Privacy Policy for the “Spring Conference 2025”
Information is hereby provided on the processing of personal data carried out by the Personal Data Protection Service (hereinafter – the Organizer) for the purpose of organization and proceeding of the “Spring Conference 2025” (hereinafter – event).
1. Identity and contact details of the controller
Name: Personal Data Protection Service
Address: 7, Vachnadze str., 0105, Tbilisi, Georgia / 48, Baku str., 6010, Batumi, Georgia
Phone: +995 32 242 1000
E-mail address: springconference2025@pdps.ge; office@pdps.ge.
Website address: www.pdps.ge.
2. Contact details of the data protection officer:
Phone: +995 32 242 1000 (146)
E-mail address: dpo@pdps.ge.
3. Processors
1) Name: Microsoft
2) Name: The Georgian Research and Educational Networking Association GRENA
Address: 4a, Chovelidze str., 0108, Tbilisi, Georgia
E-mail address: contact@grena.ge.
4. Purpose of processing and the categories of data processed
Processing related to the invited speakers
| Categories of personal data | Purpose of the processing of personal data |
| Name, surname, organisation represented, position, e-mail address | Maintaining communication with the conference participants and ensuring the provision of up-to-date information |
| Name, surname, organisation represented, position, e-mail address, photo, brief description | Maintaining communication with the event participants and ensuring the provision of up-to-date information; promotion of the event, publication of information on the website www.dpaspringconference.org |
Sending out invitations
| Categories of personal data | Purpose of the processing of personal data |
| Name, organisation represented, position, e-mail address | Calling attention to the event, providing information to potential participants |
Processing related to online registration
| Categories of personal data | Purpose of the processing of personal data |
| Name, name of the organisation represented, country of the organisation represented, position, e-mail address, parts of the event the participant wishes to attend |
Maintaining contact with persons registering for the event and transferring information related to the event, granting access to the venue of the event and surveying the expected number of participants, sending out satisfaction survey questions after the event, In case of an audit, providing the required information to a government authority responsible for monitoring the spending of public funds |
In- person registration, taking photos and videos at the event
| Categories of personal data | Purpose of the processing of personal data |
| Name, organisation represented, position and signature |
Recording the number of participants, creating event reports, In case of an audit, providing the required information to a government authority responsible for monitoring the spending of public funds |
| Photo and video images of the participants |
Recording the event and verifying that it actually took place, informing the public about the occurrence of the event. The photos/videos may be published on www.dpaspringconference.org, www.pdps.ge and on the following social media platforms: Facebook, LinkedIn, X, Youtube. |
Processing related to webpage visitors
| Categories of personal data | Purpose of the processing of personal data |
| IP address, date and time of the visit, device type, browser type |
Preventing cyber threats and ensuring the security of the website. |
There will be no processing based on automated decision-making and profiling in the course of processing.
5. Legal basis for processing
The legal basis for processing in the course of sending out invitations, determining the speakers, carrying out registrations, taking event photos/videos and publishing the information is the necessity for performing tasks in the public interest. Namely, to successfully organize and promote the event for the aims of increasing public awareness and understanding of issues related to personal data protection.
If a participant does not wish their picture and/or other information about their participation in the event to be published, they shall have the right to object by contacting the Organizer.
If the Organizer shares the data during an audit to a government authority responsible for monitoring the spending of public funds, the legal basis the Organizer will rely on is the necessity for compliance with a legal obligation.
The legal basis for processing when sending out satisfaction survey questions after the event is the legitimate interest of the Organizer to gather feedback that helps in assessing how successful the event was and identifying areas for improvement.
If a participant does not wish to receive satisfaction survey questions, they shall have the right to object by contacting the Organizer.
6. Period of retention of personal data
Personal data collected during online and in-person registration will be retained until the end of 2028.
Names, surnames, information about organisations represented, positions, e-mail addresses, photos and brief descriptions of the invited speakers, as well as photos and videos of the event will be archived as part of the annual report for the public interest.
Information about the IP addresses of the visitors of the website, dates and times of visits, device types and browser types will be retained for 1 month.
7. Recipients or categories of recipients of personal data
Personal data at the disposal of the Processors and the Organizer shall be considered as restricted access information and shall be disclosed to third parties only in the cases, procedures and amounts specified in legal acts or concluded agreements.
Upon your request, the Organizer is obliged to provide you with detailed information about the recipients of your personal data, unless the disclosure of such information is prohibited by law. For detailed information, please contact the Organizer with a reasoned application concerning the recipients or categories of recipients of your personal data.
8. International data transfers
Personal data mentioned in this policy will be stored only in Georgia or the EU and will not be transferred to any other jurisdiction.
9. Data subject’s rights related to processing
· The right to access
Data subjects have the right to request information from the Organizer concerning whether the processing of their personal data is in progress and if so, they have the right to learn.
· The right to rectification
Data subjects may request the Organizer to rectify any inaccuracies in their personal data.
· The right to blocking (restriction of processing)
Data subjects may request the Organizer to restrict the processing of their personal data (by unambiguously indicating the restricted nature of processing and ensuring that processing is kept separate from other data).
· The right to object
Data subjects may object to the processing, if in their view, the Organizer is processing their personal data inappropriately in relation to the purpose indicated in this Privacy Policy. In this case, the Organizer has to verify that the processing of the personal data is warranted by legitimate reasons of compelling force, which override the interests, rights and freedoms of the data subject, or which are related to the establishment, enforcement or defence of legal claims.
· The right to withdraw consent
Where consent is the legal basis for processing their data, data subjects may withdraw their consent at any time by contacting the Organizer.
The right to erasure
Data subject have the right to request the erasure of their personal data.