Privacy policy
Last updated: 17 February 2026
1. Who we are
Controller:
Individual Entrepreneur Zozulia Bogdan
Registered address: Georgia, Tbilisi, Isani district, Sandor Petep Street, N 19, Floor 6, Apartment N34
Taxpayer category: Small Business
Registration date: 18.12.2023
Contact email: melkor.gray@gmail.com
EEA representative (Art. 27 GDPR):
We are in the process of appointing an official representative in one of the European Economic Area (EEA) countries. Contact details will be updated before we start processing personal data of EEA residents.
2. What data we collect
We may collect the following categories of personal data:
- Identification data: name, email address (when you submit forms on the website).
- Technical data: IP address (shortened where possible), device type, browser, language, approximate location.
- Cookies and trackers:
- Google Analytics 4
- Meta Pixel
- Form fields (via Forminator)
All non-essential cookies and trackers are activated only after you give consent via the banner.
3. Purposes of processing
| Purpose | Legal basis | Example |
|---|---|---|
| Responding to enquiries via forms | Contract / pre-contractual steps (Art. 6(b)) | Sending a proposal |
| Web analytics | Consent (Art. 6(a)) | Analysing visits and on-site behaviour |
| Retargeting / advertising | Consent (Art. 6(a)) | Showing relevant ads in Meta |
| Website security and logging | Legitimate interest (Art. 6(f)) | Blocking spam, detecting suspicious activity |
4. Cookies and consent banner
We use a consent banner (CMP): on your first visit you can accept or reject cookies. Non-essential cookies are not loaded until consent is given.
5. Sharing and international transfers
| Recipient | Purpose | Transfer mechanism |
|---|---|---|
| Google LLC (GA4) | Web analytics | EU–US DPF (certification confirmed: link) |
| Meta Platforms Ireland Ltd (Meta Pixel) | Retargeting | EU–US DPF (primary) + SCC (fallback) |
| Bluehost (Newfold Digital) | Website hosting and form storage | Servers located in the US; we apply additional technical safeguards |
Note:
We apply technical and organisational measures to reduce risks when data may be transferred outside the EEA, including:
- loading third-party scripts (GA, Meta) only after user consent;
- IP anonymisation and disabling additional tracking modules where available;
- access controls and regular platform updates.
6. Retention periods
- Data submitted via forms (email, name, etc.): stored for up to 24 months after the last contact or until you withdraw consent, whichever comes first.
- Google Analytics 4 (GA4):
- User-level data: 2 to 14 months depending on settings;
- Some data (age, gender, interests) may be deleted automatically after 2 months regardless of settings;
- GA4 360 supports up to 26/38/50 months, but the free version allows a maximum of 14 months.
- Server logs (e.g., access and error logs): typically retained for up to 12 months, unless a business procedure requires otherwise; this is a common industry standard.
- Accounting and legal records: in Georgia and the EU, minimum retention is typically 5–7 years, depending on tax and commercial law.
7. Your rights
As a data subject, you have the following rights:
- Right to be informed — to know what data we collect, why, and how we process it.
- Right of access — to request confirmation of processing and obtain a copy of your data.
- Right to rectification — to correct or complete inaccurate or incomplete data.
- Right to erasure (right to be forgotten) — to request deletion where data is no longer needed or where consent is withdrawn.
- Right to restriction — to request suspension of processing in disputed situations.
- Right to data portability — to receive your data in a machine-readable format or transfer it to another controller.
- Right to object — to object where processing is based on legitimate interest or direct marketing.
- Right not to be subject to solely automated decision-making — including profiling, with the right to human intervention.
You also have the right to withdraw your consent at any time. In that case, we will stop the relevant processing and, where required, delete your data.
If you believe your rights have been violated, you can lodge a complaint:
- In the EU — with a supervisory authority in your country of residence or work.
- In Georgia — with the Personal Data Protection Service.
Contact for requests:
melkor.gray@gmail.com
or — once appointed — our EEA representative.
8. Security
We take technical and organisational measures to protect personal data:
- HTTPS (TLS) is used across the website for secure data transmission.
- Automatic updates for the CMS and all plugins help address vulnerabilities in a timely manner.
- Access limitation: only the site administrator has editing and FTP access.
- Data minimisation: we collect only what is necessary and do not store personally identifiable information without consent.
- Backups: backups of the website and Forminator configurations are protected and stored with restricted access.
9. Changes to this policy
- Whenever we update this policy, we also update the “Last updated” date at the top of this document.