Privacy Policy.

1. Scope of this policy

This Privacy Policy describes how DSJ Business Consulting LLC ("DSJ", "we", "our") processes personal data of:

• Visitors to dsjbusiness.com
• Individuals who contact us by email, including representatives of prospective and existing clients
• Counterparties and their representatives in the course of corporate due diligence and business correspondence

The processing described in this policy is carried out under the Personal Data Protection Law of Georgia. Where individuals are located in the European Economic Area, the principles of Regulation (EU) 2016/679 (GDPR) are applied to the processing of their personal data on a consistent basis.

This policy does not cover the processing of personal data carried out by DSJ on behalf of its clients in the context of executed service agreements. That processing is governed by the relevant service agreement and by data processing terms agreed with the client as data controller.

2. What personal data we process

We process the minimum personal data required for the purposes described in this policy. We do not run analytics, profiling, or behavioural tracking on this website.

2.1 Data submitted via email

When you contact us by email, we receive and store:

• Your email address
• Your name (if you provide it)
• The company or organisation you represent (if you provide it)
• The content of your message and any attached documents
• Subsequent correspondence between us

2.2 Data collected automatically by website infrastructure

When you visit this website, the hosting infrastructure may automatically log technical data necessary for the operation, security, and integrity of the service:

• IP address
• Browser user agent string
• Date and time of access
• Pages and resources requested
• HTTP referrer (where provided by the browser)

This data is processed for security and operational purposes only. It is not used to identify or track individual visitors and is not combined with other personal data.

2.3 Data stored locally in your browser

This website uses one strictly necessary localStorage entry to remember whether you have acknowledged the cookie banner. See our Cookie Policy for details.

3. Purposes of processing and legal bases

We process personal data only for the following purposes, on the legal bases indicated:

3.1 Responding to enquiries

To respond to enquiries and conduct business correspondence with prospective clients, partners, and counterparties.

Legal basis: our legitimate interest in conducting business correspondence (Article 6(1)(f) GDPR principles), and where applicable, steps prior to entering into a contract at the data subject's request (Article 6(1)(b) GDPR principles). Under the Personal Data Protection Law of Georgia, processing is grounded in our legitimate business operations as a Georgian taxpayer.

3.2 Counterparty due diligence and contractual administration

To conduct corporate due diligence on prospective clients and counterparties, and to administer contractual relationships.

Legal basis: performance of a contract or steps prior to entering a contract; legitimate business interest in counterparty risk management; compliance with Georgian taxation, accounting, and corporate record-keeping obligations.

3.3 Operational and security logging

To operate, secure, and maintain the integrity of the website and our IT systems.

Legal basis: our legitimate interest in operating a secure online presence.

3.4 Legal and regulatory compliance

To comply with applicable Georgian law, including taxation, accounting, anti-money laundering, and corporate record-keeping obligations.

Legal basis: compliance with legal obligations to which DSJ is subject.

4. Data we do not collect

This website does not use:

• Web analytics platforms (Google Analytics, Plausible, Matomo, or similar)
• Advertising trackers or marketing pixels
• Third-party fonts that report visitor data (we self-host nothing third-party-tracked)
• Social media tracking widgets
• Behavioural profiling or fingerprinting
• Contact forms requiring registration or third-party form processors

5. Sharing personal data

We do not sell personal data and we do not share it with advertisers or marketing networks. We may share personal data with the following categories of recipients only as necessary:

• Hosting and email infrastructure providers: third parties processing personal data on our behalf as data processors under contractual arrangements aligned with applicable data protection law.
• Professional advisers: our accountants, tax advisers, and legal counsel, where personal data is necessary for them to provide their services to us.
• Public authorities: where required by Georgian law, court order, or comparable legal process.

We do not transfer personal data to third parties for their own marketing purposes.

6. International transfers

DSJ is established in the Republic of Georgia. Personal data processed by DSJ is primarily stored on infrastructure located in Georgia and the European Economic Area. Where data is transferred to processors located in jurisdictions without an adequacy decision, we apply contractual safeguards aligned with the Personal Data Protection Law of Georgia and, where relevant, the principles of Articles 44-49 GDPR.

7. Retention periods

We retain personal data only for as long as necessary for the purposes described in this policy:

• Email correspondence: retained for the duration of the business relationship and for up to seven (7) years after its conclusion, in line with Georgian commercial record-keeping obligations.
• Counterparty due diligence records: retained for the duration of the contractual relationship and for up to seven (7) years afterwards.
• Website security logs: retained for a maximum of ninety (90) days, except where extended retention is required for incident investigation.
• Cookie consent record (browser localStorage): persists in your browser until you delete it or use the "Cookie preferences" link in the footer to clear it.

8. Your rights

Under the Personal Data Protection Law of Georgia and the applicable principles of the GDPR, you have the following rights with respect to your personal data:

• Access: to obtain confirmation of whether we process your personal data and to obtain a copy of that data.
• Rectification: to have inaccurate personal data corrected and incomplete data completed.
• Erasure: to have your personal data deleted, subject to legal retention obligations and our legitimate business interests.
• Restriction of processing: in defined circumstances, to limit the way we process your data.
• Objection: to object to processing based on legitimate interest.
• Data portability: where processing is based on contract or consent and carried out by automated means.
• Withdrawal of consent: where processing is based on consent, to withdraw that consent at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at dsjbusinessconsulting@gmail.com. We respond to verified requests within thirty (30) calendar days. We may need to verify your identity before processing a request.

9. Right to lodge a complaint

If you believe that our processing of your personal data infringes the Personal Data Protection Law of Georgia or applicable EU data protection law, you have the right to lodge a complaint with:

• The Personal Data Protection Service of Georgia (personaldata.ge)
• Where applicable, the supervisory authority of your EU Member State of habitual residence, place of work, or place of alleged infringement.

We encourage you to contact us first so that we can address your concern directly.

10. Security measures

We apply administrative, technical, and organisational measures appropriate to the sensitivity of the personal data we process. These measures include access controls, encryption in transit, secure storage, and confidentiality obligations on personnel and processors. No system is perfectly secure; we work continuously to improve our practices.

11. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of this document indicates the version currently in force. Material changes will be reflected in a revised effective date and, where appropriate, communicated to data subjects with whom we are in active correspondence.

12. Contact