General provisions
This Privacy Policy sets out how Individual Entrepreneur Nikita Trushkin (the “Controller”, “we”), registered at 3500, Georgia, Ozurgeti Municipality, Gogieti village, 3rd Street, building 11, processes personal data of visitors and clients of lup.ge. We process personal data in accordance with the Georgian Law on Personal Data Protection of 14 June 2023 (effective 1 March 2024), Regulation (EU) 2016/679 (GDPR) where applicable, and other applicable laws. By using the site and/or submitting a form, you confirm that you have read this Policy.
Key definitions
“Personal data” means any information relating to an identified or identifiable natural person (data subject). “Processing” means any operation performed on personal data: collection, recording, structuring, storage, use, transfer, anonymisation, deletion. “Data subject” means the visitor or client whose personal data is processed. “Controller” means the Company, which determines the purposes and means of processing. “Processor” means a third party processing data on behalf of the Controller under a contract.
Categories of data collected
We collect: 1) identity data — name and, where needed, surname; 2) contact data — phone number, email address, messenger IDs (WhatsApp, Telegram); 3) property data — address, area, condition, photos and project wishes you share with us; 4) communication data — content of messages sent via site forms, messengers and email; 5) technical data — IP address, device and browser type, referral source, pages visited, cookie information (see the separate Cookie Policy). We do not collect special categories of personal data (race, ethnicity, political views, religion, health, biometrics).
Purposes and legal bases
We process personal data on the following purposes and legal bases: 1) contact you about your enquiry, prepare an estimate, conclude and perform the renovation contract — performance of a contract or pre-contractual measures (Art. 5(1)(b) of the Georgian Law; Art. 6(1)(b) GDPR); 2) send informational and marketing messages — your consent, which you may withdraw at any time (Art. 5(1)(a); Art. 6(1)(a) GDPR); 3) site analytics, product improvement, anti-fraud and information security — legitimate interest of the Controller (Art. 5(1)(f); Art. 6(1)(f) GDPR); 4) accounting, tax reporting and responding to lawful requests from authorities — compliance with a legal obligation (Art. 5(1)(c); Art. 6(1)(c) GDPR).
Sharing with third parties
We share personal data only to the extent necessary for the stated purposes: 1) IT infrastructure providers (hosting, cloud document storage, CRM); 2) analytics and marketing providers (Google Analytics, Yandex.Metrica, Meta Pixel) — in pseudonymised or anonymised form; 3) communication providers (SMS gateways, email providers, messengers); 4) legal, audit and accounting consultants — under confidentiality agreements; 5) public authorities — where legally required. Each processor is bound by a Data Processing Agreement. We do not sell or rent your personal data.
International data transfers
Some of our technology partners (Google LLC, Meta Platforms, Cloudflare Inc., among others) are located outside Georgia, including in the United States and the European Union. Cross-border transfers rely on safeguards provided by Georgian law and Articles 45–49 GDPR: adequacy decisions, European Commission Standard Contractual Clauses (SCC 2021/914) and/or additional technical and organisational measures. Upon a written request to info@lup.ge we can provide copies of the safeguards relevant to the processing of your data.
Retention periods
We retain personal data no longer than necessary: 1) enquiry and correspondence data — up to 3 years after the last interaction; 2) contracts and accounting records — for the period prescribed by Georgian tax and accounting law (generally 6 years from the end of the reporting period); 3) marketing consent records — until consent is withdrawn or after 3 years of inactivity; 4) technical logs and analytics data — up to 14 months; 5) cookies — as per the Cookie Policy. After expiry, data is irreversibly deleted or anonymised.
Rights of the data subject
You have the following rights under applicable law: 1) access to your personal data and a copy thereof; 2) rectification of inaccurate or incomplete data; 3) erasure (“right to be forgotten”); 4) restriction of processing; 5) objection to processing, including for direct marketing; 6) data portability in a structured, machine-readable format; 7) withdrawal of consent at any time without affecting the lawfulness of processing prior to withdrawal; 8) lodging a complaint with the Personal Data Protection Service of Georgia (personaldata.ge) or another competent supervisory authority. To exercise any right, write to info@lup.ge. We respond within 30 calendar days; the period may be extended by up to 30 additional days for complex requests, with appropriate notice.
Security measures
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure: TLS 1.2+ transport encryption, role-based access control, data minimisation, staff non-disclosure obligations, regular backups, software updates and security audits. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where the risk is high, notify you directly as required by applicable law.
Updates and contact
We may update this Policy to reflect changes in our activity, technology or applicable law. The current version is always available at /privacy with the date of the latest update. We will additionally notify material changes through the site or another agreed channel. Contact for data protection matters: Individual Entrepreneur Nikita Trushkin, 6000, Georgia, Batumi, Aghmashenebeli St., 2; email: info@lup.ge; phone: +995 511 123 057.