Data Controller: ipso.ge

Legal Basis for Processing Personal Data

Data processing is permitted if:

  • There is the user’s consent;

  • Data processing is necessary for the company to fulfill its obligations imposed by law;

  • According to the law, the data is publicly available or the user has made it publicly available;

  • Data processing is necessary to consider the user’s request (to provide a service);

  • Data processing is provided for by law.

Purpose of Processing Personal Data

The company processes personal data for the following purposes:

  • Purchase and delivery of products;

  • Improving services;

  • Marketing purposes;

  • Fulfillment of contractual obligations;

  • Responding to customer complaints;

  • Approving online installment payments with partner financial institutions;

  • Fulfilling other rights and obligations as provided by the legislation of Georgia.

Types of Personal Data Processed

Based on the purposes mentioned above, the company may process the following types of information: full name, date of birth, personal ID number, phone number, physical address, email address, and bank card details.

Providing this information is mandatory for placing an order. If you do not provide the required information, the company will not be able to fulfill your order.

Additionally, the company may have access to information provided through software and technical tools, such as browser type, operating system, time and duration of website visits, and domain name. Data is also processed through cookies, allowing access to the user’s IP address. This type of information is processed automatically to improve services.

Duration and Scope of Personal Data Processing

The website administration will process data only for the period and scope necessary for the purpose of processing. Once the purpose is achieved, the data must be blocked, deleted, or destroyed, or stored in a form that excludes personal identification, unless otherwise provided by law.

The company may disclose your personal data if there is a threat to state security and defense interests, public safety, crime detection and investigation, significant financial or economic interests of the country, or the rights and freedoms of the user and others. Disclosure may be requested by the relevant law enforcement and other authorized bodies.

User Rights

Users have the right to request information from the company regarding the processing of their data. The company must provide the following information:

  • Which data is being processed about the user;

  • The purpose of data processing;

  • The legal basis for processing;

  • How the data was collected;

  • To whom the data was disclosed, and the basis and purpose of disclosure.

Providing the information mentioned in point 5 is not required if the data is publicly available by law.

Upon user request, the company must correct, update, add, block, delete, or destroy data if it is incomplete, inaccurate, outdated, or processed contrary to the law. Requests can be submitted in writing, orally, or electronically. The company must respond within 15 days, either performing the requested actions or providing the reason for refusal.

Users have the right to withdraw their consent at any time without explanation and request the cessation of data processing and/or destruction of processed data. The company must stop processing and/or destroy the data within 5 days unless another legal basis for processing exists. This obligation does not apply if the information was processed with the user’s consent for financial obligations.

Processing Data for Direct Marketing

For direct marketing purposes, publicly available data may be processed.

Regardless of the purpose of data collection, the following data may be processed for direct marketing: name(s), address, phone number, email address.

With the user’s written consent, any data may be processed for direct marketing purposes.

Users have the right to request the company to stop using their data for direct marketing at any time.

The company must cease processing data for direct marketing and/or ensure authorized personnel stop such processing within 10 working days of the user’s request.

Users may submit a request to stop direct marketing in the same form as the marketing is conducted, and/or the company must provide an accessible and adequate method for stopping data processing for direct marketing purposes.

Data Security

The company undertakes to implement organizational and technical measures to protect data from accidental or unlawful destruction, alteration, disclosure, access, any other unlawful use, or accidental or unlawful loss. However, given rapid technological development, the company does not guarantee complete protection against unauthorized access, hacking, fraud, alteration, disclosure, loss, or destruction of data.

Managing Social Media Authorization Data

Users may log in using Facebook or Google accounts. The website uses an encrypted email address for authorization and does not use this information for direct advertising purposes. ipso.ge respects your rights regarding personal data processing. If you wish to delete the profile created via social login, you can visit the following link to confirm deletion of your social profile data from our website: https://ipso.ge.

Legal Framework

This document is prepared in accordance with the legislation of Georgia, specifically the Law of Georgia on “Personal Data Protection.”

© 2026 All rights protected