Skip to main content

Terms & Conditions

 

LLC “Kopala 3” Personal Data Protection Policy
Last Updated: 10 March 2024

  1. General Information

This website and hotel services are operated by LLC “Kopala 3” (hereinafter referred to as the “Company” or “we”). This Policy explains what types of personal data we collect, the purposes for which we process it, with whom it may be shared, and the rights you have as a data subject in accordance with the Law of Georgia on Personal Data Protection.

Personal Data Protection Officer:

  • Person responsible for the collection of personal data at LLC “Kopala 3”
  • Tel.: +995 577 23 88 03
  • E-mail: tskneti@kopala.ge
  1. Data Collection

We collect personal data:

  • When making a reservation (via website, telephone, or e-mail);
  • When making a reservation in person on site;
  • When registering to use the hotel Wi-Fi;
  • At the time of payment;
  • Through the Mews SaaS system.

The collected data may include:

  • Identification data (name, surname, ID/passport details, date of birth, passport issuing country, city);
  • Contact data (address, telephone number, e-mail address);
  • Financial data (card number, bank account details);
  • Reservation and transaction data;
  • Technical data (IP address, device type, browser settings).
  1. Purposes of Data Processing
  • To provide services and manage bookings;
  • To perform financial transactions;
  • To ensure security (video surveillance);
  • To comply with legal requirements.

Summary Table:

Data Category

Purpose

Legal Basis

Identification, contact, financial, and transaction data

Booking, payment, accommodation, and service provision

Performance of a contract

Technical data

Website operation, security control

Legitimate interest

Video recordings (internal and external hotel cameras)

Security assurance, incident investigation

Legitimate interest / legal obligation
  1. Third Parties and Data Transfer

4.1. Mews SaaS Platform
We use the Mews cloud-based system to manage hotel operations.
Mews acts as a data processor, and its integrations (payment systems, marketing platforms, reporting systems) may have access to the following data:

  • Guests’ identification and contact data;
  • Reservation history and status;
  • Payment and billing information.

Purposes: To ensure payment processing, booking management, reporting, and marketing campaign management.

For details, please refer to: https://www.mews.com/en/platform-documentation

Additionally, Kopala Tskneti is listed on booking.com and Expedia which independently collects and processes your personal data and is solely responsible for such collection. Their policy can be found here: https://www.booking.com/content/privacy.html? , https://www.expedia.com/legal/privacy

Protection:

  • Data encryption (TLS/SSL, AES-256);
  • Role-based access control (RBAC);
  • ISO 27001, PCI DSS, SOC 2 certifications;
  • Regular security testing and monitoring;
  • Data deletion procedures in compliance with legal and contractual requirements.

4.2. Other Third Parties
Data may be collected/transferred to:

  • Our subsidiary companies;
  • Payment providers;
  • Government authorities (as required by law).

Companies (e.g., payment providers) collect your personal data independently, as part of your direct relationship with them. For third parties to whom we may transfer your personal data, we have signed data processing agreements to ensure the security of your personal data.

  1. CCTV Video Surveillance

Video cameras are installed on the hotel premises and perimeter for security purposes. Recordings are stored for no more than 14 days, after which they are deleted unless their retention is required by law.
At the hotel reception, both video and audio recording are carried out to improve service and ensure mutual compliance with contractual obligations.

  1. Data Retention and Deletion

Data Category

Retention Period

Accounting and financial data

6 years

Booking and transaction data

4 years

Video recordings

14 days

Web logs and technical data

1 year

Deletion is carried out upon expiry of the retention period or upon your request, using secure methods (digital record destruction, physical media destruction, etc.).

  1. Security Measures
  • Network and application firewalls;
  • Encryption during transmission and storage;
  • Access control for authorized personnel only;
  • Regular security monitoring;
  • Staff training.
  1. Your Rights

You have the right to:

  • Request access to your data;
  • Request correction or deletion;
  • Withdraw your consent;
  • Request data portability to another controller;
  • Lodge a complaint with the Personal Data Protection Service.

If you wish to exercise your rights, please select your preferred communication channel and clearly state your request.

  1. Contact Information

LLC “Kopala 3”
Address: 55 Rustaveli St., Tskneti, Georgia
Tel.: +995 577 23 88 03
E-mail: tskneti@kopala.ge