Personal data protection policy of "Aisitec" LLC
 

By using the service of "Aisitec" LLC (SC 405155807) (hereinafter - Aisitec), you agree to this personal data protection policy. Consent can be expressed by ticking the appropriate button of the policy document, which will be considered as an electronic signature defined by the law of Georgia "On Electronic Document and Electronic Trust Services". It is also possible to sign the policy document physically and/or with a qualified electronic signature/stamp. 

 

It is especially important for Aisitek to protect personal data in accordance with the standard established in Georgia, as well as taking into account the best practices tested in the world. For this purpose, the data processing infrastructure of Aisitek is located in a member state of the European Union, which, according to the order N1 of September 16, 2014, of the Personal Data Protection Inspector (currently - the State Inspector) on the approval of the list of countries with adequate guarantees of personal data protection, adequate guarantees of personal data protection are provided. 

 

By agreeing to this policy document, the user agrees to The data placement company on the Amazon cloud platform (AWS), which is located in the city of Dublin (Ireland). 

​

1 Definition of terms:
1.1 The terms used in this document have the following meanings:
1.2 Service -  A product (program/application, etc.) created by Aisitek and used by the user;
1.3 Personal data - any information related to an identified or identifiable person;
1.4 Data subject - a person whose personal data is processed
1.5 User - PiRi, who uses the Aisitec service;
1.6 Data processor - a person who determines the purposes and means of personal data processing and processes them directly or through an authorized person;
1.7 Authorized person - a person who processes data for or on behalf of the data processor;
1.8 AWS – the company  Amazon's cloud platform (Amazon Web Services), on which the services provided to the user are based;
1.9 AWS service terms - an agreement signed with an AWS customer, standard terms and conditions of service (given at the following linkhttps://aws.amazon.com/service-terms/ );
1.11 AWS GDPR DATA PROCESSING ADDENDUM – part of the agreement signed with AWS customers regarding the processing of personal data (given at the following linkhttps://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf) 
1.12 Law - "On Personal Data Protection" Law of Georgia;
1.13 Third party - any person other than Aisitek (or an authorized employee of Aisitek) and the user (or an authorized person of the user). 
 

2 Aisitec as data processor

2.1 In order to use the Aisitec service, it is necessary to process the user's personal data.     

2.2  Data processed by Aisitech (Aisitech - data processor) for using the service:

2.2.1 name, surname, personal number, e-mail, username, and password of a natural person. Also, additional authentication factors (SMS codes, one-time codes, cryptographic keys, etc.) are used by the user. The user's password is stored in the system in an encrypted form using a one-way encryption function;

2.2.2 Financial information (account; payments).

2.3 Purposes of data processing:

2.3.1 Provision of use of Aisitec service for the user. If necessary, providing technical assistance during the use of the service (password, username recovery, or others); 
2.3.2 communication with the customer;

2.3.3 fulfillment of existing obligations by the user towards Aisitek; 

2.3.4 fulfillment of tax obligations of Aisitech. 

2.4 Data will be processed only for the period necessary for the above purposes. In the event that the user no longer uses Aisitek's service, Aisitek reserves the right to store the data subject's personal data for a period of 3 years in order to fulfill the obligation imposed by law. In the event of a legal dispute between the parties, the data storage period may be extended by a period deemed reasonable by Aisitek. 

2.5 Data may be processed for marketing purposes only with the consent of the data subject. The said purpose involves receiving messages of a commercial nature from Aisitek or a third party. For this purpose, consent to data processing for marketing purposes can be expressed by ticking the appropriate button or in writing. 

​

3 Aisitek as an authorized person

3.1 When the services to be provided include software or data storage on the server, the user is responsible for the processing of personal data in the Aisitec software (or server). The user determines the amount of personal data, and the purposes and means of processing, therefore the data processor is the user.

3.2 The user is responsible for the legality of data processing,  Therefore, the user must process data in the presence of relevant legal grounds and, if necessary, obtain the consent of the data subject for data processing. The user is obliged, if necessary, to introduce this policy document to the persons whose data he processes. The obligation to respond to the data subject's claims/questions rests with the user. 

3.3 Aisitech provides technical support for the program, therefore it does not have an independent purpose of data processing. 

3.4 Access to the program is provided by Aisitec-authorized employees who have the necessary authorization for technical support. Aisitek ensures the separation of each such employee from each other and the security of their access. 

 

4 Protection of data subject rights

4.1 Aisitech, as a data processor, ensures the protection of the data subject's rights provided for by the legislation of Georgia. 

4.2 The data subject has the right to request the following types of information:

4.2.1   which data are processed about him;

4.2.2  purpose of data processing;

4.2.3  Legal basis for data processing;

4.2.4 how the data was collected;

4.2.5 To whom the data about him was given, the basis and purpose of giving the data.

4.3 The data subject has the right to request correction, update, addition, blocking, deletion, and destruction of personal data in accordance with the law. 

4.4. If the user is a data processor, he must ensure the realization of the rights of the data subject. 

5 Data security

5.1 The Aisitec service is hosted on AWS, subject to the AWS standard terms and conditions of use (given at the following link:https://aws.amazon.com/service-terms/). In addition, the AWS GDPR DATA PROCESSING ADDENDUM applies to personal data protection.  

5.2 AWS has an information security program that protects data from accidental or illegal disclosure and loss, as well as illegal access. 

5.3 For its part, Aisitech provides the following data security measures:

5.3.1 possibility of data backup;

5.3.2 electronic recording (logging) of actions performed on data;

5.3.3 protection against unlawful disclosure of data - unless the latter falls within the scope of AWS's obligations.      

 

6 Responsibilities of the parties 

6.1 Aisitech is not responsible for the fulfillment of the obligations that the Amazon company has taken under the AWS GDPR DATA PROCESSING ADDENDUM or other documents related to the use of the AWS service. 

6.2 Aisitech is responsible for the technical functioning of the service (program) or the fulfillment of other obligations arising from this policy document or other documents signed by the user. 

6.3 The user is responsible for fulfilling his obligations, which are defined by this policy document or other agreements signed with Aisitec.
 

7 Transfer of data to third parties

In case of transfer of data to third parties:

7.1 If Aisitech is a data processor, it will consider the request and decide the issue of data disclosure in accordance with the legislation of Georgia;

7.2 If Aisitech is an authorized person, it forwards the request to the user and informs the initiator of the request about the forwarding fact.

 

8 Term of validity of the policy

This policy is valid for the period of use of the Aisitec service by the user unless otherwise determined by this policy document or other agreement signed with the user