Legal
Dreamland Oasis Chakvi apartments — operated directly by the owner — explains here what personal data we collect when you contact us, why we need it, how long we keep it, and how to ask us to delete it.
Last updated: 2026-05-04
Apartments at Dreamland Oasis Chakvi are operated directly by the owner — an individual host (not a hotel chain or OTA). Contact: Email: info@georgiadream.ge Phone / WhatsApp: +995 505 556 117 Address: Batumi st. 16, Chakvi 6200, Adjara, Georgia. For any privacy-related question — exercising your rights, complaints, or clarifications — write to the email above with subject "Privacy".
When you submit a contact form or a booking request: • Identifying data you fill in yourself — name, phone number, email (only if you tick the email channel), free-text message. • Booking context if you came through the price calculator — apartment, dates, guest count, preferred tier. Automatically captured: • IP address and browser user-agent (for spam protection). • Page URL where the form was submitted, locale (en/ru/ka). • First-touch attribution: utm_source, utm_medium, utm_campaign, utm_term, utm_content, fbclid, gclid, yclid, landing page, referrer — only when present in the URL on your first visit, kept in your browser localStorage for up to 30 days, then attached to the form payload at submit. When you submit a Lead Form inside Instagram or Facebook (Meta Lead Ads): • Name, phone number, email auto-filled by Meta from your profile. • Preferred dates and guest count if you fill the optional questions. • Ad context: campaign name, ad name, leadgen ID.
Solely to contact you back about your inquiry: confirm the dates, send a quote, answer questions, finalise the booking, and provide concierge service during your stay. We do not run email/SMS marketing campaigns and do not enrol you in newsletters.
Article 6(1)(b) of GDPR — performance of a contract or pre-contractual steps at your request: you submit a form because you want a quote or a booking, and we need your contact data to deliver that. For analytics and ad measurement (cookies — see section 8) the lawful basis is our legitimate interest in understanding which marketing channels work and protecting the site from fraud, balanced against your privacy.
• Contact requests that did not result in a booking — kept for 90 days, then deleted from the active database. Encrypted backups of the database may retain them for up to 12 additional months before rotating out. • Contact requests linked to a confirmed booking — kept for 36 months for accounting and dispute-resolution purposes (Georgian tax law requires 6 years for invoicing data, which we comply with separately at aggregate level). • Server access logs — kept 30 days. • Browser localStorage attribution data lives on your device, not ours — clear it any time via your browser settings.
We do not sell your data. We do not share it with third parties for marketing. Third-party processors that may technically see fragments of it as a side-effect of providing infrastructure: • Hetzner Online GmbH (Germany / Finland) — VPS hosting where the database lives. • Backblaze B2 (USA) — encrypted off-site backups; data is encrypted with a key only we hold, so Backblaze cannot read content. • Telegram (UK / global) — operator notifications; only the message text we send to our own bot, not the database. • Meta Platforms (Ireland) — Meta Pixel + Conversions API receive event metadata (page URL, click ids, hashed identifiers) for ad measurement; see section 8. • Google LLC (Ireland) — Google Analytics 4 receives anonymous traffic data; see section 8. • Yandex LLC (Russia) — Yandex Metrika receives anonymous traffic data; see section 8. We will disclose data to authorities only when legally compelled (court order, valid subpoena under Georgian or applicable law).
Under GDPR (EU) and Russian Federal Law 152-FZ (RU) you have the right to: • Access — ask what data we hold about you. • Rectification — correct inaccurate data. • Erasure ("right to be forgotten") — ask us to delete your data, subject to retention obligations in section 5. • Restriction — ask us to stop processing while a complaint is reviewed. • Portability — receive your data in a machine-readable format. • Objection — object to processing based on legitimate interests. • Lodge a complaint with a supervisory authority in your country. To exercise any right, email info@georgiadream.ge with subject "Privacy". We respond within 30 days. There is no fee unless the request is manifestly excessive.
We use first-party storage (cookies + localStorage) and third-party analytics: • Functional — language preference, theme (light/dark), reveal animation throttling. No tracking. • Analytics — Google Analytics 4 (anonymous IP), Yandex Metrika (with Webvisor session recordings — anonymised, no form-input capture), to understand which apartments and pages are popular. • Advertising — Meta Pixel and Meta Conversions API to measure which Instagram / Facebook ads led to bookings. Data sent: hashed email/phone (when you submit a form), event metadata (page URL, listing id), click identifiers (fbp/fbc cookies, fbclid). All identifiers Meta receives are SHA-256 hashed before transit. • Attribution — first-touch UTM parameters and click ids are stored in your browser's localStorage for 30 days; they only travel back to us when you submit a form, never sooner. You can disable cookies via your browser settings or use a content blocker (e.g. uBlock Origin). The site remains fully functional without analytics scripts.
The database is on a private network with TLS in transit (Let's Encrypt certificate, HSTS preload), encrypted backups (AES-256), HTTP security headers (CSP, X-Frame-Options, Referrer-Policy), rate-limited form endpoints, and constant-time admin-token comparison. We rotate the admin token periodically. The Meta App secret used to verify webhook signatures is stored as a masked CI variable, never in source code.
We may update this policy when our processing changes (new analytics tool, new data category collected, new processor added). The "Last updated" date at the top of the page reflects the current version. Material changes will be highlighted at the top of the page for 30 days.
Questions about this policy or how we handle your data: Email: info@georgiadream.ge (subject: "Privacy") Phone / WhatsApp: +995 505 556 117 We answer within one business day; legal requests within 30 days as required by GDPR Art. 12(3).