DATA PROTECTION NOTICE
Who we are?
JSC Galt and Taggart is a brokerage company registered under the laws of Georgia (hereinafter referred to as the „Company“ or „we“ or „our“).
Our identification code: 211359206
Our address: 3 Pushkin Street, Tbilisi, Georgia
Webpage: https://galtandtaggart.com/en
Introduction
As a leading financial institution, thorough and high-quality protection and security of our customers’ (your) personal data is crucial to us.
With this document, we wish to share with you the grounds and purposes of collection and processing of your personal data as well as legal and technical measures for the protection of personal data. Additionally, this document provides you with the information regarding your rights and remedies available to you.
For whom is this document intended?
The document is intended for:
- Clients of the Company (including, potential, existing or/and former client);
- Legal representatives or contact persons of the clients;
- Any person, who reaches out to us and expresses the interest with respect to our products or Services;
- Any other person with whom the Company has no direct contact but the processing of data is essential to conduct the brokerage activities or improve our products.
How do we collect data?
For us, the source of obtaining your data is the following:
- Your request to receive services and products (including, telephone communication, electronic request or/and visit to the office);
- Use of our Services/products by you;
- Use of our remote/digital channels by you;
- Use of our official webpage and its functionalities by you (such as, chat);
- We also receive information regarding you from public sources and third persons if the relevant legal grounds exist and in case of necessity, based on our consent (such as, our Group Companies and others).
What type of data do we process?
When providing brokerage services, considering the nature of the relationship with the client, the data processed by us may include categories of data identified below considering the proportionality of the goals of data processing:
Identification data
Name, last name, date of birth, personal number, data of the document confirming identity or/and citizenship, sex, citizenship, place of birth, address (registration address and actual address), nationality, photo, signature specimen and others;
Documentary data
Identity card, passport, driver’s license, birth certificate, certificate of the compatriot residing abroad, residence permit, permanent identification card, extract from the Registry of Entrepreneurs and Non-Entrepreneurial Entities, number of neutral certificate or neutral travel document, identification number of the taxpayer, document confirming representative authorities and others;
Contact information
Address (legal address and actual address), e-mail, telephone number, and others;
Social and demographic data
Information regarding job / occupation, citizenship, education and other information regarding social status and income and others;
Marital status and data about family members
Marriage certificate, identification and documentary data related to family members, information regarding family members, contact persons, information regarding deceased person and death certificate and others;
Financial data
Data regarding economic and financial position, transactions and data related to accounts, credit history and creditworthiness, information about arrears, financial products, income, property, Payments or/and transactions (including, where and when a specific transaction was conducted);
Contractual data
Information regarding services and products provided by the Company;
Special category data
Data connected to state of health, administrative detention, criminal conviction and arraignment. Further, biometric data and others;
Data about technological devices
IP address, cookies, IMEI Code, application logs, patterns, information regarding location and others;
Records Audio and video recordings;
Data obtained through communication Data that has been collected through email, phone, chat, social media and other communication means;
Public data
Information collected from public sources.
Data created by the Company
The data created as a result of data analysis of client data by the Company (such as, client patterns, preferences, risk rating and others);
Data which the Company processes under the applicable legislation
Data that should be processed under the applicable legislation (such as, data that is being processed due to identification and verification requirements of KYC and AML) and others.
Cookies
When you are using our webpage, we are always trying to improve the quality of our services, your experience and increase your security. Accordingly, when you use our webpage and other remote platforms, we collect the data, the so-called cookies about you. Cookies are used to personalize and improve your experience and increase your Security while using our webpage and other remote platforms. Specifically, cookies are used for the purposes of simplifying navigation, offering information in the desired format, improving search tools, ensuring safe authorization of the user, marketing, optimizing webpage and improving adaptation of the user.
Through cookies, we determine the version of the operative system, model of the device and other unique identification details of the device, time spent on the webpage, information regarding accessed pages, online navigation history, browser data, information regarding the activities that have been carried out through our webpage, the location of Access and language used by you. Through this, we try to understand how you are using our webpage.
When visiting our webpage and remote platforms, you are given option to refuse / accept use of cookies by us or/and manage purpose of use of cookies by us (for instance, you may refuse to allow use of cookies for analytical or/and marketing purposes).
We process information only for lawful purposes and to the extent necessary. The Company may process data for various purposes, including:
- To provide brokerage services (including, brokerage operations);
- To offer (changes to the terms and conditions, offering of new or additional product) and improve brokerage services, which includes transaction history analysis, statistical data analysis, analysis of payments / transfers and others;
- As prescribed by the relevant legislation and governing rules and for the purposes of granting access to the relevant supervisory entity and audit companies;
- To prepare various reports, studies or/and statements;
- To ensure data security;
- To comply with our legal obligations, including but not limited to the prevention, detection and prevention of fraud, money laundering or other crime;
- To protect the security and property of the Company and other persons;
- To send / deliver respective correspondence / notification to the client;
- To ensure that the Company fully and duly complies with its contractual obligations or/and to monitor compliance with the relevant obligations by the client;
- For marketing purposes, which means periodic offering of various products / services by the Company based on the consent of the data subject, development / implementation of the marketing activities;
- To protect legitimate interests or/and legal rights of the Company.
Grounds of personal data processing
The grounds of processing of your personal data by us are the following:
- Your voluntary consent on processing of data;
- Obligations as set out in the legislation;
- Necessity to process data to conclude agreement with you or perform agreement concluded with you;
- Necessity to process data to provide services to you / review your request;
- Necessity to process information to protect the legal interests of the Company and third parties;
- Public Access to the data;
- Video monitoring systems are used to prevent and detect crime, to protect individual persons and property as well as safeguard confidential information.
- Special category data is processed only on the basis of your written consent. In case of biometric data, such data is processed if this is necessary to conduct specific activity, protect the individual persons and property and ensure prevention of the disclosure of confidential information.
When we share your data with third parties
In order to comply with the obligations set out in the relevant legislation or the agreement, in case the necessary grounds for data processing exist, we may share your data with the following:
- Your representative / legal representative;
- Parties to the transaction;
- Entities determined by the legislation;
- Insurance Companies;
- Service providers – including but not Limited to the external auditors of the Company, consultants, advisors, courier or/and research organizations, IT Service providers (such as, cloud infrastructure services) or/and any other persons having the similar functions.
- Our Group Companies;
- Upon your consent, to other third persons.
We may transfer your data to another state if there are grounds as set out in the Law of Georgia on Personal Data Protection and the appropriate data protection guarantees are provided by the respective state.
If we transfer your data to another state, which does not provide appropriate data protection guarantees, the Company will ensure to conclude the agreement on transfer of personal data, which ensures appropriate safeguards for the client data as required under the relevant legislation.
For the purposes of proper protection of your data, prior to transfer of such personal data to third parties, we inspect whether the appropriate organizational and technical measures are in place by such third parties.
You have a right to:
- Receive information regarding data processed about you, including which personal data are being processed, what is the purpose of data processing and what are the legal grounds of data processing, the ways in which the data were collected and to whom the personal data were disclosed;
- Review your personal data kept by the Company and obtain copies of the documents/records including your personal data as set out in the Georgian law and upon payment of the fees determined by the Company;
- Request correction, update or/and addition of the data that is incomplete, inaccurate or not updated.
- Request termination of data processing, deletion or destruction, if:
- We are requesting consent, which is the sole basis for processing of personal data;
- The processing of data is no longer necessary for the purpose of which it was processed;
- The data is processed illegally.
- Request blocking of personal data, if:
- Validity or accuracy of the personal data is disputed;
- The data is processed illegally but you do not wish to delete the data and request the blocking of the personal data;
- The processing of data is no longer necessary to achieve the purpose of processing but you require such data for legal proceedings;
- The request on termination of data processing, deletion or destruction is being reviewed;
- There is a need to retain personal data for the purpose of using such data as evidence.
- Withdraw/refuse the consent issued by you with respect to data processing at any time and request deletion of the information processed on this basis. We will terminate data processing and delete data that has been processed if there are no other grounds of data processing as set out in the legislation;
- If the data is processed on the basis of your consent and this is technically possible, request porting of personal data provided by you to the Company which means obtaining such data in structured, usable and electronic format or transfer to another data processor;
- If decision is made with respect to you through the means of automated data processing, which creates legal, financial or other substantial consequences for you, request inclusion of human resources in the decision making process except when the data is being processed through automated means on the basis of your consent, this is necessary for conclusion / performance of the agreement or such processing is determined by the legislation;
- In case of breach of your rights, submit request to the personal data protection officer of the Company, the Personal Data Protection Services and/or the court;
Restriction of your rights
Your rights may be restricted if exercise of your rights jeopardizes the following:
- The interests of national security, informational security and cybersecurity or/and self-defense;
- Public safety interests;
- Prevention of crime, investigation of crime, criminal proceeding and exercise of justice;
- Essential financial or economic interests of the country (including, monetary, treasury and tax), interests related public health and social issues;
- Detection of violation of professional ethical rules, including in the regulated profession and imposition of liability on such persons;
- Your / other persons’ rights and freedoms;
- Protection of state, commercial and other secrets as determined under the applicable legislation;
- Substantiation of legal claim or defense.
The Company uses the authority to restrict the rights only as required for the purposes of the restriction and in proportion to such purpose.
Security of personal data
Personal Information will only be retained for the period of time required to fulfill the purpose for which we collected it or as may be required by law. We ensure physical, technical and organizational guarantees to protect your data. We protect the security of our electronic equipment, files and premises. We also have physical, electronic and procedural control mechanisms in place to protect your data from unauthorized access, use, transfer, loss or destruction.
Our employees protect confidentiality of the data, security policies and procedures as set out in the relevant legislation and internal organizational documents.
Data retention period
We retain your data
- In accordance with the retention period as set out in the Georgian legislation;
- As necessary to achieve the purpose of data processing for provision of the services or/and as set out in the relevant agreement.
Your obligations
In order to provide services to you, we should have complete and accurate information about you. Accordingly, in case of change of your contact or other information, please inform us accordingly.
In case you wish to receive information regarding your data or conduct any additional actions, please send your inquiries to the email set out below or through our webpage or visit our office. Your request will be reviewed and we will respond within the time limit prescribed by law.
Contact Information
With respect to any issues concerning the protection of personal data, you may reach out to the Company on the following email: info@gt.ge
Amendments
We may, from time to time, make amendments to this document. Updated document will be published on our webpage with the indication of the recent amendment date.