PRIVACY POLICY BOYGAR'S - Online Luxury multibrand store in Georgia Tbilisi. New arrivals,

Privacy Policy

Preamble

Privacy policy regulates the processing of users’ personal data and secures the protection of such data from unauthorized access by any third party.
The company respects each user’s visit to its controlled website and the interest that the user shows in the information placed on the website.
Based on the above-mentioned, the company takes responsibility to ensure the security of the user’s personal data, to use the data only to achieve a legitimate purpose, and to ensure strict compliance with the personal data protection legislation.
The terms of personal data processing when using the website are defined by this privacy policy.
Definitions
Managing Company/Company - „Boygars“LLC (I/N: 402239662) (Limited Liability Company registered in accordance with the legislation of Georgia, date of registration: 23/09/2022) having its registered office at Georgia, Tbilisi, Didube district, Davit Agmashenebeli Avenue, N 129a, office N4, +3 floor, Actual address: Georgia, Tbilisi, Didube district, Davit Agmashenebeli Avenue, N 129a, office N4, +3 floor, E-mail: E-commerce@boygars.com; hotline: 032 2 192619.
Website- website Boygars.com operated by the Company and its subdomains.
Personal data (data) – any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, including by his/her name, surname, identification number, location data and electronic communication identifiers, or by physical, physiological, mental, psychological, genetic, economic, cultural or social characteristics.
Processing of data − any operation performed on personal data, including collecting, obtaining, accessing, photographing, video monitoring and/or audio monitoring, organizing, grouping, interconnecting, storing, altering, retrieving, requesting for access, using, blocking, erasing or destroying, and disclosing by transmission, publication, dissemination or otherwise making available.
Automated data processing − the processing of data by means of information technologies.
Data subject – any natural person whose data are being processed.
User - a natural person, a visitor of the Website, with or without the purpose of placing an order.
Consent of the data subject – consent freely and unambiguously expressed by a data subject after the receipt of the respective information, by an active action, in writing (including in electronic form) or verbally, to the processing of data concerning him/her for specific purposes under the terms of this Policy.
Written consent of the data subject − consent, signed or otherwise expressed by a data subject in writing (including in electronic form) after the receipt of the respective information, to the processing of data concerning him/her for specific purposes.
Controller – a natural person, a legal person, or a public institution, who individually or in collaboration with others determines the purposes and means of the processing of data, and who directly or through a processor processes data.
Processor − a natural person, a legal person, or a public institution, which processes data for or on behalf of the controller. A natural person who is in labor relations with the controller shall not be considered a processor.
Third party − a natural person, a legal person, or a public institution, other than a data subject, the Personal Data Protection Service, a controller, a processor, a special representative and persons who, under the direct authority of the controller or processor, are authorized to process data.
Direct marketing − the direct and immediate delivery of information to a data subject by telephone, mail, email or other electronic means to generate and maintain interest in, sell and/or support a natural and/or legal person, product, idea, service, work and/or initiative, as well as image and social issues. The provision of information by a public institution to a natural person shall not be considered direct marketing if the provision of such information is compatible with any of the grounds for data processing as provided for by the Law of Georgia “On personal data protection” (the Law) by Articles 5 and 6 of the Law.
Data pseudonymisation − the processing of data in such a manner that the data cannot be attributed to a specific data subject without the use of additional information, and such additional information is kept separately and, by virtue of technical and organizational measures, the data are not attributed to an identified or identifiable natural person.
Blocking of data − the temporary suspension of data processing (except storing).
Incident − breach of security of data leading to the unlawful or accidental damage or loss of data, or the unauthorized disclosure, destruction, alteration of or access to data, or the collection/obtaining of data, or other unauthorized processing.

1. Parties to the processing of the personal data

1.1. The subject of personal data processing is the Website user whose personal data are processed for the purposes provided for in this privacy policy.
1.2. A Controller is:
„Boygars“ LLC (I/N: 402239662) (Limited Liability Company registered in accordance with the legislation of Georgia, date of registration: 23/09/2022) having its registered office at Georgia, Tbilisi, Didube district, Davit Agmashenebeli Avenue, N 129a, office N4, +3 floor, Actual address: Georgia, Tbilisi, Didube district, Davit Agmashenebeli Avenue, N 129a, office N4, +3 floor, E-mail: E-commerce@boygars.com ; hotline: 032 2 192619.

2. Basis of Data processing

2.1. Data processing by the Company shall be admissible, when one of the following grounds exists:
2.1.1. the data subject has given consent to the processing of data concerning him/her for one or more specific purposes;
2.1.2. for the performance of a contract entered into with the data subject or to enter into a contract at the request of the data subject;
2.1.3. data processing is necessary for the controller to perform his/her statutory duties;
2.1.4. according to law, the data are publicly available or the data subject has made them publicly available;
2.1.5. Data processing is necessary to provide services to the data subject;
2.1.6. To protect the legal interests of the company and users;
2.2. The User is neither legally nor contractually obliged to provide his/her personal data to the Company. Non-provision of such data may result in the inability to enter into and/or execute a purchase contract with the Controller on the Website, participate in the Loyalty program and/or in the fact that the user will not be able to receive some of the services provided by the company’s Website.
2.3. If the processing of personal data is based on the Consent of the Data subject, the Company proceed on the assumption that the Data subject provides the Consent upon reading this Policy, freely, of his/her own free will and in his/her own interest and confirms that it is specific, informed, conscious and unambiguous.
2.3.1. The Consent is considered to be given in the appropriate form by checking the check boxes (ticks) that confirms that the data subject agrees to the terms of personal data processing specified in the Policy.
2.3.2. The Consent to the processing of personal data is not required where other grounds for processing apply.

3. Type of data and the purpose of processing

3.1. The user registers on the Website by entering his/her mobile number, name, surname, date of birth, gender, e-mail and shipping address, accordingly in order to provide a complete and efficient service the Company is authorized to process the above-mentioned Personal data of the Data subject.
3.2. The Website doesn’t process the special categories of health related, genetic and biometric data. The Company doesn’t process data related to bank transactions. In case of performing such operations, the user’s personal data will be processed by the relevant financial institution.
3.3. To effectively fulfill the obligations under the contract between the Company and the Data subject, including legal obligations, the company processes the personal data for the following purposes:
3.3.1. To manage the communication with the Data subject;
3.3.2. To introduce new products and services;
3.3.3. To develop and implement effective marketing activities;
3.3.4. To provide the user with information about the Company’s services and products;
3.3.5. To adapt the Website and its components to the needs of the user;
3.3.6. To protect users and prevent fraudulent activity;
3.3.7. To improve the Company's service quality;
3.3.8. To fulfill the Company’s legal and contractual obligations effectively and properly;
3.3.9. To receive users’ feedback and respond to complaints;
3.3.10. To manage risk of the Company and Users;
3.3.12. 3.3.11. To execute and manage payments of the Data subject;
3.3.13. 3.3.12. To send status messages to the Data subject about his/her purchase on the Website , such as successful completion of the purchase;
3.3.14. 3.3.13. To provide to the competent state bodies in case stipulated by law;
3.3.15. 3.3.14. For other legitimate purposes defined by the Law of Georgia on Personal Data Protection.

4. Rights and obligations of the Data subject

4.1. The Data subject is obliged to provide the company with complete and correct information about them in order to receive a service.
4.2. Data subject, has the right to:
4.2.1. obtain from the Controller confirmation as to whether or not data concerning him/her are being processed according to the request, no later than 10 working days after the request, to receive his personal data stored with the company free of charge;
4.2.2. request information about the source from which the data were collected/obtained;
4.2.3. receive information about the period for which the data will be stored and, if no specific period can be determined, the criteria used to determine such period;
4.2.4. request information about the legal basis and purposes of the data transfer, as well as the appropriate data protection safeguards;
4.2.5. request information about the identity of the recipients or the categories of recipients, including information on the ground for and purpose of the transfer, if the data are transferred to a third party;
4.2.6. In the case of the automated processing of data on the grounds of the Consent of the Data subject and if it is echnically feasible, request the transfer of a copy of his personal data held by the Company;
4.2.7. request the controller to rectify, update and/or complete erroneous, inaccurate and/or incomplete data concerning him/her.
4.2.8. request the controller to terminate the processing of , erase or destroy data concerning him/her.
The Controller shall have the right to refuse the request if:
a) another grounds of processing provided for in the Article 3.3 hereof or in Articles 5 or 6 of the Law of Georgia “On personal data protection” exists;
b) data are processed for the purposes of substantiating a legal claim or a statement of defence;
c) the processing of data is necessary for the exercise of the right of freedom of expression or information;
d) data are processed for archiving purposes in the public interest as provided for by law, for scientific or historical research purposes or statistical purposes, and the exercise of the right to the termination of the processing, erasure or destruction of the data would render impossible or substantially impair the achievement of the purposes of the processing.
4.2.9. request the Controller to block data in such cases:
a) the authenticity or accuracy of the data is contested by the data subject;
b) the processing of the data is unlawful, although the data subject opposes the erasure of the data and requests their blocking;
c) the data are no longer needed for the purposes of the processing, but they are required by the data subject to lodge a complaint/claim;
d) the data subject requests the termination of the processing, erasure or destruction of the data and this request is being considered;
e) there is a need to retain the data for use as evidence.
4.2.10. request to stop sending direct marketing messages and advertisement (if such exists) and withdraw his/her consent to the processing of personal data for direct marketing purposes at any time in accordance with the Article 8 of this Privacy Policy.
4.2.11. withdraw his/her Consent at any time and without explanation without explanation at any time, by sending e-mail to E-commerce@boygars.com. The Company undertakes to stop data processing no later than 10 working days after receiving such notification. If the user denies providing personal data or requests to restrict data processing, it may be delayed or become impossible for the company to fulfill its obligations to the user, including using the account/profile or receiving relevant services.
4.2.12. submit a complaint regarding personal data processing, including to the Personal Data Protection, Service superior administrative body and/or to a court.

5. Minor persons

5.1. The products placed on the Website and the services of the Website are not intended for persons under the age of 18 who have not reached the legal age as defined by law in accordance with the legislation of Georgia.
5.2. The Company intentionally does not store or collect data from persons under the age of 18. The company respects the protection of minors’ personal data.
5.3. The Company is unable to verify the accuracy of the information provided by the user. Just in case any person became aware of the fact of the purchase of goods / services by a minor on the website operated by the company he/she contact us at the following email address: E-commerce@boygars.com / info@boygars.com.

6. Data storage period and Security

6.1. The company provides consistent and high-quality protection and security of the user’s personal data.
6.2. The company is responsible for taking all organizational and technical measures and complying with the requirements imposed by Georgian Law, in order to protect the user’s data from loss, unlawful processing, including destruction, deletion, alteration, disclosure or use of data.
6.3. The user acknowledges that any data transmission over the Internet or a wireless network cannot be absolutely and guaranteed to be secure. The Company uses commercially reasonable security measures to protect personal data and also seeks to partner only with organizations that responsibly recognize the importance of protecting personal data. However, the company cannot guarantee the security of the website or the information transmitted from the website.
6.4. Thу Company involve partners in the processing of personal data who may process personal data to a limited extent on behalf of the Company. The list of the relevant persons is set out in the table below.

Purpose of personal data processing	Third parties involved in the processing of personal data
Sale of goods	Courier services involved in the delivery of goods. Providers of information technology services (technical support, hosting, administration of online store infrastructure).
Loyalty program support	Providers of information technology services (technical support, hosting, administration of online store infrastructure).
Customer claims and return of goods	Courier services involved in the delivery of goods. Financial organizations involved in the transfer of funds to the consumer.
Advertising and marketing activities	Information technology service providers (mailing, sms).
Marketing analytics	Providers of web analytics programs. Providers of information technology services (technical support, hosting, administration of online store infrastructure).

6.5. The Company processes personal data of a particular Personal data subject and stores it in a form that allows to identify the subject as long as it is required to achieve the processing purposes specified in this Policy.
6.6. The Company stops processing personal data processed for the purposes specified in the Policy and irrevocably destroys them in accordance with the procedure and within the timeframes established by the Law. Destruction is carried out if at least one of the following conditions has occurred:
- Data subject have withdrawn his/her consent to the processing of personal data or have requested the termination of the processing of personal data, if the processing was carried out on the basis of such consent.
- The consent to the processing of personal data has expired.
- The purpose of personal data processing has been achieved.
- Illegetimate processing of personal data has been identified.
- The Company has ceased its business activities.
6.8. After the user deletes the account/profile on the website, his depersonalized data will be stored for a period of no more than 3 (three) years in accordance with the purposes provided for in the policy, law and regulatory documents.

7. Methods of obtaining and disclosing personal data with third parties

7.1. The Company receives personal data when the Data subject fills in the registration form, purchases goods on the Website, registers uses the loyality progamm of the Company .
7.2. The Company may disclose the user’s personal data to state bodies or entities, regulatory bodies, or any other person, on the basis of applicable law, regulations, court rulings, official requests, and an instruction issued by a State regulatory body and for the purposes laid down in those documents or on the basis of any similar process conducted based on applicable laws.
7.3. In order to fulfill the contractual obligations with the Data subject, the Company is authorized to transfer personal data related to the customer to the companies. to the partner companies (if any) providing the courier service or to the person providing the courier service
7.4. In case of entrusting the processing of personal data to third parties or transferring personal data to them, such parties shall be obliged to keep your personal data confidential, ensure their protection and security during processing, as well as other obligations stipulated by Law.
7.5. The following types of information about the customer are transmitted to the partner companies (if any) providing the courier service or to the person providing the courier service: address, mobile phone number, name, surname, information about the purchased products. The information provided about the customer will be used only for the purpose of delivering the purchased products.
7.6. Sharing data with the company's partner companies, courier companies, subcontractors may be necessary insofar as it is necessary to fulfil contractual obligations with the customer.
7.7. The Company do not transfer your personal data across borders (i.e., we do not transfer your personal data to foreign countries).

8. Direct marketing

8.1. If the data subject consents, the following types of personal data relating to the data subject may be processed for direct marketing purposes, in particular to receive promotional messages from the company, notifications of planned news/promotions/discounts: name, surname, telephone number and email address.
8.2. Irrespective of the ground for collecting/obtaining data and their accessibility, data may only be processed for direct marketing purposes with the consent of the data subject. The customer has the right to request at any time to stop sending marketing messages (if any) and withdraw his/her consent to the processing of personal data for direct marketing purposes by sending a message to E-commerce@boygars.com . The Company will respect the Data subject wishes and will stop using the customer's personal data for direct marketing purposes within a reasonable period of time, but no later than 7 business days after receiving such notification.
8.3. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.

9. Cookies and similar technologies

9.1. The Website uses “cookies”, “pixels” and similar technologies (collectively, “cookies”). . Cookies are pieces of information (small data files) that are stored directly on the user’s device, and allow recognition of a specific device or browser.
9.2. Company use essential cookies in order to make the Website functional, to monitor its functioning, prevent fraudulent activity, improve security, enable statistics and web analytics, to present content in a relevant format and allow users to use all Website functions, such as shopping carts or saved search, simplify navigation and search. The Website also uses cookies to provide relevant advertising, enable marketing analytics. Such analytics is performed, among other things, using the web analytics program.
9.3. When user visit the Website for the first time, an interactive window - a cookie banner - appears, which means that the Website uses cookies. By checking the checkbox, the user provides a consent to the use of cookies on the terms set out in this Policy.
9.4. User can always opt out of non-essential cookies. To stop receiving cookies, one should refer to the instructions provided by the browser developer or manufacturer of the device. However, disabling some cookies may affect the functionality of the Website and user may experience some inconvenience in using it. Essential cookies cannot be rejected as they are strictly necessary to provide the user with Website services.

10. Changes to the confidentiality policy

10.1. Company reserves the right to amend this privacy policy at any time.
10.2. Any changes to the privacy policy will be immediately notified to the registered user by sending a message to the email and/or posting information on the Website.

11. Terms of Use

11.1. By electronically checking in the checkbox in the registration form the user confirms that she/he simultaneously agrees to this privacy policy, and that the information provided by the user is accurate and provided freely by the user and he has all the rights and permissions requested by the law.
11.2. The legal basis for the processing of personal data by the company is the Law of Georgia On Personal Data Protection and Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS N 108, Strasbourg, 28 January 1981).
12. Contact

12.1. In case of questions and/or requests regarding the processing of personal data, the user can contact the company at the following E-mail: E-commerce@boygars.com; hotline: 032 2 192619.