Personal Data Protection Policy

General Provisions

The use of the website https://memories.ge/ (hereinafter referred to as the “Website”), the MEMO platform, and the handling of personal data by Georgia Starts Here LLC is regulated by this Personal Data Protection Policy (hereinafter referred to as the “Policy”).

Please carefully review this Policy. By registering on the platform and/or registering for a course or masterclass, the user agrees, confirms, and fully accepts that the company may use the provided information in various advertising, marketing, or other related activities. The company may send or otherwise provide information about its services to the user.

Definitions

1. Company – Georgia Starts Here LLC (ID No.: 402037014), registered address: Georgia, Tbilisi, Vake District, Ana Politkovskaya St., Building 3, Apt. 18, Room 19.
   2. MEMO – The platform owned by Georgia Starts Here LLC (ID No.: 402037014).
   3. User – Any individual (aged 18 and over with full legal capacity) or legal entity or organizational unit that uses or intends to use the Website in accordance with the company’s terms and conditions and/or benefits from the company’s services.
   4. User Consent – The user’s expression of will confirming the processing of their personal data after reading this document.
   5. Service – The functions offered by the MEMO platform, allowing users to browse and purchase products, manage orders, make payments, access customer support, organize delivery, and use related services.
   6. Product – Goods or services (either physical or digital) available for purchase or sale on the platform.
   7. Order – A user request for the purchase of a specific product through the platform.
   8. Delivery – The process of transferring a product to the user, which may be carried out by the platform’s internal logistics or a third-party courier.
   9. Payment – The process of transferring money using the platform’s available payment systems.
   10. Billing and Commission – The platform is authorized to deduct a certain commission for each transaction.
   11. Unique Name – A username selected by the user.
   12. Singular terms include their plural form and vice versa.
   13. Party/Parties – Refers to the user and the company.
   14. Personal Data – Any information related to an identified or identifiable person, including name, surname, ID number, communication identifiers, economic, cultural, or social characteristics, as defined by Article 3(a) of the Georgian Law on Personal Data Protection.
   15. Data Processing – Any action performed on data, including collection, access, photographing, video/audio monitoring, organization, grouping, interconnection, storage, modification, restoration, retrieval, use, blocking, deletion, destruction, or disclosure, as per Article 3(v) of the Georgian Law on Personal Data Protection.
   16. Written Consent – Consent expressed in writing (including electronically) after receiving relevant information about the processing of personal data, as per Article 3(n) of the Georgian Law on Personal Data Protection.
   17. Data Controller – The person who determines the purposes and means of processing personal data, as defined in Article 3(o).
   18. Authorized Processor – A person or entity that processes data on behalf of the data controller, as per Article 3(zh).
   19. Data Subject – Any physical or legal person or organization using or intending to use the platform in accordance with the terms and conditions.
   20. Data Processing (again) – The use of data including collection, access, organization, grouping, storage, modification, restoration, retrieval, use, blocking, deletion, or destruction, and transmission to third parties, as defined in Article 3(v).
   21. Data Transfer – Sharing of data by the controller with a third party, including subcontracts and granting access.
   22. Direct Marketing – Direct and immediate delivery of information to the data subject via phone, email, or electronic means to promote goods, services, ideas, or initiatives for commercial or image-building purposes.
   23. Registration – Creation of a personal account on the MEMO platform.
   24. Account – A user’s profile on the platform where they can view orders and use services.

1. Sources of Personal Data Collection

1.1. MEMO collects personal data of users from the following sources:
a) Registration by the user on the MEMO platform;
b) Registration for a free educational course using the MEMO platform;
c) Registration for a paid educational course using the MEMO platform;
d) Registration for a paid masterclass via the MEMO platform;
e) Personal information provided via social networks;
f) Public sources from which information about the user may be obtained;
g) Communication between the user and MEMO.

1.2. Information about the user includes:
a) Identification data such as name, surname, address, email address, and phone number;
b) Contact details including address, email, and phone number;
c) Data obtained as a result of communication between the user and MEMO;
d) Information obtained from public sources.

2. Purpose of Personal Data Processing

2.1. MEMO processes users’ personal data solely for lawful purposes, with the aim of improving existing services and effectively providing future services. The purposes of processing may include:
a) Providing services (including educational services);
b) Sending information related to courses and masterclasses to the user;
c) Offering and improving services (including analyzing user transactional history, behavior, and statistical data);
d) Sending relevant correspondence or notifications;
e) Fulfilling obligations imposed by law or regulations from supervisory authorities;
f) Protecting the company’s or third parties’ security and property;
g) Protecting the company’s legitimate interests or legal rights.

3. Use of Personal Data

The company may use your name for all services it offers to users. This includes any and all services provided by MEMO.

4. Legal Grounds for Personal Data Processing

4.1. Legal grounds for processing personal data include:
a) The company processes personal data in accordance with the Georgian Law on Personal Data Protection.
b) Processing is permitted based on Article 5(1) of the law under the following subparagraphs:
– a) The data subject (user) has consented to the processing of their data for one or more specific purposes;
– b) Processing is necessary to fulfill a contract with the user or to take steps at the request of the user prior to entering into a contract;
– e) The data is publicly available or has been made public by the data subject;
– k) Processing is necessary to review a user’s service request.
c) Processing of minors’ data is regulated by Article 7(1) of the same law:
– Users aged 16 or older may provide independent consent for data processing;
– For users under 16, consent must be given by a parent or legal guardian, unless otherwise provided by law;
– In certain cases, consent from both the minor and their parent/legal representative may be required.
d) Processing of biometric or special category data:
– Such data will only be processed with the user’s written consent;
– Biometric data may be processed if essential for company operations, security, or service provision.
e) Data transfer and protection guarantees:
– Before any transfer, the data controller ensures that the recipient provides adequate safeguards and that the user’s rights and confidentiality are protected.
4.2. Data processing and storage are carried out with high-security standards to maintain confidentiality, integrity, and accessibility of personal data.
4.3. Direct marketing:
– According to Article 12(1), direct marketing is allowed only with the user’s explicit consent;
– Users have the right to refuse or request restrictions on processing their data for direct marketing.

5. Rules for Data Processing and Their Modification

5.1. The company reserves the right to amend the rules for personal data processing.
5.2. Users will be informed about changes to the rules via the registered email address. Unless otherwise stated, changes shall take effect 30 calendar days after notification.
5.3. If the user disagrees with the new rules, they have the right to stop using the platform and request deletion of their personal data.
5.4. According to Georgian law, the following principles must be observed when processing personal data:
a) Data must be processed lawfully, fairly, and transparently;
b) Data must be collected for specific, clear, and legitimate purposes;
c) Processing must be proportionate to the purpose and limited to what is necessary;
d) Data must be accurate and updated as needed;
e) Data must be stored only for as long as necessary;
f) Appropriate technical and organizational measures must be taken to ensure data security.
g) If the data is processed for purposes different from the original collection purpose, the controller must consider:
– The connection between the original and subsequent purposes;
– The data subject’s reasonable expectations;
– Whether the data includes special categories;
– Potential consequences for the data subject;
– The existence of adequate safeguards.
– The burden of justifying the legal basis for processing lies with the controller.

6. Sharing of Personal Data with Third Parties

In accordance with legal or contractual obligations and where a lawful basis exists, including for the detection, prevention of fraud, security, or technical issues, the service provider (MEMO) may share user data with:
– The user’s authorized or legal representative;
– Government authorities as provided by law;
– Service providers, including but not limited to: legal advisors, IT service providers, or other functionally similar parties.

7. User Rights Related to Personal Data Processing

7.1. According to Georgian legislation, users have the right to:
a) Receive information about the data processed by the company, including the type of data, its purpose, legal basis, source of collection, and data sharing (if applicable);
b) Access the data stored by the company and request copies of documents or records containing their personal data, in accordance with the law;
c) Request correction, update, or completion of incorrect, inaccurate, or incomplete data;
d) Request cessation, deletion, or destruction of data if:
– They withdraw the consent which serves as the sole basis for processing;
– The data is no longer needed for the original purpose;
– Processing is unlawful;
– The accuracy or authenticity of the data is disputed;
– The user at any time requests deletion of data processed based on their consent.

Upon receiving such a request, the company will cease processing and ensure the deletion of the data, unless another lawful basis for processing exists.

8. Ensuring the Security of Personal Data

8.1. The company stores personal data in compliance with the applicable legal requirements. MEMO ensures the physical, technical, and organizational safeguards for protecting users’ data. This includes the protection of electronic devices, files, and physical premises. MEMO takes all necessary measures such as physical, electronic, and procedural control mechanisms to ensure that user data is protected against unauthorized access, use, transmission, loss, or destruction, in full compliance with the law.

9. Retention Period of Personal Data

9.1. According to Georgian legislation, personal data will be stored for the entire duration of the service period and for up to 5 (five) years after its completion, or as long as is necessary to achieve the legitimate purpose defined by this policy.
9.2. Alternatively, for a different period as necessary to fulfill a specific processing purpose determined within the service or contract.
9.3. In the case of user communication with the company, MEMO retains records of the interaction to resolve future problems, and stores them for no longer than 5 (five) years in accordance with legitimate purposes defined in this policy.

10. Consent to Personal Data Processing

By visiting the website, using the information posted on it, or authorizing an account, the user confirms and agrees to these terms and conditions, as well as the legal grounds and purposes for processing their personal data. The user also acknowledges and agrees to any amendments or additions that the company may unilaterally introduce.

11. Termination of Data Processing

11.1. Users may at any time request to revoke their consent for data processing and demand the deletion of their processed data.
11.2. Such requests may be submitted via the following contact channels:
– Email: info@georgiastartshere.ge
– Social network: https://www.facebook.com/Georgiastartshere
11.3. Upon receiving such a request, the company is obliged to immediately cease processing and delete the user’s personal data, unless there is a legal basis to continue processing.
11.4. The user’s request will be reviewed and a response will be issued within 14 (fourteen) days.
11.5. Contact Information: Phone: +995 557 639 398, Email: info@georgiastartshere.ge, Website: https://georgiastartshere.ge

12. Disputes and Governing Law

12.1. These terms and conditions are governed by the laws of Georgia, which constitute the sole legal framework applicable between the parties. All matters, claims, or disputes related to the terms of service shall be interpreted and resolved under Georgian law.
12.2. In the event of any dispute or disagreement, users may contact the support team using the contact information on the website. The team will take all reasonable steps to review and resolve the issue.
12.3. The parties agree that all disputes or claims shall be subject exclusively to the jurisdiction of Georgian courts, and Georgian law shall be the only applicable law in resolving issues arising from these terms and conditions.
12.4. If any clause or provision is deemed unlawful or unenforceable by a Georgian court, it shall not affect the validity and enforceability of the remaining provisions.

If you have any questions, complaints, or suggestions regarding this Personal Data Protection Policy, please contact us at: ________. We highly value the safety and protection of our users’ personal data.