By checking the relevant box on the donations page of www.nationaltrustofgeorgia.org.ge, you agree to this Privacy Policy.
By agreeing with this Confidentiality Policy, you confirm that the data provided by the user is true and accurate. The information has been provided voluntarily, and the user has all the legal rights and authorizations envisaged by the legislation for such provision.
Organization – National Trust of Georgia N(N)LE
Tax.ref – 404522389
Address – 33 Mefe Solomon Brdzeni St.
Tel – (+995) 555 490917
Email – office@nationaltrustgeo.org
Website – www.nationaltrustofgeorgia.org.ge
The User – Any person visiting the Fund’s website to make a donation or to obtain information/services.
Data Subject – Any natural person whose data is processed.
Personal Data – Any information that is related to an identified or identifiable natural person, including name, surname, ID number, geolocation, communication identifiers, physical, physiological, psychological, genetic, economic, cultural, or social characteristics.
The National Trust of Georgia processes and protects personal data in accordance with Georgian legislation and international data protection standards.
2.1 This policy applies to all processing of personal data by the Fund, whether automatic, semi-automatic, or manual.
2.2 This policy applies to all persons whose data is processed by the organization, as well as recipients and authorized processors who process data on behalf of the organization.
2.3 If you make a donation via the website www.nationaltrustofgeorgia.org.ge, the Fund will process and retain the following data for communication or additional information purposes:
a) Name
b) Email
c) Address
d) Phone number
Banking details are entered only on the payment provider’s website. The Fund does not process this data (cardholder’s name, 16-digit number, security code, expiry date).
3.1 Data is processed by the organization only when:
3.1.1 Consent of the data subject exists;
3.1.2 Processing is required by law;
3.1.3 Data is publicly available;
3.1.4 Data was made public by the data subject;
3.1.5 Processing is necessary to provide requested services following the request of the data subject.
a) Data must be processed lawfully, fairly, transparently, and without infringing on the dignity of the data subject.
b) Data must be collected only for specific, clearly defined, and legitimate purposes. Further processing for incompatible purposes is prohibited.
c) Data must be processed only to the extent necessary for achieving the purpose and be proportionate to that purpose.
d) Data must be accurate, truthful, and kept up to date. Inaccurate data must be corrected, deleted, or destroyed without undue delay.
e) Data must be retained only for the period necessary to fulfill the purpose of processing. Once the purpose is fulfilled, the data must be deleted, destroyed, or stored in a depersonalized form, unless retention is legally required.
f) Technical and organizational measures must be implemented to ensure data security and protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.
The main purposes of processing personal data are to receive donations, process payments and refunds (including partial refunds), and provide users with updates and reports on the Fund’s activities.
6.1 The Fund primarily processes the following types of personal data:
Identification data: name
Contact information: telephone number, email address, postal address
Technical information: IP address used to access the Fund’s website.
6.2 Processing may include collecting, recording, storing, altering, retrieving, or organizing data by automatic, semi-automatic, or manual means.
6.3 Consent is expressed electronically by checking the consent box on the website.
6.4 The Fund does not process special categories of personal data.
6.5 The Fund does not process banking data you provide on the payment provider’s website.
Personal data is retained until the user requests its deletion.
Data is collected when making donations through the website;
When sending letters, documents, or messages by mail, email, or social networks;
When submitting a complaint.
9.1 Consent for direct marketing means the user will receive updates and information permitted by law to stay informed about the Fund’s activities.
9.2 Consent can be given by selecting the relevant box on the website.
9.3 Consent can be withdrawn at any time via social media (Facebook, Instagram) or email.
10.1 The Fund guarantees that user data will remain confidential and will only be disclosed to third parties in cases provided by the legislation of Georgia:
a) When processing is necessary to fulfill contractual obligations or conclude an agreement at the data subject’s request;
b) When processing is necessary to protect legitimate interests, except where overriding interests of the data subject (including minors) prevail.
10.2 For processing transactions, banking details (card number, cardholder’s name, expiry date, etc.) are entered on the payment provider’s website. The Fund does not process this data.
11.1 The user has the right to:
a) Request information about data processing (what data is processed, for what purpose, the legal basis, data source, recipients, and disclosure grounds).
b) Request correction, updating, supplementation, blocking, deletion, or destruction of data if it is incomplete, inaccurate, outdated, or unlawfully processed.
c) Withdraw consent at any time without explanation, unless another legal basis for processing exists.
11.2 Users may receive a free copy of their processed data.
11.3 Deletion may be restricted in accordance with Georgian legislation.
11.4 Users may file complaints with the Personal Data Protection Service or the courts.
11.5 Users may fully exercise all rights under Georgian personal data protection law.
An incident is any breach of data security resulting in unauthorized or accidental alteration, loss, disclosure, destruction, or access to data.
In case of an incident, the Fund records it, documents measures taken, and notifies the Personal Data Protection Service within 72 hours unless it is unlikely to cause significant harm.
The Fund applies technical and organizational measures to protect data from accidental or unlawful destruction, alteration, disclosure, acquisition, or loss.
Confidentiality is strictly maintained, and access is granted only to authorized employees who require it to perform their duties.