Privacy Policy - TBC Pay
loading...
logo
homekeyboard_arrow_rightPrivacy Policy

Privacy Policy

Privacy policy

TBC Pay takes utmost care of personal information and treats it according to personal data protection regulations and applicable laws.

How we use your personal information

Our main purpose is to introduce you to how your personal information is processed and used by Tbc Pay and TBC Bank Group PLC (hereinafter: TBC Bank Group or Group) in General. The notice explains the principles we follow while processing your personal data and how the law protects you. It covers the data which the group obtains when having you as a customer, which is also used for direct marketing purposes in line with the legislation of Georgia and GDPR/UK GDPR.

Our privacy promise

We, TBC Pay promise:
  • To keep your data safe and private;
  • Not to use your data unlawfully;
  • In case you request, to provide you with complete and exhaustive information with respect to the processing of your personal information.

How the law protects you

Pursuant to the law, you are authorized to request of us the information with regard to the use of your personal data.

Tbc Pay shall be obliged to supply this information if requested by you. We are authorized to use the personal data only in case specific contractual and/or relevant legal basis exist.

The Group has a legal basis for using your data, which also implies the existence of business-related and/or commercial purpose. It is important that the information processing by the Group does not aim at harming your interests either in this case. The processing of personal data of a minor is allowed only in accordance by the legislation of Georgia and GDPR/UK GDPR taking into account the best interests of the minor.

Sources from which we obtain personal information

We can collect personal information about you from the sources provided by you and listed below:

You provide us with the data in the following cases:
  • When you become a customer/supplier;
  • When you register for our online services;
  • When you apply for our services;
  • During a telephone conversation or your visit to us
  • When you use our websites, mobile device apps and web chat;
  • When you send letters by mail or e-mail;
  • When you carry out Payment transactions;
  • We collect data from outside organizations such as public registers, payment or transaction processors, other financial institutions or public authorities.

Cookies

We employ Cookies and monitor our visitor behavior on our website to ensure that we provide the best practice to our users while they visit our website and are able to continuously improve the quality of our service.

Cookies are small computer files that get sent down to your PC, tablet or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from, when you go there again.

To find out more about how we use cookies, please see our cookies policy which is published on our website.

Information processing

When using our services, we get/receive the following types of information:
  • Name and surname;
  • Personal number;
  • Unique features and/or copy of ID card, passport, the same electronic document;
  • Personal email address;
  • Telephone number;
  • Contact list;
  • Legal/actual address;
  • Requisites of bank accounts;
  • Other information that also collectively allows for the personal identification of a person and/or is required for the purposes of attempting to interact with the Company or ultimately entering into a transaction.
  • Contact list information processing in the case of application

    Data Collection:

    Our app collects contact list information (names, phone numbers) from your device's address book.

    Data Usage:

    This information is used to enhance your app experience.

    Data Sharing:

    Contact information is not shared with third parties outside the app's ecosystem, ensuring your privacy.

    Security Measures:

    We prioritize the security of your data, employing encryption and access controls to protect your contact information.

    Data Deletion:

    You have the right to request the deletion of your contact data, and our app ensures prompt removal upon your request.

    We have the right to disclose and transfer the information you provide on the website:

    1. to any person affiliated with us and their authorized representative;
    2. to any other person or organization with your consent;
    3. to the relevant person or body, in the event of the right or obligation to provide information in the case provided by law, such as court, arbitration and others.

    We have the right to process your personal data in accordance with Article 5, Clause “a” of the Law of Georgia on Personal Data Protection, in order to provide you with services.

    Your use of this website or the provision of any information constitutes your consent to such transfer of information.

    You understand that at any time you can partially or completely refuse consent or withdraw consent already given, you can request to receive additional information about the personal data processed about you by contacting the following e-mail address: callcenter@tbcpayge.ge Also, you have the right to request data correction, update, addition, blocking, deletion, destruction, restriction of processing, termination of processing and transfer of data.

    You acknowledge that revoking your consent does not affect the lawfulness of data processing based on consent prior to revoking.

    Your rights

    You can receive the following information:
    • Which data are being processed with regard to you;
    • What is the purpose of data processing;
    • Legal basis for the data processing;
    • How the data were processed;
    • Who the data was transferred to;
    • Data issuance ground and purpose.

    You can request a copy of the information processed by us.

    Under the law, you are authorized to require adjustment, update, addition, blockage, deletion or destruction of your personal data if it appears to be incomplete, incorrect, out-of-date or if the process of information gathering and processing is carried out illegally. We observe the requirements defined by GDPR, UK GDPR Georgian legislation which may prevent us from an immediate deletion of your personal data. Such obligations may be stemming from the laws on anti-money laundering, Payments Systems and Payment Services, tax, activities of consumer rights protection and other.

    Your Personal data is processed in line with the Georgian legislation and GDPR / UK GDPR

    Communication security

    Electronic messages sent over the Internet cannot be guaranteed to be completely secure as they are subject to possible interception, loss or possible alteration. The users of the Site are reminded that the confidentiality of e-mail messages sent via public network cannot be guaranteed.

    The users shall avoid forwarding personal data or other confidential messages to Tbc Pay and Group Companies via e-mail. Tbc Pay or Group Companies are not liable to carry out orders or instructions submitted via public e-mail. Tbc Pay and Group Companies are entitled, if requested by the customer, to provide general information via e-mail to the e-mail address defined by the customer. Tbc Pay and Group Companies shall not be liable for losses or damages occurred by any disappearance or transformation of such a message.

    Information from third parties

    We are authorized to request and obtain information from third parties as well, both positive as well as negative information stored in their electronic databases, also from that of LEPL State Service Development Agency. This is carried out pursuant to the GDPR, UK GDPR and Georgian legislation.

    Who we share your personal information with

    We may have to share your personal data in the cases defined by GDPR, UK GDPR and Georgian legislation with other companies, which are supposed to provide you with the service chosen by you, e.g.

    When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like:

  • Designing, developing and maintaining internet-based tools and applications;
  • IT service providers who may provide application or infrastructure (such as cloud) services;
  • Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;
  • Identifying, investigating or preventing fraud or other misconduct by specialized companies
  • We may also share your personal information if the corporate structure of the GROUP changes in the future:
  • We may choose to sell, transfer, or merge parts of our business, or assets.
  • If any of the above discussed processes occur, we may share your data with other parties. However, before sharing such information, the mentioned parties shall mandatorily agree to keep your data safe and confidential.
  • If our group structure changes, other parties may use your data in the manner and within the frames as specified in this notification and regulated by the Law of Georgia GDPR and UK GDPR
  • Whenever we share your personal data with third parties, we ensure the necessary safeguards are in place to protect it.

    International Transfers

    In case your Personal Data is transferred outside the EU and the EEA, the Group will take all steps to ensure that the data is treated securely and in accordance with this Privacy Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the Personal Data.

    This can be done in a number of different ways, for example:
  • The country to which we send the Personal Data, a territory or one or more specified sectors within that third country, or the international organization is approved both by the European Commission as having an adequate level of protection and Georgian legislation;
  • The recipient has signed standard data protection clauses which are approved by the European Commission;
  • special permission has been obtained from a supervisory authority;
  • Data subject should be aware of the means of relevant safeguards;
  • The data subject should be informed in which direction his information was transferred in case of such a request;
  • - In the absence of a decision by commission under GDPR a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards.

    - In the absence of an adequacy decision pursuant of the commission or of appropriate safeguards, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:

  • the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
  • the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request;
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
  • the transfer is necessary for important reasons of public interest;
  • the transfer is necessary for the establishment, exercise or defense of legal claims;
  • the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;
  • the transfer is made from a register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.
  • How we use your information to make automated decisions

    For making automated decisions, including profiling, we sometimes use the personal data we have, or are allowed to collect from other entities based on the legislation, the contract signed with you, or consent given by you. This helps us ensure that our decisions are quick, fair, and efficient. These automated decisions can affect the quality of products and services offered by us now or to be offered in the future. If there are no grounds (legislative, contractual, consent) you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal, financial or other significant effect on you.

    Personal data processing for direct marketing purposes

    We may use your personal information to tell you about relevant services and offers.

    We gather your personal information from what you share with us and what we collect from the sources available to us when you use our services.

    We study your data to form a view on what you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.

    We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest. We promise that our activities will not be unfair, incorrect, or running counter your interests.

    You can ask us to stop sending you marketing messages by contacting us at any time. We respect your wishes and will stop using your data for marketing purposes.

    Your security is important to us. Therefore, you will continue to receive statements regarding the changes in the facilities proposed to you and in terms of service.

    How long we keep personal data

    We keep your personal data throughout the whole term of service provided to you and for 15 years from the completion of the service for the following reasons:
  • To respond to any questions and complaints;
  • To show that we treated you fairly;
  • To maintain records according to the regulations that apply to us.
  • We may keep your personal information for over 15 years if we cannot delete it for legal or regulatory reasons.

    How to withdraw your consent

    You can withdraw your consent at any time, in case there are no other legislative requirements. Please contact us if you want to do so.

    This will only affect the way we use information when our reason for doing so is that we have your consent.

    If you withdraw your consent, we may not be able to provide certain products or services to you.

    Account Management Information

    To deactivate your account, click here or contact our customer support service at the hotline number: (+995 32) 200 27 00 or via email at: info@tbcpay.ge."

    We retain your data for 15 years after deactivation, after which it will be permanently deleted. We may keep your personal information for over 15 years if we cannot delete it for legal or regulatory reasons.

    Deactivating your account results in the loss of access to services and content; please settle outstanding matters before initiating the process.

    Please be aware that upon reactivating your account, the terms and conditions specified in the website's agreement will become applicable to you.

    Changes to this Privacy Statement

    We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 07.12.2023

    Tbc Pay reserves the right, at its sole discretion, to change the terms and conditions for the Site any time and without prior notice.

    How to contact us

    If you have any questions or comments about following Site, or the Terms and Conditions, or you wish to hear more about Tbc Pay services, please contact us either by email:

    info@tbcpay.ge, by mail: Vazha-Pshavela ave., block 4th, building #3 G, Tbilisi, Georgia.

    Personal Data Protection Officer - Maka Talashvili

    Mobile number: 595 06 86 70

    Mail: DPO@tbcpay.ge

    You can see privacy policy currently in force here