Data Protection Policy.

1. Data Collection & Purpose

We collect data strictly necessary for providing legal advisory services, including identification documents, contact details, and case-specific information. This data is used solely for the execution of your legal mandates and to comply with Georgian "Know Your Customer" (KYC) and Anti-Money Laundering (AML) regulations.

2. Secure Storage & Encryption

All digital documents are stored on encrypted, secure servers with restricted access. Physical documents are kept in a secured environment at our Tbilisi headquarters. We utilize industry-standard SSL encryption for all data transmitted through our online portal.

3. Data Retention

Personal data is retained only as long as necessary to fulfill the legal purposes for which it was collected or as required by Georgian statute of limitations for legal services. Upon termination of our relationship, data is either securely archived or permanently deleted based on regulatory requirements.

4. Your Rights (Data Subject Rights)

Under the Georgian Law on Personal Data Protection (PDP 2026), you have the right to access, correct, or request the deletion of your personal data. You may also withdraw consent for data processing at any time, subject to legal or contractual obligations.

Response time for requests: We will respond to any Data Subject Access Request (DSAR)—including requests for access, rectification, erasure, or restriction of processing—within 10 (ten) business days of receiving your request, as required by Georgian law. If we need to extend this period due to the complexity or number of requests, we will inform you within the 10-day window and state the reasons.

5. Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Personal Data Protection Service of Georgia (PDPS) without undue delay and, where feasible, no later than 72 (seventy-two) hours after having become aware of the breach, in accordance with PDP 2026. Where the breach is likely to result in a high risk to you, we will also communicate the breach to you in a clear and plain manner without undue delay.