Personal data protection is one of the main priorities of the Legal Entity of Public Law – Public Service Development Agency.
The Agency is consistent and effective in introduction of the high standards of personal data protection in compliance with the Law of Georgia on Personal Data Protection, EU data protection regulation and best practice and applies all available tools to ensure the lawfulness of data processing and data security. The ongoing processes and personal data processing practice have been analyzed to this effect in the Agency on a regular basis since the entry of the Law of Georgia on Personal Data Protection into force. The approaches based on risk assessment and management are introduced and all the processes and regulatory legislative acts applied by the Agency are improved. IT infrastructure was developed to prevent unauthorized access to personal data, unintentional loss and destruction of data. Data loss prevention system has been technically improved, data protection policy and relevant programs have been introduced with regard to enhancement of awareness of the employees of the Agency on the data protection issues and Personal Data Protection Officer was appointed whose day-to-day activities involve maintaining of the high standard of data protection and implementing the data protection policy. The Internal Audit Division of the Agency regularly checks the lawfulness of personal data processing by the employees of the Agency.
The Agency:
a) Provides investment compliant (adequate to) with this statement and declared objectives with regard to the observance of the personal data protection legislation and introduction of best practice, including, enhancement of awareness and training of the employees of the Agency;
b) Regularly introduces the approaches based on risk assessment and management and modern data security systems;
c) Is very respectful to data subjects, provides them with comprehensive information at the discretion of the Agency or upon request, applies all organizational and technical means to support the data subjects in exercising their rights;
d) Is very responsive to any statement or concern of the data subject related to personal data processing.
Purpose of data processing
Legal Entity of Public Law – Public Service Development Agency is responsible for keeping civil registry (subparagraph “c” of paragraph one of Article 4 of the Law of Georgia on Public Service Development Agency). Consequently, the Agency processes the personal data of individuals for registration of vital records, review of the issues of establishment, as well as acquisition, restoration and termination of Georgian citizenship, registration of individuals at their place of residence, issuing of citizenship and identity documents and provision of other services, maintaining of the population register, entry of comprehensive/valid information therein and its provision to public institutions. The Agency also processes the personal data of individuals for registration of issued documents and avoidance of forgery and for other purposes as well.
The Agency processes the aforementioned information in cases directly provided for by the law for fulfilment of the functions as determined by the legislation, for review of the applications of data subjects and/or provision of services to them (subparagraphs “c”, “d” and “j” of Article 5 of the Law of Georgia on Personal Data Protection), in compliance with the principles provided for by the Law of Georgia on Personal Data Protection. The Agency may also process data based on the consent of the data subject or for protection of the significant and major legal interests of the Agency or a third party. The Agency identifies the legal grounds for data processing in advance for each process of the data processing.
Data subjects
The Agency processes the data of the following data subjects:
A person who filed an application at the Agency
A person willing to obtain service
A representative of an interested person
Any person the processing of whose data is obligated by the law/legislation.
Data category
The Agency processes quite a wide range of personal data, including:
Identification data: given name, surname, personal number, place and date of birth, sex, photo, signature, citizenship;
Contact data: telephone number, address, email address;
Document data: document number, issuing authority, place and date of issue, date of expiry of a certificate/permit;
Biometric data: photo, fingerprint, information on health condition in certain cases;
Various types of information (data) are also processed in accordance with the services obtained by the data subject from the Agency.
Data recipient
Other public institutions or private organizations are recipients of the data processed in the Agency. The following persons get access to the data on relevant legal grounds only (for instance, for fulfilment of the obligations determined by the legislation or based on the consent of the data subject) and based on the memorandums and agreements concluded with them providing for lawfulness, fairness and safety of data processing and the organizational-technical measures to be taken for protection of the rights and interests of the subjects.
For issues related to the personal data protection contact Tamar Gigineishvili – Personal Data Protection Officer of the Agency – t.gigineishvili@sda.gov.ge.
