Privacy Policy

LLC  ,,Georgia Palace Hotel & Spa”  Privacy Policy

1. Who are we:

LLC ,,Georgia Palace Hotel and Spa “ (hereinafter also referred to as “we” or “our”) is a legal entity (hotel) registered in accordance with the legislation of Georgia.

Our identification number is: 447000584

Our legal address is: Kobuleti, Davit Agmashenebeli Ave. N275.

Our actual address is: Kobuleti, Davit Agmashenebeli Ave. N275.

Our website address is: gph.ge; 

2. We declare that:

- We respect and recognize the fundamental rights and freedoms of individuals when processing personal data, including the right to privacy and communication;

- We undertake to strictly comply with the applicable law when processing your personal data;

- We understand the value and importance of personal data and are committed to strictly protecting the confidentiality of your data;

- We will not use your data unlawfully;

- We will ensure the security of your personal data;

In cases provided for by law, including at your request, we will provide you with information regarding your personal data held by us and its processing.

3.Goal of this policy:

In this document, we would like to inform you about the bases and purposes for which we collect/process your personal data, the principles we adhere to when processing your personal data, as well as the organizational and technical means we use to ensure their security. In this document, you will also find information about your rights and how to protect them. We will also provide you with information about what types of personal data we collect when establishing a business relationship with you, with whom they are transferred and how these data are processed.

4.Who this document is intended for:

This document is intended for:

- our potential, existing and/or former clients;

- for the user's legal representatives or contact persons;

- our employees, contractors, persons whose data we process, data recipients, as well as authorized persons who process personal data on our behalf or for us;

- for any other interested person.

5.How we collect your data (data sources):

We collect your data from the following sources:

- Your application for services (including telephone communication, written and/or electronic application and/or visit to us);

- Your use of our services;

- Your use of our remote channels/registration for online services;

- Submission of an application, complaint and/or other documentation - in person, by post or e-mail;

- Provision of personal information from third parties on the basis of concluding a transaction with them.

6. What categories of data related to you, in the course of which processes, for what purpose and for what period we process:

7. Processing principles:

We process your personal data in accordance with the following principles established by law:

- The data are processed lawfully, fairly, transparently and without prejudice to the dignity of the data subject;

- The data are collected only for a specific, clearly defined and legitimate purpose. No further processing of the data is carried out for purposes incompatible with the original purpose;

- The data are processed only to the extent necessary to achieve the relevant legitimate purpose;

- The data is true, accurate and, where necessary, updated. Data that is inaccurate, taking into account the purpose of data processing, must be corrected, erased or destroyed without undue delay;

- The data is stored only for the period necessary to achieve the relevant legitimate purpose of using the data;

- In order to ensure data security, technical and organizational measures have been taken during data processing that sufficiently ensure the protection of the data, including against unauthorized or unlawful disclosure, accidental loss, destruction and/or damage.

8. Processing basics:

We process your data on one or more of the following bases:

- We have your voluntary consent to process the data for a specific purpose;

- We fulfill our obligations under the law;

- The processing of the data is provided for by law;

- To enter into a transaction/contract with you or to perform an existing transaction/contract;

- To provide you with services/process your application;

- To protect our legitimate interests or the interests of third parties;

- The data is publicly available or the data subject has made their data publicly available;

- If necessary, on other grounds provided for by the Law of Georgia on the Protection of Personal Data.

We process special categories of data on the following bases:

- we have your written consent to process the data for one or more specific purposes;

- it is directly and specifically regulated by law and is a necessary and proportionate measure in a democratic society;

- the processing is necessary to protect your vital interests or those of another person and the data subject is physically or legally incapable of giving consent to the application;

- the processing is necessary due to the nature of the employment obligations and relationship, including for making an employment decision or assessing the employee's work skills;

- The subject of the data has made their data publicly available without expressly prohibiting their use;

- Data processing is carried out for the purpose of functioning of the Unified Analytical System of Migration Data;

- if necessary, on other grounds provided for by the Law of Georgia "On the Protection of Personal Data".

- We process personal data using semi-automated methods, which means that we process personal data using a combination of automated methods (data processing using information technology) and non-automated methods (data processing without the use of information technology).

9. Who do we share (transfer) data with?

In order to provide you with perfect service, to fulfill obligations stipulated by law or assumed under a contract, or in cases defined by law, where there is a relevant legal basis, your data may be shared with:

-Your representative/legal representative;

-Parties involved in the transaction;

-The Ministry of Internally Displaced Persons from the Occupied Territories, Labor, Health, and Social Affairs of Georgia, only in cases related to labor migration, as stipulated by law;

-Law enforcement agencies (upon their request, in accordance with the law);

-Service providers and authorized data processors.

- In the event of a reorganization or transfer, to your legal heirs or assigns;

- To any other third party with your consent.

We may share your data in another country if there are grounds for data processing provided for by the Law of Georgia on Personal Data Protection and the relevant country provides appropriate guarantees for data protection and protection of the rights of the data subject. If we transfer your data to a country where adequate data protection guarantees do not exist, we will ensure the conclusion of a personal data transfer agreement that guarantees the proper protection of users' personal data in accordance with legal requirements. In cases specified by the Law of Georgia on Personal Data Protection, we will apply to the Personal Data Protection Service to obtain permission for international data transfer.

-To ensure the proper protection of your data, before transferring your personal data to a third party, we verify whether they have implemented appropriate organizational and technical measures for data protection.

10.Rights of the Data Subject

As a data subject, you have the right to:

-         Obtain information on whether we process your data and receive details about the processed data, including what data is being processed, the purpose and legal basis of the processing, as well as information about the source of data collection and data transfers.

-Access your data stored with us and receive copies of documents/records containing your personal data free of charge, in accordance with the procedures established by Georgian law.

-Request the correction, updating, or completion of incorrect, inaccurate, or incomplete data.

-Request the termination of data processing, deletion, or destruction if:

a) You withdraw consent, which is the sole basis for data processing;

b) Data processing is no longer necessary for the purpose for which it was processed;

c) Data processing is occurring unlawfully.

Request the blocking of data if:

a) The accuracy or truthfulness of the data is in dispute;

b) Data processing is unlawful, but you do not wish to delete the data and only request its blocking;

c) The data is no longer necessary for the purpose of processing, but you require it for legal proceedings;

d) The request for the cessation, deletion, or destruction of the data is being reviewed;

e) There is a need to retain the data for the purpose of evidence.

-At any time, you may withdraw or refuse the consent you have given regarding data processing and request the deletion of data processed based on that consent. We will cease data processing and delete the data already processed, unless there is another legal basis for data processing as defined by law;

-In case of violation of your rights, you may contact our Personal Data Protection Officer, the Personal Data Protection Service, and/or the court.

11. Restriction of the Rights of the Data Subject

Your rights may be restricted in cases specified by law. We will apply restrictions on your rights only to the extent that is adequate and proportionate to the purpose of the restriction.

12.Data Processing through Authorized Persons

Under the terms of this policy, data processing on our behalf may be carried out by an authorized person only if we have signed a written agreement with the authorized person. Before entering into the agreement, we always verify the reliability of the party in advance, and the agreement includes the obligation for the authorized person to take organizational and technical measures to ensure the protection of your personal data in accordance with the legal requirements.

 Data processing by an authorized person

In accordance with the terms of this Policy, data processing on our behalf may be carried out by an authorized person only if we have concluded a corresponding written agreement with the authorized person. Before concluding an agreement, we always make sure of the reliability of the party and in the agreement we take into account the obligation of the authorized person to take such organizational and technical measures that ensure the protection of your personal data in accordance with the requirements established by law.

13.How we protect your data (data security);

We have taken organizational and technical measures appropriate to the possible and inherent risks of data processing, which ensure the protection of personal data held by us against loss, unlawful processing, including destruction, alteration, disclosure or use.

We strictly protect the confidentiality of personal data. Only those employees who need to process the data to perform their duties have access to it. The scope of each access/authorization is determined based on the necessary needs.

The Personal Data Protection Officer monitors the status of our personal data protection and the compliance of our processing with this policy, legislation, and the company's internal procedures.

We record all actions taken with respect to personal data held in electronic form (including information about incidents, data collection, modification, access, disclosure (transfer), linking, and deletion).

We ensure that all persons processing personal data within the scope of the powers granted to them by us do not exceed the scope of the powers granted to them, ensure the confidentiality of personal data, including after the termination of the relevant powers; In the case of processing personal data in electronic form, have access only to the volume of personal data that we provide to him/her; Be duly informed about the security of personal data.

14.How long do we save your personal data?

We will store/save  your data:

- for the period specified by Georgian legislation;

- for the entire period of service and for 3 years after the end of service;

             - for the period necessary to achieve the specific purpose of processing and established within the framework of the     provision of the service and/or in the contract;

-         In cases provided by law and/or if it is necessary to protect our or third parties' important legitimate interests, we will store personal data for a longer period than the above 3-year period, for the period necessary to achieve specific purposes.

15.Files ( Cookies)

We strive to continually improve the quality of service and usability of our website, as well as to ensure your security. Accordingly, when using our website, we use so-called Ready Recordings. Cookies are used to personalize, improve and protect your security when using the website.

16. Your Obligations

In order to provide you with our services, it is necessary for us to have complete and accurate information about you, therefore, please notify us if your contact or other information changes.

17. Our contact details:

For questions related to personal data protection, you can at any time contact our personal data protection officer - Labor Safety Management Group LLC, by email: Email: info@smgroup.ge; or by phone +995 577 208 787; 

In addition, you can contact us by phone - 322242400, write to us by email - info@gph.ge;  or visit us at the address: Kobuleti Street, David Agmashenebeli ave. N275.

18. Changes

We may make changes to this document from time to time. The updated document will be published on our website with an indication of the date of change.

Date: 26.03.2025