Personal Data Protection Policy

This Personal Data Protection Policy explains the types of personal data and the ways in which LLC “Adjara Group” collects and uses personal data from you, as well as the rights you have as a data subject in relation to the collection and processing of your personal data.

Definitions

Data Controller: LLC “Adjara Group” (ID No.: 404676169, legal address: Georgia, Tbilisi, Mtatsminda District, 14 Kostava Street), a legal entity that determines the purposes and means of processing your personal data and carries out such processing.

The Data Controller is also referred to as “Gym Breeze” / “we” / “us” / “our.”

Personal Data or Personal Information: Any information relating to you by which you can be identified directly or indirectly, including data we collect from you.

You / Your: Our customer who purchases or intends to purchase our services and products; visits and/or registers on our website and/or mobile application; subscribes to our marketing and/or newsletter communications; and constitutes a data subject in accordance with Georgian legislation.

Sources of Personal Data Collection

We collect your personal data through the following channels/sources:

(a) Visiting our website/mobile application and/or creating a user profile;

(b) Inviting a friend to co-pay after booking our services (such friend may or may not be a registered user);

(c) Booking and/or purchasing our products/services;

(d) Subscribing to our marketing and inewsletter communications (for more information on how we process your personal data for direct marketing/newsletter purposes, please see our Direct Marketing/Newsletter Policy);

(e) Contacting our communication center (hotline);

(f) Visiting our premises, as video surveillance cameras are installed at our facilities to ensure appropriate and adequate security measures. Please note that areas under video surveillance are clearly marked, and we comply with all applicable requirements and standards under Georgian law governing the placement and use of such cameras.

(Collectively referred to as “Data Collection Sources”, and individually, in relation to each specific action, as an “Activity” or “Activities.”)

When you engage in any of the above Activities, we take all necessary measures to ensure that you are informed about and agree to this Personal Data Protection Policy and any amendments thereto.

If you have any questions or complaints regarding this Policy, please contact us using the contact details provided in Article 8 of this Policy.

1. Personal Data We Collect

Depending on the Activity you engage in, we may collect different types of personal data, as follows:

(a) Website visits only: Technical data (IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology used to access the website), and information about website usage (information about how you use the website, and the products and services offered on it).

(b) User registration on the website/mobile application: First name, last name, email address, mobile phone number, date of birth, username and password for your personal account.

(c) Inviting a friend for co-payment: If your friend is a registered user, we already hold the personal data listed in subsection (b). If your friend is not a registered user, we collect their first name, last name, and mobile phone number. This information is used solely to contact them and complete the payment. We do not carry out marketing activities toward such individuals.

(d) Purchase/booking of products/services: In addition to the data listed in (a) and (b), we collect booking history for courts and accessories; tournament and/or class/masterclass history and leaderboard history; gender; and payment method.

(e) Visits to our premises: You are subject to video surveillance via cameras installed inside our buildings and around their external perimeter. Appropriate warning signs are displayed in visible locations.

(f) Contacting our communication center: Identification data (first and last name), contact information (email address and phone/mobile number), and call audio recordings (where you have provided consent by selecting the relevant option).

We do not collect bank card details. Accordingly, we do not have access to such information. Payments are processed on the website of a third party (payment service provider), and personal data is collected and processed in accordance with that third party’s policy.

Where the provision of certain data is not mandatory, this is indicated in the relevant application fields.

2. Purposes of Personal Data Processing

We collect and process your personal data for the following purposes:

(a) To provide high-quality Gym Breeze services, including bookings and reservations;

(b) To ensure adequate and necessary security measures for users’ access to padel courts, including during visits to our premises;

(c) To comply with legal requirements and to perform governance, legal, financial, and analytical functions within the group of companies to which the Data Controller belongs, in accordance with internal corporate governance rules and Georgian law;

(d) To conduct marketing activities and send you information about our news, including direct marketing, only where your explicit consent has been obtained in accordance with our Direct Marketing Policy;

(e) To improve your experience with our products and services and tailor them to your needs;

(f) To understand user preferences and conduct user experience statistics and analysis;

(g) Any other legitimate interest recognized by Georgian law in relation to Gym Breeze.

Video Surveillance

For the purposes of crime prevention and detection, ensuring public safety, protecting the safety (including health and property) of users, visitors, third parties and employees, protecting property, and ensuring occupational safety, video surveillance is carried out at our premises and their external perimeter using installed technical equipment. Relevant warning signs are displayed in monitored areas. Recordings without incidents are stored for up to 3 months (depending on location).

3. Third-Party Contractors

We may use services provided by contractors, including:

(a) Payment service provider: For payment services, we use a third-party contractor – LLC “Tpay” (ID No.: 402291220). This provider collects information for payment purposes. We do not collect or have access to bank card details. Payments are processed on the third party’s website in accordance with its policy.

(b) Affiliated entities: This includes entities affiliated or connected with us, any entity and/or person directly or indirectly controlled by us, under common control with us, or controlled together with us by another affiliated entity for shared business interests.

For these purposes, “control” means the direct or indirect authority to manage and direct an entity’s activities based on ownership, controlling interest, voting rights, contractual, or other relationships.

Personal data is shared with our affiliated companies within the framework of our group’s corporate governance structure for common legitimate, financial, legal, and corporate purposes. We share your data only with those affiliates that require it for the purposes specified herein and that adhere to the same confidentiality standards set out in this Policy.

(c) Marketing communication platform providers:

To deliver communications, we use marketing platforms such as SendGrid (Twilio Inc., c/o Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808) and/or Omnisend (Omnisend group companies: UAB Omnisend, Verkių g. 25C-1, LT-08223 Vilnius, Republic of Lithuania; Omnisend, LLC, Unit A3, Gateway Tower, 32 Western Gateway, London, E16 1YL; Omnisend, Ltd., 1401 Sam Rittenberg Blvd, Suite 2, Charleston, SC 29407, USA).

4. Legal Grounds for Processing

We process your personal data on the following grounds:

(a) Your consent;

(b) Necessity for the performance of a contract with you or for taking steps at your request prior to entering into a contract;

(c) Processing required by law;

(d) Necessity to comply with legal obligations;

(e) Where data is publicly available by law or made public by you;

(f) Necessity to consider your application/request or provide services;

(g) Necessity to protect our or a third party’s significant interests, provided your rights do not override such interests. Such interests may include effective fulfillment of legal and contractual obligations; retention of evidence of transactions; development of products and services; business growth; customer segmentation; marketing activities; and service improvement.

Withdrawal of Consent

You may withdraw your consent at any time by submitting a request using the contact details provided in Article 8, without explanation. Upon withdrawal, processing will cease and/or data will be deleted/destroyed only where consent is the sole legal basis for processing. Withdrawal may limit your ability to use certain services. 

5. Data Retention and Security

We process and store your personal data only for the volume and duration necessary to achieve the purposes set out in this Policy (Article 2), typically for up to 3 years after service provision/account termination. Where no purpose remains under this Policy or applicable law, we routinely delete your data or retain it in anonymized/depersonalized form, minimizing data to what is strictly necessary for any remaining valid purposes.

We implement all necessary security measures and strictly control access to data for the purposes defined herein. However, we are not responsible for unauthorized access by third parties.

6. Profiling

We process your personal data to identify preferences that help us improve and refine our products and services. By agreeing to this Policy, you also consent to the processing of your data for profiling purposes. Profiling aims to analyze your needs, wishes and preferences to make your visits to our courts and spaces more comfortable and enjoyable and to offer a personalized experience.

For profiling, we may analyze: gender; age; purchased products/services and bookings (including used or canceled bookings), their number, frequency, seasonality, gaps between purchases/bookings; amount spent; booking/purchase channel; and selected payment method.

7. Your Rights and Obligations

As a data subject, you may exercise the following rights at any time and free of charge:

(a) To receive information about what personal data we process about you and on what grounds and principles;

(b) To receive information about all sources from which your data is collected;

(c) To receive information about data retention periods or the criteria used to determine them;

(d) To receive information about the legal grounds and legitimate purposes of processing, and about data security standards applied in case of cross-border transfers;

(e) To receive information about recipients of your data and the purposes and grounds for disclosure;

(f) To receive information about decisions based on automated individual processing, including profiling (if applicable), the logic involved, and the significance and envisaged consequences;

(g) To request transfer of your data to another data controller;

(h) To withdraw consent to processing; and/or

(i) To lodge a complaint with the Personal Data Protection Supervisory Authority or the courts of Georgia in case of violations.

You also have the right to request rectification, updating, deletion, destruction, or restriction of processing of your data. We will respond within 10 business days in accordance with Georgian law. We may refuse a request where it conflicts with our legitimate interests, public interest or legal obligations; such refusal will be reasoned and include information on appeal mechanisms.

Please note that if you request deletion or destruction of data necessary to provide services to you, we may no longer be able to provide such services.

You are fully responsible for any damage caused to us or third parties due to inaccurate, false, or misleading information provided by you. When you provide a friend’s mobile number for payment (where the friend is not a registered user), we presume you have obtained all necessary consents. You agree to indemnify and hold us harmless from any claims arising from such disclosure.

8. Contact Information and Governing Law

The Gym Breeze website, this Policy and any documents/forms executed under it are governed by the laws of Georgia.

For any questions, complaints, requests, or claims, please contact us or our Data Protection Officer (LLC “Privacy Logic Group”, ID No.: 405222619) at:

LLC “Adjara Group” (ID No.: 404676169)

Legal Address: 14 Kostava Street, Tbilisi, Georgia

Email: pdsupport@adjaragroup.com