Privacy Policy

E-space LLC

Article 1. Scope and Purpose

This Privacy Policy (hereinafter — the "Policy") has been developed by E-space LLC (ID 405147087) (hereinafter — the "Company") and defines the rules and conditions for the collection, processing, and protection of Users' personal data.

The Policy has been prepared in accordance with the Law of Georgia on Personal Data Protection and applies to all data collected by the Company during use of the e-space Application (hereinafter — the "Application").

The Policy forms an integral part of the Terms of Service. Registration in the Application constitutes the User's full and informed acceptance of the terms of this Policy.

Article 2. Definitions

Terms used in this Policy that are not otherwise defined shall have the meanings assigned to them by the Law of Georgia on Personal Data Protection:




"Personal data" — any information relating to an identified or identifiable natural person, including name, identification number, location data, online identifier, or physical, psychological, economic, or social characteristics.

"Data processing" — any operation performed on personal data: collection, storage, organisation, modification, use, disclosure, transfer, blocking, deletion, or destruction.

"Controller" — E-space LLC, which determines the purposes and means of data processing.

"Data subject" — any natural person whose data is processed by the Company.

"Third party" — any natural or legal person, public authority, or other entity, other than the data subject, the Company, or the payment processor.

"Payment processor" — JSC Bank of Georgia, which processes payment data on behalf of the Company.

"Incident" — a personal data breach resulting in unlawful or accidental damage to, loss of, unauthorised disclosure, destruction, alteration of, or access to personal data.

"Profiling" — any form of automated processing of personal data used to assess characteristics relating to a natural person.

"Anonymisation" — processing of data in such a way that it is no longer possible to identify the data subject.

Article 3. Principles of Data Processing

The Company processes personal data in strict compliance with the following principles:
  1. Lawfulness, fairness, and transparency — data is processed on a lawful basis, fairly, and in a manner transparent to the User;
  2. Purpose limitation — data is collected only for specific, clearly defined, and legitimate purposes; use for other purposes is not permitted;
  3. Data minimisation — only data necessary for achieving the purpose is processed;
  4. Accuracy — data must be accurate, up to date, and corrected or deleted without undue delay if inaccurate;
  5. Storage limitation — data is stored only for as long as necessary for the purpose;
  6. Integrity and confidentiality — data is protected against unauthorised or unlawful processing, accidental loss, destruction, and damage.
Article 4. Categories of Data Collected

4.1. Registration data of natural persons
  1. First and last name;
  2. Mobile phone number;
  3. Email address.



4.2. Registration data of legal persons
  1. Company name;
  2. Identification number;
  3. Contact information.



4.3. Payment data
  1. Bank card token — the Company stores the token only; full card data is stored by the payment processor;
  2. Transaction history (session ID, date, amount, charger).



4.4. Usage data
  1. Location data — only for specific functions (charger search, routing);
  2. Session history (start/end time, energy/time consumed, charger);
  3. Device technical data (OS version, Application version).



4.5. Marketing consent

Data is processed for marketing purposes only on the basis of the User's separate, voluntary consent given at registration.

Article 5. Methods of Data Collection

The Company collects data by the following methods:
  1. Directly from the User — during registration and use of the service;
  2. Automatically — during use of the Application, in the form of technical data, location, and usage statistics;
  3. From the payment processor — regarding transaction results and status.
Article 6. Purposes and Legal Bases for Data Processing

The Company processes data for the following purposes:




6.1. Performance of contractual obligations

Legal basis: performance of a contract to which the User is party. Purpose: User identification, service delivery, payment processing, fault resolution.




6.2. Legitimate interests

Legal basis: the Company's legitimate interests. Purpose: service improvement, usage analytics, security, fraud prevention.




6.3. Legal obligation

Legal basis: applicable legislation. Purpose: fulfilment of tax obligations; compliance with lawful requests from law enforcement authorities.




6.4. Marketing (consent-based only)

Legal basis: the User's voluntary consent. Purpose: personalised offers via push notification, SMS, email, social and analytics platforms.

Article 7. Data Retention Periods

The Company retains data only for as long as is necessary to achieve the relevant purpose:
  1. Registration data — for the duration of the Agreement + 5 years after termination (tax legislation);
  2. Transaction data — 7 years (requirement of the Tax Code of Georgia);
  3. Usage data — 2 years;
  4. Location data — session duration + 90 days;
  5. Marketing data — until consent is withdrawn.



After expiry of the applicable retention period, data is automatically deleted or anonymised, unless legislation requires a different period.

Article 8. Sharing Data with Third Parties

8.1. Payment processor

JSC Bank of Georgia processes payment data on behalf of the Company. The bank is obliged to maintain confidentiality and to process data solely for the purpose of executing payments.




8.2. Partners

Partners have access only to anonymised IDs and transaction details. Personal data of natural persons is inaccessible to Partners. In the case of a legal person, the Partner may see the identification number and company name.




8.3. Public authorities

The Company transfers data to public authorities only where required by a legally established obligation (court order, lawful request from an investigative authority).




8.4. Prohibition

The Company does not sell, rent, or transfer Users' personal data for other commercial purposes.

Article 9. International Data Transfers

The Company does not currently transfer User data outside Georgia. Should such a transfer become necessary, the Company shall:
  1. Notify Users in advance by updating this Policy;
  2. Ensure an adequate level of data protection in accordance with Georgian legislation;
  3. Conclude appropriate contractual guarantees with the recipient.
Article 10. Use of Location Data

The Company processes Users' location data only for the following specific purposes:
  1. Displaying chargers near the User's location on the map;
  2. Providing directions from the User's location to the selected charger.



Location data is not used for any other purpose. The User may disable location access at any time via their device settings, though this will limit the availability of the above functions.

Article 11. Rights of the Data Subject

In accordance with the Law of Georgia on Personal Data Protection, the User has the following rights:




11.1. Right to receive information

The User has the right to request information about: what data is being processed, for what purpose, for how long, and to whom it is transferred.




11.2. Right of access and to receive a copy

The User has the right to access their personal data held by the Company and to receive a copy.




11.3. Right to rectification

The User has the right to request the correction, updating, or completion of inaccurate, incomplete, or incorrect data.




11.4. Right to erasure

The User has the right to request deletion of their data, unless legislation requires its retention.




11.5. Right to restriction of processing

The User has the right to request restriction or suspension of data processing.




11.6. Right to data portability

The User has the right to receive their data in a structured, machine-readable format.




11.7. Right to withdraw marketing consent

The User may withdraw their marketing consent at any time without giving any reason. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Article 12. Procedure for Exercising Rights

12.1. How to submit a request

To exercise the rights set out in Article 11 of this Policy, the User shall:
  1. Contact the Company by email: info@e-space.ge;
  2. Or directly from the settings section of the Application.



12.2. Response timeframes
  1. The Company shall respond to a request within 10 business days;
  2. In exceptional cases, the deadline may be extended by an additional 10 business days — the User will be notified immediately;
  3. In the event of a refusal, the User will be informed of the grounds and the procedure for appeal.



12.3. Account deletion

The User may request full deletion of their profile (stored information) at any time via: the Application settings page; or by emailing info@e-space.ge.

The profile will be deleted within 7 business days. The Company shall bear no liability for the recovery of deleted profile data. Exception: data subject to mandatory retention periods under legislation (e.g. transaction history) will be deleted upon expiry of the applicable period.

Article 13. Security Measures

The Company implements the following technical and organizational measures to protect data:
  1. Encryption of transmitted data (SSL/TLS);
  2. No storage of full card data — the Company stores only the card token;
  3. Access control — access to data is restricted to employees with appropriate qualifications and a need to know;
  4. Physical security of servers;
  5. Regular security audits and updates;
  6. Employee training on data protection.
Article 14. Incident Notification

In the event of a personal data breach (incident), the Company shall:
  1. Immediately assess the incident and take steps to mitigate harm;
  2. Notify the Personal Data Protection Service within the timeframe prescribed by law;
  3. If the incident poses a high risk to Users' rights — notify the User immediately, providing: the nature of the incident, likely consequences, and measures taken.
Article 15. Cookies and Tracking

The Company does not use cookies, as the service is provided exclusively through a mobile Application.

The Company uses the following tracking technologies:
  1. Analytics tracking — for Application usage statistics and fault detection;
  2. Marketing tracking (social/analytics platforms) — only for Users who have given marketing consent.
The User may disable these functions via their device settings or by contacting the Company.

Article 16. Contact Information

For any questions, comments, or requests relating to data processing, please contact us:




Company: E-space LLC

Email: info@e-space.ge

Phone: +995 032 243 34 73

Address: Tbilisi, Georgia

Website: www.e-space.ge




The User also has the right to contact the Personal Data Protection Service — the supervisory authority for data protection in Georgia.

Article 17. Policy Review

The Company may update this Policy. In the event of an amendment:
  1. The updated Policy will be published in the Application;
  2. Upon first opening the Application, the User will be presented directly with the new Policy — "I agree" or "I do not agree";
  3. The Policy in force prior to the amendment continues to apply until acceptance.



The Policy will be reviewed at least once a year, and also upon any material change to legislation or the service.




© E-space LLC — All rights reserved