PRIVACY POLICY

Metla Cleaning Tbilisi



1. GENERAL PROVISIONS

1.1. This Privacy Policy is developed in accordance with the legislation of Georgia, including the Law of Georgia “On Personal Data Protection” (2023), and defines the procedures for processing and protecting personal data.

1.2. The Data Controller is:
Metla Cleaning Tbilisi

1.3. The Data Controller ensures the protection of the rights and freedoms of individuals when processing their personal data.

1.4. This Policy applies to all information that the Data Controller may obtain about website users and clients.


2. KEY DEFINITIONS

2.1. Personal Data — any information relating to an identified or identifiable individual.

2.2. Processing of Personal Data — any operation performed on personal data, including collection, storage, use, transfer, and deletion.

2.3. Data Subject — an individual to whom the personal data relates.


3. CATEGORIES OF DATA COLLECTED

The Data Controller may process the following data:
  • name
  • phone number
  • address (for providing cleaning services)
  • email
  • order information
  • technical data (IP address, cookies)


4. PURPOSES OF DATA PROCESSING

Personal data is processed for:
  • handling cleaning service requests
  • contacting clients
  • fulfilling contractual obligations
  • improving service quality
  • marketing communications (with consent)

5. LEGAL BASIS FOR PROCESSING

The Data Controller processes personal data based on:
  • the data subject’s consent
  • necessity for contract performance
  • legitimate interests of the Data Controller (e.g., service improvement)


6. RIGHTS OF THE DATA SUBJECT

The data subject has the right to:
  • access their personal data
  • request correction or deletion
  • withdraw consent
  • restrict data processing
  • file a complaint with the authorized authority in Georgia


7. DATA PROCESSING AND STORAGE

7.1. Personal data is processed lawfully and fairly.
7.2. Data is stored no longer than necessary for the purposes of processing.
7.3. The Data Controller implements necessary security measures:
  • access restriction
  • system protection
  • employee control

8. DATA TRANSFER TO THIRD PARTIES

8.1. Personal data may be transferred to:
  • company employees
  • contractors (e.g., CRM systems, website providers, telephony services)
8.2. Data transfer is carried out only on lawful grounds and with appropriate data protection.


9. CROSS-BORDER DATA TRANSFER

9.1. Transfer of personal data outside Georgia is allowed provided an adequate level of data protection is ensured.

9.2. The Data Controller takes all necessary measures to protect personal data during such transfers.


10. USE OF COOKIES

10.1. The website may use cookies for:
  • analyzing user behavior
  • improving website performance

10.2. Users can disable cookies in their browser settings.


11. DELETION OF PERSONAL DATA

11.1. Personal data is deleted:
  • upon achieving processing purposes
  • at the request of the data subject
  • upon withdrawal of consent

11.2. Deletion is carried out in a way that prevents data recovery.


12. LIABILITY

12.1. The Data Controller is liable for violations of the legislation of Georgia in the field of personal data protection.

12.2. Employees who violate data processing rules are held liable in accordance with the law.