Personal Data Processing Policy
- JSC “Insurance Company Unison” (hereinafter “Unison” / “Insurer”)
– I /C 404393152
- Address: st. Tbilisi D. Gamrekeli Street 19
- Email: firstname.lastname@example.org
– Tel: 2 991 991
Personal Data – Any information relating to an identified or identifiable individual. A person is identifiable when it is possible to identify him or her directly or indirectly, in particular by an identification number or by a person with characteristic physical, physiological, psychological, economic, cultural or social characteristics.
Data Processing – Any action taken against data using automatic, semi-automatic or non-automatic means, in particular, collecting, recording, photographing, audio- recording, videotaping, organizing, storing, modifying, recovering, retrieving, using or disclosing data for transmission, distribution or otherwise By becoming, grouping or combining, blocking, deleting or destroying;
The processing of personal data ensures the protection of human rights and freedoms, including the inviolability of personal life, in accordance with the Law of Georgia on Personal Data.
Scope / Data Subject
This document applies to all individuals (including insurer users, contractors and employees) about whom the Company processes personal data.
The following principles are observed when processing data:
- data processing is carried out fairly and lawfully, without prejudice to the dignity of the data subject;
- Data processing is carried out only for specific, clearly defined, legal purposes. No further processing of the data for other purposes incompatible with the original purpose is permitted;
- data processing is carried out only to the extent necessary to achieve the relevant lawful purpose. The data must be adequate and proportionate to the purpose for which they are being processed;
- data collected without a legal basis and inconsistent with the purpose of processing are destroyed;
- Data storage is carried out only for the period necessary to achieve the purpose of data processing.
Data processing is allowed if:
- there is the consent of the data subject;
- data processing is provided by law;
- data processing is required for the data processor to perform the duties assigned to it by law;
- data processing is necessary to protect the vital interests of the data subject;
- data processing is necessary to protect the legitimate interests of the data processor or a third party, unless there is an overriding interest in protecting the rights and freedoms of the data subject;
- according to the law, the data are publicly available or made available by the data subject;
- data processing is necessary to protect a significant public interest in accordance with the law;
- Data processing is necessary to review the application of the data subject (to provide services to him).
Processing of data for direct marketing purposes
- Any data may be processed for the purposes of direct marketing on the basis of a written consent issued by the data subject in accordance with the rules established by this Law.
- Data processing within the scope of authority granted by a data subject is carried out for various marketing purposes, including the implementation of relevant offers through various means of communication;
- The data subject has the right to request the data processor to terminate the use of data about him for the purposes of direct marketing at any time.
- The data processor is obliged to stop the processing of data for the purposes of direct marketing and / or to ensure the termination of the processing of data by the authorized person for the purposes of direct marketing no later than 10 working days after receiving the request of the data subject.
Audio / video monitoring
For security and property protection, as well as service control, video surveillance is carried out on the outer perimeter of the company, at the entrance, in the lobby and in
the corridor, in addition to which warning signs are placed in a visible place in the company. Video surveillance is carried out for the safety and protection of both consumers and employees (timely prevention in case of misunderstanding, protection of personal and service property from theft, robbery, etc.). Complying with the requirements provided by law.
Transfer and extraction of personal data to third parties is carried out in accordance with the Law of Georgia on Personal Data Protection.
The data subject is authorized to:
- The data subject has the right to request information from the data processor about the data processing. The data processor must provide the following information to the data subject:
- which data about it are processed;
- the purpose of data processing;
- legal basis for data processing;
- how the data was collected;
- to whom the data about him were issued, the basis and purpose of issuing the data.
- The data subject shall be provided with the information referred to in paragraph 1 of this Article immediately upon request, immediately, or no later than 10 days after the request, if the request for information is answered:
- searching for and processing information in another institution or structural unit or consulting with it;
- finding and processing significant volumes of unrelated documents;
- consultation with its structural subdivision or other public institution located in another settlement.
- The form of information delivery is chosen by the data subject.
- The privacy of personal data is strictly protected in the company. Accordingly, all technical measures are observed in the organization, which ensures the protection of data in the company from any form of disclosure, loss, destruction, illegal penetration or other form of illegal use.
- Personal data processing is accessible only to those employees of the organization who need it in order to perform their duties.