EPISODE TBILISI ("we", "us", "our") respects your privacy and is committed to protect and process your Personal Data fairly and transparently, in accordance with the provisions of Law of Georgia on Personal Data Protection and in some circumstances and where it is strictly required under the legislation - GDPR. All your personal details and information belong to you and we acknowledge and respect that.
|Personal Data Protection Law||The Law of Georgia on Personal Data Protection and, where applicable - the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the GDPR).|
|Personal Data||Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.|
|Special categories of Personal Data||Data connected to a natural person's racial or ethnic origin, political views, religious or philosophical beliefs, membership of professional organizations, state of health, sexual life, criminal history, administrative detention, putting a person under restraint, plea bargains, abatement, recognition as a victim of crime or as a person affected, also biometric and genetic data that allow to identify a natural person by the above features.|
|Data subject||Any natural person whose Personal Data is processed.|
|Processing||Any operation performed in relation to the data by automated, semi- automatic or non-automatic means, in particular collection, recording, photographing, audio recording, video recording, organization, storage, alteration, restoration, request for access to, use or disclosure by way of data transmission, dissemination or otherwise making them available, grouping or combination, locking, deletion, or destruction.|
|Controller||The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data and who, directly or through a data processor, processes Personal Data.|
|Joint controllers||Two or more controllers that jointly determine the purposes and means of processing and who, directly or through a data processor, processes Personal Data.|
|Processor||A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the controller.|
|Recipient||A natural or legal person, public authority, agency, or another body, to which the Personal Data are disclosed.|
|Consent||Freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.|
|Online identifiers||Internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags provided by data subject devices, applications, tools and protocols. These may leave traces which, when combined with unique identifiers and other information received by the servers, may be used to create profiles of natural persons and identify them.|
|Profiling||Any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.|
|Personal Data breach||A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.|
This Website as well as the App, all the available online services (such as registration, booking etc.) and thus all related data processing activities are operated and carried out by EPISODE TBILISI LLC, a hospitality company registered and functioning under the laws of Georgia, with headquarters in Georgia, Tbilisi, Saburtalo district, Pekini Avenue, No. 41, duly registered with the National Agency of Public Registry under ID No. 405481063.
In this context, we may process your Personal Data for the purposes of handling your request and providing an answer or to follow up on your feedback.
Please note that from time to time we monitor our phone calls and may record the conversation with you to assess and improve the quality of our customer services. You will always be informed in advance if such recording occurs.
(a) Special categories of data
We do not request you to provide information on your health, racial or ethnic origin, personal beliefs or sexual orientation or any other special categories of data defined under the Personal Data Protection Law unless it is required under the legislation - for example due to the spread of COVID-19, we may ask you to provide us the negative test results and/or covid passports as requested by law. In other cases, if you deliberately provide us with your special categories of data while communicating with us, soliciting our assistance or while submitting a complaint, we shall process such special category data in order to reply, assist you or otherwise settle your complaints.
(b) Personal Data of children
We do not knowingly solicit Personal Data from children or send them requests for Personal Data. Although this Website/App can be accessed by visitors of all ages, we do not intentionally collect Personal Data from persons under the age of 18. As per our Terms & Conditions customers under the age of 18 are not allowed to create a user account or register for our e-mail newsletters/marketing communications. If you are under the age of 18, please do not try to use any of our services that implies collection of your Personal Data.
In case a person under the age of 18 has registered a user account on our Website or App by using false information, we shall cancel the child's account and delete the child's Personal Data from our records, upon request from a parent or a legal guardian.
In general, we collect your Personal Data when you decide to interact with us. This could include visiting our Website, using our App, creating an account, requesting our services, registering for our newsletter etc.
In particular, we collect your Personal Data in the following events:
6.1 Creating and/or Editing Account Personal Data we collect: first name and last name; date of birth; gender (optional); email address; telephone number; country of residence; photo - if you choose to have a profile picture.
Purpose of processing: enabling you to make bookings, check-ins, check-outs; requesting other services from us; subscribing our newsletters and marketing communications. Grounds for processing: your ad hoc consent when creating an account. Source of data: directly from you when you create an account and register for our newsletters & marketing communications.
6.2 Hotel Booking and Incomplete Booking Process
Personal Data we collect: first name and last name; invoice address (if needed); email address; telephone number; your membership number (if any); country of residence; booking details (room, event, restaurant etc); preferences (e.g., preferred room type and other specific requests); date of arrival and departure; number of co-guest(s); your employer (for business- related bookings); your credit limit reports; payment amount; payment card details - owner's name, card number, expiration date and CVV.
Purpose of processing: enabling you to book a room in our hotel; administer your booking; sending you a booking confirmation and pre-arrival emails; in case of incomplete booking - enabling you to continue the online booking process through pre-filled booking form; to send you an invoice; to check your credit limit repots in order to ensure that you do not exceed your credit limit before the payment; to fulfill our statutory duties.
Grounds for processing: to conclude a service contract with you and to perform the relevant services; to fulfil our statutory duties; it is our legitimate interests to re-market an incomplete booking process.
Source of data: directly from you when you book the room through our Website and/or the App, our call centre, other online booking channels, at the hotel when you make a direct booking; from your travel agent.
6.3 Check-in and Check-out
Personal Data we collect: first name and last name; identification document type, country of issue and document number; membership number (if any); country of residence; gender (optional); telephone number; email address; date of arrival and departure; first name and last name of adult co-guests (providing this information is optional); payment amount; payment card details - owner's name, card number, expiration date and CVV.
Purpose of processing: creating and/or updating your profile in our hotel management system; registering your arrival and departure at the hotel; providing you with a key card to your room or allowing you to use your mobile device as a room key; administer payment of your stay.
Grounds for processing: to conclude a service contract with you and to perform the relevant services; to fulfill our statutory duties.
Source of data: directly from you when you check-in and/or check-out through the App or at the hotel when you make a direct check-in and/or check-out; directly from you at the time of booking; through the travel agent at the time of booking.
6.4 Hotel Stay
Personal Data we collect: first name and last name; membership number (if any); telephone number; email address; address (if needed); date of arrival and departure; country of residence; consumption habits and preferences; first name and last name of adult co-guest(s); date of birth - if you chose to use our Wi-Fi; images & video and audio data via security cameras located in public areas, such as hallways and lobbies; payment card details - owner's name, card number, expiration date and CVV.
Purpose of processing: providing you with the requested services and facilities, such as restaurant, breakfast, Wi-Fi, taxi etc.; administer housekeeping and maintenance; returning lost or forgotten items; ensuring security and safety at the hotel; assessing and managing your and your co-guests' preferences to provide you with better personalized services; aggregating your information with other guest information to complete statistical analysis and consequently to evaluate and improve our products and services.
Grounds for processing: to conclude a service contract with you and to perform the relevant services; it is our legitimate interests to manage hotel maintenance activities; to improve our services and to be able to identify the owner of a lost or forgotten items; to fulfil our statutory duties.
Source of data: directly from you during your stay at our hotel; directly from you at the time of booking and/or check-in; through the travel agent at the time of booking.
6.5 Mobile Application (App)
Personal Data we collect: first name and last name; gender; email address; location data, provided that you have opted-in to the location services; telephone number.
Purpose of processing: enabling you to request all our services through your mobile; administer your bookings of rooms/meetings/events; administer your online check-in and check-out; administer your online room service orders; processing your online feedbacks; processing and addressing your online requests; providing the information online about our special offers and promotions.
Grounds for processing: Ad hoc consent obtained during the installation of the App or in the context of your use of the App; your consent when you opt-in to the location services. Source of data: directly from you when downloading/installing and/or using the App.
(!) If you opted-in to the location services and after that have changed your mind, you can opt-out through your device settings or by deleting the App.
6.6 Loyalty Programs
Personal Data we collect: first name and last name; membership number (if any); details of your memberships with any of our loyalty program partners (e.g., travel agencies, airline companies, car rental companies etc.); telephone number; email address; address; hotel stay details including your preferences; payment card details - owner's name, card number, expiration date and CVV.
Purpose of processing: managing and administer our loyalty programs, including, creating and/or updating your profile; providing you with the information on the points earned by you, available loyalty programs and related rewards; providing you with the information on upcoming events within the course of our loyalty programs and regarding any changes to these programs; enabling you to earn points in loyalty programs of our partner companies. Grounds for processing: to conclude a service contract with you and to perform the relevant services; to perform the contract you have with our partner companies; to fulfil our statutory duties.
Source of data: directly from you when claiming or redeeming your points.
6.7 Newsletters & Marketing Communications
Personal Data we collect: first name and last name; address; telephone number; date of birth; email address; gender (optional); country of residence; preferences; hobbies and interests; hotel stay history; email clicking behaviour; email opening behaviour. Purpose of processing: promoting our business and improving our services, including to offer you targeted advertisements for products and services that may interest you; to measure the click-through rate and improve the content of our newsletters and marketing communications.
Grounds for processing: your consent; it is our legitimate interest to improve our services and content of our newsletters/marketing communications.
Source of data: directly from you, when creating your account, clicking and/or opening the emails; from our email analytics service provider.
(!) Please take into consideration that if you no longer want to receive our newsletters and/or marketing communications, you can unsubscribe from our newsletters and/or marketing emails by clicking on the unsubscribe link at the end of the emails sent to you.
6.8 Satisfaction Surveys
Personal Data we collect: first name and last name; address; telephone number; membership number (if any); date of birth; email address; gender (optional); country of residence; hotel stay details; preferences; email clicking behaviour; email opening behaviour; behaviour on the Website or in the App; participation in our loyalty programs.
Purpose of processing: to get feedback on your experience; to assess our performance. Grounds for processing: it is our legitimate interest to assess our performance and improve our services if needed.
Source of data: directly from you at the time of booking and/or check-in; through the travel agent at the time of booking; directly from you during your stay at our hotel or when interacting with us.
(!) Please take into consideration that if you no longer want to receive guest satisfaction surveys, you can unsubscribe from our surveys by clicking on the unsubscribe link at the end of the survey-related emails sent to you.
6.9 Social Media & Online Reviews
Personal Data we collect: any information you share with us through social media; any information you write/publish about us in online review platforms.
Purpose of processing: assessing our improvement needs; answering to your questions and addressing your complaints.
Grounds for processing: it is our legitimate interest to process the data you shared to us through social media or online review platforms and improve our services.
Source of data: directly from you or through our social media monitoring service providers.
6.10 Gift Cards
Personal Data we collect: first name and last name; email address; telephone number; payment card details - owner's name, card number, expiration date and CVV; first name and last name of the recipient; address, email address and telephone number of the recipient.
Purpose of processing: to administer and manage your purchase of the gift card.
Grounds for processing: to conclude a contract with you and to perform the relevant contact.
Source of data: Directly from you when purchasing the gift card.
In order to provide our services to you, we share your data with the relevant EPISODE TBILISI employees and if required, may share with several partners as well, as categorized below:
We are a company offering our services to the citizens of different countries; our Website and App have the ability to be accessed from different countries; most of our partner companies, who help us in providing the services to you, are international companies - therefore, we cannot exclude transfers of your Personal Data outside Georgia.
When justified or necessary, we will transfer your Personal Data to partners/entities established or owning servers in third countries in a manner consistent with legal requirements. If transfer of a Personal Data to third countries requires to have a transfer permit issued by the relevant supervisory authority, we will obtain the Personal Data transfer permit from such authority.
In all cases, any transfer of your Personal Data will be compliant with applicable data protection laws and standards.
Your Personal Data is stored by EPISODE TBILISI on servers located in Western Europe.
We process and retain Personal Data only for as long as is necessary to fulfill our purposes, contractual obligations, and other legal obligations of storage/archiving.
We shall retain the data only for as long as is necessary and/or prescribed by law for that purpose. The method used by us to decide the retention periods include:
10.1 For EU Users
You have the below-mentioned rights in relation to the Personal Data we hold about you. If you have any additional questions regarding your rights or wish to exercise such rights, please contact us by means listed above.
Submitting a request - for the exercise of your rights, please submit your request in writing or by phone, using the contact details indicated above.
Identification of the applicant - to be able to properly address and manage your request, we urge you to identify yourself as completely as possible. In case we have reasonable doubts as to the identity of the applicant, we will ask for further information to confirm the alleged identity.
Providing our answer - we will provide you with our response and any requested information in electronic format unless you request them to be provided in another format.
In case of refusal - if we refuse to meet your request, we will inform you of the reasons which led to this decision and of the possibility to submit a complaint to the State Inspector's Service or to the Georgian courts or other relevant authority, and to apply for a judicial remedy.
In order to provide you with speedy and customized services and to communicate with you efficiently, we might make some decisions about you in an automated way, without our staff intervention. Automated decision-making happens, for example, when we automatically register your user account after you have inserted the required Personal Data, when we use your Personal Data for profiling etc.
We use profiling in order to customize advertisements/offers for you based on your previous interactions with our Website, App, consumption behaviors. In this way we can send you marketing communication/newsletters/offers that will correspond to your likes and interests. You can choose to stop being profiled by opting-out of marketing cookies or by updating your cookie preferences if you have previously consented.
We are committed to keeping your Personal Data secure, and we will take adequate measures to protect your Personal Data from loss, misuse, or unauthorized alteration.
We have implemented Personal Data security policies, rules, and technical measures to protect the Personal Data that we have under our control from any potential threat such as: unauthorized access; improper use or disclosure; unauthorized modification; unlawful destruction or accidental loss.
All of our employees and data processors (i.e., those who process your Personal Data on our behalf), who have access to, and are associated with the processing of your Personal Data, are obliged to respect the confidentiality of your Personal Data.
The security of our data processing activities is ensured by the implementation of adequate technical safeguards and regular monitoring our servers and IT systems for possible vulnerabilities and attacks.