Security Policy

Last updated: June 2025

1. Introduction

JSC “Elit Electronics” (hereinafter referred to as “the Company”) recognizes the importance of security and takes all necessary measures to protect users' personal data and payment details. This policy defines the security standards, procedures, and practices that ensure a secure and trustworthy environment on our platform.

2. Protection of User Data

2.1. The Company collects only the data necessary to process orders, provide services, and communicate with users.

2.2. Personal data is stored in encrypted form on secure servers; data transmission between the app and servers is performed via SSL/TLS protocol. Passwords are stored in hashed form. Data protection fully complies with the Georgian personal data protection legislation. Within the online commerce platform, users’ personal and payment-related data is highly protected.

2.3. The Company never shares user data with third parties, except when: It is requested by the user; It is required to provide the best possible service (e.g., payment providers, courier services); It is required by a legal matter/legislation or regulation. Data sharing is conducted in full compliance with the law. The Company does not sell personal data.

2.4. The management of user data is also carried out in accordance with JSC Elit Electronics’ personal data protection policy.

3. Payment Security

3.1. Payments are processed through certified third-party payment platforms (e.g., integrations with Georgian banks), which ensures the protection of financial information.

3.2. The Company does not store users’ bank card data on its servers.

3.3. Transactions are protected by SSL encryption protocol to ensure safe data transmission.

4. Platform Security

4.1. The website is secured and regularly monitored.

4.2. Regular backups are performed.

4.3. System access is password-protected, and two-factor authentication is used when necessary.

5. Employee Access Control

5.1. Only authorized employees have access to user data.

5.2. Access levels are defined according to job responsibilities.

6. Authorization and Authentication

Secure authorization mechanisms (OAuth2) is used to identify users. Authentication is conducted in accordance with security and confidentiality principles. Registration and login are performed through secure channels.

7. User Access and Rights

Users have the right to access, request correction, or deletion of their personal data in accordance with the Georgian Law on Personal Data Protection. Users can also manage their orders and accounts through their personal profiles.

8. System Monitoring and Attack Prevention

The app utilizes security analysis and penetration testing systems. Suspicious activity triggers automatic alerts. System sustainability and data availability are protected in accordance with Georgia’s cybersecurity standards. Regular security checks are conducted on the platform.

9. Incident Management

9.1. In the event of an incident, the affected party is immediately notified, and appropriate legal and technical measures are taken.

9.2. Incidents are recorded and thoroughly investigated to prevent recurrence.

10. Policy Updates

10.1. The security policy is periodically reviewed and updated to reflect new technologies, legal requirements, and potential threats.

10.2. All updates are transparent, and users will be informed in advance through the app or by email, in accordance with Georgian regulations.

11. Contact

Email: info@ee.ge | Phone: *4848. For matters related to the security policy, you may contact the Company’s Personal Data Protection Officer.