PRIVACY POLICY Website partszone.ge — Auto Parts Sales
Effective Date: [07/02/2026]
Last Updated: [07/02/2026]
1. GENERAL PROVISIONS
1.1. Personal Data Operator This Privacy Policy (hereinafter referred to as the "Policy") is developed in accordance with the Law of Georgia "On Personal Data Protection" No. 3144-XIM-XMP dated June 14, 2023, and defines the procedure for processing personal data of users of the website partszone.ge (hereinafter referred to as the "Website"). Personal Data Operator (Dammutsavlebeli Piri): Geoautotec LTD Identification Number: [405589885] Legal Address: Tbilisi, Didi Digomi, Giorgi Tereverko str. 19, Phone: 568 999909 Email: info@partszone.ge
1.2. Definitions In accordance with Article 3 of the Law of Georgia "On Personal Data Protection": Personal Data — any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, in particular by name, surname, identification number, location data, electronic communication identifiers, physical, physiological, mental, psychological, genetic, economic, cultural, or social characteristics. Processing of Personal Data — any operation performed on personal data, including collection, recording, storage, alteration, use, transfer, deletion, or destruction.
2. PRINCIPLES OF PERSONAL DATA PROCESSING In accordance with Article 5 of the Law of Georgia "On Personal Data Protection," we process personal data based on the following principles:
2.1. Lawfulness and Fairness (kanonmiuri da spravedlioba) Personal data processing is carried out on lawful grounds and in a fair manner, respecting the rights and freedoms of the data subject.
2.2. Purpose Principle Personal data is collected for specific, clearly defined, and lawful purposes and is not further processed in a manner incompatible with those purposes.
2.3. Minimization Principle The personal data processed must be adequate, relevant, and not exceed what is necessary for the purposes of processing.
2.4. Accuracy Principle Personal data must be accurate and, where necessary, kept up to date. All reasonable measures are taken to delete or correct inaccurate data.
2.5. Storage Limitation Principle Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of processing.
2.6. Integrity and Confidentiality Principle Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3. CATEGORIES OF PERSONAL DATA WE PROCESS
3.1. Basic Personal Data We process the following categories of personal data:
Table
Copy Category Examples of Data Purpose of Processing Identification Data First name, last name, patronymic (if applicable) Customer identification, order processing Contact Data Phone number, email address Communication with customer, order confirmation, delivery Address Data Residential/delivery address, city, postal code Product delivery, invoicing Vehicle Data Make, model, year of manufacture, VIN code, license plate Selection of compatible parts, warranty service Device Data IP address, browser type, operating system, cookies Security assurance, website improvement Financial Data Bank card data (processed by payment systems) Payment processing 3.2. Special Category Data (gavsazgvriebuli kategoriebis monatsemebi) In accordance with Article 3 of the Law, we do NOT process special category data, including:
4.2. Performance of a Contract Processing is necessary for the performance of a contract for the sale of auto parts, delivery of goods, and provision of related services.
4.3. Legitimate Interests of the Operator Processing for security purposes, fraud prevention, service quality improvement, and protection of the operator's rights.
4.4. Compliance with Legal Obligations Processing to comply with tax legislation, accounting legislation, and other regulatory requirements.
Copy Data Category Retention Period Basis Order Data 6 years Requirements of the Tax Code of Georgia Account Data Until account deletion + 1 year Legal interests Cookies and Technical Data Up to 2 years User consent Marketing Data Until consent withdrawal User consent Warranty Case Data Warranty period + 2 years Contractual obligations fulfillment After the specified periods expire, personal data is subject to deletion or anonymization.
7.2. Transfer to Third Parties (metsnierebs) We transfer personal data to the following categories of recipients:
Table
Copy Recipient Category Purpose of Transfer Legal Basis Courier services and transport companies Order delivery Contract performance Payment systems and banks Payment processing Contract performance Suppliers and manufacturers Warranty service, returns Contract performance IT services and hosting providers Website operation Legitimate interests Accounting and audit companies Record keeping Compliance with legal obligations Government authorities Upon request by authorized bodies Legal requirement 7.3. International Data Transfer (satsareleo gadatsveta) If necessary to transfer personal data outside Georgia (e.g., when using cloud services), we ensure:
8.3. Right to Erasure ("Right to be Forgotten") You have the right to request deletion of your personal data if:
8.6. Right to Data Portability You have the right to receive your data in a structured, commonly used, and machine-readable format, as well as to transfer it to another operator.
8.7. Right to Withdraw Consent You have the right to withdraw consent to personal data processing at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
8.8. Right to Lodge a Complaint You have the right to lodge a complaint with the Personal Data Protection Service of Georgia (sakartvelos personalur monatsmelta datsvis samsakhuri) if you believe your rights have been violated. Service Contacts: Website: www.personaldata.gov.ge
Procedure:
11.2. Types of Cookies We Use
Table
Copy Type Purpose Retention Period Necessary Ensuring basic functionality (cart, authorization) Up to 1 year Functional Remembering preferences (language, region) Up to 1 year Analytical Collecting visit statistics (Google Analytics) Up to 2 years Marketing Ad personalization Up to 1 year 11.3. Cookie Management You can manage cookies through your browser settings. Disabling necessary cookies may affect Website functionality.
When first visiting the Website, you see a banner requesting consent to use cookies (except necessary ones).
12.2. Opt-out You can opt out of receiving marketing messages at any time:
Effective Date: [07/02/2026]
Last Updated: [07/02/2026]
1. GENERAL PROVISIONS
1.1. Personal Data Operator This Privacy Policy (hereinafter referred to as the "Policy") is developed in accordance with the Law of Georgia "On Personal Data Protection" No. 3144-XIM-XMP dated June 14, 2023, and defines the procedure for processing personal data of users of the website partszone.ge (hereinafter referred to as the "Website"). Personal Data Operator (Dammutsavlebeli Piri): Geoautotec LTD Identification Number: [405589885] Legal Address: Tbilisi, Didi Digomi, Giorgi Tereverko str. 19, Phone: 568 999909 Email: info@partszone.ge
1.2. Definitions In accordance with Article 3 of the Law of Georgia "On Personal Data Protection": Personal Data — any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, in particular by name, surname, identification number, location data, electronic communication identifiers, physical, physiological, mental, psychological, genetic, economic, cultural, or social characteristics. Processing of Personal Data — any operation performed on personal data, including collection, recording, storage, alteration, use, transfer, deletion, or destruction.
2. PRINCIPLES OF PERSONAL DATA PROCESSING In accordance with Article 5 of the Law of Georgia "On Personal Data Protection," we process personal data based on the following principles:
2.1. Lawfulness and Fairness (kanonmiuri da spravedlioba) Personal data processing is carried out on lawful grounds and in a fair manner, respecting the rights and freedoms of the data subject.
2.2. Purpose Principle Personal data is collected for specific, clearly defined, and lawful purposes and is not further processed in a manner incompatible with those purposes.
2.3. Minimization Principle The personal data processed must be adequate, relevant, and not exceed what is necessary for the purposes of processing.
2.4. Accuracy Principle Personal data must be accurate and, where necessary, kept up to date. All reasonable measures are taken to delete or correct inaccurate data.
2.5. Storage Limitation Principle Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of processing.
2.6. Integrity and Confidentiality Principle Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3. CATEGORIES OF PERSONAL DATA WE PROCESS
3.1. Basic Personal Data We process the following categories of personal data:
Table
Copy Category Examples of Data Purpose of Processing Identification Data First name, last name, patronymic (if applicable) Customer identification, order processing Contact Data Phone number, email address Communication with customer, order confirmation, delivery Address Data Residential/delivery address, city, postal code Product delivery, invoicing Vehicle Data Make, model, year of manufacture, VIN code, license plate Selection of compatible parts, warranty service Device Data IP address, browser type, operating system, cookies Security assurance, website improvement Financial Data Bank card data (processed by payment systems) Payment processing 3.2. Special Category Data (gavsazgvriebuli kategoriebis monatsemebi) In accordance with Article 3 of the Law, we do NOT process special category data, including:
- Racial or ethnic origin
- Political opinions
- Religious, philosophical, or other beliefs
- Trade union membership
- Health data
- Biometric and genetic data
- Criminal conviction data
- LEGAL BASIS FOR PROCESSING In accordance with Article 6 of the Law of Georgia "On Personal Data Protection," we process personal data on the following legal grounds:
4.2. Performance of a Contract Processing is necessary for the performance of a contract for the sale of auto parts, delivery of goods, and provision of related services.
4.3. Legitimate Interests of the Operator Processing for security purposes, fraud prevention, service quality improvement, and protection of the operator's rights.
4.4. Compliance with Legal Obligations Processing to comply with tax legislation, accounting legislation, and other regulatory requirements.
- PURPOSES OF PERSONAL DATA PROCESSING We process personal data for the following purposes:
- Order Processing and Fulfillment — processing orders for auto parts, selection of compatible parts, organization of delivery.
- Customer Communication — informing about order status, confirming delivery, processing inquiries and complaints.
- Accounting and Reporting — maintaining accounting and tax records in accordance with the legislation of Georgia.
- Warranty Service — processing warranty cases, returns, and exchanges.
- Direct Marketing — sending information about new arrivals, promotions, and special offers (only with separate consent).
- Personalization — adapting offers to your needs based on purchase history.
- Analytics and Service Improvement — analyzing user behavior to improve Website performance.
- RETENTION PERIODS FOR PERSONAL DATA In accordance with Article 8 of the Law and the storage limitation principle:
Copy Data Category Retention Period Basis Order Data 6 years Requirements of the Tax Code of Georgia Account Data Until account deletion + 1 year Legal interests Cookies and Technical Data Up to 2 years User consent Marketing Data Until consent withdrawal User consent Warranty Case Data Warranty period + 2 years Contractual obligations fulfillment After the specified periods expire, personal data is subject to deletion or anonymization.
- TRANSFER OF PERSONAL DATA TO THIRD PARTIES
7.2. Transfer to Third Parties (metsnierebs) We transfer personal data to the following categories of recipients:
Table
Copy Recipient Category Purpose of Transfer Legal Basis Courier services and transport companies Order delivery Contract performance Payment systems and banks Payment processing Contract performance Suppliers and manufacturers Warranty service, returns Contract performance IT services and hosting providers Website operation Legitimate interests Accounting and audit companies Record keeping Compliance with legal obligations Government authorities Upon request by authorized bodies Legal requirement 7.3. International Data Transfer (satsareleo gadatsveta) If necessary to transfer personal data outside Georgia (e.g., when using cloud services), we ensure:
- Adequate level of protection in the destination country
- Use of standard contractual clauses approved by the authorized body of Georgia
- Obtaining explicit consent from the data subject
- RIGHTS OF DATA SUBJECTS In accordance with Chapter III of the Law of Georgia "On Personal Data Protection," you have the following rights:
- Purposes of processing
- Categories of processed data
- Recipients or categories of recipients
- Data retention periods
- Source of data acquisition
8.3. Right to Erasure ("Right to be Forgotten") You have the right to request deletion of your personal data if:
- The data is no longer necessary for the purposes of processing
- You have withdrawn consent and there is no other legal basis
- The data was processed unlawfully
- The data must be deleted to comply with a legal obligation
- Compliance with legal obligations for record keeping
- Establishing, exercising, or defending legal claims
- Protecting the rights and freedoms of other persons
- Contesting the accuracy of data (for the verification period)
- Unlawful processing, but you object to deletion
- The operator no longer needs the data, but you need it for establishing claims
- You have objected to processing (for the verification period)
8.6. Right to Data Portability You have the right to receive your data in a structured, commonly used, and machine-readable format, as well as to transfer it to another operator.
8.7. Right to Withdraw Consent You have the right to withdraw consent to personal data processing at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
8.8. Right to Lodge a Complaint You have the right to lodge a complaint with the Personal Data Protection Service of Georgia (sakartvelos personalur monatsmelta datsvis samsakhuri) if you believe your rights have been violated. Service Contacts: Website: www.personaldata.gov.ge
- HOW TO EXERCISE YOUR RIGHTS To exercise your rights, please contact us:
Procedure:
- Submit a written request (in electronic or paper form)
- Provide your identification data for verification
- Describe which right you wish to exercise
- We will respond within 30 calendar days from receipt of the request
- In case of complex requests, the period may be extended to 60 days with notification to you
- SECURITY OF PERSONAL DATA
- Data encryption during transmission (SSL/TLS)
- Data encryption during storage
- Regular software updates
- Protection against unauthorized access (firewalls, antivirus)
- Data backup
- Security system monitoring
- Appointed Data Protection Officer (personalur monatsmelta datsvis ofitseri)
- Approved rules for access to personal data
- Employee training conducted
- Confidentiality agreements signed with employees and partners
- Immediately notify the Personal Data Protection Service of Georgia (within 72 hours)
- In case of high risk — notify data subjects directly
- Take measures to eliminate consequences and prevent recurrence
- USE OF COOKIES AND SIMILAR TECHNOLOGIES
11.2. Types of Cookies We Use
Table
Copy Type Purpose Retention Period Necessary Ensuring basic functionality (cart, authorization) Up to 1 year Functional Remembering preferences (language, region) Up to 1 year Analytical Collecting visit statistics (Google Analytics) Up to 2 years Marketing Ad personalization Up to 1 year 11.3. Cookie Management You can manage cookies through your browser settings. Disabling necessary cookies may affect Website functionality.
When first visiting the Website, you see a banner requesting consent to use cookies (except necessary ones).
- DIRECT MARKETING
12.2. Opt-out You can opt out of receiving marketing messages at any time:
- By clicking the "Unsubscribe" link in the email
- In your personal account on the Website
- By contacting us using the contacts specified in Section 9
- LINKS TO THIRD-PARTY RESOURCES The Website may contain links to third-party websites. We are not responsible for the privacy policies and practices of these sites. We recommend that you review their privacy policies.
- CHILDREN Our services are intended for persons over 18 years of age. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us to have it deleted.
- CHANGES TO THE PRIVACY POLICY We reserve the right to make changes to this Policy. In case of significant changes, we will:
- Post the updated version on the Website
- Notify you by email (if you are registered)
- Indicate the date of last update at the beginning of the document
- CONTACT INFORMATION For all questions related to personal data processing, please contact:
- APPLICABLE LEGISLATION This Policy is developed in accordance with:
- Law of Georgia "On Personal Data Protection" No. 3144-XIM-XMP dated June 14, 2023
- Tax Code of Georgia
- Civil Code of Georgia
- Law of Georgia "On Consumer Rights Protection"
- Regulation (EU) 2016/679 (GDPR) — to ensure compliance with European standards when processing data of EU residents