Personal Data Protection Officer
LTD PLC CONSALTING
Phone: 505 05 46 99
Email: info@plcconsulting.ge

Privacy Policy

2024

Background

Joint Stock Company “Microfinance Organization Georgian Capital” (hereinafter referred to as the “Company”)

Tax ID: 204568574

Legal address: N37, Rustaveli Av., Mtatsminda district, Tbilisi, Georgia

Registration Date: May 22, 2009

 

The Purpose of the Privacy Policy

It is paramount for the joint-stock company “Microfinance Organization Georgian Capital” as a responsible company to protect personal data with high quality and ensure security, as well as to ensure compliance of the data processing process with the requirements determined by the legislation of Georgia and international acts.

The purpose of this document is to describe the process of personal data processing in the company.

 

Principles of data processing

We process your personal data in accordance with the requirements of the Constitution of Georgia, the Law of Georgia on Personal Data Protection, other relevant national legislative or subordinate acts and international standards/acts.

Upon processing personal data, we adhere to the principles of lawfulness, fairness, transparency, infringement of data dignity, restriction of purpose, data minimization, data authenticity and accuracy, restriction of data Data deposition term and data security.

 

Which personal data do we collect? Personal Data Categories

In order to carry out the activities of the company in a due manner, personal data is collected and processed, further classified into the categories as follows:

 

Identification data Name, surname, gender, date and place of birth, personal number/passport number (ID/passport data), citizenship.

 
Reference Information Email address, phone number, registration address, actual place of residence.
Socio-Demographic data Employment/Profession Information, Education.
Data related to social relations Information on marital status, information about family members, including children; Information about reference persons;

 
Financial data Financial state; status and history of financial activities; credit history; Creditworthiness; History of the use of a financial product in the company; financial history, including overdue; Revenue information; information related to accounts, including bank account number;

 
Publicly available information Information that the Company obtains about a person from public/open/legally available bases/lists/pages uploaded on the Internet;

 
Special category data data related to the health state; data on the conviction (only for the identification of whether a person has been convicted of an economic crime for the purpose of employment in a position where the person has access to the company’s financial resources) and a certificate of drug addiction (driver and/or other similar position).

 
Location data IP address and whereabouts.

 
Contractual data Information about a person’s products and services provided.

 

 

Whose personal data do we collect, and for what purpose and basis(s)? 

1.    Personal data of clients/debtors

Purpose of data processing Data category Basis of data processing

 

 Data deposition term
Providing the product and service to the customer

Client Personal Affairs

 Identification data; Contact details; socio-demographic data; data related to social relations; Financial data; Publicly available information.

 

 Your consent

 

To enter a transaction with your request

 

To fulfill the obligations undertaken by the transaction

 

Our Legitimate Interest

 

Our Legislative Commitment

 

 Within 6 years from the termination/expiration of the contract

 

To fulfill the obligations determined by legislation.
Special categories of data that are processed when conducting the client’s personal affairs

 

 Information about the state of health. Your consent

 

Our Legitimate Interest

 

 For the period necessary to achieve a legitimate goal
Source of data collection Data is collected directly from the client.

  

  1. Personal data of employed persons

 

Purpose of data processing Data category Basis of data processing

 

 Data deposition term
Conclusion of the labor agreement and the fulfillment of the obligations deriving therefrom Identification data; Contact details; socio-demographic data; data related to social relations; Financial data; Publicly available information. Your approval

 

To fulfill the obligations undertaken by the transaction

 

Our Legitimate Interest

 

Our Legislative Commitment

 

 Within three years after the termination/expiration of the contract, in order to fulfill the obligation determined by legislation.
Special categories of data that are processed during the employee’s personal affairs

 

 Information about the health state; data on the health state of the family members, data on conviction, data on drug register

 

 

 Your approval

 

Our Legitimate Interest

 

 For the period necessary to achieve a legitimate goal
Data collection source Data is collected directly from the employee.

 

  1. Personal data of the persons appealing for employment

 

Purpose of data processing Data category Basis of data processing

 

 Data deposition term
Determination of the compliance of the qualification of the applicant with the position in the Company Identification data; Contact details; socio-demographic data; data on social relations, financial data, publicly available information; Your approval

 

Our Legitimate Interest

 

 Data of the candidates that have been declined from the appointment in the Company are not deposited in the Company but expunged upon the accomplishment of the competition
Data collection source Data is collected directly from the candidate.

 

  1. Personal data related to the service and/or goods purchase agreement

 

Purpose of data processing Data category Basis of data processing

 

 Data deposition term
Receipt/purchase of services or items/goods by the Company Identification data; Contact details; socio-demographic (this data is collected only when a relevant agreement is concluded with a legal entity, in the context of the position occupied by a representative of a legal entity in this legal entity)

 

Contractual data

 Your approval

 

Our Legitimate Interest

 

To fulfill the obligations undertaken by the contract

 

 

 For the necessary period to achieve a legitimate goal.
Data collection source Data is collected directly from a natural person or a legal entity with whom the contract is signed.

 

 

Data on minors

 We process data on minors, including special categories of data, only in terms of labor relations, for the purpose of obtaining the rights of our employees established under the legislation of Georgia or for the benefit determined by the internal regulations of the company, taking into account the best interests of the minors.

 

Data on Decedents

We process data on the decedents in order to fulfill our contractual obligations and to realize the contractual powers/interests of the company, in accordance with the requirements of the Law of Georgia on Personal Data Protection.

 

Sources we collect data from and how we protect the data obtained

We accept your personal data:

  • When you become our customer;
  • When you send an application to occupy the vacant position in the company;
  • When you become an employee of the company;
  • When a service or other type of contract is signed with you;
  • When you use the company’s product and service;
  • During phone communication or upon the visit to the company/branch;
  • When you use the company’s website (filling out an application for a loan, submitting a claim);
  • When you send letters by mail or e-mail;
  • When you undertake transactions;
  • We collect data from organizations such as the Public Registry and other public organizations;
  • In addition, we collect data from other public/open/legally available databases/lists/pages uploaded on the Internet;

 

Personal Data Security

We apply due technical and organizational measures to ensure the lawful processing of your data. We have also undertaken organizational and technical measures to ensure the privacy, integrity and availability of electronically and physically available data.

 

Your rights

You are entitled:

  • To require a confirmation from us whether we process your data, whether the data processing is substantiated, and inquire free of charge of the data that is being processed in line with the request, as well as the basis and purpose of processing this data; on the source of data collection/extraction, etc.;
  • To find out more about your personal data and get copies of this data;
  • To prompt us to correct, update and/or supplement false, inaccurate and/or incomplete about you;
  • To request us to terminate the procession of, delete or destroy your data;
  • Request us to block your data;
  • In the event of automatic processing of data, if technically feasible, to receive the data provided by you in a structured, publicly used and machine-readable format or request the transfer of that data to the other person responsible for processing;
  • at any time, without any explanation or justification, withdraw your approval for the processing of your data.
  • In case of violation of your rights, contact the Personal Data Protection Service and/or the court in accordance with the procedure established by law.

 

Information received from a third party

 In accordance with the Law, we enjoy the right to inquire for and receive your personal information from third parties, e.g. CreditInfo Bureau(s) (including both positive and negative information stored in their electronic database), as well as LEPL – From the database of the Public Service Development Agency and other administrative bodies.

In this case, we take into account the rights and obligations established by Article 25 of the Law of Georgia on Personal Data Protection, including the obligation to inform you.

 

Sharing Personal Data

We may share your personal data with third parties in order to complete a specific task, where the Company uses the services of third parties and other providers within the scope of its core activities. For example:

  • IT service provider companies.
  • Legal, audit and other professional services provided by lawyers, notaries, proxies, audit companies, etc.
  • An insurance company that provides insurance to the employees of the company.
  • A commercial bank on the basis of which the remuneration provided to the employee is paid.
  • A commercial bank when using a proper account for the purpose of using the company’s loan product or otherwise performing a transaction.

We transfer personal data to third parties only on the basis of a legal act or agreement, which stipulates the grounds and objectives of data processing, the categories of data to be processed, the terms of data processing and the rights and obligations of the person responsible for processing and the person authorized to process.

 

 

International Data Transfer

In order to make a decision regarding employment, your personal data shall be transferred to a member of the supervisory board of the Company in Azerbaijan. This shall be carried out on the basis of the approval of the candidate for employment.

The loan application, that exceeds the requirement of over 50,000 GEL, is considered and therefore for the purpose of making a decision, the personal data of the client, which was submitted during the processing of the loan application, is sent to Azerbaijan to a member of the company’s supervisory board, with the approval of the client.

The Company has taken appropriate technical and organizational measures to ensure the security of personal data.

 

Video surveillance and audio monitoring

The company undertakes surveillance and monitoring in accordance with the “Video Monitoring and Audio Monitoring Ordinance”, which is available at the following link
Rules for video and audio monitoring

 

Procedure for termination processing, deletion or destruction of data

The processing of data in the company is terminated, deleted or destroyed at the initiative of the company or on the basis of an application of the data subject.

On the initiative of the company, the data shall be deleted or destroyed within 30 (thirty) calendar days after the expiration of the deposition term of relevant personal data in the company. The data stored in the physical form is destroyed through a paper jet (shredder), and the data stored in electronic form is deleted electronically so that they cannot be restored without providing disproportionate efforts.

Data processing can be terminated, deleted or destroyed in writing by submitting the request to the e-mail address: info@georgiancapital.ge or submitting it in printed form to the company (Address: 37,  Rustaveli Avenue, Tbilisi).

The Company is obliged to terminate the processing and/or delete/destroy your data no later than within 10 working days after the submission of the request (unless otherwise provided for by the legislation of Georgia) or to notify you of the refusal of the request, indicating the relevant grounds and explaining to you the procedure for appealing the refusal.

An act of destruction of personal data shall be drawn up on the destruction/deletion of data, where, at the very least, information on the destroyed/deleted data, the grounds for destruction/deletion, the form of destruction/deletion, the person(s) and the signature and the date of destruction shall be indicated.

The person(s) responsible for the deletion and destruction of personal data shall be determined by an order of the director of the company.

 

Other terms

Issues that are not covered by the present policy document shall be regulated in accordance with the Law of Georgia on Personal Data Protection and subordinate normative acts issued on the basis thereof.

 

Amendment to Privacy Policy

This document is periodically updated by the Company.

Changes to the document are made by uploading on the company’s website and you shall get cognizant of introduced amendments on an intermittent basis. You will be personally notified of the amendments only if this obligation derives from the applicable legislation.

 

How to contact us

If you wish to exercise the rights granted to you by the legislation and this document, you can write to us via e-mail at the address:  info@georgiancapital.ge or during business hours/submit your application to us personally or through a representative. In addition, please note that in order to ensure that the data is indeed shared to the data subject or its authorized person. The application shall be enclosed with a copy of the ID card (when you write the application yourself) or a copy of the power of attorney and ID card (when the application is written by the person authorized by you/your representative).

In addition to the above, during working hours, you can contact us at the following phone number: (032) 296-10-10 or contact our Personal Data Protection Officer – PLC Construction LLC (contact e-mail: info@plcconsulting.ge,  contact number: 505 05 46 99).