Privacy Policy

1. Introduction

The Controller of personal data collected your personal data via the website is L.L.C.ELIZBAR 1918 who conducts business under the name L.L.C.ELIZBAR 1918, NIP:404562068 headquarters address Telavi Municipality, Kisishkevi village, 17th Street N19 hereinafter referred to as the “Controller“.

Personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), hereinafter referred to as the „GDPR” and the Personal Data Protection Act of May 10, 2018.

By accessing our website, you are likely to provide us with data such as: your name and surname, your e-mail address, your phone and the IP address from which you connected to the Internet.

2. Legal Acts

This Privacy Policy is based on the GDPR .

3. Update

Our Privacy Policy may require periodic updates, including as part of the evolving regulatory framework for data protection. The modified version of the Privacy Policy becomes effective upon publication on the Controller’s website at the following address:

4. Our Site URL –

5. Definitions

Personal data

Any information relating to an identified or identifiable natural person (data subject). In particular by reference to an identifier such as the name, the first name or the address, the email, the telephone number, etc.


L.L.C.ELIZBAR 1918, which determines the purposes and means of the processing of personal data. Terms „we”, and „our” will be used in relation to Controller.

Data Subject

An identifiable natural person – one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Terms „you” and „yours” will be used in relation to Data Subject.


Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


A cookie is a text file that the site you are visiting stores on the hard disk or in the browser memory of the computer that you use to access the internet. A cookie allows your computer to store various technical data allowing the general control of public access to a site (number of visits, duration of the visit, connection to other sites, etc.) or the customisation of the displayed pages for your next interactions with the same site (your account, the most visited pages, etc.)

Privacy Impact Assessment (PIA)

A PIA is a detailed study to establish the risk to privacy that personal data processing could have on the privacy of the data subject should an incident occur.

6.Personal data we collect

When you contact us by filling in a form on our website or by a letter, e-mail or message on social media or when you make a booking online through our website, through an online booking system, through our social media, through our call center, or directly with the hotel we will collect, store and process following personal data you provide on a voluntary basis:

  • name, address, email address, telephone number
  • dates of your stay with us;

for the purposes of:

  • enabling you to book a room in the hotel you have chosen;
  • checking hotel availability and managing bookings;
  • sending you a booking confirmation;
  • sending you emails prior to your arrival at the hotel;
  • providing you with information about our products and services that you request from us;
  • facilitating bookings, payment and other administrative processes related to your stay or travel;
  • enabling you to make reservations;
  • establishing contact with us in order to make a reservation.

The legal basis for the processing is the necessity for the performance of a contract to which you are a party (Article 6 (1) (b) of the GDPR) and the Controller’s legitimate interest in ensuring the contact with you (Article 6 (1) (f) of the GDPR).

Providing personal data is voluntary, but necessary for the conclusion and performance of the contract and for the maintenance of contact.

Personal data is processed during the term of the contract or during contact with us.

We also will collect, store and process the following personal data you provide on a voluntary basis:  

  • name, address, email address, telephone number,

dates of your stay with us;for the purpose of:

  • opting in to receive marketing information with us;
  • subscribing to receive a service from us (e.g. a newsletter, blog or by following us on social media).

The legal basis for the processing is the Controller’s legitimate interest in sending marketing information (Article 6 (1) (f) of the GDPR) and your explicit consent (Article 6 (1) (a) of the GDPR).

Personal data will be processed until the consent is withdrawn or an effective objection to such processing is raised.

7. Personal data we collect automatically

When you visit our website, we may also collect certain data through the use of “cookies” and other automated means. Cookies are small pieces of data that are stored by your browser on your computer’s hard drive.

Our website uses session cookies – these are temporary information stored in the memory of your browser until the session ends, i.e. you close the browser. These cookies are mandatory for certain functionalities to work correctly. The information obtained through cookies is not used to personal identification. Enabling the necessary session cookies is necessary to use the website. Failure to enable the necessary cookies will prevent you from using the website.

We use cookies to gather data about the visitors to our website, to enable us to improve our website and deliver a better and more personalised service. Enabling such cookies is voluntary (i.e. only takes place if you have given your consent). Failure to install them, however, will significantly limit the functionality of the website. The storage period of such cookies is 12 months or until consent is withdrawn.

Data we collect through such means may comprise the following:

  • date and time;
  • originating IP address;
  • domain name;
  • type of browser and operating system used;
  • URL of the referring page;
  • object requested;
  • completion status of the request;
  • geographic location.

The legal basis for the processing is the Controller’s legitimate interest in ensuring the proper operation of the website (Article 6 (1) (f) of the GDPR).

By using the web browser settings or by using the service configuration, you can change your cookie settings by yourself and at any time, by specifying the terms of their storage and access to your device via cookies. These settings can be changed, so as to block the automatic processing of cookies in the web browser settings or to inform you each time when they are placed on your device. Detailed information on the options and ways of supporting cookies is available in your software settings (web browser).

8. Other activities in which your personal data may be processed

 The type, legal basis, storage period, and the necessity to provide your personal data depend on the purpose for which they are processed.


Legal basis

Data retention period

The necessity of providing personal data

Dealing with data subjects’ rights

Processing is necessary for compliance with a legal obligation to which the Controller is subject (Article 6 (1) (c) of the GDPR).


The period necessary for the Controller to exercise data subjects’ rights.

Providing data is voluntary, however, necessary to consider and exercise data subjects’ rights.

Determination, investigation or defense against claims

The Controller’s legitimate interest in establishing, investigating or defending against claims (Article 6 (1) (f) of the GDPR).

For a period of limitation of civil claims under the law.

The Controller received the personal data when concluding the contract with data subject.


9. Data Recipients

For the proper functioning of the Controller’s website, including the implementation of concluded contracts, it is necessary for the Controller to use the services of external entities (such as for example, a software supplier or an IT company). The Controller uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that processing meets the requirements of the GDPR and protects the rights of the data subjects.

The transfer of data by the Controller does not take place in every case – the Controller provides data only when it is necessary to achieve the given purpose of personal data processing and only to the extent necessary to achieve it.

Your personal data may be transferred to the following recipients or categories of recipients:

  • service providers supplying the Controller with technical, IT and organizational solutions, enabling the Controller to run a business, including the website and services provided through it (e.g. IT companies, e-mail and hosting providers as well as marketing activities and providing technical assistance to the Controller).

The Controller provides the collected personal data to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with the Privacy Policy.

Your personal data may be transferred outside the European Economic Area. In such cases, your personal data is secured using appropriate technical and organizational measures and appropriate legal safeguards.

10. Exercise of Rights

Due to the processing of your personal data by the Controller, you have the following rights:

  • the right to access your personal data;
  • the right to rectification of your personal data;
  • the right to be forgotten;
  • the right to restriction of processing of your personal data;
  • the right to object to the processing of personal data;
  • the right to data portability;
  • right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

With a request to exercise the above-mentioned rights, you can contact the Controller at the following address: The Controller points out that the exercise of certain rights may be limited in a specific case for legal reasons or due to the legitimate interests of the Controller.

11. Final Provisions

The  Controller uses technical and organizational measures to ensure the protection of the processed personal data appropriate to the threats and categories of data protected, and in particular protects the data against unauthorized disclosure, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.The  Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.