Privacy Policy

AI for Georgia is committed to protecting the privacy and personal data of all individuals who interact with our website, services, and events. This Privacy Policy explains in detail how personal data is collected, processed, stored, shared, and protected when you visit our website, register for or attend our events, purchase tickets, or otherwise communicate with us.

This Privacy Policy is prepared in accordance with the Law of Georgia on Personal Data Protection, GDPR and reflects internationally recognized data protection principles, including transparency, fairness, data minimization, purpose limitation, and security.

By accessing our website, using our services, or providing us with your personal data, you agree to the terms of this Privacy Policy.

This Privacy Policy applies to all individuals whose personal data is processed by AI for Georgia, including but not limited to:

• visitors to our website;
• individuals who register for or attend AI for Georgia events, conferences, or expos;
• ticket purchasers;
• speakers, partners, sponsors, and exhibitors;
• individuals who contact us or subscribe to communications.

This Policy applies regardless of whether you are located in Georgia or outside Georgia.

For the purposes of applicable data protection legislation, AI for Georgia acts as the data controller. This means that we determine why and how personal data is processed.

In certain circumstances, we engage third-party service providers to process personal data on our behalf. Such providers act under contractual obligations and are permitted to process personal data only in accordance with our instructions and applicable law.

For the purposes of this Privacy Policy, personal data means any information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, contact details, online identifier, or one or more factors specific to that individual's physical, physiological, economic, cultural, or social identity.

Personal data may include information that identifies you directly, such as your name, email address, telephone number, or other contact details. It may also include information that identifies you indirectly, where such information, alone or in combination with other data, makes it possible to identify you. This can include technical or usage data, online identifiers, device information, location data, registration or attendance records, and information relating to your participation in Events.

Personal data does not include information that has been irreversibly anonymised in such a way that an individual can no longer be identified. Aggregated or anonymised data may be used for statistical, analytical, or reporting purposes, provided that it cannot be linked back to an individual.

Personal data may be collected in several ways, depending on how you interact with AI for Georgia.

In practice, this includes data collected:

• when you browse our website;
• when you complete registration or contact forms;
• when you purchase tickets;
• when you attend an event or interact with event infrastructure;
• when you communicate with us by email or other channels.

AI for Georgia processes personal data only for specific, explicit, and legitimate purposes and does so in a manner that is proportionate to those purposes. We do not process personal data in ways that are incompatible with the purposes described below.

In practice, personal data may be processed for one or more of the following purposes, depending on the nature of your interaction with AI for Georgia:

• Operation and administration of digital platforms – to operate, maintain, secure, and improve our website and related digital services, including monitoring performance, preventing misuse, and ensuring technical functionality;
• Event registration, ticketing, and access management – to process registrations, issue tickets or access credentials, manage accreditation, control entry to Events, and administer attendance, including on-site access control and badge scanning;
• Event delivery and participant experience – to organise, manage, and deliver Events, including scheduling sessions, coordinating speakers and exhibitors, facilitating networking or participation features, and providing Event-related services;
• Communications and information sharing – to communicate with participants, speakers, partners, sponsors, and other stakeholders regarding Event details, updates, changes, logistical information, and post-Event follow-ups;
• Health, safety, and security – to ensure the safety and security of participants, staff, and venues, including crowd management, emergency response, compliance with venue rules, and the protection of people and property;
• Service improvement and analytics – to analyse usage trends, attendance patterns, and feedback in order to improve our Events, digital platforms, and services, including the use of aggregated or anonymised data where possible;
• Legal, regulatory, and contractual compliance – to comply with applicable laws, regulations, court orders, and contractual obligations, and to establish, exercise, or defend legal claims.

Personal data is not processed for purposes that are incompatible with those listed above. Where we intend to process personal data for a new purpose that is materially different from the original purpose, we will take appropriate steps in accordance with applicable law, which may include providing additional information or obtaining consent where required.

Depending on the circumstances, personal data is processed on one or more of the following legal bases:

• the necessity to perform a contract or take steps prior to entering into a contract;
• compliance with legal obligations;
• our legitimate interests, such as event management, security, and service improvement;
• your consent, where required by law.

Where processing is based on consent, you may withdraw your consent at any time.

AI for Georgia does not sell, rent, or trade personal data under any circumstances. However, in order to operate our website, organise Events, process registrations and ticket purchases, and deliver our services effectively, it may be necessary to share personal data with carefully selected third parties. Such sharing is carried out only where it is lawful, proportionate, and necessary for specific, legitimate purposes.

Personal data may be shared with the following categories of recipients, as applicable:

• Event management and ticketing service providers, for the purpose of managing registrations, access control, accreditation, badge printing, attendance tracking, and related Event operations;
• Payment processors and financial institutions, solely for the purpose of processing payments, refunds (where applicable), fraud prevention, and compliance with financial regulations. AI for Georgia does not receive or store full payment card details;
• IT, hosting, analytics, and communication service providers, including providers of website hosting, cloud services, email distribution, analytics tools, and technical support, where such services are necessary for the operation, security, and improvement of our digital platforms;
• Professional advisors, such as legal, financial, or audit advisors, where disclosure is necessary to obtain professional advice or to establish, exercise, or defend legal claims;
• Public authorities, regulators, or law enforcement bodies, where disclosure is required by applicable law, regulation, court order, or other lawful request.

Where personal data is shared with third parties acting on our behalf, such parties process personal data as data processors and are contractually required to:

• process personal data only on documented instructions from AI for Georgia;
• apply appropriate technical and organisational measures to protect personal data;
• ensure confidentiality and security of the data;
• not use personal data for their own independent purposes.

Where third parties act as independent controllers, they process personal data in accordance with their own privacy policies and applicable legal obligations.

AI for Georgia takes reasonable steps to ensure that personal data is shared only with recipients that provide an adequate level of data protection and that such sharing is limited to what is necessary for the relevant purpose.

AI for Georgia operates in an international environment. As a result, personal data may be transferred to or processed in countries outside Georgia. Where such transfers occur, we take appropriate measures to ensure that personal data remains protected in accordance with applicable data protection laws.

AI for Georgia retains personal data only for as long as it is necessary to fulfil the specific purposes for which the data was collected and processed, including the operation of our website, the organisation and delivery of Events, communication with participants, and compliance with applicable legal, accounting, regulatory, and reporting obligations.

Retention periods may vary depending on the nature of the personal data, the purpose of processing, and the applicable legal requirements. In practice, this means that certain categories of personal data may be retained for longer periods where retention is required or permitted by law, including for the establishment, exercise, or defence of legal claims, the resolution of disputes, or compliance with statutory obligations.

Where personal data is no longer required for the purposes for which it was collected and there is no legal obligation to retain it, AI for Georgia will take appropriate measures to securely delete, destroy, or anonymise such data. Anonymised data may be retained and used for statistical, analytical, or reporting purposes, provided that it can no longer be used to identify an individual.

We periodically review the personal data we hold to ensure that it is not retained longer than necessary and that retention practices remain aligned with applicable legal requirements and our operational needs.

AI for Georgia is committed to ensuring that individuals are fully informed of, and able to exercise, their rights in relation to personal data. In accordance with applicable data protection legislation, including the Law of Georgia on Personal Data Protection and internationally recognised data protection principles, you are entitled to a number of rights in relation to personal data processed by us.

These rights are designed to give you meaningful control over how your personal data is used and to ensure transparency and fairness in our processing activities.

Subject to applicable legal conditions and limitations, your rights include the following:

• Right of access – You have the right to request confirmation as to whether we process your personal data and, where this is the case, to request access to such data together with information about how and why it is processed.
• Right to rectification – You have the right to request the correction or completion of personal data that is inaccurate, incomplete, or outdated.
• Right to erasure – In certain circumstances, you may request the deletion of your personal data, for example where the data is no longer necessary for the purposes for which it was collected or where processing is based on consent that has been withdrawn, unless retention is required by law.
• Right to restriction of processing – You have the right to request that the processing of your personal data be restricted in specific situations, such as where the accuracy of the data is contested or where processing is unlawful but you oppose erasure.
• Right to object – You have the right to object, on grounds relating to your particular situation, to the processing of personal data carried out on the basis of legitimate interests or for direct communication purposes, unless we demonstrate compelling legitimate grounds for continued processing.
• Right to withdraw consent – Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
• Right to data portability – Where applicable, you may request to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to have such data transmitted to another controller, where technically feasible.

To exercise any of these rights, you may submit a written request using the contact details provided below. We may request additional information to verify your identity before responding to your request, in order to protect your personal data from unauthorised access.

We will respond to requests within the timeframes prescribed by applicable law. Please note that certain rights may be subject to limitations or exemptions where permitted by law, including where processing is necessary to comply with legal obligations, protect the rights of others, or establish, exercise, or defend legal claims.

If you believe that your personal data has been processed in violation of applicable law, you also have the right to lodge a complaint with the competent data protection authority in Georgia or, where applicable, in your country of residence.

AI for Georgia takes the security of personal data seriously and implements appropriate technical, organisational, and administrative measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures are designed to ensure a level of security appropriate to the nature of the personal data processed and the risks associated with such processing. In practice, this includes, where appropriate:

• the use of secure systems, access controls, and authentication mechanisms to limit access to personal data to authorised personnel only;
• organisational procedures and internal policies governing the handling of personal data;
• safeguards intended to protect personal data against unauthorised access, misuse, or disclosure;
• measures aimed at maintaining the confidentiality, integrity, and availability of personal data.

Access to personal data is restricted to individuals who require such access for legitimate business purposes and who are subject to confidentiality obligations.

While we take reasonable and appropriate steps to protect personal data, no system or method of transmission over the internet or electronic storage is completely secure. Accordingly, AI for Georgia cannot guarantee absolute security of personal data. However, we continuously review and, where appropriate, update our security practices to address evolving risks, technological developments, and regulatory requirements.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, AI for Georgia will take appropriate steps in accordance with applicable law, which may include investigating the incident, mitigating potential harm, and notifying affected individuals and competent authorities where required.

AI for Georgia's website, services, and Events are intended for use by individuals who are 16 years of age or older. We do not knowingly collect or process personal data relating to children below this age without appropriate consent or legal authorisation, where required by applicable law.

We do not intentionally target our website, communications, or Events at children. If you are under the age of 16, you should not use our website, register for Events, or provide personal data to us unless you have obtained valid consent from a parent or legal guardian and such participation is permitted by law.

Where we become aware that personal data of a child has been collected without the necessary consent or legal basis, we will take reasonable steps to delete such data as soon as practicable or to otherwise bring the processing into compliance with applicable legal requirements.

Parents or legal guardians who believe that a child has provided personal data to AI for Georgia without appropriate consent may contact us using the details provided below, and we will promptly investigate and take appropriate action

AI for Georgia is committed to addressing any concerns relating to the processing of personal data in a fair, transparent, and timely manner. We encourage individuals to contact us directly in the first instance if they have questions, concerns, or complaints regarding how their personal data is processed, so that we may investigate and seek to resolve the matter without undue delay.

Without prejudice to any other administrative or judicial remedy available to you, if you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with the competent data protection supervisory authority.

In particular:

• individuals located in Georgia may lodge a complaint with the Personal Data Protection Service of Georgia or its successor authority;
• individuals located outside Georgia may lodge a complaint with the relevant data protection authority in their country of residence, place of work, or place of the alleged infringement, where permitted by applicable law.

The exercise of this right does not affect your ability to pursue other legal remedies or to seek judicial review in accordance with applicable legislation.

AI for Georgia will cooperate with competent supervisory authorities as required by law and will take appropriate measures to address any identified issues or non-compliance.

AI for Georgia may update or amend this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, technological developments, or our data processing practices.

Where changes are made, the revised version of the Privacy Policy will be published on our website and the "Last updated" date at the top of the document will be updated accordingly. We encourage you to review this Privacy Policy periodically to remain informed about how we process and protect personal data.

Where required by applicable law, we will take appropriate steps to notify individuals of material changes to this Privacy Policy, including by providing prominent notice on our website or through other appropriate communication channels.

Your continued use of our website or participation in our Events after an updated version of this Privacy Policy has been published constitutes acknowledgement of the updated terms, to the extent permitted by applicable law.

For questions, requests, or concerns regarding this Privacy Policy or the processing of personal data, please contact:

• Email: legal@aiforgeorgia.ai
• Organisation: AI for Georgia