Privacy Policy
Last updated: May 19, 2026
Introduction
For Citycom LLC (ID: 405197111; hereinafter the "Company" and/or "Citycom") the protection and inviolability of our account holders' personal data is of paramount importance. This Privacy Policy aims to provide you with transparent and detailed information about how we collect, process, use and protect your personal data when you use Citycom's website (www.citycom.ge), mobile application and career portal (career.citycom.ge) (collectively, the "Platform").
What Categories of Data Do We Process?
Based on the specifics of the Platform and the services we provide, and in line with the data minimization principle, we process the following categories of data: a) Application and website account holders (main and individual account holders, neighborhood/association): • Identification data — first name, surname, address of the real estate/apartment, floor and apartment number; the eight-digit ID code of the individual account, and the account's status within the neighborhood (e.g. "Owner," "Family Member," "Tenant," "Authorized Person"). • Contact data — mobile phone number and e-mail address. • Financial and transactional data — the account holder's current balance, overdue charges, current debt (if any), history of completed transactions (description, date, amount and status). Also bank card details added to the Platform (processed in encrypted form via a partner bank/payment system). • The account holder's photograph, uploaded to the Platform exclusively on the data subject's own initiative. • Information about active/inactive members of the neighborhood and its authorized person. • Service-related data — phone number registered for remotely opening the entrance door, temporary (four-digit) or permanent (eight-digit) access codes, and the account password (stored exclusively in hashed/encrypted form). b) Persons interested in vacancies (candidates): Data submitted via the career portal for employment purposes: first name, surname, e-mail, contact number and other additional information contained in the CV. c) Technical and device data of the Platform (for all visitors and account holders): To ensure the proper operation and security of the system, we automatically process the following technical information: • The IP address of the device used to access the Platform; • Operating system type and version, and the types and versions of the browser used; • Date and time of access and other system diagnostic data. d) Service providers (hereinafter, the "Providers"): Names and surnames (or legal name), contact details and professional information (category of services rendered) of persons providing various services in multi-apartment residential buildings.
Purposes and Legal Grounds for Data Processing
Citycom LLC processes your personal data only lawfully, fairly and transparently, to achieve predefined, clear and legitimate purposes. Purposes of data processing: • Providing use of the Platform — managing your main and individual accounts, administering membership and other charges, providing the service for remotely managing the entrance door, and technical support; • Ensuring transparency within the neighborhood — supporting financial and organizational transparency among members of the association/neighborhood in the process of maintaining common spaces and forming the common balance; • Promotion of service providers — with the relevant consent, publicly posting the contact and professional information of providers registered in the "Services Market" to make them available to a wide range of interested persons; • Direct marketing — with your prior, voluntary consent, providing information about the Company's services, current promotions and exclusive offers from the partner network; • Selection and employment of candidates — reviewing applications (CVs) received via the career portal and forming a talent reserve; • Security and compliance with statutory obligations — protecting the Platform's information security, maintaining financial/tax accounting and complying with other legal requirements; • Protection of the legitimate interests of Citycom and/or any third party. Legal grounds for data processing: We process your personal data only if one of the following legal grounds exists: • You have given consent to the processing of data for one or more specific purposes; • Processing is necessary for the performance of an obligation under an agreement between the parties, or to conclude an agreement at your request; • Processing is provided for by law; • Processing is necessary for us to fulfill obligations imposed by law/regulations; • Your data is publicly available under the law, or you have made it publicly available yourself; • Processing is necessary to protect an important public interest; • Processing is necessary to consider your application (to provide the service) and/or is based on other additional grounds provided for by law.
Data Sharing and Third Parties
We do not sell your personal data. Your personal data is shared with third parties only where required by law, to perform contractual obligations, and/or on the basis of another appropriate legal ground (including your consent). Based on the specifics of the Platform and the purposes of the service, your data may, where a legal ground under the Law of Georgia "On Personal Data Protection" exists, be shared with: • Members and authorized persons of the neighborhood/association — to manage common spaces and ensure financial transparency (in accordance with this Privacy Policy); • Financial and payment institutions — partner banks and payment system providers (local payment systems), to administer transactions and payments without disruption; • Service providers — companies that provide services to us, including hotline infrastructure providers, communications (SMS/e-mail) providers and others; • State and law enforcement bodies — in cases strictly defined by law, to comply with legal requirements, prevent crime and/or protect the rights of the Company and its account holders; • Your legal representatives — on the basis of a duly certified power of attorney or a document confirming statutory representation; • Other third parties — exclusively on the basis of your prior, informed consent.
International Data Transfers
Transfers of your data to another country may only take place where the grounds for transfer under the Law of Georgia "On Personal Data Protection" exist and where the receiving country ensures appropriate guarantees for the protection of data and rights. If transfer of data is necessary to a country or international organization that does not provide appropriate data protection guarantees, Citycom will prepare a standard data transfer agreement that ensures adequate protection of the data, and will obtain the authorization of the State Audit Service and/or your express consent, fully in line with the requirements of the Law of Georgia "On Personal Data Protection." Security guarantees in relation to third parties Before transferring personal data to a third party (including service providers), the Company verifies whether the receiving party has implemented appropriate organizational and technical measures to protect the data. We will not transfer your data to third parties if, based on their activities, reputation or purposes, there is a high risk of unlawful processing, unauthorized access or violation of your rights.
Data Security and Retention Periods
We take appropriate technical and organizational measures to protect your data. Protection of accounts is also ensured by the account holder themselves through a secret password, which the system stores in hashed/encrypted form, so the password is not directly available to the Company. Nevertheless, please note that the transmission of information over the internet is not 100% secure, and you are personally responsible for the consequences of sharing your password with third parties. Data retention periods We store your personal data only for as long as is necessary to achieve the specific purposes of processing, or to comply with obligations expressly imposed by law. Data retention periods are determined by the legal grounds for processing: • Contractual obligations — data of main and/or individual account holders is stored for the duration of the agreement with the relevant association and, after termination of that agreement, for the limitation period set out in the legislation of Georgia (for possible legal disputes, prevention of claims and/or protection of rights). • Legitimate interest — data processed on the basis of the legitimate interest of the Company or a third party is stored for the period during which the relevant legitimate interest exists, until that interest is exhausted. • Consent — data processed on the basis of your consent (e.g. disclosure of contact data within the neighborhood, listing of providers' data on the market, direct marketing and CVs submitted for employment) is stored until you withdraw consent. Upon withdrawal of consent, the Company will, within the periods set by law (e.g. for marketing, no later than 7 working days), delete the data and stop processing, unless an additional legal ground under the Law of Georgia "On Personal Data Protection" exists. • Performance of obligations imposed by law — financial and tax information (history of completed transactions, settlement details) is stored for the period strictly defined by tax legislation and accounting rules. After the retention period expires or the purpose of processing is achieved (and after withdrawal of consent), your personal data is subject to deletion, destruction or anonymization in accordance with the rules of the Law of Georgia "On Personal Data Protection" and the Company's internal policy, unless another ground for processing provided for by law exists. We store your data in accordance with the legislation and to protect it we provide physical, technical and organizational guarantees — we protect the security of our electronic devices, files and premises, and have physical, electronic and procedural control mechanisms to prevent unauthorized access, use, transfer, loss or destruction of your data. Our employees protect the confidentiality and security of data in accordance with applicable legislation and internal organizational documents.
Cookies
To simplify navigation on the website, ensure the technical security of the Platform and personalize the account holder's experience, we use cookies. These include necessary technical files as well as analytical cookies and cookies for authorization. For detailed information about the specific types of cookies we use, their purposes, and how you can manage or disable them through your browser settings, please see our separate Cookie Policy.
Rights of the Data Subject
Under the Law of Georgia "On Personal Data Protection," you have the right to: • Receive information about data processed about you; • Request the correction, update or completion of inaccurate data; • Request the cessation, blocking or deletion of data processing if there is no other legal ground for processing; • Withdraw your consent at any time; • Address the Company's data protection officer, Citycom, the State Audit Service or the courts in case of violation of your rights. Your rights may be restricted if their exercise threatens: • Interests of state security, information security and cybersecurity and/or defense; • Interests of public safety; • The prevention, investigation and prosecution of crime, and justice; • Interests related to the financial or economic, public health and social protection of the country; the detection and imposition of liability for breaches of professional or ethical norms by the data subject; • Your rights and freedoms or those of others; • The protection of state, commercial, professional and other forms of secrecy provided for by law; • The substantiation of a legal claim or defense. Citycom applies measures restricting rights only proportionately and to the extent necessary for the purpose of the restriction.
Changes to the Privacy Policy
Citycom reserves the right to periodically update this Policy in line with changes in legislation or business processes. You will be informed of any changes via the Platform or by e-mail.
Contact Information
If you have questions regarding data processing or wish to exercise your rights, please contact us: Citycom LLC (I/N 405197111) Legal address: 48 Irakli Abashidze Street, apt. 3, Vake District, Tbilisi, Georgia Actual address: 23 G. Danelia Street, Tbilisi, Georgia E-mail: info@citycom.ge Contact telephone: 0322 23 24 25 Data Protection Officer — DPO Trustnet LLC.