Understanding your data protection rights and how we implement them
Last Updated: June 15, 2025
This GDPR Compliance page explains how OhaBaba complies with the General Data Protection Regulation (GDPR) and outlines your rights as a data subject under this regulation. This document supplements our Privacy Policy with additional details specific to GDPR requirements.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
The GDPR aims to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
As a global platform with users in the EU, OhaBaba is committed to ensuring that all our data processing activities comply with the GDPR requirements, and that we provide our users with transparency regarding how their data is handled.
OhaBaba is operated by AG. Group LLC, a legally registered entity in Georgia. Our company details are as follows:
For verification of our company information, you can visit the official web-page of the National Agency of Public Registry of Georgia at www.napr.gov.ge.
OhaBaba adheres to the following GDPR principles when processing personal data:
We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect and how we use it.
We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
We limit our data collection to what is necessary for the purposes for which it is processed. We do not collect excessive data.
We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay.
We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which it is processed.
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
We take responsibility for complying with GDPR principles and can demonstrate this compliance through appropriate policies, procedures, and records.
Under the GDPR, "personal data" means any information relating to an identified or identifiable natural person ("data subject"). OhaBaba collects and processes the following categories of personal data:
Category | Examples | Purpose |
---|---|---|
Identification Data | Name, email address, phone number, profile picture | Account creation, authentication, communication |
Business Information | Company name, job title, business address, business registration details | Business verification, platform functionality, legal compliance |
Transaction Data | Payment information, purchase history, inquiries | Process transactions, provide customer support |
Technical Data | IP address, browser type, device information, cookies | Improve platform functionality, ensure security, enhance user experience |
Usage Data | Page views, features used, time spent on platform | Platform improvement, personalization, analytics |
Communication Data | Messages, inquiries, feedback | Respond to requests, provide support, improve services |
Marketing Data | Marketing preferences, survey responses | Send relevant communications, conduct market research |
For a complete list of the personal data we collect and how we use it, please refer to our Privacy Policy.
Under the GDPR, we must have a valid legal basis for processing personal data. OhaBaba relies on the following legal bases for processing:
We process personal data as necessary to fulfill our contractual obligations to you, including providing our platform services, processing transactions, and managing your account.
We process personal data to comply with legal obligations, such as maintaining business records for tax purposes, responding to legal requests from authorities, and implementing anti-fraud measures.
We process personal data based on our legitimate interests, such as improving our services, ensuring platform security, and marketing our services to existing customers. We balance our interests against your privacy rights.
We process certain personal data based on your explicit consent, which you can withdraw at any time. This includes sending marketing communications, collecting certain types of sensitive data, and using cookies for non-essential purposes.
The GDPR provides individuals with enhanced rights regarding their personal data. As a user of OhaBaba, you have the following rights:
Right | Description |
---|---|
Right to Information | You have the right to be informed about how we collect and use your personal data, including the purposes of processing, retention periods, and who we share your data with. |
Right of Access | You have the right to request a copy of your personal data that we hold and to check that we are lawfully processing it. |
Right to Rectification | You have the right to request that incomplete or inaccurate personal data that we hold about you be corrected. |
Right to Erasure | Also known as the "right to be forgotten," you have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected. |
Right to Restrict Processing | You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data. |
Right to Data Portability | You have the right to request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format. |
Right to Object | You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes or when processing is based on our legitimate interests. |
Rights Related to Automated Decision-Making | You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. |
Right to Withdraw Consent | You have the right to withdraw your consent at any time where we rely on consent as the legal basis for processing your personal data. |
Right to Lodge a Complaint | You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. |
You can exercise your rights under the GDPR by:
To protect your privacy and security, we may need to verify your identity before providing information or making changes. We will respond to your request within one month, as required by the GDPR. This period may be extended by up to two additional months if necessary, taking into account the complexity and number of requests.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:
While we implement safeguards designed to protect your personal data, no security system is impenetrable. We cannot guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
As a global platform, OhaBaba may transfer personal data to countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data and to comply with GDPR requirements.
These safeguards may include:
For specific information about the safeguards we use for international transfers of your personal data, please contact our Data Protection Officer at dpo@ohababa.com.
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
In general, we retain personal data according to the following timeframes:
Data Category | Retention Period |
---|---|
Account Information | For the duration of your account plus 2 years after account closure |
Transaction Data | 10 years for legal and tax purposes |
Communication Records | 3 years from the date of the communication |
Marketing Data | Until you opt-out or withdraw consent |
Technical and Usage Data | 2 years from collection |
We use cookies and similar tracking technologies on our platform. Under the GDPR, we are required to inform you about the cookies we use and to obtain your consent for non-essential cookies.
Our cookie categories include:
You can manage your cookie preferences through our cookie consent banner or by changing your browser settings. For more information about the cookies we use and how to control them, please see our Cookie Policy.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance statement and our privacy practices. If you have any questions about this statement or how we handle your personal data, please contact our DPO:
Name: Elif Yilmaz
Email: dpo@ohababa.com
Address: AG. Group LLC, Data Protection Office, Georgia, Rustavi City, Kazbegi St., N1, flat N36
Phone: +90 555 987 6543
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, when possible, within 72 hours after becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly. The notification will include:
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to address your concerns before you approach a supervisory authority, so please contact us in the first instance.
The lead supervisory authority for OhaBaba is:
Name: State Inspector's Service of Georgia
Address: 15 Tamar Mepe Avenue, 0112 Tbilisi, Georgia
Website: https://personaldata.ge/en
If you are located in the EU, you may also lodge a complaint with your local supervisory authority. A list of supervisory authorities in the European Union is available here.
If you have any questions about our GDPR compliance or would like to exercise your data protection rights, please contact us at:
AG. Group LLC / OhaBaba Global Trade Intelligence
Georgia, Rustavi City, Kazbegi St., N1, flat N36
Email: privacy@ohababa.com
Phone: +90 555 123 4567
To exercise your rights under the GDPR, please complete the form below. We will respond to your request within one month of receipt.
Effective Date: January 1, 2025
Last Updated: June 15, 2025