Privacy policy
PREAMBLE
This policy regulates the process of processing personal data related to users and ensures protection of users' personal data from unauthorized access by any third party.
The Company takes responsibility for each user's visit to its controlled website and for the interest that the user shows toward information placed on the website.
Based on the above, the Company takes responsibility to ensure the security of users' personal data, use data only for the achievement of legitimate purposes, and ensure protection in accordance with personal data protection legislation.
When using the website, the conditions for processing personal data are defined by this Privacy Policy.
DEFINITION OF TERMS
Managing Company/Company - LLC "BabyCo" (ID: 405706883) (Limited liability company registered in accordance with Georgian legislation, registration date: 21/05/2024). Legal address: Georgia, Tbilisi, Saburtalo District, Iosebidze Street, N49 (Dist. 17/1); Kutaisi Street (former Shchortsov), N3; Actual address: Georgia, Tbilisi, Saburtalo District, Iosebidze Street, N49 (Dist. 17/1); Kutaisi Street (former Shchortsov), N3. Email: info@babyco.ge; Hotline: 577 30 56 74.
Website - the website carters.ge operated by the Company.
Personal Data (hereinafter - Data) - any information related to an identified or identifiable natural person. A natural person is identifiable when they can be identified directly or indirectly, including by name, surname, identification number, geolocation data, electronic communication identifiers, physical, physiological, mental, psychological, genetic, economic, cultural, or social characteristics.
Data Processing - any action performed on data, including collection, acquisition, access, photography, video monitoring and/or audio monitoring, organization, grouping, interconnection, storage, modification, recovery, retrieval, use, blocking, deletion or destruction, as well as disclosure of data by transmission, publication, dissemination, or otherwise making it accessible.
Automated Data Processing - data processing using information technology.
Semi-automated Data Processing - data processing using a combination of automated and non-automated means.
Data Subject - any natural person whose data is being processed.
Data Subject's Consent - the data subject's express consent, given freely and clearly after receiving appropriate information, to process their data for a specific purpose, given in written form (including electronically) or orally.
Data Subject's Written Consent - consent given by the data subject in writing (including electronically) after receiving appropriate information, to process their data for a specific purpose, which the data subject has signed or otherwise expressed in writing.
Person Responsible for Processing - a natural person, legal entity, or public body that individually or with others determines the purposes and means of data processing, and either directly or through an authorized person performs data processing.
Authorized Processor - a natural person, legal entity, or public body that processes data on behalf of the person responsible for processing. A natural person employed by the person responsible for processing is not considered an authorized processor.
Third Party - any natural person, legal entity, or public body, other than the data subject, the Personal Data Protection Office, the person responsible for processing, the authorized processor, the special representative, and the person authorized to process data by direct instruction from the person responsible for processing or the authorized processor.
Direct Marketing - direct and immediate provision of information to a data subject via telephone, post, email, or other electronic means for the purpose of forming, maintaining, realizing, or supporting interest in a natural person and/or legal entity, goods, ideas, services, work, and/or undertakings, as well as image and social issues. Direct marketing does not include information provided by a state institution to a natural person if such provision is compatible with the data processing grounds stipulated in Articles 5 and 6 of the Personal Data Protection Law of Georgia.
Data Depersonalization - data processing in such a manner that it is impossible to associate the data with the data subject or establishing such association requires disproportionately large effort, expenses, or time.
Data Blocking - temporary suspension of data processing (except storage).
Incident - a breach of data security that results in unlawful or accidental damage, loss, disclosure, destruction, modification, access, collection/acquisition, or other unlawful processing of data.
1. PARTIES TO PERSONAL DATA PROCESSING
1.1 The data subject is the user who, through registration-authorization on the website and/or purchase of goods, consents to the processing of their personal data for the purposes defined in this Privacy Policy.
1.2 The person responsible for personal data processing is: LLC "BabyCo" (ID: 405706883) (Limited liability company registered in accordance with Georgian legislation, registration date: 21/05/2024). Legal address: Georgia, Tbilisi, Saburtalo District, Iosebidze Street, N49 (Dist. 17/1); Kutaisi Street (former Shchortsov), N3; Actual address: Georgia, Tbilisi, Saburtalo District, Iosebidze Street, N49 (Dist. 17/1); Kutaisi Street (former Shchortsov), N3. Email: info@babyco.ge ; Hotline: 577 30 56 74 .
2. LEGAL BASES FOR DATA PROCESSING
2.1 The Company may process users' personal data if one of the following legal bases exists:
2.1.1 The data subject has given consent to process their data for one or more specific purposes;
2.1.2 Processing is necessary to perform an obligation arising from a contract with the data subject or to enter into a contract at the request of the data subject;
2.1.3 Processing is necessary to comply with obligations imposed on the person responsible for processing by Georgian legislation;
2.1.4 Processing is necessary to provide services to the data subject;
2.1.5 Processing is necessary to protect the legitimate interests of the person responsible for processing;
2.1.6 Processing is necessary to perform tasks in the public interest as defined by Georgian legislation.
2.2 Users are not obligated by law or contract to provide their personal data to the Company. However, failure to provide such data may result in the user's inability to enter into contractual relations with the Company and receive the services defined on the website.
2.3 If the Company processes personal data on the basis of the data subject's consent, the Company presumes that the data subject has given consent after reading this policy, of their own volition and in their interests, and confirms that such consent is informed, specific, and unambiguous.
2.4 Consent by the data subject is considered to be given in proper form through registration on the website, which confirms that the data subject has familiarized themselves with the conditions of personal data processing specified in this policy.
2.5 Consent from the data subject is not required for processing personal data related to them if other legal bases for processing exist as defined in this policy.
3. PURPOSES OF PERSONAL DATA PROCESSING
3.1 When a user registers on the website by providing their email address, the Company is authorized to process the user's personal data for the purpose of providing full and effective services.
3.2 Registration/authorization on the website may also be done using "third party" services such as Google. In such cases, the user must additionally agree to the terms and conditions of such "third party" services. When using such registration/authorization method, the Company receives the following personal data related to the user: name, surname, email address.
3.3 When using the delivery service offered by the Company, the user must additionally provide the Company with the following personal data: name, surname, mobile phone number, email address, address, postal code. Without sharing this information with the Company, the user will not be able to use the delivery service.
3.4 The website operated by the Company does not process personal data related to bank transactions. When conducting such operations, processing of your personal data is carried out by the appropriate financial institution - LLC "Flitt" (ID: 402291220) (for additional information, see: flitt.com/)
3.5 For the purpose of effectively performing obligations imposed on the Company and the user by the contract between them, including legal obligations, the Company processes the user's personal data for the following purposes:
3.5.1 Managing relations with the user;
3.5.2 Developing and implementing marketing activities tailored to the user;
3.5.3 Providing information about purchases made by the user;
3.5.4 Providing information to the user about Company services and products;
3.5.5 Adapting the website and its components to the user's needs;
3.5.6 Protecting website users and preventing fraudulent activities;
3.5.7 Identifying groups of users for whom news should be offered;
3.5.8 Effectively and properly performing legal and contractual obligations of the Company;
3.5.9 Receiving feedback from users and responding to complaints;
3.5.10 Managing risks for the Company and its users;
3.5.11 Sending status notifications to the user related to website activity, such as successful purchase completion;
3.5.12 Provision to competent state bodies when necessary;
3.5.13 Other legitimate purposes provided for by the Personal Data Protection Law of Georgia.
4. RIGHTS AND OBLIGATIONS OF DATA SUBJECTS
4.1 The user is obligated to provide the Company with complete and accurate information for the purpose of receiving services.
4.2 The user, as a data subject, has the right to:
4.2.1 Request confirmation from the person responsible for processing whether data about them is being processed, whether data processing is justified, and within 10 business days of the request, to receive free access to their personal data held by the Company;
4.2.2 Request information about the source of data collection/acquisition;
4.2.3 Receive information about the period of data retention (time), or if a specific period cannot be determined, the criteria for determining the period;
4.2.4 Request information about the legal basis and purposes of data transfer, as well as about appropriate guarantees for data protection;
4.2.5 Receive information about the identity of the data recipient or categories of data recipients, including information about the basis and purpose of data transfer, if data is transferred to a third party;
4.2.6 Request a copy of their personal data held by the Company;
4.2.7 Request the person responsible for processing to correct, update, and/or complete their false, inaccurate, and/or incomplete data;
4.2.8 Request the Company to cease processing, delete, or destroy their data;
4.2.9 The Company has the right to refuse to fulfill the request specified in point 4.2.8 if:
4.2.9.1 There is another legal basis for data processing specified in section 3.5 of this policy or Articles 5 and 6 of the Personal Data Protection Law of Georgia;
4.2.9.2 The data is being processed to establish, exercise, or defend legal claims;
4.2.9.3 Data processing is necessary to exercise the right to freedom of expression or information;
4.2.9.4 The data is being processed for archival purposes in the public interest as provided for by law, for scientific or historical research, or for statistical purposes, and the exercise of the right to cease processing, delete, or destroy data would make it impossible or significantly impair the achievement of processing purposes.
4.2.10 Request the person responsible for processing to block data in the following cases:
4.2.10.1 The user disputes the accuracy of the data;
4.2.10.2 Data processing is unlawful, but the data subject/user objects to deletion and requests blocking of data;
4.2.10.3 The data is no longer necessary for the purpose of processing, but the data subject needs it to submit a complaint/claim;
4.2.10.4 The data subject requests cessation, deletion, or destruction of data processing and this request is being considered;
4.2.10.5 There is a need to retain data for use as evidence.
4.2.11 At any time, request cessation of sending marketing notifications (if any) and processing of personal data for direct marketing purposes in accordance with section 8 of this Privacy Policy;
4.2.12 At any time, without any explanation or justification, withdraw consent given by them or restrict the Company's processing of their personal data, regarding which they must notify the Company at the email address info@babyco.ge. The Company undertakes to cease processing of data within 10 business days of receiving such notification. If the user does not wish to provide personal information or requests cessation of data processing, it may result in hindrance or impossibility for the Company to fulfill its obligations to the user, including account/profile use or receipt of appropriate services.
4.2.13 Submit a complaint regarding personal data processing, including to the Personal Data Protection Office and/or to court.
5. MINORS
5.1 The Company does not intentionally collect or retain information from persons under 16 years of age who have not reached the age of majority as established by Georgian legislation. The Company takes responsibility for the protection of minors' personal information.
5.2 The Company is unable to verify the accuracy of information provided by users. Therefore, if you become aware of the fact that a minor has purchased goods/services on the website operated by the Company, please contact us at the provided email: info@babyco.ge .
6. PERSONAL DATA SECURITY AND RETENTION PERIOD
6.1 The Company ensures consistent and high-quality protection and security of users' personal data.
6.2 The Company is responsible for taking all organizational and technical measures and complying with requirements established by Georgian legislation to ensure that users' personal data is protected and secured against data loss, unlawful processing, including destruction, deletion, modification, disclosure, or use.
6.3 The user acknowledges that any transmission of data via the Internet or wireless networks cannot be absolutely and guaranteed to be secure. The Company takes commercially reasonable security measures to protect personal data and also seeks to establish partnerships only with organizations that take responsibility for the importance of personal data protection. However, the Company cannot guarantee the security of information transmitted to or from the website.
6.4 The Company ensures processing of personal data related to users and storage in such a form that enables identification of the person, as long as this is necessary to achieve the processing purposes specified in this policy.
6.5 When the managing Company ceases processing personal data for the purposes specified in this policy, the Company ensures deletion/destruction of personal data in accordance with procedures and timeframes established by this policy and the law. Deletion/destruction of personal data shall be carried out if one of the following conditions exists:
6.5.1 The user has withdrawn consent and/or requested cessation of processing of their personal data. In this case, the Company ensures deletion/destruction of personal data if the only legal basis for processing was the user's consent;
6.5.2 The purpose of personal data processing has been achieved;
6.5.3 An incident has been detected;
6.5.4 The Company has ceased business operations.
6.6 The Company retains data for the period necessary to achieve the processing purpose, not exceeding 3 (three) years.
6.7 After a user deletes their account/profile on the website, their depersonalized data is retained for a period not exceeding 3 (three) years in accordance with the purposes provided for by this policy, law, and regulatory documents.
6.8 The time and fact of giving and withdrawing consent for data processing for direct marketing purposes is retained by the Company for 1 (one) year from the cessation of direct marketing.
7. SOURCES OF PERSONAL DATA AND SHARING WITH THIRD PARTIES
7.1 The Company receives information about personal data after the user fills out a registration form and/or makes a purchase without passing through authorization.
7.2 Personal information of the user by the Company may be transferred to state bodies or units, regulatory bodies, or any other person on the basis of applicable legislation, regulations, court orders, official requests, or instructions issued by state regulatory bodies, or on the basis of any similar process conducted under applicable legislation.
7.3 To provide effective and fast services, the Company is authorized to transfer personal data related to the user to companies/persons in contractual relations with the Company, which provide courier, information technology, and payment services.
7.4 When transferring personal data to companies in contractual relations, these companies are obligated to protect personal data, ensure security, and fulfill obligations established by the Personal Data Protection Law of Georgia.
7.5 The following information about the user is transferred to the courier service partner company - LLC "QuickShiffer" (ID: 405547877): name, surname, mobile phone number, address. This information will be used only for the purpose of delivering purchased products.
7.6 Sharing of data with the Company's partner companies, courier service providers, and subcontractors may be necessary to the extent necessary to fulfill obligations imposed on the user by the contract concluded with the Company.
7.7 The managing Company does not ensure international transfer of data.
8. DIRECT MARKETING
8.1 With the consent of the data subject, for direct marketing purposes, specifically to receive advertising notifications from the Company, notifications about planned news/promotions/discounts, the following personal data related to the data subject may be processed: name, surname, mobile phone number, and email address.
8.2 The user is authorized to request cessation of sending marketing notifications (if any) at any time in the same manner as direct marketing was carried out and/or by sending a notification to info@babyco.ge. The Company respects the user's wishes and, within a reasonable timeframe but not exceeding 7 business days from receipt of such notification, will cease using the user's personal data for direct marketing purposes.
8.3 Withdrawal of consent does not affect the lawfulness of personal data processing based on consent.
9. COOKIES
9.1 The website operated by the Company uses cookies to simplify navigation, offer information in the desired format, and improve search parameters.
9.2 The Company does not collect or process personal data related to users through cookies.
9.3 For detailed information regarding the Company's processing of cookies, please see the "Cookies Policy" on the carters.ge website.
10. CHANGES TO PRIVACY POLICY
10.1 The Company reserves the right to change this Privacy Policy at any time.
10.2 Any changes made to the Privacy Policy are immediately communicated to registered users by sending an email notification and/or by posting information on the website.
11. TERMS OF USE
11.1 By electronically marking/acknowledging agreement with the Terms and Conditions, the user confirms that they simultaneously agree to this Privacy Policy, that the information provided by the user constitutes accurate and truthful data. The information was provided at the user's request and for this purpose they have all rights and permissions provided for by legislation.
11.2 The legal basis for the Company's processing of personal data is the Personal Data Protection Law of Georgia and the "Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data" (CETS N 108, Strasbourg, 28 January 1981).
12. CONTACT WITH COMPANY
12.1 If you have questions or requests related to the processing of personal data, you can contact the Company at the following email: info@babyco.ge; Hotline: 577 30 56 74.
End of Privacy Policy