Kuslebi
(EN)
Privacy policy
This Privacy Policy explains how personal data is collected and processed when you visit kuslebi.ge, contact us, place an order, request delivery or otherwise interact with Kuslebi.
1. Data controller
The controller responsible for the processing described in this Policy is: IE Mari Chkheidze [LEGAL NAME]
Identification number: [IDENTIFICATION NUMBER]
Registered address: [REGISTERED ADDRESS]
Email: [PRIVACY EMAIL]
Telephone: [PHONE NUMBER]
Where applicable:
Data Protection Officer or privacy contact: [NAME OR ROLE]
Contact details: [DPO OR PRIVACY EMAIL]
2. Applicable law
We process personal data in accordance with applicable Georgian data-protection legislation, including the Law of Georgia on Personal Data Protection.

Where we offer goods or services to individuals located in the European Union or European Economic Area, or monitor their behaviour where the GDPR applies, we also process their data in accordance with the General Data Protection Regulation.

The application of the GDPR depends on the circumstances, including whether we specifically offer goods or services to individuals in the EU or EEA. The mere accessibility of the website from another country does not necessarily mean that every foreign privacy law applies.
3. Personal data we collect
Depending on how you use the website, we may collect the following categories of data.

3.1 Identity and contact data

  • first and last name;
  • telephone number;
  • email address;
  • billing address;
  • delivery address;
  • country and city;
  • account or social-media username when you contact us through a social platform.
3.2 Order and transaction data

  • products ordered;
  • size, colour and quantity;
  • order number;
  • order date and status;
  • amount paid;
  • selected payment method;
  • payment confirmation;
  • refund or cancellation information;
  • delivery and pickup information;
  • customs information needed for international shipping.
We do not normally receive full payment-card data when card payments are processed by an authorised payment provider.

3.3 Communications

We may process messages, emails, telephone-call details, customer-support requests, complaints, fitting requests, return requests and other correspondence.
Telephone calls will not be recorded unless you are informed in advance and an appropriate legal basis exists.

3.4 Technical and usage data

We may collect:
  • IP address;
  • browser and device type;
  • operating system;
  • language settings;
  • approximate location derived from the IP address;
  • pages viewed;
  • referral source;
  • time and date of visits;
  • cookie identifiers;
  • interaction and conversion information;
  • security and error logs.
3.5 Marketing data

Where permitted, we may process:
  • marketing preferences;
  • newsletter subscriptions;
  • responses to advertising;
  • interactions with marketing emails;
  • advertising and social-media identifiers;
  • consent and withdrawal records.
3.6 Data received from third parties

We may receive data from:
  • payment providers;
  • couriers and shipping companies;
  • customs and logistics agents;
  • website hosting and e-commerce providers;
  • analytics and advertising services;
  • social networks through which you contact us;
  • fraud-prevention and security providers.
4. Why we process personal data
4.1 Processing orders and performing a contract

We process identity, contact, order, payment-confirmation and delivery data to:
  • receive and confirm orders;
  • arrange payment;
  • reserve products;
  • arrange fitting;
  • deliver products;
  • provide pickup;
  • send order updates;
  • process lawful cancellations, returns or refunds;
  • provide customer support;
  • handle product claims.
The legal basis is the performance of a contract or taking steps requested by you before entering into a contract.

4.2 Compliance with legal obligations

We may process and retain data to comply with:
  • accounting and tax obligations;
  • consumer-protection requirements;
  • customs and international-shipping requirements;
  • data-protection obligations;
  • court orders and lawful government requests;
  • fraud-prevention and financial-compliance requirements.
The legal basis is compliance with a legal obligation.

4.3 Legitimate interests

Where permitted by law, we may process data for legitimate interests such as:
  • protecting the website and transactions against fraud;
  • maintaining network and information security;
  • preventing abuse;
  • responding to complaints and disputes;
  • establishing, exercising or defending legal claims;
  • understanding general website performance;
  • improving our products and customer service;
  • maintaining internal business records.
Before relying on legitimate interests, we consider whether our interests are overridden by your rights and freedoms.

4.4 Consent

We may rely on your consent for:
  • optional analytics cookies;
  • advertising cookies;
  • personalised marketing;
  • email or SMS marketing where consent is required;
  • other optional processing clearly explained when consent is requested.
You may withdraw consent at any time. Withdrawal does not affect processing that was lawful before the withdrawal.

4.5 Direct marketing

We will send electronic direct marketing only where we have a valid legal basis.

Where prior consent is required, marketing messages will be sent only after you have actively consented. Consent to marketing is optional and is not a condition for purchasing a product.

Every electronic marketing message will contain, or be accompanied by, a reasonably accessible method of unsubscribing. You may also object or withdraw consent by contacting us at [PRIVACY EMAIL.

After an opt-out, we may retain limited suppression-list information to ensure that further marketing is not sent to you.
5. Cookies and similar technologies
5.1 Strictly necessary technologies

These technologies are required for functions such as:
  • keeping the website secure;
  • maintaining a shopping cart;
  • processing checkout;
  • remembering privacy choices;
  • preventing fraud;
  • balancing website traffic.
Where these technologies are strictly necessary, they may operate without optional consent to the extent permitted by law.

5.2 Analytics and advertising technologies

With consent where required, we may use analytics or advertising technologies to measure website use, campaign performance and conversions, or to show relevant advertising.

Potential providers may include:
  • [GOOGLE ANALYTICS / GOOGLE TAG MANAGER, IF USED];
  • [META PIXEL, IF USED];
  • [TIKTOK PIXEL, IF USED];
  • [OTHER PROVIDERS].
The actual providers used must be listed in the website’s cookie banner or Cookie Policy.

Non-essential cookies should remain disabled until the user gives the required consent. Rejecting optional cookies should be as easy as accepting them.

You may change your cookie preferences through [COOKIE SETTINGS LINK OR DESCRIPTION].
6. Recipients of personal data
We may disclose data only where reasonably necessary to the following categories of recipients:
  • website hosting and technical service providers;
  • e-commerce and customer-management platforms;
  • banks and payment processors;
  • local couriers;
  • international delivery providers, including CDEK, FedEx or another carrier selected for the order;
  • customs brokers and customs authorities;
  • accountants, auditors and professional advisers;
  • analytics and advertising providers, subject to applicable consent requirements;
  • fraud-prevention and cybersecurity providers;
  • courts, regulators, law-enforcement bodies and public authorities where disclosure is legally required;
  • a buyer, investor or successor in connection with a lawful business sale or restructuring.
Service providers acting on our behalf are expected to process data only under appropriate instructions, confidentiality obligations and security requirements.
Couriers, payment providers, customs authorities and certain other recipients may process data as independent controllers under their own privacy policies.
We do not sell personal data.
7. International transfers
Because we provide international delivery and may use global technology providers, personal data may be transferred to or accessed from a country outside Georgia or, where the GDPR applies, outside the EU/EEA.

International shipping may require us to disclose your name, telephone number, address, order information and customs-related data to a carrier, customs broker or authority in the destination or transit country.

Where required, we use an appropriate transfer mechanism, which may include:
  • a recognised adequacy decision;
  • contractual data-protection clauses;
  • another lawful transfer safeguard;
  • a transfer necessary to perform the contract with you, such as delivering an international order;
  • your explicit consent, where legally appropriate.
Information about the relevant safeguard may be requested through [PRIVACY EMAIL].
8. Retention periods
We keep personal data only for as long as reasonably necessary for its purpose and any applicable legal obligation.

Unless a different period is legally required or justified:
  • incomplete cart information: up to [30–90 DAYS];
  • ordinary customer enquiries: up to [2 YEARS] after resolution;
  • order, invoice and accounting records: for the period required by Georgian tax and accounting law;
  • delivery records: for the order period and a reasonable claims period;
  • complaint and dispute records: until final resolution and expiry of the applicable limitation period;
  • consent records: while consent is relied upon and for a reasonable period needed to demonstrate compliance;
  • marketing contact data: until consent is withdrawn or an objection is received;
  • security logs: normally up to [6–12 MONTHS], unless needed to investigate an incident;
  • cookie data: for the period indicated in the cookie settings or Cookie Policy.

We may retain data longer where necessary to establish, exercise or defend a legal claim, comply with a legal hold or respond to a lawful authority.

When data is no longer required, it will be deleted, destroyed or anonymised where reasonably practicable.
9. Data security
We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss or destruction.
Measures may include:
  • encrypted communications;
  • access controls;
  • password and account-security measures;
  • limited staff access;
  • backups;
  • provider due diligence;
  • incident-response procedures;
  • updates and technical monitoring.
No internet or storage system can be guaranteed completely secure. You should take appropriate care when sharing information and protect your account and device credentials.
10. Your rights
Subject to applicable law and relevant exceptions, you may have the right to:
  • receive information about processing;
  • obtain confirmation that we process your data;
  • access your personal data and receive a copy;
  • correct, update or complete inaccurate data;
  • request deletion or destruction;
  • request restriction or blocking of processing;
  • object to certain processing;
  • object to direct marketing at any time;
  • withdraw consent at any time;
  • receive certain data in a structured, commonly used and machine-readable format;
  • request transmission of eligible data to another controller where technically feasible;
  • obtain human intervention concerning certain automated decisions;
  • complain to a competent supervisory authority;
  • apply to a competent court.
These rights are not absolute. For example, we may retain data where it is required for tax compliance, contract performance, fraud prevention or legal claims.

Under Georgian law, certain requests, including access and correction-related requests, are generally handled within the statutory periods prescribed by Georgian data-protection legislation. Where the GDPR applies, we will respond without undue delay and normally within one month, subject to permitted extensions.
11. Exercising your rights
Requests may be sent to:

Email: [PRIVACY EMAIL]
Postal address: [ADDRESS]

Please describe your request clearly.

We may request reasonable information to verify your identity. We will not request more identification data than reasonably necessary.

Requests are normally handled free of charge. A reasonable fee may be charged, or a request may be refused, only where permitted by applicable law, such as where requests are manifestly unfounded, excessive or repetitive.
12. Automated decision-making
We do not currently make decisions producing legal or similarly significant effects based solely on automated processing.

Website analytics, fraud indicators or advertising audience tools may involve limited automated evaluation but are not intended to make legally significant decisions concerning Customers.

If this changes, we will provide the information and safeguards required by applicable law.
13. Children’s data
The website is not designed to intentionally collect personal data from young children.

A person who does not have legal capacity to purchase independently should use the website only with the involvement of a parent or legal guardian.

We do not knowingly use children’s personal data for behavioural advertising without the consent or other authorisation required by applicable law.

A parent or guardian who believes that a child has provided personal data without appropriate authorisation may contact us at [PRIVACY EMAIL].
14. Data breaches
We maintain procedures for assessing and responding to personal-data incidents.

Where a breach triggers a statutory notification obligation, we will notify the competent supervisory authority and, where required, affected individuals within the applicable legal period.
15. Complaints
You may first contact us at [PRIVACY EMAIL], and we will attempt to resolve the concern.

You may also complain to the Georgian authority legally responsible for supervising personal-data processing or to a competent court.

Where the GDPR applies, you may also lodge a complaint with the data-protection authority in the EU/EEA country where you habitually reside, work or believe an infringement occurred.
16. Third-party websites
The website may contain links to independent websites or platforms.

We do not control their privacy practices. You should review the privacy policy of the relevant third party before providing personal data through its service.
17. Changes to this Privacy Policy
We may update this Policy where our practices, providers or legal obligations change.

The updated version will be published on the website with a revised “Last updated” date. Where a change materially affects your rights or processing based on consent, we will provide additional notice or obtain renewed consent where required.
18. Contact
For questions about this Privacy Policy or the processing of personal data, contact:
Kuslebi / [LEGAL NAME]
Privacy email: [PRIVACY EMAIL]
Telephone: [PHONE NUMBER]
Address: [REGISTERED OR CONTACT ADDRESS]