Personal Data Protection Officer
LTD PLC CONSALTING
Phone: 505 05 46 99
Email: info@plcconsulting.ge
Privacy Policy
2024
Who We Are
Joint Stock Company “Microfinance Organization Georgian Capital” (hereinafter – the Company)
Identification number: 204568574
Legal address: 37 Rustaveli Av., Mtatsminda district, Tbilisi, Georgia
Registration date: May 22, 2009.
Purpose of the Confidentiality Policy
For Joint Stock Company “Microfinance Organization Georgian Capital”, as a responsible company, it is important to ensure high-quality protection of personal data and security, as well as to ensure compliance of the data processing with the requirements defined by Georgian legislation and international acts.
The purpose of this document is to describe the personal data processing in the company.
Data Processing Principles
We process your personal data in accordance with the Constitution of Georgia, the Law of Georgia “On Personal Data Protection”, other relevant national legislative or subordinate acts, and international standards/acts.
When processing personal data, we adhere to the principles of legality, fairness, transparency, processing data without violating its integrity, purpose limitation, data minimization, data authenticity and accuracy, limitation of data storage period, and data security.
Which Personal Data Do We Collect? Categories of Personal Data
For the purpose of properly implementing the company’s activities, personal data is collected and processed, which is unified into the following categories:
| Identification data | Name, surname, gender, date and place of birth, personal number/passport number (ID/passport data), citizenship.
|
| Reference Information | Email address, phone number, registration address, actual place of residence. |
| Socio-Demographic data | Employment/Profession Information, Education. |
| Data related to social relations | Information on marital status, information about family members, including children; Information about reference persons;
|
| Financial data | Financial state; status and history of financial activities; credit history; Creditworthiness; History of the use of a financial product in the company; financial history, including overdue; Revenue information; information related to accounts, including bank account number;
|
| Publicly available information | Information that the Company obtains about a person from public/open/legally available bases/lists/pages uploaded on the Internet;
|
| Special category data | data related to the health state; data on the conviction (only for the identification of whether a person has been convicted of an economic crime for the purpose of employment in a position where the person has access to the company’s financial resources) and a certificate of drug addiction (driver and/or other similar position).
|
| Location data | IP address and whereabouts.
|
| Contractual data | Information about a person’s products and services provided. |
Whose personal data do we collect, and for what purpose and basis(s)?
1. Personal data of clients/debtors
| Purpose of data processing | Data category | Basis of data processing
|
Data deposition term | |
| Providing the product and service to the customer
Client Personal Affairs |
Identification data; Contact details; socio-demographic data; data related to social relations; Financial data; Publicly available information.
|
Your consent
To enter a transaction with your request
To fulfill the obligations undertaken by the transaction
Our Legitimate Interest
Our Legislative Commitment
|
Within 6 years from the termination/expiration of the contract
To fulfill the obligations determined by legislation. |
|
| Special categories of data that are processed when conducting the client’s personal affairs
|
Information about the state of health. | Your consent
Our Legitimate Interest
|
For the period necessary to achieve a legitimate goal | |
| Source of data collection | Data is collected directly from the client. | |||
-
Personal data of employed persons
| Purpose of data processing | Data category | Basis of data processing
|
Data deposition term | |
| Conclusion of the labor agreement and the fulfillment of the obligations deriving therefrom | Identification data; Contact details; socio-demographic data; data related to social relations; Financial data; Publicly available information. | Your approval
To fulfill the obligations undertaken by the transaction
Our Legitimate Interest
Our Legislative Commitment
|
Within three years after the termination/expiration of the contract, in order to fulfill the obligation determined by legislation. | |
| Special categories of data that are processed during the employee’s personal affairs
|
Information about the health state; data on the health state of the family members, data on conviction, data on drug register
|
Your approval
Our Legitimate Interest
|
For the period necessary to achieve a legitimate goal | |
| Data collection source | Data is collected directly from the employee. | |||
-
Personal data of the persons appealing for employment
| Purpose of data processing | Data category | Basis of data processing
|
Data deposition term | |
| Determination of the compliance of the qualification of the applicant with the position in the Company | Identification data; Contact details; socio-demographic data; data on social relations, financial data, publicly available information; | Your approval
Our Legitimate Interest
|
Data of the candidates that have been declined from the appointment in the Company are not deposited in the Company but expunged upon the accomplishment of the competition | |
| Data collection source | Data is collected directly from the candidate. | |||
-
Personal data related to the service and/or goods purchase agreement
| Purpose of data processing | Data category | Basis of data processing
|
Data deposition term | |
| Receipt/purchase of services or items/goods by the Company | Identification data; Contact details; socio-demographic (this data is collected only when a relevant agreement is concluded with a legal entity, in the context of the position occupied by a representative of a legal entity in this legal entity)
Contractual data |
Your approval
Our Legitimate Interest
To fulfill the obligations undertaken by the contract
|
For the necessary period to achieve a legitimate goal. | |
| Data collection source | Data is collected directly from a natural person or a legal entity with whom the contract is signed. | |||
Data on minors
We process data about minors, including special category data, only in the context of employment relationships, for the purpose of our employees receiving benefits established by Georgian legislation or defined by the company’s internal regulations, taking into account the best interests of the minor.
Data of Deceased Persons
We process data about deceased persons for the purpose of fulfilling contractual obligations and realizing the company’s contractual powers/interests, in accordance with the requirements of the Law of Georgia “On Personal Data Protection.”
Sources from Which We Obtain Data and How We Protect Collected Data
We receive your personal data when:
- You become our customer;
- You submit an application for a vacant position in the company;
- You become an employee of the company;
- A service or other type of agreement is concluded with you;
- You use the company’s products and services;
- During telephone communication or when visiting the company/branch;
- When you use the company’s website (filling out a loan application, submitting a complaint);
- When you send letters by mail or email;
- When you carry out transactions;
- We collect data from organizations such as the public registry and other public organizations;
- In addition, we also collect data from other publicly/openly/legally accessible databases/lists/pages available on the internet;
Personal Data Security
We have adopted appropriate technical and organizational measures to ensure the lawful processing of your data. We have also taken organizational and technical measures to ensure the confidentiality, integrity, and availability of data in electronic and physical forms.
Your Rights
You have the right to:
- Request confirmation of whether we process data about you, whether data processing is justified, and receive free of charge, according to your request, information about the data being processed, as well as the basis and purpose of processing this data; about the source of data collection/acquisition, etc.;
- Review your personal data available to us and receive copies of this data;
- Request correction, updating, and/or completion of incorrect, inaccurate, and/or incomplete data about you;
- Request termination of processing, deletion, or destruction of your data;
- Request blocking of your data;
- In case of automatic data processing, if technically possible, receive data provided by you from us in a structured, commonly used, and machine-readable format, or request the transfer of this data to another person responsible for processing;
- At any time, without any explanation or justification, withdraw the consent given to us regarding the processing of your data;
- In case of violation of your rights, in accordance with the procedure established by law, apply to the Personal Data Protection Service and/or the court.
Information Received from Third Parties
In accordance with the procedures and within the limits established by law, we have the right to request and receive your personal data from third parties, such as credit information bureau(s) (including both positive and negative information stored in their electronic database), as well as from the electronic database of the LEPL – Public Service Development Agency and other administrative bodies.
In such cases, we take into account the rights and obligations established by Article 25 of the Law of Georgia “On Personal Data Protection,” including the obligation to inform you.
Sharing of Personal Data
We may share your personal data with a third party to perform a specific task when the company, within the scope of its main activities, uses the services of third parties, other providers. For example:
- IT service provider companies;
- Legal, auditing, and other professional services provided to the company by lawyers, notaries, trustees, auditing companies, etc.;
- Insurance company that provides insurance for company employees;
- Commercial bank through which an employee’s labor remuneration is paid;
- Commercial bank, when using an appropriate account for the purpose of using the company’s loan product or carrying out other transactions;
- Other data sharing with third parties for similar legitimate purposes.
We transfer personal data to third parties only on the basis of a legal act or contract that defines the grounds and purposes of data processing, categories of data to be processed, the term of data processing, and the rights and obligations of the person responsible for processing and the person authorized to process.
Implementation of Video Monitoring and Audio Monitoring
The company carries out monitoring in accordance with the “Rules for Implementing Video Monitoring and Audio Monitoring,” which is available at the following link – Rules for Reviewing Personal Data-related Applications
Procedure for Termination of Data Processing, Deletion, or Destruction of Data
The termination of data processing, as well as the deletion or destruction of data within the company, may occur either at the company’s initiative or upon the request of the data subject.
When initiated by the company, deletion or destruction of data takes place within thirty (30) calendar days following the expiration of the applicable data retention period. Physically stored data is destroyed using a paper shredder, while electronically stored data is deleted in a manner that renders its recovery impossible without disproportionate effort.
Requests for the termination of data processing, or for the deletion or destruction of personal data, may be submitted in writing—either via email to info@georgiancapital.ge or in printed form to the company’s address: 37 Rustaveli Avenue, Tbilisi.
The company is obligated to respond to such requests within 10 (ten) working days from the date of submission, unless a different timeframe is specified by Georgian legislation. Within this period, the company must either terminate the data processing and/or delete or destroy the data, or provide a reasoned refusal, specifying the legal grounds and outlining the procedure for appealing the decision.
In cases where data is deleted or destroyed, a Personal Data Destruction Act is prepared, which includes at minimum a description of the deleted or destroyed data, the legal basis for deletion or destruction, the method used, the name(s) and signature(s) of the authorized person(s), and the date of deletion or destruction.
The individuals responsible for deleting and destroying personal data are appointed by an order issued by the company’s director.
Other Conditions
Issues not covered by this policy document are regulated in accordance with the Law of Georgia “On Personal Data Protection” and the subordinate normative acts issued on its basis.
Change in Confidentiality Policy
This document is periodically updated by the company.
Changes to the document are made through publication on the company’s website, and you should familiarize yourself with the changes periodically. You will be personally notified of changes only if this obligation arises from current legislation.
How to Contact Us
If you wish to exercise the rights granted to you by legislation and this document, you can write to us via email at: info@georgiancapital.ge or visit us/leave your application at the company (address: 37 Rustaveli Avenue, Tbilisi) during working hours, personally or through a representative. Also, please note that in order to ensure that we are sharing data with the actual data subject or their authorized person, the application must be accompanied by a copy of the identification card (when you write the application yourself) or a power of attorney and a copy of the identification card (when the application is written by a person authorized by you/your representative). The data subject’s application is reviewed in accordance with the “Procedure for Reviewing Applications Related to Personal Data” approved by the company.
In addition to the above, from Monday to Friday, during working hours, you can contact us at the following phone number: (032) 296-10-10 or contact our Personal Data Protection Officer – PLC Consulting LLC (contact email: info@plcconsulting.ge, contact number: 505 05 46 99).