Skip to content Skip to footer
CM Premium
0322 88 77 11
CM Premium
0322 88 77 11
CM Premium
Let's Talk

Personal Data Processing Policy

HomePersonal Data Processing Policy
Close

Personal Data Processing Policy of CM Tbilisi

Last Updated: October 21st, 2025

Article 1: General Provisions

1.1. This Personal Data Processing Policy (“Policy”) has been developed by CM Tbilisi (“the Company,” “we,” “us”) in accordance with the applicable laws of Georgia and international best practices for data protection.

1.2. This Policy defines the principles, procedures, and conditions for the processing of personal data of clients, potential clients, and website visitors (“Data Subjects”) whose data is processed by the Company.

1.3. The purpose of this Policy is to ensure the protection of the rights and freedoms of individuals when processing their personal data, including the protection of the rights to privacy, personal and family secrets.

1.4. The Company is the Data Controller for the personal data collected through its website and in the course of providing its services. Our contact details are:
* Address: V. Batonishvili St 9, Tbilisi, Georgia
* Email: info@cmtbilisi.com
* Phone: 596 76 88 99

1.5. This Policy is a public document and is available to any user of the Company’s website.

Article 2: Principles and Legal Basis for Data Processing

2.1. The processing of personal data by the Company is carried out based on the following principles:
* Lawfulness, Fairness, and Transparency: Processing is conducted lawfully, fairly, and in a transparent manner in relation to the Data Subject.
* Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
* Data Minimization: Processing is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
* Accuracy: Personal data is accurate and, where necessary, kept up to date.
* Storage Limitation: Data is kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is processed.
* Integrity and Confidentiality: Data is processed in a manner that ensures appropriate security of the personal data.

2.2. The Company processes personal data on the following legal bases:
* Consent: The Data Subject has given clear, informed, and unambiguous consent for the processing of their personal data for one or more specific purposes (e.g., for receiving marketing communications).
* Contract: The processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract (e.g., processing an inquiry for a vehicle purchase).
* Legitimate Interests: The processing is necessary for the purposes of the legitimate interests pursued by the Company, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject.

Article 3: Scope and Categories of Personal Data Processed

3.1. The Company processes the following categories of personal data:
* Full Name (First Name, Last Name)
* Phone Number
* Email Address

3.2. The Company does not process special categories of personal data (such as data on race, political opinions, religious beliefs, health status) or biometric data.

Article 4: Purposes of Personal Data Processing

4.1. The Company processes personal data for the following purposes:
* To identify the Data Subject for inquiries and service provision.
* To establish and maintain communication with the Data Subject on service-related matters.
* To prepare, conclude, execute, and terminate contracts with the Data Subject.
* To provide the Data Subject with information about the Company’s activities, products, and services.
* To conduct marketing and advertising campaigns, including sending newsletters and promotional offers, subject to the Data Subject’s explicit consent.
* To improve the quality of services and modernize the Company’s website.
* To comply with the legal requirements of Georgian legislation.

Article 5: Procedure and Conditions for Personal Data Processing

5.1. The processing of personal data is carried out by the Company through automated and non-automated means.

5.2. The Company takes all necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

5.3. The Company ensures that access to personal data is restricted to authorized employees who require access to perform their job duties. These employees are bound by confidentiality obligations.

5.4. The storage of personal data is carried out in a form that allows the identification of the Data Subject for no longer than the purposes of processing personal data require, unless the storage period is established by federal law or a contract.

5.5. The Company shall cease processing personal data upon achievement of the processing goals, expiration of the consent period, or withdrawal of consent by the Data Subject, unless otherwise provided by law.

Article 6: Rights of the Data Subject

6.1. The Data Subject has the right to receive information from the Company concerning the processing of their personal data, including:
* Confirmation of the fact of personal data processing.
* The legal basis and purposes of personal data processing.
* The methods of personal data processing.
* The name and location of the Company.
* Information about persons who have access to personal data.
* The list of processed personal data and the source of their receipt.
* The terms of personal data processing, including the terms of their storage.

6.2. The Data Subject has the right to demand from the Company the clarification of their personal data, its blocking, or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing.

6.3. The Data Subject has the right to withdraw their consent to the processing of personal data at any time by sending a corresponding request to the Company.

6.4. To exercise their rights, the Data Subject may contact the Company via the contact details specified in Article 1 of this Policy.

Article 7: Final Provisions

7.1. This Policy is effective from the moment of its approval by the Company’s management and its publication on the official website.

7.2. The Company reserves the right to make changes to this Policy. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.

7.3. All matters not regulated by this Policy shall be resolved in accordance with the current legislation of Georgia.