This Privacy Policy describes how LLC 10ixsio.ge (Georgian legal entity: შპს 10იქსსიო.ჯი; trading as "10xSEO", "we", "us", "our") collects, uses, stores, and protects personal data of visitors and clients of 10xseo.ge. We comply with the Georgian Law on Personal Data Protection, the EU General Data Protection Regulation (GDPR) where applicable, and applicable UAE data protection laws for visitors located in the United Arab Emirates.
1. Data Controller
The data controller for personal data processed via 10xseo.ge is:
- Legal entity: შპს 10იქსსიო.ჯი (LLC "10ixsio.ge"), registered in Georgia
- Registered address: 8 Bakhtrioni Street, Tbilisi 0194, Georgia
- Email: [email protected]
- Phone: +995 510 10 15 17
For data protection inquiries, complaints, or requests to exercise your rights, contact us at [email protected] with the subject line "Data Protection Request".
2. Data We Collect
We collect personal data in the following categories:
- Contact data — name, email, phone, company name, message — provided voluntarily through contact forms on our website.
- Booking data — name, email, scheduled time, meeting notes — collected when you schedule a consultation via our Calendly widget.
- Analytics data — page views, session duration, device type, browser, approximate location (country/city level), referral source — collected via Google Analytics 4. Identifiers are pseudonymized; IP addresses are anonymized before storage.
- Behavioral data — session recordings, mouse movements, clicks, scroll depth, heatmaps — collected via Hotjar. All form fields and personally identifiable information are masked by default; we do not capture passwords, payment card details, or sensitive personal data.
- Server log data — IP address, user agent, request timestamps, HTTP status codes — collected automatically by our hosting provider for security, fraud prevention, and performance diagnostics.
3. Legal Basis for Processing
Under GDPR Article 6 and the Georgian Personal Data Protection Law, we process your data on the following legal bases:
- Consent (Art. 6(1)(a) GDPR) — for analytics cookies, behavioral tracking (Hotjar), and marketing communications. You may withdraw consent at any time.
- Contract performance (Art. 6(1)(b)) — when you engage us as a client; processing is necessary to deliver agreed services.
- Legitimate interest (Art. 6(1)(f)) — for security logs, fraud prevention, and aggregate performance analysis. We balance this against your rights and freedoms.
- Legal obligation (Art. 6(1)(c)) — for tax records, accounting, and regulatory reporting under Georgian law.
4. Data Retention
- Contact form submissions — 24 months from last contact, then deleted or anonymized.
- Client engagement records — 7 years after contract end, as required by Georgian Tax Code.
- Analytics data — 14 months (GA4 default), then automatically deleted.
- Session recordings — 365 days, then automatically deleted by Hotjar.
- Server logs — 90 days for security purposes, then rotated.
5. Third-Party Processors
We share data with the following processors who act on our instructions under a Data Processing Agreement:
| Processor | Purpose | Location |
|---|---|---|
| Google LLC | Analytics (GA4) | USA (SCCs) |
| Calendly LLC | Booking scheduling | USA (SCCs) |
| Hotjar Ltd | Behavioral analytics | Malta (EU) |
We do not sell your personal data to any third party.
6. International Transfers
Some processors are located outside Georgia and the EEA (notably in the United States). For transfers of personal data from the EEA to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46, supplemented by technical and organizational safeguards. For Georgia, transfers comply with Article 41 of the Georgian Personal Data Protection Law.
7. Your Rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you (GDPR Art. 15)
- Rectification of inaccurate or incomplete data (Art. 16)
- Erasure of your data ("right to be forgotten", Art. 17) — subject to legal retention obligations
- Restriction of processing (Art. 18)
- Data portability — receive your data in a structured, machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time, without affecting prior lawful processing
- Lodge a complaint with the Personal Data Protection Service of Georgia (personaldata.ge) or your local EU supervisory authority
To exercise any of these rights, email [email protected]. We respond within 30 days (extendable by two months for complex requests).
8. Cookies
We use cookies and similar technologies to operate the website, measure performance, and improve user experience. For a detailed list of cookies, their purposes, and how to manage them, see our Cookies Policy.
9. Children's Privacy
Our services are directed at businesses and professionals; we do not knowingly collect data from individuals under 16. If you believe we hold data about a minor, contact us and we will delete it.
10. Security
We apply industry-standard technical and organizational measures: TLS 1.3 encryption in transit, access controls, regular backups, principle of least privilege, and security review of processors. No system is fully impervious; we will notify affected users and the regulator within 72 hours of becoming aware of a breach involving high risk to your rights.
11. UAE Residents — Additional Terms
If you reside in the United Arab Emirates or your data is processed in connection with our UAE engagements:
- For mainland UAE, processing complies with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
- For DIFC-registered clients, processing complies with DIFC Data Protection Law No. 5 of 2020.
- You have rights analogous to GDPR rights above: access, correction, deletion, objection, and complaint to the UAE Data Office or the DIFC Commissioner of Data Protection.
- We do not transfer your data outside the UAE without ensuring an adequate level of protection per the applicable UAE law.
- For UAE-specific data requests, email [email protected] with the subject line "UAE Data Request".
12. Updates to this Policy
We may update this Privacy Policy from time to time. Material changes will be announced on this page with an updated "Last updated" date. For substantial changes affecting your rights, we will provide notice via email (where we have your address) or a banner on the website.
13. Contact & Complaints
For any questions about this Privacy Policy or our data practices:
- Email: [email protected]
- Phone: +995 510 10 15 17
- Postal: 10xSEO Data Protection, 8 Bakhtrioni Street, Tbilisi 0194, Georgia
This policy does not constitute legal advice. For specific legal questions, please consult a qualified attorney.