Privacy Policy
PERSONAL DATA PROTECTION POLICY AND PURPOSE:
Company “FASHION HOUSE LTD” 205210403 focuses on personal data protection and information confidentiality, in full compliance with both international data protection standards and Georgian legislation on “personal data protection”.
Ensuring data protection is an important basis for reliable and honest business relations and the reputation of the insurance company as an attractive partner or employer.
SCOPE OF DARA PROTECTION POLICY:
This policy fully applies to the processing of personal data by automatic, semi-automatic or non-automatic means by “FASHION HOUSE LTD” and is used in the process of personal data protection.
This policy applies to “FASHION HOUSE LTD” customers, company employees, contractors, all persons whose data is processed by “FASHION HOUSE LTD” as well as to data recipients and authorized persons who process personal data on behalf of or for the company.
BASICS AND PRINCIPLES OF PERSONAL DATA PROCESSING:
Personal data can be processed in the company only in the following cases:
There is data subject consent;
Data processing is provided by law;
Data processing is necessary for the company to fulfill its legal obligations;
Data processing is necessary to protect the vital interests of the data subject;
Data is publicly available;
The data was made publicly available by the data subject himself;
Data processing is necessary based on the application of the data subject in order to provide services to him;
In other cases provided for by law;
Data processing is carried out in accordance with specific principles:
Fairness and legality – personal data must be processed fairly and legally, without violating the dignity of the person;
Existence of a clearly defined legal purpose – it is necessary to have a specific purpose for which the data is processed. The use of data for other purposes is not allowed.
Proportionality and Adequacy – data must be processed in the minimum volume necessary to achieve the specific purpose of data processing; The data itself should also be relevant to this purpose.
Authenticity and accuracy – the data must be true and accurate, if necessary, it must be updated, also the reliability of the information source must be verified, false and inaccurate data must be corrected;
Personal data storage period – Personal data must be kept for the period specified by law or for the period necessary to achieve the purpose. Once the purpose has been achieved, they must be blocked, deleted or destroyed, or stored in a non-identifying manner, unless otherwise required by law. Anti-money laundering legislation provides for a five-year data retention period unless there is a legal basis for longer data retention.
Further processing of data for other purposes incompatible with the original purpose is not allowed. Data collected without a legal basis and irrelevant to the purpose of processing must be blocked, deleted or destroyed.
PERSONAL DATA CATEGORY AD IT’S PROCESSING:
The company mainly collects and processes several categories of personal data. In particular: first name, last name, gender, date of birth, type of identity document, series, number, personal number, citizenship, country, actual and registration address, phone number, personal and official e-mail address; Marital status, activity/profession, workplace, position. Bank account number, health information, technical passport, motor vehicle make, model, year of manufacture, state number, identification number, insurance/insured object information, driver’s license series, type, number, date of issue, video image, date of insured event and Description, amount of damage caused, IP address, using which access to the sites belonging to the “Company” is carried out.
Processing of personal data means collecting, recording, photographing, audio recording, video recording, organizing, storing, changing, restoring personal data of a person using automatic, semi-automatic or non-automatic means.
The data is mainly processed: for the purpose of providing insurance services, issuing insurance compensation, reviewing customer statements, performing contractual relations of various types/contents, employment, direct marketing, fulfilling the obligations imposed on the “Company” by law; They are processed in the event that there is the consent of the data subject, data processing is provided by law, data processing is necessary for the “Company” to fulfill its obligations under the law.
The consent of the data subject shall be expressed orally, in writing, by telecommunication or other appropriate means in a manner that can be used to determine the will of the data subject.
The company may process data based on the needs of the service or only in special cases with the help of another data processor and on the basis of a written agreement with him, which must comply with the strictly established standards of the “Company” and the requirements established by the legislation of Georgia.
DIRECT MARKETING:
The data subject authorizes the company to make offers of services, goods, employment or requests for any kind of action through the data subject’s phone call, e-mail, other telecommunication means or direct communication with the users in order to implement various marketing offers.
The data subject has the right to request the data processor at any time
Termination of use of data for direct marketing purposes.
“Company” is obliged to stop using data for direct marketing purposes
Processing and/or ensuring termination of data processing for direct marketing purposes by the authorized person no later than 10 working days after receiving the data subject’s request.
VIDEO SURVEILLANCE AND AUDIO RECORDING:
In order to ensure security and property protection, as well as service quality control, in compliance with the requirements established by the Georgian Law “On Personal Data Protection”, the external perimeter and entrances of the building, workplaces are being monitored in the “Company” through video surveillance and audio recording systems, and audio recording is in progress with the company by telephone. when communicating.
In order to improve customer service, the data subject will be informed about the progress of video surveillance and audio recording in the company’s service areas, as well as about the recording of phone calls during telephone communication with the company, in accordance with the requirements of the law.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES:
The company may transfer the personal data of the data subject to third parties for the following purposes: for the perfect service of the data subject, in the cases determined by the legislation of Georgia, for the purpose of fulfilling the duties imposed on the company by the legislation of Georgia, as well as based on the agreements signed with other companies, organizations operating in the state sector, organizations operating in the insurance industry. for the purposes of fulfilling the obligations assumed by
The third party is represented by the provider institutions of the “Company”, organizations operating in the state sector, organizations operating in the insurance industry, partner companies of the “Company”, reinsurance companies, credit information bureau.;
The “Company” has the authority to transfer personal data to third parties based on the legislation or the agreements signed with the data subject.
The “Company” transfers personal data to third parties in accordance with the Law of Georgia “On Personal Data Protection”.
OBTAINING PERSONAL DATA FROM THIRD PARTIES:
The “Company” may obtain the personal data of the data subject from third parties for the following purposes: for the perfect service of the data subject, in the cases determined by the legislation of Georgia, in order to fulfill the duties imposed on the “Company” by the legislation of Georgia, as well as based on the agreements signed with other companies, organizations operating in the state sector, organizations operating in the insurance industry For the purposes of fulfilling the obligations assumed by the “Company”.
The third party is represented by the provider institutions of the “Company”, organizations operating in the state sector, organizations operating in the insurance industry, partner companies of the “Company”, reinsurance companies, credit information bureaus.
The “Company” has the right to obtain personal data from third parties based on the legislation or the agreements signed with the data subject.
The “Company” collects personal data from third parties in accordance with the Law of Georgia “On Personal Data Protection”.
DATA PROCESSING THROUGH AN AUTHORIZED PERSON:
Based on the terms of this policy, the company may act as a data processor and on its behalf, or the data may be processed by an authorized person, only if the “company” has signed a corresponding written agreement with the authorized person. Before signing the contract, the company is always convinced in advance of the party’s reliability and the contract stipulates the obligation of the authorized person to take such organizational and technical measures that ensure the protection of the data subject’s personal data.
DATA SECURITY:
The “Company” has adopted such reasonable organizational and technical measures that ensure the protection of data in the Company against accidental or illegal destruction, alteration, disclosure, extraction, any other form of illegal use and accidental or illegal loss.
Confidentiality of personal data is strictly protected in the “Company”. Only those employees who need to process the data to perform their duties have access to them.
Protection of personal data in the “Company”, control of compliance of their processing with the present policy, legislation and internal procedures of the company is ensured by the personal data protection officer.
RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT:
The data subject has the right to request information from the company regarding data processing. In such a case, the company shall provide the following information no later than 10 (ten) calendar days after receiving the notification of the request:
basis and purpose.
The data subject has the right to contact the company at any time and in case the data is incomplete, inaccurate, not updated or if their collection and processing was carried out against the law, to request the correction, blocking, updating, addition, deletion or destruction of his personal data. In such a case, the company responds accordingly within 15 (fifteen) calendar days after receiving the notification.
The data subject is entitled at any time, without any explanation, to invoke (demand the termination of data processing and/or processed
destruction of data) consent declared by him to the “company” regarding the processing of his personal data. In the event that the company processed personal data only on the basis of the consent expressed by the data subject, “FASHION HOUSE LTD” will ensure the implementation of appropriate actions within 5 (five) calendar days after receiving such notification.
CONTACT:
For any issues related to personal data protection in the company, you can contact us at the following e-mail address: [email protected]