Scope/Objective of Processing Personal Data
Legal Basis for Processing Personal Data
We only collect and use our users' personal data insofar as this is necessary to provide a functional website as well as our content and services. Our users' personal data is only collected and used with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.
Insofar as we obtain consent from the data subject for the processing of personal data, Art. 5 of the GEORGIA Personal Data Protection Regulation (5669-RS; 28/12/2011) and Art. 6 Para. 1 (a) of the EU General Data Protection Regulation (GDPR)
serve as the legal basis for processing personal data. Art. 6 Para. 1 (b) of GDPR serves as the legal basis for processing personal data required for the fulfillment of a contract where the data subject is a contractual party. This also applies to processing operations that are required to carry out pre-contractual measures. Art. 6 Para. 1 (c) of GDPR serves as the legal basis insofar as processing personal data is required for the fulfillment of a legal obligation to which our company is subject. Art. 6 Para 1 (d) of GDPR serves as the legal basis in the event that the vital interests of the data subject or another natural person require the processing of personal data. Art. 6 Para. 1 (f) of GDPR serves as the legal basis for processing if processing is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest. The contents of this Website, and the information contained herein, are published solely for information purposes, and shall not be deemed exhaustive. They do not constitute a legal opinion or any other form of professional advice, and they are not designed for commercial purposes or for the purpose of establishing customer relations. GM Pharmaceuticals shall not be held liable for any actions or omissions driving from the use of the information and articles contained in this Website.
The Website and its contents are protected by national and international copyright law, and are the exclusive property of GM Pharmaceuticals brand and of the respective authors. Consequently, the partial or complete reproduction other than for purely personal purposes, the public disclosure, or in any case the dissemination, of said contents, requires prior authorization from GM Pharmaceuticals. GM Pharmaceuticals shall not be held liable for, nor does it approve as such, any contents supplied by third parties and accessible from this Website.
Personal data shall be processed using automated means, on the basis of logics strictly related to the purposes of processing, and for the time strictly necessary to achieve the purposes for which such data have been collected. Collected information shall be stored in a safe place.
Scope of Communication of Personal Data
Personal data shall be processed by the personnel appointed by GM Pharmaceuticals, and if necessary by the firm’s professionals. Personal data may also be processed by third parties, providers of external services (e.g. technical assistance), acting on behalf or in the name of GM Pharmaceuticals and duly appointed as data processor, and who shall process the data in accordance with the purpose for which the data were originally collected.
These is navigation data that the computer systems acquire automatically during use of the Website, such as the IP address, URI (Uniform Resource Identifier) addresses, together with details of the requests sent to the Websites' server, which make navigation possible. Navigation data may also be used to compile anonymous statistics, which make it possible to understand how the Website is used, and to improve the structure thereof. Finally, navigation data may also be used in order to check for any illegal operations, as in the case of cybercrimes, to the detriment of the Website.
Data Provided by the Use
Any communication sent to the contacts indicated on the Website implies the acquisition of the e-mail address and of the other personal data contained in the communication. Without prejudice to the points made in regard to navigation data and cookies, users are free to supply their personal data in contacts and/or communications with GM Pharmaceuticals. Failure to supply such data may make it impossible to receive a response.
Deletion of Data and Duration of Storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address and the data collected within the scope of the double opt-in (IP address, date and time of registration) are therefore stored for as long as the subscription to the newsletter is active. Other personal data collected in the course of the registration process will generally be deleted after a period of seven days. The personal data of the data subject will
Cookies: Use, Types and Management
be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this period if this has been foreseen by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of data for the conclusion or fulfillment of a contract.
The following data is stored and transmitted in the cookies:
- The user's data is saved anonymously in the user session without assigning a user ID until the order is completed.
This way, the following data can be transmitted:
- Entered search terms
- Frequency of page views
- Use of website functions
The user data is not assigned to the user. The data is not stored together with other personal user data.
We need cookies for remembering search terms and evaluate the analytics related to the usage of the website. Users are anonymous for GM Pharmaceuticals unless they provide a network name that clearly identifies them.
The analysis cookies tell us how the website is used and this allows us to continuously optimize our offer.
What Types of Cookies are there?
- Analytical cookies allow us to track the number of visitors to our website anonymously to monitor and enhance the browsing experience.
- Our site uses “Google Analytics”, a third-party cookie managed by Google Inc.
- You can deactivate this cookie by following instructions rest assured that deactivation will in no way hamper your use of our site.
We have taken technical and organizational security measures to protect your personal data from loss, destruction, manipulation, and unauthorized access. All of our employees and all of the third parties involved in processing data are obliged to comply with GEORGIA Personal Data Protection Regulation (5669-RS; 28/12/2011) and the EU General Data Protection Regulation (GDPR) and treat personal data confidentially. When personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised according to technological developments.
Electronic Contacts and Webinars
There are several contact forms on our website that can be used for electronic contact. If a user uses this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
- Your message
The user can revoke his/her consent to the processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. In such cases, the conversation cannot be continued. The user can revoke his/her consent at any time by email, telephone, fax, or letter. All personal data stored in the course of establishing contact is deleted in this case.
Confirmation of Contact/Customer Information
As a result of establishing contact with us through a contact form on the Internet, by email, or in personal form (visit, call, visit to a trade fair), during which your transmitted personal data is stored, we will send you a confirmation of the contact in the form of customer information. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user can revoke his/her consent to the processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. In such cases, the conversation cannot be continued. The user can revoke his/her consent at any time by email, telephone, fax, or letter. All personal data stored in the course of establishing contact will be deleted in this case.
Webinars provide the opportunity for communication between us and a group of people who register online for a digital conference for the purpose of procuring information. When you register for a webinar, the following data is required to support the process:
- First and last name,
- Email address,
We send your email, last name, and first name to Microsoft and/or Zoom in the scope of the holding the webinar specific to the order. Aggregated statistical data is transmitted to GM Pharmaceuticals the webinar is finished. If you asked a question during the webinar, we will also receive information relating to the question you asked, such as first name, last name, email address in order to process your request after the webinar. We ourselves are responsible for the data stored at and by GM Pharmaceuticals within the scope of this process.
When you register to take part, you will receive further information and reminders about the event before and after the event by email.
Use of Facebook
Rights of the Data Subject
As part of our Internet presence, we use social plugins from the facebook.com social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are identifiable by one of the Facebook logos (white "f" on a blue tile, "Like" button, or a "thumbs up" symbol) or labeled with the phrase "Facebook social plugin". The list and appearance of the Facebook social plugins can be viewed in the website: https://developers.facebook.com/docs/plugins
If you visit a website containing one of these plugins, your browser normally opens a direct connection to the Facebook servers and transmits data to Facebook to be saved on servers there. This happens without your consent and does not require a button click. The content of the plugin is transmitted directly to your browser from Facebook and, from there, it is integrated into the website. For this reason, we have no influence on the extent to which Facebook collects the data with this plugin; as a result, Facebook informs about their level of knowledge: https://www.facebook.com/full_data_use_policy
to learn the purpose and scope of data collection and further processing and use of the data by Facebook as well as your rights and setting options to protect your privacy.
If you have a Facebook account and do not want Facebook to collect data about you through our website and link this data to your saved Facebook account data, you must log out of Facebook before visiting our website.
Use of Instagram
As part of our Internet presence, we use social plugins from the Instagram.com social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are identifiable by one of the Instagram logos (White contour of the lens on a transitional color background). The list and appearance of the Instagram social plugins can be viewed in the website: https://developers.facebook.com/products/instagram.
If you visit a Instagram website, your browser normally opens a direct connection to the Instagram servers and transmits data to Instagram to be saved on servers there. This happens without your consent and does not require a button click. The content of the plugin is transmitted directly to your browser from Instagram and, from there, it is integrated into the website. For this reason, we have no influence on the extent to which Instagram collects the data with this plugin.
Use of Youtube
From the social network we also use Youtube.com, which is managed by Google Corporation, 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google"). The plugins are identifiable by one of the Youtube logos (White triangle in red square). The list and appearance of the Youtube social plugins can be viewed in the website: https://developers.google.com/youtube
Use of LinkedIn
Web Tracking - Google Analytics
Objecting to data collection
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
Right to Information
You can ask the responsible person to confirm whether your personal data is processed by us. If such processing has taken place, you can request the following information from the responsible person:
- The purposes for which the personal data is processed. The categories of personal data processed.
- The recipients or categories of recipients to whom the personal data about you has been or will be disclosed.
- The planned duration of the storage of your personal data or, if specific information about this cannot be provided, criteria for determining the storage period.
- The existence of a right of rectification or deletion of your personal data, of a right to the restriction of processing by the data controller, or of a right to objection to such processing.
- The existence of a right of appeal to a supervisory authority.
- All available information about the origin of the data if the personal data is not collected from the data subject.
- The existence of automated decision-making, including profiling in accordance with Art. 22 Para.1 and 4 of GDPR (EU General Data Protection Regulation) & Art. 25 Para. 1 and 2 of Georgia Personal Data Protection Regulation and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees in accordance with Art. 46 of EU GDPR and Art.41 of Georgia PDP Regulation in connection with the transmission.
Right to Rectification
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.
Right to Limitation of Processing
You may request that the processing of personal data concerning you be restricted under the following circumstances:
- If you dispute the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of the personal data.
- The processing is unlawful and you refuse the deletion of the personal data and instead request that the use of the personal data be restricted.
- The data controller no longer needs the personal data for the purposes of processing, but you do need it to assert, exercise, or defend legal claims.
- If you have filed an objection to the processing in accordance with Art. 21 Para. 1 of GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of your personal data has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising, or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the European Union or a member state. If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.
Right to Deletion - Deletion Obligation
- is obliged to delete this data without delay if one of the following reasons applies:
- Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
- You may request the data controller to delete your personal data without delay and he/she You revoke your consent, on which the processing was based in accordance with Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) of GDPR, also in accordance of Art. 4, 5 & 9 of Georgian PDP Regulation and there is no other legal basis for the processing.
- You file an objection against the processing in accordance with Art. 21 Para. 1 of GDPR & Art. 25 of Georgian PDP Regulation and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with Art. 21 Para. 2 of GDPR and Art. 25 of Georgian PDP Regulation.
- Your personal data has been processed unlawfully.
- The deletion of your personal data is required to fulfill a legal obligation under European Union law or the law of the member states to which the data controller is subject.
- Your personal data has been collected in relation to information society services offered in accordance with Art. 8 Para. 1 of GDPR and Art. 71 of Georgian Children Right Codex.
Information to Third Parties
If the data controller has made your personal data public and is obliged to delete it in accordance with Art. 17 Para. 1 of GDPR and Art. 22 & 23 of Georgian PDP Regulation, he/she shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
- The right to deletion does not exist insofar as the processing is necessary, for example: To exercise freedom of expression and information.
- To fulfill a legal obligation required for processing under the law of the European Union or of member states to which the data controller is subject or to carry out a task in the public interest or in the exercise of official authority conferred on the data controller.
- For reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 (h) and (i) and Art. 9 Para. 3 of EU GDPR, also in accordance of Art. 6 and Art.41 (para. 1-2) of Georgian PDP Regulation.
- For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 Para. 1 of GDPR and Art. 15 of Georgian PDP Regulation, insofar as the law referred to under section a) is likely to render impossible or seriously impair the attainment of the objectives of such processing.
- To assert, exercise, or defend legal claims.
Right to be Informed
If you have exercised your right to have the data controller correct, delete, or restrict data processing, he/she is obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by the data controller about such recipients.
Right to Data Transferability
You have the right to receive such personal data as relates to you that you provided to the data controller in a structured, common, and machine-readable format. In addition, you have the right to pass this data on to another data controller without obstruction by the data controller to whom the personal data was made available, provided that:
- Processing is based on consent in accordance with Art. 6 Para. 1 (a) of GDPR or Art. 9 Para. 2 (a) of GDPR or on a contract in accordance with Art. 6 Para. 1 (b) of GDPR; also in accordance to Art. 5 and Art. 6 (Para. 2) of Georgian PDP Regulation.
- Processing is carried out using automated methods.
In exercising this right, you also have the right to request that your personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data transferability shall not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of an official authorization conferred on the data controller.
Right of Objection
You have the right to file an objection at any time, for reasons arising from your particular situation, to the processing of your personal data in accordance with Art 6. Para. 1 (e) or (f) of GDPR and Art.5 of Georgian PDP Regulation; this also applies to profiling based on these provisions. The data controller shall no longer processes your personal data unless he/she can prove compelling and legitimate grounds for processing, which outweigh your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims. If your personal data is processed for direct marketing purposes, you have the right to file an objection at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option to exercise your right of objection in connection with the use of information society services by means of automated processes using technical specifications, notwithstanding Directive 2002/58/EC.
Right to Revoke the Data Protection Declaration of Consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of processing carried out on the basis of the consent until revocation.
Automated Decision-Making in Individual Cases Including Profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effects against you or significantly impairs you in a similar manner. This is not the case if the decision:
- is necessary for the conclusion or performance of a contract between you and the data controller.
- is admissible under European Union legislation or that of the member states to which the data controller is subject and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests.
- is made with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Para. 1 of GDPR, unless Art. 9 Para. 2 (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests (also Art. 6 Para. 1 and 2 of Georgian PDP Regulation). In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state his/her own position, and to challenge the decision.
Right of Appeal to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state where you reside, your place of work, or the location of the suspected infringement, if you believe that the processing of your personal data is contrary to the EU GDPR or Georgian PDP Regulation.
Changes to Data Protection Regulations
The data controller for the EU General Data Protection Regulation and Georgian Personal Data Protection regulation (5669-RS; 28/12/2011) laws as well as other data protection regulations is: Inga Mekvabishvili at GM Pharmaceuticals LLC: 65, Phonichala, 0165 Tbilisi, Georgia Tel.: +995322404801/02/03 Fax: +995322404803; Email: firstname.lastname@example.org
How we treat data
In accordance with the provisions of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and Georgian Personal Data Protection regulation (5669-RS; 28/12/2011), we would like to inform you that your name and contact information (“Your Data”) currently resides in our CRM system for internal purposes only.
As regards to Your Data, we would further like to inform you as follows:
Data Control Office
Your Data is processed by GM Pharmaceuticals LLC - 65, Phonichala, 0165 Tbilisi, Georgia Tel.: +995322404801/02/03 Fax: +995322404803; Email: email@example.com
How GM Pharmaceuticals obtained Your Data
Your Data were obtained by GM Pharmaceuticals through commercial or contractual relations with the company, entity or organization you work or worked for.
How Your Data is processed
We process Your Data in order to start, maintain or terminate business relations with the company, entity or organization for which you work or worked for and which collaborates with GM Pharmaceuticals.
We are entitled to process Your Data pursuant to and in accordance with Article 6 (1) f of GDPR and Art. 4 and 5 of Georgian PDP Regulation.
Our legitimate interest in processing Your Data is the business activities with the company, entity or organization you work or worked for.
How long your Data is kept
We will maintain Your Data as long as the business relations with the company, entity or organization you represent, continue. In certain cases, if requested by competent authorities or in accordance with the applicable law, we will maintain Your Data until after termination of these business relations. Internal Data Transfers Your Data will be exclusively processed by own employees or employees of branches or representative offices of GM Pharmaceuticals. In the course of transmission of Your Data to affiliated companies, branches or representative offices of GM Pharmaceuticals, Your Data might be transmitted to affiliated companies, branches or representative offices of GM Pharmaceuticals situated in Uzbekistan, Armenia, Moldova, Kyrgyzstan, Tajikistan or to countries we have representative office.
In order to effectively protect Your Data in the course of such transmission, GM Pharmaceuticals executed standard data protection clauses adopted by the European Union Commission with such affiliated companies, branches or representative offices.
Disclosure of these standard data protection clauses may be requested by you from the Data Protection Officer of GM Pharmaceuticals.
You have the right to request from GM Pharmaceuticals access to, correction or clearing of Your Data, or restriction of processing of Your Data and to object to the further processing of Your Data. If you request the clearing of Your Data or you object against any further processing of Your Data at GM Pharmaceuticals, we will erase Your Data or we will stop processing the same, unless we are entitled to further process Your Data pursuant to and in accordance with the provisions of the GDPR or we are obligated by applicable law to further process You Data.
If you have any question concerning the processing of Your Data at GM Pharmaceuticals or you would like to exercise your rights under the GDPR, please contact our Data Protection Officer Inga Mekvabishvili at GM Pharmaceuticals LLC: 65, Phonichala, 0165 Tbilisi, Georgia
Tel.: +995322404801/02/03; Fax: +995322404803; Email: firstname.lastname@example.org