Last Updated: June 15, 2025

This GDPR Compliance page explains how OhaBaba complies with the General Data Protection Regulation (GDPR) and outlines your rights as a data subject under this regulation. This document supplements our Privacy Policy with additional details specific to GDPR requirements.

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.

The GDPR aims to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

As a global platform with users in the EU, OhaBaba is committed to ensuring that all our data processing activities comply with the GDPR requirements, and that we provide our users with transparency regarding how their data is handled.

2. Company Information

OhaBaba is operated by AG. Group LLC, a legally registered entity in Georgia. Our company details are as follows:

Company Registration Information

Firm Name:
AG. Group LLC
Legal Form:
Limited Liability Company
Identification Number:
416347536
Registration Date:
May 22, 2019
Registering Authority:
LEPL National Agency of Public Registry (Georgia)
Legal Address:
Georgia, Rustavi City, Kazbegi St., N1, flat N36
Director:
Ahmet Gokdemir

For verification of our company information, you can visit the official web-page of the National Agency of Public Registry of Georgia at www.napr.gov.ge.

3. GDPR Principles

OhaBaba adheres to the following GDPR principles when processing personal data:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect and how we use it.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

Data Minimization

We limit our data collection to what is necessary for the purposes for which it is processed. We do not collect excessive data.

Accuracy

We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. Inaccurate data is erased or rectified without delay.

Storage Limitation

We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which it is processed.

Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Accountability

We take responsibility for complying with GDPR principles and can demonstrate this compliance through appropriate policies, procedures, and records.

4. Personal Data We Collect

Under the GDPR, "personal data" means any information relating to an identified or identifiable natural person ("data subject"). OhaBaba collects and processes the following categories of personal data:

Category Examples Purpose
Identification Data Name, email address, phone number, profile picture Account creation, authentication, communication
Business Information Company name, job title, business address, business registration details Business verification, platform functionality, legal compliance
Transaction Data Payment information, purchase history, inquiries Process transactions, provide customer support
Technical Data IP address, browser type, device information, cookies Improve platform functionality, ensure security, enhance user experience
Usage Data Page views, features used, time spent on platform Platform improvement, personalization, analytics
Communication Data Messages, inquiries, feedback Respond to requests, provide support, improve services
Marketing Data Marketing preferences, survey responses Send relevant communications, conduct market research

For a complete list of the personal data we collect and how we use it, please refer to our Privacy Policy.

Under the GDPR, we must have a valid legal basis for processing personal data. OhaBaba relies on the following legal bases for processing:

Contractual Necessity

We process personal data as necessary to fulfill our contractual obligations to you, including providing our platform services, processing transactions, and managing your account.

Legal Obligation

We process personal data to comply with legal obligations, such as maintaining business records for tax purposes, responding to legal requests from authorities, and implementing anti-fraud measures.

Legitimate Interests

We process personal data based on our legitimate interests, such as improving our services, ensuring platform security, and marketing our services to existing customers. We balance our interests against your privacy rights.

Consent

We process certain personal data based on your explicit consent, which you can withdraw at any time. This includes sending marketing communications, collecting certain types of sensitive data, and using cookies for non-essential purposes.

6. Your Rights Under GDPR

The GDPR provides individuals with enhanced rights regarding their personal data. As a user of OhaBaba, you have the following rights:

Right Description
Right to Information You have the right to be informed about how we collect and use your personal data, including the purposes of processing, retention periods, and who we share your data with.
Right of Access You have the right to request a copy of your personal data that we hold and to check that we are lawfully processing it.
Right to Rectification You have the right to request that incomplete or inaccurate personal data that we hold about you be corrected.
Right to Erasure Also known as the "right to be forgotten," you have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected.
Right to Restrict Processing You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability You have the right to request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format.
Right to Object You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes or when processing is based on our legitimate interests.
Rights Related to Automated Decision-Making You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to Withdraw Consent You have the right to withdraw your consent at any time where we rely on consent as the legal basis for processing your personal data.
Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.

7. How to Exercise Your Rights

You can exercise your rights under the GDPR by:

  • Using our data subject request form (available at the bottom of this page)
  • Emailing our Data Protection Officer at dpo@ohababa.com
  • Sending a written request to our address in Georgia, Rustavi City

To protect your privacy and security, we may need to verify your identity before providing information or making changes. We will respond to your request within one month, as required by the GDPR. This period may be extended by up to two additional months if necessary, taking into account the complexity and number of requests.

No Fee Usually Required

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of personal data during transmission and at rest
  • Access controls to limit data access to authorized personnel
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security practices
  • Incident response procedures to address potential data breaches
  • Business continuity and disaster recovery plans

While we implement safeguards designed to protect your personal data, no security system is impenetrable. We cannot guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

9. International Data Transfers

As a global platform, OhaBaba may transfer personal data to countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data and to comply with GDPR requirements.

These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) for transfers within a corporate group
  • Transfers to countries with an adequacy decision from the European Commission
  • Transfers based on explicit consent after being informed of the possible risks
  • Transfers necessary for the performance of a contract between you and OhaBaba

International Transfer Safeguards

For specific information about the safeguards we use for international transfers of your personal data, please contact our Data Protection Officer at dpo@ohababa.com.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data and whether we can achieve those purposes through other means
  • The applicable legal, regulatory, tax, accounting, or other requirements

In general, we retain personal data according to the following timeframes:

Data Category Retention Period
Account Information For the duration of your account plus 2 years after account closure
Transaction Data 10 years for legal and tax purposes
Communication Records 3 years from the date of the communication
Marketing Data Until you opt-out or withdraw consent
Technical and Usage Data 2 years from collection

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our platform. Under the GDPR, we are required to inform you about the cookies we use and to obtain your consent for non-essential cookies.

Our cookie categories include:

  • Essential Cookies: Necessary for the functioning of our platform
  • Performance Cookies: Help us understand how visitors interact with our platform
  • Functionality Cookies: Enable enhanced functionality and personalization
  • Targeting Cookies: Used to deliver relevant advertisements and marketing communications

You can manage your cookie preferences through our cookie consent banner or by changing your browser settings. For more information about the cookies we use and how to control them, please see our Cookie Policy.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance statement and our privacy practices. If you have any questions about this statement or how we handle your personal data, please contact our DPO:

Data Protection Officer

Name: Elif Yilmaz
Email: dpo@ohababa.com
Address: AG. Group LLC, Data Protection Office, Georgia, Rustavi City, Kazbegi St., N1, flat N36
Phone: +90 555 987 6543

13. Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, when possible, within 72 hours after becoming aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly. The notification will include:

  • A description of the nature of the breach
  • The name and contact details of our Data Protection Officer
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach

14. Complaints

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to address your concerns before you approach a supervisory authority, so please contact us in the first instance.

The lead supervisory authority for OhaBaba is:

Georgian Data Protection Authority

Name: State Inspector's Service of Georgia
Address: 15 Tamar Mepe Avenue, 0112 Tbilisi, Georgia
Website: https://personaldata.ge/en

If you are located in the EU, you may also lodge a complaint with your local supervisory authority. A list of supervisory authorities in the European Union is available here.

15. Contact Us

If you have any questions about our GDPR compliance or would like to exercise your data protection rights, please contact us at:

AG. Group LLC / OhaBaba Global Trade Intelligence
Georgia, Rustavi City, Kazbegi St., N1, flat N36
Email: privacy@ohababa.com
Phone: +90 555 123 4567

16. Data Subject Request Form

To exercise your rights under the GDPR, please complete the form below. We will respond to your request within one month of receipt.

To protect your privacy, we need to verify your identity. Please attach a copy of your ID document (passport, ID card, driver's license). You may redact any information not necessary for identification.

Effective Date: January 1, 2025
Last Updated: June 15, 2025