Privacy Policy and Personal Data Processing

1. General Provisions, Parties, and Purpose of the Document

1.1. This Privacy Policy and Personal Data Processing Policy (hereinafter referred to as the “Policy”) outlines the terms and conditions under which Evolwis, operating in accordance with the laws of Georgia (hereinafter referred to as the “Operator” or “We”), processes information about an individual (hereinafter referred to as the “User,” “Data Subject,” “Operator’s Client,” or “You”). This information may be provided to the Operator by the individual themselves or their legal representative under the following circumstances:

a) When using the functionalities of the website https://wiserium.com, including all its domains, subdomains, pages, content, as well as internet services and software offered by the Operator through this website (collectively referred to as the “Website”).

b) When the Operator fulfills its rights and obligations established by agreements/contracts concluded between the Operator and the User.

c) When handling communications such as inquiries, complaints, requests, and messages exchanged between the Operator and the User.

1.2. The primary purpose of this Policy is to ensure a proper legal framework for the protection and processing of personal data. This Policy does not contain provisions that restrict the rights and freedoms of the Data Subject, nor does it stipulate conditions for processing personal data of minors unless specifically permitted by Georgian law. Furthermore, it does not allow inactivity of the Data Subject to be considered as consent or a precondition for entering into an agreement.

2. Legal Basis for Personal Data Processing

2.1. The legal grounds for processing personal data are as follows:

a) Consent to the processing of personal data, provided in a manner prescribed by law and this Policy;
b) Agreements concluded between the Operator and the Data Subject;
c) Internal regulatory documents of the Operator concerning personal data.

The Data Subject independently decides to provide their personal data and gives consent for its processing voluntarily, knowingly, and in their own interest. Inaction by the Data Subject cannot be interpreted as consent. Consent for processing personal data must be specific, purposeful, informed, deliberate, and unambiguous. The Data Subject may express their agreement with the terms of this Policy through any of the following actions:

a) Entering into an agreement with the Operator, either through a public offer or a bilateral contract, provided that the User has access to the full text of this Policy at every point where personal data is collected;

or

b) Selecting a checkbox on the Website, next to a statement such as, “I consent to the processing of personal data under the terms of the Privacy Policy” or a similar notification, provided that the User has access to the full text of this Policy at every point where personal data is collected;

or

c) Clicking a button labeled “Register,” or another action-oriented button such as “Sign Up,” “Buy,” “Get,” etc., provided that the Data Subject has access to the full text of this Policy at every point where personal data is collected.

3. Rules for Processing Personal Data

3.1. Purpose of Processing, Categories and List of Processed Personal Data, Categories of Data Subjects, Methods and Terms of Processing and Storage, and Procedure for Destruction of Personal Data Upon Achievement of Processing Objectives or Other Legal Grounds

3.1.1. Purpose: Authentication of the data subject for entering into a service agreement.

  • Categories and List of Processed Data: Full name, phone number, email address.
  • Categories of Data Subjects: Data subjects who are Users of the Website and clients of the Operator.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, transfer (access or provision), blocking, deletion, destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject, or for a period of seven (7) years.
  • Procedure for Data Destruction: Upon achieving the purpose of processing or other legal grounds, the responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.2. Purpose: Execution of a service agreement where the data subject is the recipient of the services.

  • Categories and List of Processed Data:
    • Full name, phone number, email address.
    • Optional data: Date of birth, country and city of residence, gender, evaluative information about professional and personal qualities, photographs, social media links, business/income details, and education information.
  • Categories of Data Subjects: Data subjects who are Users of the Website and clients of the Operator.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, transfer (access or provision), blocking, deletion, destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject, or for a period of seven (7) years.
  • Procedure for Data Destruction: The responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.3. Purpose: Communication with the User, including sending messages, notifications, requests, responses, documents, and promotional or informational content.

  • Categories and List of Processed Data: Full name, phone number, email address, and the content of the message (if it contains personal data).
  • Categories of Data Subjects: Data subjects who are Users of the Website and clients of the Operator.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, blocking, deletion, destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject, or for a period of seven (7) years.
  • Procedure for Data Destruction: The responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.4. Purpose: Handling communications, complaints, requests, and messages exchanged between the Operator and the User.

  • Categories and List of Processed Data: Full name, phone number, email address, and message text (if it contains personal data).
  • Categories of Data Subjects: Users of the Website and clients of the Operator.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, transfer (access or provision), blocking, deletion, and destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject, or for a period of seven (7) years.
  • Procedure for Data Destruction: The responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.5. Purpose: Issuing documents (certificates) to the User upon service completion if specified by the service terms or contract.

  • Categories and List of Processed Data: Full name, phone number, email address, identification document details, postal address, and name change documentation.
  • Categories of Data Subjects: Users of the Website.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, transfer (access or provision), blocking, deletion, and destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject.
  • Procedure for Data Destruction: The responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.6. Purpose: Publishing User reviews about the Operator’s services.

  • Categories and List of Processed Data: Full name, message text (if it contains personal data), social media account details, and image data such as photographs, video recordings, or other technical captures of facial or body images.
  • Categories of Data Subjects: Users of the Website and clients of the Operator.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, transfer (access or provision), blocking, deletion, and destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject, or for a period of seven (7) years.
  • Procedure for Data Destruction: The responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.7. Purpose: Protecting the rights and legitimate interests of the Parties (the Operator and the Data Subject).

  • Categories and List of Processed Data: Full name, message text (if it contains personal data), social media account details, and image data such as photographs, video recordings, or other technical captures of facial or body images.
  • Categories of Data Subjects: Users of the Website and clients of the Operator.
  • Methods of Processing: Collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, anonymization, transfer (access or provision), blocking, deletion, and destruction of personal data.
  • Term of Processing and Storage: Until a request for cessation of processing or withdrawal of consent is received from the data subject.
  • Procedure for Data Destruction: The responsible individual deletes the data by overwriting (replacing all stored data units with “0”) and prepares an act of destruction of personal data.

3.1.8. General Rule:

The processing of personal data will be limited to achieving specific, predefined, and lawful purposes. Any processing of personal data that is incompatible with these purposes is prohibited.

3.1.9. Cookie Technology

3.1.9.1. User Agreement on Cookie Usage

By using the Website, the Data Subject agrees to the use of cookies as outlined in this Policy.

3.1.9.2. Definition of Cookies

Cookies are data fragments sent by the Operator’s server and stored on the Data Subject’s device. The contents of such files may or may not include personal data, depending on whether the file contains personal or anonymized technical information.

3.1.9.3. Purpose of Cookies

The Operator uses cookies to identify Website users and analyze how they interact with the Website to facilitate continuous improvement.

3.1.9.4. Storage Duration

Cookies are stored indefinitely, not just during a session. However, the Data Subject can easily delete cookies through their browser settings. For more details on managing cookies, refer to Section 3.1.9.6 of this Policy.

3.1.9.5. Types of Cookies Used

3.1.9.5.1. Essential Cookies:
Necessary for the Website to function. Without these cookies, certain Website features may not work.

3.1.9.5.2. Functional Cookies:
These enable the Operator to identify user preferences and tailor the Website accordingly. They remember personalized settings (e.g., login credentials, username, language preferences) and make the Website more user-friendly.

3.1.9.5.3. Analytical and Performance Cookies:
These contain information about how users interact with the Website, allowing the Operator to identify recurring usage patterns and analyze errors. They do not identify individuals, and all information remains anonymous.

3.1.9.6. Cookie Management

3.1.9.6.1. Blocking or Restricting Cookies:
The Data Subject can block or limit cookies by adjusting browser settings. However, disabling cookies may impair some Website functions or make certain features inaccessible. The Data Subject is responsible for configuring their browser to suit their preferences, including desired data protection levels. The Operator does not provide technical or legal consultations on such matters.

3.1.9.6.2. Use of Third-Party Analytics Tools:
The Operator may use third-party tools for Website analytics, such as Facebook Pixel, Google Analytics, and Yandex.Metrica, which may employ cookie technologies.


3.2. Procedure and Conditions for Personal Data Processing

3.2.1. Definition of Processing

Processing involves any action (operation) or set of actions performed with or without automated tools, including collection, recording, organization, accumulation, storage, updating (modification), extraction, usage, transfer (provision, access), anonymization, blocking, deletion, or destruction of personal data. This Policy specifies the purposes, categories of data, data subjects, processing methods, storage terms, and destruction procedures for each processing purpose.

3.2.2. Processing Methods

The Operator processes personal data both with and without automated tools, including within personal data information systems.

3.2.3. Processing Duration

Data will be processed as long as necessary to achieve the specific purpose.

3.2.4. Archival Data Processing

If the Data Subject withdraws consent or requests cessation of data processing, the Operator may archive the data and retain it for up to three (3) years.


3.3. Measures to Protect Personal Data

3.3.1. Safeguards

The Operator takes necessary measures to protect personal data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access, and other illegal forms of processing.

3.3.2. Controlled Access

By default, personal information is processed by automated equipment without human access. If access is required, only authorized personnel are granted access to fulfill processing purposes. These individuals must adhere to internal regulations, procedures, and security measures to ensure confidentiality.

3.3.3. Secure Processing Environment

Both automated and manual data processing are conducted in secure environments.

3.3.4. Legal Disclosure

Disclosure of personal data occurs only in compliance with Georgian law, such as by court order or at the request of law enforcement agencies.

3.3.5. Data Accuracy

The Operator assumes the Data Subject provides accurate and complete information in good faith, updates data as needed, and ensures its relevance.

3.3.6. Responsibility for Third-Party Data

The Operator is not responsible for processing third-party data provided by the User as their own. The User assumes all liability for submitting false data.

3.3.7. Data of Minors

The Operator does not knowingly process data from minors and recommends the Website be used by individuals aged 18 or older. Responsibility for minors’ actions, including purchases on the Website, rests with their legal representatives. If the Operator discovers unauthorized collection of minors’ data without parental consent, such information will be promptly deleted.

3.4. Transfer and Dissemination of Personal Data to Third Parties

3.4.1. Transfer of Personal Data to Third Parties

The Operator may transfer personal data (via access or provision) to the following third parties:

  • a) Parties to whom rights or obligations have been assigned or transferred, or in cases of novation under an agreement (e.g., during succession, sale, or other disposition of the business in whole or in part).
  • b) Regulatory bodies, law enforcement agencies, central or local authorities, other official or governmental institutions, or courts requiring such data in accordance with applicable law.
  • c) Individuals ensuring the legal protection of the Operator or third parties in cases of infringement or threats of infringement of their rights, including violations of laws or regulations.
  • d) When the Data Subject has expressly consented to the transfer of personal data to a third party or when such transfer is required to execute an agreement or contract concluded with the Data Subject.

Additionally, this includes instances where the User enables their device to accept, transmit, and store cookies containing personal data.

3.4.2. Public Dissemination of Personal Data

The Operator may disseminate personal data to an unrestricted group of individuals in the following cases:

  • a) When the User has expressly permitted the free dissemination of specific categories of personal data to an unrestricted audience.

3.4.3. Exercising Rights Related to Data Transfer

To exercise rights regarding the transfer (access, provision, or dissemination) of personal data, the Data Subject may use relevant settings and features of the Website. If these settings or features are deemed insufficient, the Data Subject may send a written request to the Operator’s email address specified in this Policy.


3.5. Rights and Responsibilities Related to Personal Data

3.5.1. On Representation

An individual may authorize, restrict, or prohibit the processing of third-party personal data only based on legal representation (e.g., parents, guardians) or an agreement (e.g., power of attorney) granting the right to authorize data processing on behalf of the third party. If the individual lacks or loses the authority to grant such permissions, they must refrain from submitting data to the Operator or remove the data accordingly. In case of disputes, they are obligated to resolve them independently and indemnify the Operator against related claims. Non-compliance with these requirements obligates the individual to compensate the Operator for any resulting damages or losses.

3.5.2. Responsibilities of the Data Subject

The Data Subject is responsible for ensuring the accuracy, timeliness, and relevance of the provided information. Failure to do so exempts the Operator from liability for unfulfilled obligations, damages, or losses.

3.5.3. Modifications, Blocking, and Deletion of Personal Data

  • 3.5.3.1. The Data Subject may modify or update their personal data via their account settings on the Website. If account functions are insufficient, a written request can be sent to the Operator’s email address listed in this Policy.
  • 3.5.3.2. Blocking or deleting personal data follows a similar procedure.
  • 3.5.3.3. Other rights of the Data Subject are exercised similarly, either through account functions or by submitting a written request to the Operator’s email.

3.5.4. Fundamental Rights of the Data Subject

The Data Subject has the right to:

  • Request information on the processing of personal data.
  • Withdraw consent for data processing.
  • Demand restrictions on data processing.
  • Request cessation of data processing, as permitted by applicable law and this Policy.

Other rights granted by applicable law may also apply.

3.5.5. Communication and Complaints

The Data Subject must use the contact information provided in this Policy to submit requests for exercising rights or complaints about inaccuracies or unlawful processing. Such requests and complaints are reviewed within 10 (ten) business days from the date received by the Operator.

3.5.6. Withdrawal of Consent

The Data Subject may withdraw consent for data processing at any time by sending a written notification to the Operator’s email address specified in the contact section of this Policy.

4. Notifications and Communication with the Data Subject

4.1. Consent to Receive Notifications

The Data Subject agrees to receive messages (“Notifications”) from the Operator via email and through SMS or messenger services provided to the phone number specified by the Data Subject when using the Website’s functions.

4.2. Withdrawing Consent for Notifications

The Data Subject may withdraw their consent to receive Notifications by:

  • a) Clicking the “Unsubscribe” link at the bottom of an email;
  • b) Sending a request to the Operator’s email address.

The Data Subject acknowledges that the Operator may stop sending Notifications no earlier than 24 hours after completing these actions.

4.3. Purposes of Notifications

The Operator may use Notifications to:

  • Inform the Data Subject about Website features and functionality;
  • Notify the Data Subject about changes to the Operator’s documents;
  • Send informational messages and bulletins to the Data Subject;
  • Deliver promotional messages and advertisements to the Data Subject.

4.4. Communication from the Data Subject

The Data Subject agrees to send all messages, notices, statements, and documents (including responses) exclusively to the Operator’s email address specified in this Policy.

4.5. Submission of Legally Significant Documents

The Operator reserves the right to request legally significant documents in hard copy form. Such documents, along with any others the Data Subject deems necessary to submit in hard copy, must be sent to the Operator’s physical address listed in this Policy.


5. Amendments to the Privacy Policy. Governing Law. Interpretation.

5.1. Amendments to the Policy

The Operator reserves the right to amend this Privacy Policy. Any changes will include the date of the latest update in the revised version. The updated Policy comes into effect upon publication unless otherwise specified. Previous versions of the Policy will be available in the archive at the address specified in the Policy.

5.2. Notification of Amendments

The Operator will inform Data Subjects who have previously agreed to the Policy about any amendments. The chosen method of notification ensures that the Data Subject’s consent for data processing remains specific, informed, conscious, and unambiguous.

5.3. Governing Law and Jurisdiction

The place where consent is granted and the Policy is executed is the Operator’s registered location. The applicable law governing the relationship between the Operator and the Data Subject is the legislation of Georgia, irrespective of the Data Subject’s location or the equipment used. All disputes will be resolved at the Operator’s location unless otherwise mandated by law.

5.4. Policy Duration

The Policy takes effect from the moment the Data Subject consents to its terms and remains valid indefinitely. The indefinite validity of the Policy as a document does not imply unlimited processing of personal data. Unilateral termination of the Policy by either party is not permitted.

5.5. Rules of Interpretation

  • 5.5.1. The terms “agreement” and “contract” are equivalent.
  • 5.5.2. The phrases “include,” “includes,” “including,” “for example,” “such as,” and “among others” are understood to imply “but not limited to,” without restricting the generality of what precedes them.
  • 5.5.3. The words “or” and “either” are interpreted as inclusive (equivalent to “and”) unless the context explicitly indicates an exclusive choice.
  • 5.5.4. Words capitalized within the text have the same meaning as their lowercase counterparts unless explicitly stated otherwise.

6. Operator’s Details

The Data Subject may exercise all rights granted to them as a data subject and obtain clarification on issues related to the processing of personal data by contacting the Operator at the Operator’s email address.

The Data Subject is hereby informed under this Policy that failure to provide the Operator with the following categories of personal data: first name, last name, middle name, phone number, and email address will result in the inability to conclude and fulfill the contract between the Operator and the Data Subject. Consequently, if the Data Subject refuses to provide these categories of personal data, the Operator reserves the right to refuse to enter into and execute the contract.


7. Document Information

7.1. Publication date of the current version of this document: November 20, 2024.