Privacy Policy – geschool.online Effective date: October 7, 2025
This Privacy Policy explains how Individual Entrepreneur DMITRII SPEKHOV (“we”, “us”, “our”, or “Geschool”) collects, uses, stores, and protects personal data when you use our website and online services.
We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
  • 1. Company InformationFirm Name: Individual Entrepreneur DMITRII SPEKHOV
  • Identification Number: 300447951
  • Legal Address: Georgia, Tbilisi, Nadzaladevi District, Tornike Eristavi Street, N29, Building N5, Entrance 1, Floor 1, Apartment 3
  • Website: http://geschool.online/
  • Contact (Data Protection): tartlhaus@yandex.ru
If you are located in the European Economic Area (EEA) and need to contact our data protection representative or regulatory authorities, please reach out to the email above.
2. Scope of the PolicyThis Policy applies to all personal data collected and processed through our platform in connection with the provision of our online language school services — including registration, lessons via video calls, customer support, and payment processing.
3. Categories of Personal Data We CollectWe may collect and process the following categories of personal data:
a. Identification Data
Name, surname, date of birth (if provided), gender (if provided).
b. Contact Data
Email address, phone number, postal address (if provided).
c. Account Data
Username, hashed password, role (student, teacher, admin), registration date.
d. Payment Data
Billing information such as payer’s name, billing address, services purchased, and transaction amounts.
We do not store full card details (e.g., card number, CVV). All card data is processed via certified payment providers.
e. Activity and Interaction Data
Lesson history, learning progress, messages, platform logs (IP, browser info, device type, timestamps).
f. Audio and Video Data
Live video and audio streams during lessons. Recordings of sessions may be stored only with your explicit consent.
g. Technical Data and Cookies
Device information, IP address, browser type, cookies, and session identifiers.
h. Security and Moderation Data
Reports of misconduct, support chat records, and logs from incident investigations.
4. Purpose and Legal Basis for Processing (GDPR)Your personal data is processed under the following legal bases:
  1. Performance of a Contract (Art. 6(1)(b) GDPR)
  2. To create and manage user accounts, provide educational services, process payments, and deliver lessons.
  3. Consent (Art. 6(1)(a) GDPR)
  4. For optional activities such as recording lessons, sending marketing communications, or using non-essential cookies.
  5. Legitimate Interests (Art. 6(1)(f) GDPR)
  6. To maintain service security, prevent fraud, improve our services, and communicate with users for support.
  7. Legal Obligation (Art. 6(1)(c) GDPR)
  8. To comply with tax, accounting, and other applicable legal requirements.
We do not intentionally collect special categories of personal data (e.g., race, health, religion). If such data is ever required (e.g., accessibility reasons), we will ask for explicit consent.
5. Cookies and Tracking TechnologiesWe use cookies and similar technologies for the following purposes:
  • Essential cookies: Required for login and website functionality.
  • Functional cookies: Remembering user preferences.
  • Analytical cookies: Collecting anonymous usage statistics (e.g., Google Analytics).
  • Marketing cookies: For targeted ads and campaign performance.
You can adjust cookie preferences in your browser settings or via our on-site cookie banner. Disabling certain cookies may limit site functionality.
6. Payments and Third-Party ProcessorsPayments are securely processed through third-party payment providers (acquirers).
We do not store or process raw payment card data ourselves.

We require all processors to implement appropriate technical and contractual data protection measures (including Data Processing Agreements and Standard Contractual Clauses where applicable).


7. Data Transfers Outside the EEAYour data may be transferred to and processed in countries outside the EEA, including Georgia (our business location) or the United States (where some providers are based).
Such transfers are made under one or more of the following mechanisms:
  • European Commission adequacy decision;
  • Standard Contractual Clauses (SCCs); or
  • Your explicit consent.
Upon request, we can provide details of these safeguards.
8. Data RetentionWe retain personal data only as long as necessary for the purposes described above, subject to legal obligations.

Data Category

Retention Period

User accounts

Until deleted by user + up to 1 year

Lesson and progress data

Up to 5 years

Lesson recordings

30 days (or longer if user consent is given)

Payment and accounting data

Up to 7 years (per tax law)

Security and log data

Up to 1 year

After expiration, data is securely deleted or anonymized.
9. Data Subject RightsIf you are an EU/EEA resident, you have the following rights under the GDPR:
  1. Access – Request a copy of your personal data.
  2. Rectification – Correct inaccurate or incomplete data.
  3. Erasure ("Right to be Forgotten") – Request data deletion.
  4. Restriction of Processing – Temporarily suspend processing.
  5. Data Portability – Obtain data in a machine-readable format.
  6. Objection – Object to processing based on legitimate interests.
  7. Withdrawal of Consent – Withdraw consent at any time.
  8. Complaint – File a complaint with your national supervisory authority.
To exercise your rights, contact us at privacy@geschool.online.
We will respond within 30 days.
10. Disclosure to AuthoritiesWe may disclose personal data if required by law, court order, or to protect our legal rights, including investigations into fraud or abuse.
11. Data SecurityWe implement appropriate technical and organizational security measures, including:
  • Encrypted data transmission (TLS/HTTPS)
  • Hashed password storage (bcrypt/argon2)
  • Access control (least privilege principle)
  • Regular backups and security audits
  • Vendor security agreements (DPAs)
Despite these measures, no system is 100% secure. In case of a data breach, we will notify affected users and authorities as required by law.
12. Third-Party Data SharingWe may share personal data with the following categories of recipients, strictly for service-related purposes:
  • Payment processors and banks
  • Video conferencing providers
  • Hosting and IT infrastructure providers
  • CRM and email service providers
  • Business partners and educational contractors
  • Public authorities (when legally required)
All data sharing is limited, contractual, and compliant with GDPR.
13. Children’s PrivacyOur services are primarily intended for adults.
If a user is under the age of 16, parental or guardian consent is required.
Parents or guardians may request access to, or deletion of, their child’s data at any time.
14. Automated Decision-Making and ProfilingWe do not use automated decision-making or profiling that produces legal or significant effects on users without their explicit consent.
15. Updates to This PolicyWe may update this Privacy Policy periodically.
If significant changes occur, we will notify registered users by email and post the revised version on our website with a new effective date.
16. Contact UsIf you have questions or requests regarding this Privacy Policy or our data practices, contact us at:
📧 privacy@geschool.online
If you are in the EU/EEA and believe your data protection rights have been violated, you may also file a complaint with your national data protection authority.



Made on
Tilda