaccurate, and/or incomplete, the data subject shall have the right to request the rectification, updating, and/or completion of such data. The Company shall respond to the request within 10 working days from the date of receipt.

  • The right to the termination of the processing, erasure or destruction of personal data -  Upon submission of a request, the Company shall cease the processing of personal data and/or delete or destroy such data, or shall inform the data subject of the grounds for refusing the request and of the applicable appeal procedure.

  • The right to the blocking of data – The blocking of data means the temporary suspension of data processing. The data subject shall have the right to request the controller to block data if any of the following circumstances exists: the authenticity or accuracy of the data is contested by the data subject, the processing of the data is unlawful, although the data subject opposes the erasure of the data and requests their blocking, the data are no longer needed for the purposes of the processing, but they are required by the data subject to lodge a complaint/claim, the data subject request the termination of the processing, erasure or destruction of the data and this request is being considered, there is a need to retain the data for use as evidence.

  • Right to the transmission of data – In the case of automated data processing, and insofar as technically feasible, the data subject shall have the right to request that the data provided to the authorized person be made available to them or transferred to another person.

  • Right to withdraw consent – the data subject shall have the right to withdraw his/her consent at any time and without explanation, in the same form in which the consent was initially given.

  • The right to appeal – in the event of a violation of their rights or of the rules established for the processing of personal data, the data subject shall have the right to apply to the Personal Data Protection Service and/or to a court.

  7. Processing of Personal Data of a Minor

The processing of personal data relating to a minor shall be permitted on the basis of the minor’s consent if the minor has attained the age of 16. The processing of personal data relating to a minor under the age of 16 shall be carried out on the basis of the consent of the minor’s parent or other legal representative. This shall also apply in cases provided for by law, including cases where the consent of a legal representative is required for the processing of personal data of a person aged between 16 and 18. In all such cases, the processing of personal data shall be carried out in consideration of the best interests of the minor.

 8. Review of the Privacy Policy

The Policy may be reviewed and amended by the data controller if necessary. Any amendments shall be published on the website. Unless otherwise specified, such amendments shall enter into force upon publication.

 9. Person Authorized to Process Personal Data

  • Name/Surname:

  • Phone Number:

  • E-mail Address:

bottom of page