"Back Office" LTD
Privacy Policy
This Privacy Policy (hereinafter the "Policy") applies to all kinds of information and personal data obtained by the Customer as a result of the use of the Services by "Back Office" LTD. The Policy does not apply to the websites and/or services of third parties (hereinafter referred to as the websites of third parties). Please read the Privacy Policy of using third parties' websites and/or services because "Back Office" LLC is not responsible and has no effect on either third parties' websites and/or services, nor their Privacy Policy.
This Policy is an integral part of the Terms and Conditions for using the Company's services and applies fully to the Terms and Conditions of Use. Everything that is not the subject of regulation of this Policy is regulated and interpreted in accordance with the terms and conditions of use, the service agreement concluded between the parties and the legislation of Georgia.
The policy is intended to inform the user about personal data about what personal information, how and why the Company collects, how and for what the Company uses the personal information of the user, who can transfer the company's personal data to, how it protects the privacy of personal data, how to contact the authorized persons of the Company, or the user has questions regarding the processing and use of personal data.
The Company takes all necessary steps to protect the privacy of personal data and prevent its misuse. Processing of personal data is carried out in strict compliance with the requirements of the relevant legislation, only if there are legal grounds.
Terminology and its definitions
Legislation - a normative-legal act used to regulate the processing of personal data. Personal data is processed in accordance with the requirements of the Law of Georgia on Personal Data Protection. The processing of the personal information of users who are citizens of the European Union countries is governed, in accordance with the eurasian general data provisions 2016/679 (hereinafter referred to as the GDPR).
Personal data controller - a natural or legal person that determines the purposes and means of processing personal data and is primarily responsible for their processing. The Privacy Policy of the Personal Data Controller is the company "Back Office" LTD.
Personal Data Processing – Any operation (set of operations) performed in relation to personal data using or without automated procedures such as: collection, recording systematization, structuring, storage, change, sequence, viewing, use, deleting, disseminating or submitting in any form to a third party, including the employees of the Personal Data Controller or its authorised person.
Special categories of personal data - the so-called "divisive" are personal data that can harm the data subject at work, educational institution, residential environment, and can also lead to discrimination in society (personal data containing racial origin, political or religious beliefs, state of health, sex life, biometric and genetic data, etc.).
Personal data - any personal information that allows a third party to identify a natural person (data subject). In this case, an identifiable person refers to a natural person who may be directly or indirectly identified by indicating a specific identifier (first name, surname, document number, other identifier).
Personal data processor (authorised person) - a natural or legal person who processes personal data for the controller on the basis of instructions (instructions, orders) of the controller. In accordance with the Privacy Policy of the Personal Data Controller, the personal data processor (authorized person) is "Back Office" LLC.
Subject of personal data - a natural person to whom the personal data belongs and through which it can be identified (recognized) or has already been identified.
Terminology, which is not defined in this Policy, is interpreted in accordance with the terms and conditions for using the company's services and the legislation of Georgia.
General provisions of system use
User's use of the system (passing the system registration procedure/entering personal data, etc.) implies the adoption of certain provisions of the Privacy Policy, unless it applies to the processing of the user's personal data that requires the independent consent of the data subject. Otherwise, the user must stop using the system.
The Privacy Policy applies only to the backoffice.ge on the Website/Platform and the system placed on it.
The Website/Platform does not verify the authenticity of the personal data provided by the User (except for the emails necessary for user registration).
The confidentiality of the website/platform indicates the employees authorised to manage it, who organize/process personal data, as well as determine the purposes of processing personal data, the composition of personal data subject to processing, actions performed according to the confidential policy, in accordance with applicable laws and the privacy policy.
Personal data processed by the system
Personal data subject to processing under this confidential policy is provided by the User at the time of registration at the time of filling out certain forms in the system, as well as when working in the system, which includes (although may not be limited to) the following information:
-
User/system username and surname;
-
Email address (e-mail);
-
Customer/system user contacttelephone;
-
Birthday;
-
country, region, district, populated area (customer accommodation);
-
gender;
-
Photograph (an image that was taken by a user as a property);
-
Bank account and cardboard;
-
Other personal data that the user may not wish to post on the posting on the post-counter-terrorism page by e-mail, written address, application, application, referral;
-
Any other personalised persona that is not indicated on the list (IP addresses, browsers and operating systems, etc.) is subject to security and disclosure, except for these confidential politics and/or legalised coincidences.
Purpose of processing personal information
User's personal data (in the event that the user agrees to process his personal data for one or more specific purposes listed below), the system may be used by the system for the following purposes:
-
For consumers, it's effective to help with a number of issues related to the use of the system.
-
To register in the system, identify the user, establish customer feedback, send them an interconnected message, request information related to the use of the system, provide information, process, user requests.
-
For users, the information is provided by Skype, Viber, WhatsApp by using different applications, SMS notifications, by using another type/transfer methodood to provide users with information systemsy, valid new projects, as well as - to understand the needs of the user's wishes.
-
In matching user consent, provide updated information, system statistics, special offers, including single-use projections and transactions, information bills and information bills, and the name of the company's partners.
-
Collection of personal data from users in the system's specific data base and for entering.
In addition, the company uses cookie files or similar technologies to administer the website and control the traffic of users on the website. Cookies are information sent by the website to a web browser. The browser stores this information on the user's device. Cookies allow users to navigate through the website and (where applicable) enable the company to personalize the website or its contents according to the needs of the user and improve the results of the actions of the users. If the Cookies feature is not activated, the Company will not be able to ensure that the website/system is functioning and operating properly.
Cookies used by Company do not store any data that can be used directly to identify the users in a direct manner. The data collected shall not be transferred to third parties, except as provided for by the Privacy Policy. There is also no sharing of personal data that may identify users.
If the storage of user's personal data is not necessary for the customer to provide services to the customer, the system removes them based on confidential policy.
Place of storage of personal data
In accordance with the legislation of Georgia, the Company shall ensure organizational and technical measures are taken to ensure the security of data that protects data from accidental or unlawful destruction, alteration, disclosure, extortion and other cases of unlawful use, or from accidental or unlawful losses.
To ensure the security of the personal data available in the system, the information is placed on Amazon web servoces (AWS) servers and is protected in compliance with the highest IT security standards: SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1, ISO 9001, ISO 27001, ISO 27017. Databases are only available to the company and its authorized employees.
Transfer of personal data to a third party
User/system user agrees to transfer personal data to a third party by the Company in accordance with the requirements provided for by the legislation or when it is necessary to achieve the tasks set out before the system.
In order to improve the functioning of the system (to provide basic and additional services to the customer), the Company may transfer personal data to third parties, including, but not limited to: state authorities (in the cases provided for by the legislation), company partners, developers (modification, website/system improvement and adjustment, which may include interaction with databases).
Data Protection (Security) Measures
The system adheres to the principles of minimal use of personal data, only processes the user's information that is necessary or which was provided by the user with the exception of his/her own consent. The system interface and applications are arranged to protect the user's maximum privacy.
Based on this, the user must provide the minimum-necessary personal data required to receive the Services, to answer informational items or questions/claims. At the moment, if the user decides to provide the company with additional personal information, the system will process such information in compliance with the necessary security measures.
In the case of transferring personal data related to financial transactions to a third party, more secure methods of transferring information shall apply. When transferred by the user by card, it may be redirected to the electronic payment systems page. The security of personal data and payments is ensured by the highest quality protection of closed banking networks.
In case of loss or disclosure of personal data, the Company will notify the customer of the incident. The Company, together with its customers, takes all necessary measures to avoid loss/disclosure of personal data and to avoid negative consequences.
In case of violation of the security of personal data, the Company must notify the supervisory authorities of the violation of personal data without any interruption, no later than 72 hours after such a breach, if possible. This confidential policy supervision body shall refer to the relevant supervisory authority of the GDPR regulation (in the case of its establishment by the relevant authorities of Georgia), or the Inspector general for the Protection of Personal Data of Georgia. If the notification to the supervision authority is not provided at the specified time, the company must substantiate the reasons for such a delay.
Methods and terms of processing (storing) personal data
User's personal data is processed while the user/system user is registered in the system. The processing of user/system user's personal data shall be terminated if the user/system user refuses such processing, eventually terminates (which does not depend on temporary technical malfunctions) to use the system or otherwise provided for by the legislation.
Company does not store user data for longer than is required for the purposes for which it is processed, or in accordance with the requirements established by law.
In order to determine the proper period of retention of personal data, the Company determines the nature and category of personal data, the purpose of processing, as well as the ability to achieve the goal set by other means (without the use of personal data).
Rights of a subject of personal data
Rights of subjects of personal data in accordance with the legislation of Georgia:
Receipt of the following information (submission of this information is voluntary if the personal data subject already has it):
a) the identity and registration address of the person who processes the information and the authorised person (if any);
b) the purpose of data processing;
c) whether the transfer of data is mandatory.If it is mandatory for the user to request, in the case of his/her refusal to obtain information on legal consequences;
d) a data subject may request information related to the receipt, correction, update, addition, blockage, deletion or destruction of the processed information;
request information about data processing (the form of the data subject is selected by the data subject), namely:
a) the personal data of an entity subject subject subject subject to processing;
b) the purpose of data processing;
c) legal grounds for data processing;
d) by what methods the data was collected;
e) for whom information has been transferred for what purposes and reasons (information is not required, if the data is already public in accordance with the legislation).
A request to correct, update, add, block, delete or destroy personal data, if it is imperfect, is incorrect, not updated or illegally collected and processed. In this case, the processor shall notify the user of the correcting, updating, adding, blocking, deleting or destroying of information, unless the number of recipients receiving such information is numerous and related to disproportionate costs (the latter circumstances shall be notified to the Inspector for the Protection of Personal Data);
The specified rights of subjects of personal data may be restricted if as a result of their implementation there is a risk of creating additional threats to the norms provided for by the legislation. In this case, the data subject must be notified of the decision to process a person's personal data so as not to limit the purpose of restricting rights.
Right to data correction
If the user finds that the personal data is incorrectly processed or outdated by the system, he/she may apply to the Company and/or other authorised person by submitting his/her specific requirements.
If the system allows the data subject/user to adjust personal data directly (through a personal cabinet) independently, the user can correct the data himself.
Request consent to process personal data
If personal data is processed by the system with the consent of the user, subsequently the data processing can be terminated on the basis of requesting the user's consent back. In this case, the Company is obliged to terminate the processing of data and destroy the processed data within 5 days after receiving a similar application, unless there is any other reason for data processing.
In case the user decides to exercise the right to cancel personal data taking into account paragraph 17 of the GDPR Regulation, the Company is destroying already processed data, except for the personal data that is necessary to be stored by the Company in accordance with the requirements of the legislation.
When exercising the relevant rights of the GDPR Regulation by user, the identity of the data subject must be confirmed. This can be done on the basis of electronic messages, electronic digital signatures or personal referrals; In case of a reasonable suspicion of the identity of the entity's personal data, the company has the right to request the submission of the user's identity document. Such measures are necessary to prevent unauthorized use (modification, destruction) of personal data by a third party.
To provide the information necessary for identification, the company processes the information relevant to the customer's requirements in the shortest possible time, but not later than 1(one) month.
Final Provisions
Customer applications for personal data and/or privacy policies (questions, notes, complaints, wishes, etc., in terms of protection and processing of personal data) are accepted through company e-mail at: [email protected] or by phone +995 0322 42 40 41 <>. In addition, in case of any questions related to these issues, users may contact the Company in any form of personal notification, written or otherwise prohibited by law.
The company may update its privacy policy at its sole discretion, including if required by applicable legislation. The user registered in the system can view the updated information on the Privacy Policy directly on the website/platform (https://backoffice.llc).