Privacy Policy

For Guests, Visitors and Other Data Subjects

1. The purpose of the policy

The Personal Data Protection Policy describes how BODBE Hotel processes personal data in accordance with applicable data protection laws and international best practices. Our organization respects and protects your right to be fully informed about how your personal data is processed.

2.Who are we? Data Controller:

  • Business name: BODBE Hotel
  • Address: 26 Eka Bejanishvili Street, Sighnaghi, Georgia
  • Contact number: 032 222 22 42
  • Email: info@bodbehotel.ge
  • Website: bodbehotel.ge

3. Principles of Data Processing

Principle of Legality and Fairness – We process your personal data only on lawful grounds and in accordance with rules established by applicable law;

Purpose Limitation – We process personal data only for the specific operational purpose for which it was collected;

Principle of Transparency – You are informed about the personal data processing activities.

Principle of Data Minimization – We process personal data only to the extent necessary to achieve the operational purpose;

Principle of Term Limitation– We retain personal data only for as long as necessary to achieve the operational purpose. After the retention period expires, we securely delete and destroy the data;

Principle of Data Security – To protect the security of personal data, we implement technical and organizational measures that adequately safeguard the data against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage.

4.What type of data do we process?

When providing our services, depending on the nature of the service, we may process one or more of the following types of personal data:

Identification data: Name, last name, date of birth, identification number, data of the document confirming identity (copy), sex, citizenship, place of birth, address, nationality and etc;

Contact information: Email, telephone number, and etc;

Data obtained by communication: Data obtained via email, telephone, chat, social media or other communication channel;

Recordings: Video recordings only, no audio monitoring is conducted on the premises;

Banking and card information: Financial information, such as billing details, payment data, and card information used for payments;

Reservation and accommodation data: Check-in and check-out dates (for the hotel), guest preferences (e.g., room/floor, table, food allergies), loyalty program ID (if applicable);

Contractual information Information about services provided and products supplied by the hotel;

Special category of personal data: general health information of the guest, provided with their consent, when using spa services;

Device data: When connecting to our Wi-Fi, your IP address and MAC address are collected. When you visit our website, we process your IP address, browser type and version, operating system, device type, referrer, visit duration, behavioral data, and approximate geographic location.

5.Purpose of data processing

Personal data is processed only for clearly defined and legitimate purposes. The personal data listed in Clause 4 of this document are processed for one or more of the specific purposes outlined below:

  • For the purpose of protecting the legal rights and legitimate interests of the hotel;
  • For the purpose of providing the offered products and services;
  • To improve service quality and address customer needs and preferences;
  • For the purpose of organizing events on the hotel premises;
  • To manage employment-related rights and responsibilities with employees;
  • To protect our own property and that of others;
  • For the purpose of ensuring compliance with safety standards;
  • To address breaches of hotel policies;
  • The device information collected during your website visit is used to help identify potential risks and prevent fraud (particularly via your IP address), and more broadly to improve and optimize our website—for example, by analyzing how users browse and interact with it and assessing the effectiveness of our marketing and advertising campaigns;
  • To process payment transactions made through our website;
  • To provide special offers and conduct marketing activities, with the guest’s prior consent.

6. How is personal data collected?

Personal information about guests, their accompanying persons, and visitors is collected:

  • The hotel’s official website;
  • From websites through which our hotel rooms are booked, based on contracts concluded with them;
  • Directly from individuals using the hotel’s services — on-site, via phone calls or correspondence, and at the time of payment;
  • When using the hotel premises under a contractual arrangement, the contracting party may provide us with information about event participants (names and surnames) for the purpose of granting them access to the building;
  • Personal data are collected for direct marketing purposes only with the data subject’sprior written consent.
  • During video monitoring inside the hotel building and its external

7. Basis for data processing

Your personal data will be processed only if one of the following grounds exists:

  • You have given voluntary consent for the processing of your data;
  • Data processing is necessary to conclude or perform a contract with you, or to fulfill obligations arising from a transaction;
  • Data processing is required to comply with legal obligations;
  • Data processing is necessary to provide services to you or to consider your application;
  • Data processing is necessary to protect the legitimate interests of the hotel or third parties;
  • The data is publicly

The purpose of video monitoring is to prevent crime, ensure the safety of individuals on the premises employees, guests, visitors, including minors and to protect property.

8. Processing of Personal Data of Minors

We process the personal data of minors in accordance with the Law on Personal Data Protection, based on the consent of a parent or legal guardian, and always with the best interests of the minor in mind.

9.Data Retention and Disposal Policy

We retain your data:

  • For the entire duration of the service and for no longer than 10 years after the service has ended;
  • Or for the period necessary to achieve the specific purpose of processing, as defined by the scope of the service or specified in the contract.

10. Your rights

Right to be Informed About Data Processing –You have the right to obtain information about the data being processed about you, the purpose and legal basis of the processing, as well as the source of the data and any disclosures made to third parties;

Right to Access and Receive Copies of Your Data – You have the right to access the personal data held about you by the hotel and to receive copies of documents or records containing your personal data, in accordance with the procedures established by Georgian law;

Right to Correct, Update and Complete Data – You have the right to request correction, updating, and completion of any inaccurate, incomplete, or outdated personal data about you;

Right to Suspend Data Processing and Request Deletion or Erasure – You have the right to request that the processing of your personal data be suspended, and that your data be deleted or erased;

Right to block data – You have the right to request data blocking;

The right to withdraw consent – You have the right to withdraw your consent to the processing of your personal data at any time and to request the deletion of any data processed based on that consent;

Right to Data Portability – You have the right to request the portability of your personal data that you have provided to us — that is, to receive it in a structured format or to have it transferred to another data controller;

Right to appeal – In case of a violation of your rights, you may contact us, the Personal Data Protection Service, or the court;

Rights in Case of a Data Breach – You have the right to be informed about any incident involving your personal data, including the relevant circumstances, the actual or potential harm caused by the incident, and the measures taken or planned to mitigate or eliminate such harm.

11. Data Security

We store and process your personal data in compliance with legal requirements and implement technical and organizational security measures to protect your data.

We protect your personal data against unauthorized or unlawful access, accidental loss, damage, disclosure, or destruction.

Our employees follow internal procedures to ensure the confidentiality of personal data.

12. Data Sharing

Your data may be shared with:

  • Our affiliated entities and service providers, including IT service providers, auditors, and consultants;
  • Courts, based on a court order;
  • Other third parties, with your

13.  Policy updates

This policy document may be updated periodically, as needed. The revised version will be published on our website without delay, indicating the date of the update.

Date: 25/11/2025

Book Now