Last Updated: February 2025

This Privacy Policy explains how Globbi LTD. ("Globbi," "we," "us," or "our") collects, uses, shares, and protects your personal data when you use the Globbi mobile application and website (collectively, the "Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Georgian data protection legislation, and other applicable privacy laws.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a lawful basis for processing, we will obtain your explicit consent separately.

1. Data Controller

The data controller responsible for your personal data is:

For any questions or concerns regarding your personal data or this Privacy Policy, you may contact our Data Protection Officer at dpo@globbi.org.

2. Definitions

Unless the context clearly indicates otherwise, the terms used in this Privacy Policy shall have the following meanings:

In the event of a conflict between this Privacy Policy and our Terms and Conditions, the provisions of this Privacy Policy shall prevail regarding data protection matters.

3. Personal Data We Collect

To provide and improve our Service, we collect the following categories of personal data:

3.1. Data You Provide Directly

3.2. Data We Collect Automatically

3.3. Data Generated Through Your Use of the Service

4. Purposes and Lawful Bases for Processing

We process your personal data only when we have a valid lawful basis under Article 6 of the GDPR. The table below describes each processing purpose and its corresponding lawful basis:

4.1. Contract Performance (Article 6(1)(b) GDPR)

We process data as necessary to perform our contract with you, including:

4.2. Consent (Article 6(1)(a) GDPR)

Where required, we obtain your explicit consent before processing, including for:

You may withdraw your consent at any time by adjusting your device settings, contacting us at dpo@globbi.org, or using the in-app privacy settings. Withdrawal of consent does not affect the lawfulness of processing performed before the withdrawal.

4.3. Legitimate Interests (Article 6(1)(f) GDPR)

We process data based on our legitimate interests, balanced against your rights and freedoms, for the following purposes:

4.4. Legal Obligation (Article 6(1)(c) GDPR)

We process data as necessary to comply with legal obligations, including:

5. Automated Decision-Making and Profiling

We use automated processing in the following ways:

5.1. User Matching Algorithm

Our Service uses an automated matching algorithm that considers factors such as your geographic location, shared interests, language preferences, and activity patterns to suggest other users you may want to connect with. This matching is based on your profile data and does not produce legal effects or similarly significant effects on you. You can influence the matching results by updating your profile, interests, and location preferences at any time.

5.2. AI-Powered Features

Certain features of the Service use artificial intelligence (powered by OpenAI) to provide content suggestions, event recommendations, or other AI-assisted functionality. When you interact with these features, your inputs are processed to generate responses. We do not use AI outputs to make decisions that produce legal or similarly significant effects on you.

You have the right to request human review of any automated decision, express your point of view, and contest the decision by contacting us at dpo@globbi.org.

6. Data Sharing and Third Parties

6.1. Categories of Recipients

We may share your personal data with the following categories of recipients, solely for the purposes described in this Policy:

6.2. Data Processor Agreements

All third-party service providers acting as data processors are bound by Data Processing Agreements (DPAs) that require them to process your data only on our instructions and in accordance with applicable data protection laws.

6.3. Data Minimization

When sharing data with third parties, we transfer only the minimum information necessary to achieve the specific purpose. We do not sell your personal data to any third party.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA), including the United States (for cloud infrastructure and third-party services) and Georgia (where Globbi LTD. is registered).

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

You may request a copy of the safeguards we use for international data transfers by contacting us at dpo@globbi.org.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The specific retention periods are:

When personal data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

9. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting our Data Protection Officer at dpo@globbi.org or by using the relevant functionality within the app.

  1. Right of Access (Article 15): You have the right to obtain confirmation as to whether your personal data is being processed, and if so, to access that data along with information about the purposes, categories, recipients, retention periods, and your rights. You may request a copy of your personal data in a commonly used electronic format.
  2. Right to Rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed. You can update most of your data directly through your profile settings in the app.
  3. Right to Erasure (Article 17): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, when you object to processing and there are no overriding legitimate grounds, or when the data has been unlawfully processed.
  4. Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data when you contest its accuracy, when the processing is unlawful but you prefer restriction over erasure, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification.
  5. Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or CSV), and to transmit that data to another controller without hindrance.
  6. Right to Object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose immediately.
  7. Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects concerning you.
  8. Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

How to Exercise Your Rights

To exercise any of the above rights, you may:

We will respond to your request within one month of receipt. If your request is complex or we receive a large number of requests, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it within the initial one-month period.

We may ask you to verify your identity before fulfilling your request to ensure the security of your personal data.

Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR or applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU/EEA Member State of your habitual residence, place of work, or the place of the alleged infringement. In Georgia, you may contact the Personal Data Protection Service (State Inspector's Service).

10. Cookies and Tracking Technologies

Our website and Service use cookies and similar tracking technologies to provide, secure, and improve the Service.

10.1. Types of Cookies We Use

10.2. Managing Cookies

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

11. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

12. Children's Privacy

The Service is intended for users who are at least 18 years of age. We do not knowingly collect personal data from individuals under 18. If we become aware that we have inadvertently collected personal data from a person under 18, we will take steps to delete that data as promptly as possible. If you believe that a person under 18 has provided us with personal data, please contact us at dpo@globbi.org.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acknowledgment of the updated Privacy Policy. Where changes require your consent under applicable law, we will obtain your consent before the changes take effect.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

We are committed to resolving any concerns you may have about our collection or use of your personal data. We welcome your feedback and will work to address any issues promptly and transparently.