Georgian Resorts

Menu
Facebook-f Instagram Whatsapp
Menu

Privacy and Personal Data Protection Policy

Last Update Date: 27/11/2025

This Policy defines how Georgian Resorts (hereinafter referred to as “we” or “the Data Controller”) processes your personal data when using the website. Our goal is to ensure the protection of your data in full compliance with the requirements of the Law of Georgia on Personal Data Protection.

1. General Provisions and Terms

1.1.

The purpose of this Policy is to ensure the protection of human rights and freedoms during data processing, including the right to privacy.

1.2. Personal Data

Any information relating to an identified or identifiable natural person (the data subject), including: name, surname, email, phone number, location data, IP address.

1.3. Data Processing

Any action performed on personal data, including: collection, storage, use, transfer, or deletion.

1.4. Data Controller

Individual entrepreneur Nodar Kozanashvili, ID: 11001032038, address: Borjomi District, Bakuriani, email: georgianresorts.contact@gmail.com, mobile: 501501222. We determine the purposes and means of data processing.

1.5. Authorized Processor

A natural or legal person who processes data on behalf of and under the instructions of the Data Controller (e.g., hosting provider, CRM system provider).

1.6. Data Subject

An identified or identifiable natural person to whom the personal data relates (i.e., the user).

1.7. Data Recipient

A person who receives personal data. In our case, the data recipient is the service provider (partner).

1.8. Service Provider / Partner

A third party (e.g., hotel, instructor, tour guide) to whom the user’s personal data is provided to perform the booking.

1.9. User

A natural person who makes a service booking on the Platform.

1.10. Consent

A freely given, specific, informed, and unequivocal statement by the data subject.

1.11. Automated Means

Electronic systems, website, application, and any other software through which data processing occurs.

2. What Data We Process, for What Purpose, and Legal Basis

We process your personal data lawfully, fairly, and transparently, only for specific and legitimate purposes under the Law of Georgia on Personal Data Protection.

2.1. Service Execution and Booking Management

  • Data: Identification data (name, surname), contact data (phone, email), activity-specific data (dates, times).
  • Purpose: To create, confirm, and communicate regarding the booking of your selected service (hotel, tour, instructor).
  • Legal Basis: Performance of the contract (data processing is necessary for the execution of the service contract concluded with you).

2.2. Financial Transactions and Legal Obligations

  • Data: Transaction/financial data (payment status, invoice data).
  • Purpose: To process payments, manage refunds, and comply with accounting/tax law.
  • Legal Basis:
    • Performance of the contract (receiving payment);
    • Legal obligation (tax and accounting compliance).

2.3. Security, Analysis, and Platform Improvement

  • Data: Technical data (IP address, device type, cookies).
  • Purpose: Fraud prevention, website security monitoring, analysis of user behavior for service improvement.
  • Legal Basis: Legitimate interest (our interest as Data Controller to ensure proper and secure Platform functioning).

2.4. Direct Marketing

  • Data: Name, email, phone number.
  • Purpose: Providing news, discounts, and special offers regarding Georgian Resorts services.
  • Legal Basis: Consent of the data subject.
    • Note: The user has the right to withdraw consent to marketing messages at any time via email or other means.

2.5. Processing of Special Categories of Data

  • Data: Information about health or disability (if provided).
  • Purpose: To provide sports/adventure services safely and effectively (e.g., informing the instructor of a tourist’s allergy).
  • Legal Basis: Explicit consent of the data subject.
    • Note: This data is processed only if voluntarily provided in writing with explicit consent.

3. Transfer of Data to Third Parties

3.1.

Georgian Resorts acts as a platform (intermediary); therefore, to perform the booking, your data (name, phone, booking details) must be provided to direct service providers (hotels, guides, instructors).

3.2.

The data recipient may be a natural or legal person. You will be informed of the category of the data recipient during the booking process.

3.3.

We may also use “authorized processors” (e.g., hosting provider, IT support) who process data solely on our instruction and based on written agreement, ensuring security standards.

4. Processing Personal Data of Minors

4.1.

It is possible to book children’s activities on the Georgian Resorts Platform. We comply with Article 7 of the Law of Georgia on Personal Data Protection.

4.2.

Processing is permitted if the minor is 16 years or older and can understand the consequences of processing. If the minor is under 16, processing is allowed only with consent from a legal representative (parent or guardian).

4.3.

We undertake to follow the principle of data minimization when processing minors’ data. The Data Controller does not process special categories of data of minors without explicit written consent from the parent/legal representative.

5. Data Retention Period

5.1.

Your data will be stored only as long as necessary to provide the service and to comply with legal obligations (e.g., accounting or tax purposes). After achieving the purpose, the data will be deleted or destroyed.

6. Your Rights

6.1. Under the Law on Personal Data Protection, you have the following rights:

  • Access: Request information about what data is processed about you, for what purpose, and to whom it was disclosed.
  • Notification and Copy: Request a copy of your data free of charge.
  • Correction: Request correction/update of inaccurate, incomplete, or incorrect data.
  • Cease Processing and Deletion: Request cessation of data processing or deletion if processing is no longer necessary or consent is withdrawn.
  • Blocking: Request temporary blocking of data where provided by law (e.g., dispute over accuracy).
  • Withdrawal of Consent: Withdraw your consent at any time without explanation (e.g., for marketing messages).

6.2.

Upon your request, we are obliged to respond within 10 business days.

7. Data Security

7.1.

We take appropriate organizational and technical measures to protect your data from accidental or unlawful destruction, alteration, disclosure, or unauthorized access.

7.2.

In the event of an incident that threatens your rights, we are obliged to notify the Personal Data Protection Servicewithin 72 hours and, in certain cases, also notify you.

8. Right to Appeal

If you consider that your rights have been violated, you have the right to contact:

  1. Our team: georgianresorts.contact@gmail.com
  2. Personal Data Protection Service (Address: Tbilisi, Vachnadze St. №7; Tel: 2421000)
  3. Court