Personal Data Protection Policy
Rural Development Agency
Article 1. General Provisions
1.1 The Personal Data Protection Policy (hereinafter referred to as the "Policy") defines the principles, purposes, and rules for personal data processing at the Rural Development Agency (hereinafter referred to as the "Agency").
1.2 For the purposes of this document, a data subject is a natural person — an applicant/interested person or their representative (if the applicant/interested person contacts the Agency through a representative), individuals indicated in the documentation/data stored at the Agency, beneficiaries/potential beneficiaries, users of the Agency’s website, hotline, and other communication channels, visitors, Agency employees/interns or employment/internship candidates, and contractor individuals.
1.3 The terms used in this document have the meanings provided under the Law of Georgia on Personal Data Protection.
Article 2. Purpose and Scope of the Policy
2.1 The purpose of the Policy is to inform interested parties about the processes of personal data processing at the Agency.
2.2 The Agency processes and protects personal data in accordance with the requirements of the Georgian legislation on personal data.
Article 3. Grounds for Processing Personal Data
3.1 The Agency implements programs and projects initiated by the Ministry of Environmental Protection and Agriculture of Georgia, within which beneficiaries of the Agency receive various types of support.
3.2 The Agency processes personal data to ensure the participation of potential beneficiaries/beneficiaries in the Agency’s programs and projects and to regulate relationships with employees/interns or employment/internship candidates.
3.3 The Agency processes personal data if one of the following legal grounds exists:
3.3.1 The subject’s consent (in the case of a minor under 16 years old, with the consent of their parent or other legal representative);
3.3.2 For the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract;
3.3.3 Data processing is provided by law;
3.3.4 The data is publicly available;
3.3.5 Data processing is necessary to protect vital and/or public interests;
3.3.6 The Agency performs an obligation imposed on it by Georgian legislation;
3.3.7 Data processing is carried out for the protection of legitimate interests, which includes project and program monitoring, reporting, and effectiveness evaluation.
Article 4. Categories of Personal Data and Their Processing
4.1 The information processed by the Agency may include the following categories of data, proportionate to the purpose of processing:
4.1.1 Identification data – information indicated in the identity document and signature;
4.1.2 Contact information – phone number, email address, residential address (registered or actual);
4.1.3 Financial information – bank account details, a statement from a banking institution confirming the existence of the amount required for participation in a project/program;
4.1.4 Documentary information – information indicated in the submitted documentation;
4.1.5 Contractual information – information provided for in the contract between the Agency and the data subjects;
4.1.6 Technical information – information about devices and technologies used when visiting the Agency’s website;
4.1.7 Special category data – processed only when there is a strictly defined legal basis provided by Georgian law, such as written consent of the subject or another legal ground established by law;
4.1.8 Non-mandatory personal data – based on the prior consent of the data subject, the Agency may process non-mandatory personal data for the purpose of improving programs and projects, or planning new services or trainings. Sharing such data is entirely voluntary and refusal to provide it does not limit the subject’s access to the Agency’s services;
4.1.9 Any type of personal or special category personal data provided for by law, which the data subject voluntarily shares with the Agency;
4.1.10 For the purpose of improving ongoing projects/programs, as well as developing new projects/programs or educational/practical trainings, with the consent of the data subject, various personal data may be processed, the sharing of which is not mandatory.
Article 5. Sources of Obtaining Personal Data
5.1 The Agency obtains personal data of the data subject from the following sources:
5.1.1 When the data subject applies to the Agency for employment or internship;
5.1.2 When the data subject applies to participate in the Agency’s projects/programs or to use other Agency services;
5.1.3 When entering into various types of contracts with the Agency;
5.1.4 When using the Agency’s communication channels (hotline, website, email) and during visits;
5.1.5 From electronic and physical letters received by the Agency;
5.1.6 From publicly available sources – for example, public and entrepreneurial registers;
5.1.7 Within the framework of projects/programs, in certain cases, the Agency obtains personal data from the Legal Entity of Public Law – Public Service Development Agency. The purpose of obtaining such data is to simplify the service delivery process and ensure data accuracy.
Article 6. Processing of Personal Data of Employees, Interns, and Employment/Internship Candidates
6.1 The Agency processes the personal data of employees/interns and candidates for the following purposes:
6.1.1 For the conclusion, termination, and execution of contracts;
6.1.2 For the payment of remuneration, administration of pension contributions, taxes, and other mandatory payments in accordance with the contract;
6.1.3 For communication with the employee/intern or candidate;
6.1.4 For the protection of the rights of the Agency’s employees/interns and third parties;
6.1.5 For responding appropriately to complaints from employees/interns or candidates;
6.1.6 For any other legitimate purpose consistent with the Labour Code and Georgian legislation on personal data protection.
6.2 The Agency processes the following types of personal data of employees/interns or candidates:
6.2.1 Identification data – employee’s first name, last name, year, month, and day of birth;
6.2.2 Contact information – address, email address, and mobile phone number;
6.2.3 Employee’s photograph (photo from the identity card or one provided personally by the employee to the employer);
6.2.4 Information related to education, qualifications, and work experience (to the extent shared by the employee with the employer in the form of a résumé);
6.2.5 Medical documentation;
6.2.6 Certificate regarding narcological registration;
6.2.7 Certificate regarding criminal record;
6.2.8 Financial information – bank account details;
6.2.9 Information about the terms and conditions of the employment or internship agreement, fulfillment or non-fulfillment of duties and obligations.
6.3 Access to the personal data of employees/interns or candidates may be granted only to authorized persons, within the scope of their official functions.
Article 7. Audio and Video Monitoring
7.1 The purpose of video monitoring at the Agency (central office) is to protect the safety and property of the Agency’s employees and visitors.
7.2 At the Agency (central office), video monitoring is conducted 24 hours a day, 7 days a week, at the entrances and corridors of the building. The video monitoring system records only video and does not include audio monitoring. Warning signs are placed near the surveillance cameras.
7.3 The hotline of the Ministry of Environmental Protection and Agriculture of Georgia operates 24 hours a day, 7 days a week, through which calls related to the activities of the agencies under the Ministry’s system are received and processed.
7.4 The Agency records telephone calls only after prior notification.
7.5 The purpose of audio monitoring is to improve customer service, ensure the completeness of information provision within the Ministry of Environmental Protection and Agriculture of Georgia, record phone inquiries, provide appropriate responses to inquiries, monitor service quality, and fulfill the Agency’s legal obligations.
Article 8. Transfer of Personal Data to Third Parties
8.1 The Agency may transfer a data subject’s personal data to third parties in cases provided by Georgian legislation, when necessary for serving the interests of the data subject, for the provision of services, or for the fulfillment of legal or contractual obligations imposed on the Agency.
8.2 Third parties may include natural or legal persons, state authorities, and donor organizations to whom information is transferred for purposes defined by Georgian legislation, within the framework of the Agency’s contractual obligations, and for service, monitoring, research, and analytical purposes concerning data subjects.
Article 9. Data Security
9.1 The Agency has adopted all necessary organizational and technical measures to ensure data processing in accordance with the Law of Georgia on Personal Data Protection.
9.2 The organizational and technical measures adopted by the Agency ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, acquisition, unlawful use, or loss.
9.3 Access to personal data stored at the Agency is granted only to employees who need to process the data in order to fulfill their assigned duties.
Article 10. Authorized Data Processors
10.1 On behalf of the Agency, the processing of personal data may be assigned to third parties (authorized processors) who, under an appropriate agreement with the Agency, process data as instructed.
10.2 Authorized processors are obligated to process personal data only according to the Agency’s instructions and only to the extent necessary to achieve the legally defined purposes or to provide services as specified by contract.
10.3 The Agency ensures that the agreements concluded with authorized processors clearly define the conditions for processing personal data in compliance with the law, as well as the implementation of relevant technical and organizational measures.
10.4 The Agency may, in specific cases, provide information about authorized processors. A person may also contact the Agency to request information regarding a particular authorized processor.
Article 11. Transfer of Data to Another State and/or International Organization
In cases where beneficiaries participate in international exhibitions, the personal data of their representatives may be transferred, through the Agency, to exhibition organizers from different countries. Data subjects will be informed of this in advance.
Article 12. Rights of the Data Subject
12.1 The data subject has the right to request information about the processing of their personal data and to receive copies of such data, specifically:
12.1.1 What data are being processed about them;
12.1.2 For what purpose the data are being processed;
12.1.3 On what legal basis the data are being processed;
12.1.4 From what source their data were collected;
12.1.5 Whether their personal data have been transferred to a third party, information about that third party, and the legal basis and purpose of such transfer;
12.1.6 To request the correction, blocking, updating, and/or addition of incorrect, inaccurate, and/or incomplete data;
12.1.7 To request the termination, deletion, or destruction of data processing;
12.1.8 To withdraw, at any time and without explanation, their consent to the processing of personal data and to request the deletion of data processed based on that consent.
12.2 The Agency will take appropriate action upon receipt of a request under paragraph 12.1 within the timeframe established by the Law of Georgia on Personal Data Protection, but no later than 10 working days.
12.3 The rights of the data subject may be restricted in accordance with the procedure established by Georgian legislation.
12.4 The data subject may contact the Agency by submitting an application to the Agency’s email address: info@rda.gov.ge ; by submitting the application in person at the Agency’s central office or regional information and consultation centers (see addresses: https://rda.gov.ge/contact/contact); or by sending it by post. The application must be accompanied by a copy of the applicant’s identity document.
Article 13. Data Retention Periods
13.1 The Agency retains personal data only for as long as necessary to achieve the purposes defined in this document and/or to fulfill its legal obligations regarding data retention.
13.2 Taking into account the protection of the legitimate interests of the Agency and the data subjects (including for the purpose of reviewing possible applications or complaints), video recordings are retained for no longer than 3 months. After this period, recordings are automatically deleted, except in cases where there is a legitimate interest and a legal basis for longer retention.
13.3 Taking into account the protection of the legitimate interests of the Agency and the data subjects (including for the purpose of reviewing possible applications or complaints), hotline audio recordings are retained for 1 year. After this period, recordings are deleted, except in cases where there is a legitimate interest and a legal basis for longer retention.
13.4 The retention periods for personal data at the Agency are regulated according to the timeframes established by the Order No. 72 of 31 March 2010 of the Minister of Justice of Georgia “On the Approval of the List of Standard Administrative Documents Created in the Course of Institutional Activities (with Indicated Retention Periods)”, which depend on the types of data and their intended use.
Article 14. Right to Appeal
The data subject has the right, in the event of a violation of the rights and rules established by the Law of Georgia on Personal Data Protection, to file a complaint with the Personal Data Protection Service and/or the court, in accordance with the procedures established by law.
Article 15. Contact
15.1 For issues related to personal data, interested persons may contact the Agency’s Personal Data Protection Officer at dpo@rda.gov.ge , call the Agency’s hotline 15 01, or use the online help on the website rda.gov.ge.
Article 16. Document Update
16.1 The policy will be reviewed periodically as necessary.
16.2 The latest version of the policy is available on the Agency’s website: rda.gov.ge.