How can we help you?

Whether you have questions about data protection or if you have information about a possible violation, or you believe that your data are being processed unlawfully – you can easily contact us via this page and take action to protect your rights and those of others.

Contact Us

Send us a notification

If you have information about a possible violation and you want to inform the Personal Data Protection Office, you can send us a notification via this page. To do so, you must first fill in the notification field and provide us with as much details as possible about the content, place and time of violation as well as about the alleged offender. When you send us a notification it is preferable that you indicate your contact details, so that we can get in touch with you if needed. However, if you wish to remain anonymous, fill in just one mandatory field. You can send us notification via our mobile app too.

Your message was sent successfully.

Submit a complaint

If you believe that your personal data are processed unawlfully and you want The Personal Data Protection Service to address the violation, you can submit a complaint to our office at the addres: #7 Vachnadze Str, Tbilisi, and also electronically. To submit an electronic complaint, you may download a complaint template, fill it out, sign it and send a scanned version to the address: office@pdps.ge. The Personal Data Protection Office offers you an even more flexible opportunity: sign up in the Case Management System where you can submit a complaint, follow the process of hearing your complaint and receive comprehensive information - all in one virtual space.

Case management Download a complaint form

Cookie Policy

You are visiting a website of the Personal Data Protection Service. In order to improve your user experience, the website is using cookies.

For additional information on cookie policy, please move to the following Cookies Policy

I accept the use of cookies
I refuse the use of cookies

Data Controller and Data Processor

Data controller is a person that processes personal data and determines the purposes and means of data processing.
Processing of data on the other hand is any action performed on data: collection, recording, storage, use, disclosure, photographing, transfer to third party, publication, erasure, destruction , etc.
For example, if a mobile application or web-page that you created remembers a user’s phone number, e-mail address, bank account number and stores them in a database, this qualifies as data processing.
Data processing is recording a conversation ‘for the purpose of improving a service’, sending advertising sms to customers, recording entry into and exit from a building, video recording of a place of employment or outdoor perimeter of a building.
Processing of personal data is photographing guests at your organization’s event and publishing the photos on your official Facebook page.
When personal data is processed by a specific individual within an organization, he or she acts on behalf of the organization rather than independently and the employer organization is still a data controller.

Data controller might be a private individual that processes data in relation to entrepreneurial or professional activities (e.g., as an expert or an attorney) and not for personal purposes.

Data may be processed via a data processor. Data processor is any individual or legal personal that processes data for the data controller or on its behalf. For example, if you decided to inform your customers about a new product via sms and hired a company to send the messages – that company is your data processor.
Data processor processes data on the basis of a legal act or a written agreement signed with a data controller. The agreement should necessarily define the extent of data processing, purposes of data usage, obligation to take measures for data security. If the agreement does not contain the relevant conditions, a liability might be imposed on data controller.
In a legal dispute with the data controller, data processor is obliged to immediately transfer all data at its disposal to the data controller. If a data processor ceases to operate, the data shall be immediately transferred to data controller.