Privacy Policy

How Happy Georgia handles your personal data. We collect minimal information, use it only for the purposes stated below, and respect the rights you have over it under Georgian data protection law.

Slide 1 of 1: Privacy Policy
Contact us with privacy questions

Privacy Policy#

Last updated: 5 May 2026.

This Privacy Policy explains how Happy Georgia collects, uses, retains, and shares personal data, and the rights you have over your data under the Law of Georgia on Personal Data Protection No. 3144/2023 (in force from 1 March 2024).

Controller identity#

The data controller is:

Happy Georgia 34 Nutsubidze Street 0170 Tbilisi, Georgia Email: admin@happygeorgia.ge

For privacy-related questions, contact us at the email address above with the subject line "Privacy request."

What personal data we collect#

We collect personal data when you interact with us through the channels below.

Contact form submissions. When you submit our contact form, we collect: first name, last name, email address, country of citizenship, current jurisdiction (where you currently reside or operate), services you're considering, and the content of your message. At the time of submission, our system also captures: your IP address, approximate geolocation derived from your IP (country, region, city), the page URL where the form was submitted, and a timestamp. The IP address and geolocation are used for security, fraud prevention, and to inform our response to your enquiry.

Booking page interactions. When you book a consultation through our /book page, the booking is handled by Cal.com, which collects the data you provide directly through their interface (typically name, email, time slot selection, and any notes you add). Cal.com is the controller for the booking interaction itself; we receive the booking details to fulfill the consultation.

Direct email correspondence. When you contact us directly by email, we collect the contents of your message and any attachments you send.

Anti-bot verification. Our contact form uses Cloudflare Turnstile for anti-bot verification. Turnstile may collect device and browser characteristics, IP address, and behavioural signals to determine whether the submission is from a human or automated bot. Turnstile is configured in privacy-preserving mode and does not track users across sites.

Server logs. Our hosting provider maintains standard server logs (IP address, browser user agent, timestamp, requested URL) for security, performance monitoring, and abuse prevention. These logs are not used for marketing or profiling.

We do not use third-party analytics tools such as Google Analytics. We do not use behavioural advertising trackers, cross-site tracking pixels, or marketing automation tools.

Lawful bases for processing#

Under Article 5 of the Law of Georgia on Personal Data Protection, we process personal data on the following lawful bases:

  • Performance of a contract or pre-contractual steps. When you contact us with an enquiry or engage us for advisory services, we process your personal data to respond to your enquiry, provide the services you've requested, and maintain the engagement relationship.
  • Legitimate interests of the controller. We process IP addresses and geolocation data for security, fraud prevention, and informed response to enquiries. We use Cloudflare Turnstile for anti-bot verification on this basis. Our legitimate interests are weighed against your rights and freedoms; you have the right to object to processing on this basis (see Your rights below).
  • Compliance with legal obligation. We retain certain client records for periods required by Georgian tax law, anti-money-laundering law, and professional record-keeping obligations.
  • Consent. Where we ask for your consent (for example, to receive direct marketing communications), processing is based on that consent. You can withdraw consent at any time by emailing admin@happygeorgia.ge; we will cease the relevant processing within seven working days as required by Georgian law.

How we use your personal data#

We use the personal data described above to:

  • Respond to your enquiry and provide the advisory or operational services you've engaged us for
  • Communicate with you about your engagement (status updates, document requests, scheduling, billing)
  • Maintain the institutional records necessary for ongoing client relationships
  • Comply with legal and regulatory obligations applicable to our practice (Georgian tax record-keeping, anti-money-laundering due diligence where applicable)
  • Prevent fraud, abuse, and security incidents
  • Improve our website and service delivery (in aggregate, non-identifying form)

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

Recipients of personal data (processors)#

We use the following processors who handle personal data on our behalf:

  • Resend (https://resend.com) — email delivery for our contact form. Resend processes the contact form submission data (name, email, message content, IP address, geolocation) for the purpose of delivering the form submission to our admin inbox.
  • Cloudflare (https://cloudflare.com) — Cloudflare Turnstile anti-bot verification on our contact form, and content delivery network services.
  • Cal.com (https://cal.com) — booking platform for our consultation scheduling page. Cal.com is the controller for the booking interaction itself; we receive booking details from Cal.com to fulfill the consultation. See Cal.com's privacy policy for their data handling practices.
  • Vercel (https://vercel.com) — hosting infrastructure for our website. Vercel processes server logs (IP, user agent, timestamps) for the purpose of serving our website.

We do not sell, rent, or trade your personal data. We do not share it with third parties for their own purposes, except processors operating under our instructions or as required by law.

Cross-border data transfers#

Some of our processors are based outside Georgia, including in the United States. Under the Law of Georgia on Personal Data Protection, transfers of personal data to other countries are permitted where the receiving country ensures an adequate level of data protection or where appropriate safeguards exist.

We rely on the contractual data protection commitments our processors maintain (data processing agreements and equivalent contractual safeguards) as the basis for these transfers. You can request information about the safeguards applied to specific transfers by emailing admin@happygeorgia.ge.

Retention periods#

We retain personal data only for as long as necessary for the purposes for which it was collected and for legal compliance.

  • Prospect enquiries that don't lead to engagement: retained for up to 24 months from the date of last contact, then deleted.
  • Client engagements: retained for the duration of the engagement plus 7 years thereafter, consistent with Georgian Tax Code record-keeping requirements and professional record-keeping obligations.
  • Server logs: retained for up to 90 days for security and operational purposes, then deleted unless required for ongoing investigation.
  • Email correspondence: retained for the same periods as the underlying enquiry or engagement category.

After the retention period expires, we delete the personal data unless retention is required for an ongoing legal obligation, dispute, or investigation.

Cookies#

Our website uses only strictly necessary cookies — those required for the basic functioning of the website, including session management, security, and the operation of our anti-bot verification on the contact form.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies. We do not use behavioural retargeting tools.

If you visit our /book page, the embedded Cal.com booking interface may set its own cookies when it loads. Those cookies are governed by Cal.com's privacy policy, which we recommend you review if you use the booking page.

Your rights#

Under the Law of Georgia on Personal Data Protection, you have the following rights regarding your personal data:

  • Right of access. You can request a copy of any personal data we hold about you and information about how we process it. We respond within 10 working days as required by Article 14, with a possible extension of up to 10 additional working days for complex requests.
  • Right to rectification. You can request that inaccurate or incomplete personal data be corrected, updated, or completed.
  • Right to erasure (deletion or destruction). You can request deletion or destruction of your personal data where the data are no longer necessary for the original purpose, where you withdraw your consent, or in other circumstances permitted by Georgian law, subject to our retention obligations under tax and anti-money-laundering law.
  • Right to blocking and restriction of processing. You can request that we block or restrict processing of your data in circumstances permitted by Georgian law.
  • Right to data portability. You can request your personal data in a structured, commonly used, machine-readable format.
  • Right to object. You can object to processing of your personal data on legitimate-interest grounds. We will stop processing unless we demonstrate compelling legitimate grounds that override your rights.
  • Right to withdraw consent. Where processing is based on your consent, you can withdraw consent at any time. We will cease the relevant processing within seven working days.
  • Right to know about automated decision-making. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

To exercise any of these rights, email us at admin@happygeorgia.ge with the subject line "Privacy request" and a description of which right you are exercising.

Right to lodge a complaint#

If you believe we have not handled your personal data in accordance with Georgian law, you have the right to lodge a complaint with the Personal Data Protection Service of Georgia (https://personaldata.ge), the Georgian supervisory authority responsible for overseeing compliance with the Law of Georgia on Personal Data Protection.

We would, of course, prefer that you contact us first at admin@happygeorgia.ge to give us the opportunity to address any concern directly.

Security#

We apply technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or destruction. These include encrypted data transmission (HTTPS), secure email infrastructure, access controls on internal systems, and contractual data protection commitments from our processors.

No system is perfectly secure, and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in significant harm to data subjects, we will notify the Personal Data Protection Service of Georgia within 72 hours of becoming aware of the breach, and we will notify affected data subjects where required by Georgian law.

Children#

Our services are directed at adult professionals making business and tax-residency decisions. We do not knowingly collect personal data from children. If you believe we have collected personal data from a child, contact us at admin@happygeorgia.ge and we will delete it.

Changes to this Privacy Policy#

We may update this Privacy Policy from time to time to reflect changes in our processing activities, our processors, or applicable Georgian law. The "Last updated" date at the top of this policy reflects the most recent revision. We will provide additional notice for material changes (for example, a notice on our homepage or by email to active clients).

Contact#

For privacy-related questions, requests, or complaints, contact us at:

Happy Georgia 34 Nutsubidze Street 0170 Tbilisi, Georgia Email: admin@happygeorgia.ge

This Privacy Policy is governed by the Law of Georgia on Personal Data Protection No. 3144/2023 and is to be interpreted in accordance with Georgian law.