Data protection policy

Data protection policy

1. The Company's policy regarding the processing of personal data is based on the principles established by the legislation of Georgia and fully complies with it. The company strictly protects the security and confidentiality of personal information and also, in accordance with the law, provides for the process of collection and use of personal information, as well as data protection procedures.
2. In the event that you, as a patient, decide to accept the product / service offered by the Company and, consequently, agree to the rules of personal data processing in order to fulfill the obligations under the agreement / contract between you and the Company and the specifics of the activity (client / customer and company) ) May process and / or share a variety of personal data, including specific categories of data.
3. The recipient of such information must ensure that he / she has fully implemented internal rules / systems for confidentiality and protection of personal data, binding regulations that are / will be in full compliance with applicable law and that are fully disseminated to information received from the processor / transmitter. Accordingly, each party to this relationship (both the data processor / transmitter and the authorized / recipient and any of its subcontractors) is required to ensure that its activities are in full compliance with the requirements of personal data protection legislation and also strictly adhere to the following conditions:
   • To process personal data in accordance with the principles established by law, and if the law provides for the processing of data by the data subject, to obtain / obtain the said consent (in writing or electronically). Consent must be given in a voluntary, clear, simple and understandable language. However, such consent must be submitted immediately to the data recipient upon request.
4. The person authorized to process personal data / the recipient of the information will be obliged to:
   • To process the data provided by the data processor to the extent and within the scope necessary for the fulfillment of the terms and purposes specified in the agreement / agreement between the parties or provided by law or at the request of the regulator;
   • Introduce all technical or organizational measures and take all necessary actions to prevent unauthorized or illegal processing of personal data supplied by the data processor, their loss, destruction, damage, unauthorized alteration or disclosure, and to notify the data processor of the measures taken by it;
   • without the consent of the data processor, not to transfer the information provided by the data processor to third parties (except for those third parties to whom the transfer of data is necessary to fulfill the obligations defined by the agreement signed between the parties and/or by force of law), moreover, for any reason, in case of data transfer to third parties, The authorized person is obliged to transfer data on the basis of a written agreement, according to which the third party and/or its sub-contractors will be obliged to take all necessary technical or organizational measures and take all actions to avoid unauthorized or illegal processing of personal data, their loss, destruction, damage, unauthorized modification or disclosure;
   • Compensation for any damage / loss that may be caused to the data processor as a result of non-fulfillment and / or improper fulfillment of the obligations imposed by the authorized person on data processing and / or provided by law. The authorized person agrees to compensate and protect the data processor from any (including indirect) damages (which includes consequential damages without any limitation), from the complaint, from the costs (which without any limitation include the costs incurred by the data processor from exercising its rights), legal And from any other liability that may arise as a result of such breach.
5. Each data subject has the rights set forth in this Article. The exercise of these rights shall be promptly responded to by the Company Responsible Group and the exercise of these rights may not impose any objection to the data subject;
   • The data subject is entitled to receive the following information about the processing of personal data:
     • which data is processed and for what purpose;
     • Data collection / extraction source;
     • Data storage period (time), or if a specific period cannot be determined, criteria for determining the period;
     • On the rights of the data subject;
     • If data is transferred to another state or international organization, information about the legal basis and purposes of data transfer, as well as appropriate data protection guarantees;
     • If the data transfer is to a third party, the identity of the data recipient or the categories of recipients, including information on the basis and purpose of the data transfer.

6. During the period of using the company or providing services to it, as well as after the termination of the contractual relationship, the company is authorized, for the purposes defined in this policy, to process the information about the data subject, including his personal data.
7. The processing of data by the Company, without any limitation, includes any action taken against the data using automatic, semi-automatic or non-automatic means, in particular, their extraction, collection, recording, photo, audio recording, video recording, organization from a data subject or third party (s) , Storing, modifying, restoring, retrieving, using, or disclosing, grouping or combining, blocking, deleting, or destroying data by transferring, distributing, or otherwise making it available.
8. The company processes information about the data subject or third party(s) named by it for specific purposes, you agree to the collection and processing of such information by Synevo Georgia for the purposes described in this document. The information we collect and process from you may include:
   • Name and surname of the data subject;
   • the number of your ID card or any other identification document and the country of issue;
   • Registered and / or actual residential address;
   • Phone / cell phone number;
   • Email address;
   • demographic data (such as your gender and date of birth);
   • Medical history (information about the patient's health and social status, information about the workplace, doctor's visits, current health status, information about past illnesses, biological and genetic data, laboratory research results, information about the costs (calculation) of medical services, etc.) , prescriptions, medications and more.
   • Audio and video monitoring records (if any);
   • the first 6 and/or last 4 numbers of the debit/credit card, the name and surname of the cardholder and the unique operation code;
   • Payment operations for services/products purchased in Synevo Georgia;
   • Insurance data (such as your insurance company, insurance policy data, insurance application data, warranty letter, insurance plan and insurance draft);
   • Data of the person for whom you decide to call laboratory analyzes at home (name, surname, personal number, citizenship, date of birth, gender and E-mail).
   • Any other data related to the data subject and as a result of which it is possible to identify and / or characterize the data subject and / or group him / her with other clients by physical, physiological, psychological, economic, cultural or social characteristics of the person.
   • Any other information you voluntarily choose to provide to us (such as photo, height, weight, allergies, blood type, etc.).
9. The patient/user is responsible for the accuracy of the information he provides to the Company, such as his contact details when registering an account. In the case of changes in the personal information of the patient/user, he/she has the opportunity to correct, delete the inaccuracy or make a change in it. The Company will take appropriate measures to make the requested changes to the Company's then-current databases as quickly as possible. If any information provided by the patient/user is untrue, inaccurate, out-of-date or incomplete (or has become untrue, no longer accurate, out-of-date or incomplete), or Synevo reasonably suspects that the information provided by the patient/user is incorrect inaccurate, out-of-date or incomplete, may terminate the provision of services to the patient/customer in accordance with the laws of Georgia.
10. In the case of payment for medical services and other products by debit/credit card, the Company will collect such "Customer's" credit card number and/or other financial institution information, such as bank account numbers, and use such information for billing and payment transactions, including, without limitation, Such credit card number and information will be shared with and disclosed to third parties when necessary to complete such billing transaction. However, credit information is verified only through patient/customer authentication. Transactions based on patient/customer credit/debit card data are carried out between networks of verified payment gateways, the so-called Gateways with secure sites that are digitally encoded, providing the highest quality care with today's technology.
11. Synevo Georgia does not exercise control over the sites that appear as a result of searches or as links to its website services (if any). These other sites may place their own short information files (so-called cookies) or other files on the patient's/user's device, collect information on it or request the patient's/user's personal information, for which Synevo Georgia is not responsible. Accordingly, Synevo Georgia does not guarantee the data protection methods of such websites and the accuracy, reliability or quality of the information, data, text, software, sound, photos, graphics, videos, messages or other material posted on them. If the patient/user chooses to visit a linked third party website, they do so at their own risk. Synevo Georgia encourages the patient/user to read the data protection policies of third parties.
12. The purpose of processing the information provided by the patient to the company is to produce an appropriate outpatient medical card for the services to be provided to the patient in order to provide the service. Medical diagnostics, treatment and medical services, protection of the vital interests of the person, archiving of data in the public interest, improving the quality of services provided, responding to complaints / claims, receiving medical services from insurance companies and / or receiving relevant financing (s); .ش.
13. If the data subject, in order to receive the service, provides the company with information about third parties, including, and not only, information about personal data, health and social status, etc., and the company processes this information, including personal data, to perform the service or / And for marketing purposes, the data subject himself is obliged to obtain the consent of the said persons for the processing of their personal data by the company. The fact that the data subject provides such information to the company (or its authorized person) implies obtaining the consent of the data subject from that person and no longer requires the company to obtain such confirmation. The data subject himself is responsible for any damage / loss that may be caused to the company in case of non-fulfillment and / or improper fulfillment of the obligation by the data subject. The data subject agrees to indemnify and protect the Company from any damages (which, without any limitation, result in consequential loss), from the complaint, from the costs (which, without any limitation, include the costs incurred by the Company in exercising its rights), from legal proceedings and any other liabilities. Violation may result.
14. The data subject authorizes the company to implement various marketing offers, to send short text, voice and / or other advertising messages by the data subject by phone, E-mail or other telecommunications or to offer services, goods, goods or services through direct communication with customers. Request.
    • The data subject has the right to request the data processor at any time to terminate the use of data about him for direct marketing purposes, no later than 3 (three) working days after receiving the data subject's request.
    • Personal data processed for direct marketing purposes is stored for a period of direct marketing after the data subject has given its consent to the direct marketing.
15. In order to ensure security and property protection, as well as quality control of the service, in compliance with the requirements of the Law of Georgia on Personal Data Protection, the company monitors the exterior perimeter and entrances of the building, workplaces through video surveillance and audio recording systems, and audio recording during telephone communication with the company.
16. In order to improve customer service, the data subject will be informed about the video surveillance and audio recording in the company's service areas, as well as the recording of telephone calls during the company's telephone communication in the form required by law.
17. When using or receiving services from the Company, as well as after such termination, the processing of information received by the Company for appropriate purposes will continue / be carried out for a period that is consistent with the goals and interests of the Company, required by the Regulator and / or provided by law. After the expiration of these deadlines, the company is obliged to ensure the destruction of relevant personal data (both electronic and paper carrier) in accordance with the rules established by the company.
    • The processing of data provided by the data subject to the company through electronic channels (web browser, company website, internet company, mobile company, company mobile applications and / or other means of data transfer) is not terminated by the data subject. In case of deletion from the channels, the mentioned data will also be stored for the period that is in line with the goals and interests of the company, required by the regulator and / or provided by law.
    • At the request of the data subject, the company will provide the data subject with the information in the company regarding his personal data within the framework provided by law.
    • If the data subject considers that the information about the data subject in the company is untrue or incomplete, he / she is obliged to immediately inform the company in writing and the company is obliged to immediately provide the relevant information correction.
18. If the patient/user wishes to deactivate or cancel the account (profile) and/or applies to the company with a request that the company no longer uses his information to provide him with services, he can contact the company at this E-mail address info@synevo.ge with the help of. The Company reserves the right to retain patient/customer information as long as the Customer's Services account is active and services are required to be provided to the Customer. The Company will not retain such information for longer than is necessary for the purposes for which the information may be lawfully used or otherwise required by then-current law. The Company may de-identify and aggregate and then store patient/customer data if such action is necessary to provide the Company's services more effectively. Additionally, de-identified data will only be used for analytical/statistical purposes. As a result of withdrawal of consent or account cancellation by the patient/customer, Synevo will no longer be able to provide you with services or terminate any relationship with the patient/customer.
19. The rules and processes, which are not defined by this policy, are regulated in accordance with the legislation of Georgia.
20. By using this "website", the patient/user confirms that he/she has read, understood and agreed to the methods and policies defined in the "Data Protection Policy" and agrees to be bound by the "Data Protection Policy".
21. After reading this document, the user agrees to the methods of collection, processing and disclosure of his personal data described in the "Data Protection Policy".
22. The user acknowledges that this "Privacy Policy" forms part of the terms of use of the website and services and unconditionally declares that by becoming a user of the website and its services, he thereby (i) agrees to the "Privacy Policy" and (ii) agrees Synevo Georgia's use, collection, processing and/or disclosure of its personal information in the form and for the purposes specified in the "Data Protection Policy".
23. Customer / Client is entitled to contact the Company at any time to obtain the necessary information related to this policy to the address: st. Tbilisi, Tsinandali st. №9, or by E-mail: info@synevo.ge, or contact: (+995 32 393833).

Appendix 1

Consent to the processing of personal data

1. By giving your consent to the processing of personal data, for the purpose of providing medical services, ensuring high quality of services, as well as improving quality, fulfilling contractual and legal obligations, you, as a patient, confirm your prior consent to the company and give it the right to the following:
2. The company processes the personal information (identification data, contact data, medical clinical data) received about the patient and/or his treatment and/or representative for the purpose of receiving services in the company, including using software (automatic and/or semi-automatic processing), both through its direct employees/medical staff, invited persons, and also through its contractors, including those contractors who are directly or indirectly involved in providing services or any part thereof to the patient and/or receiving quality services (eg: insurance company serving the patient, attending physician/medical institution, etc.).
3. We respect your privacy and therefore the personal data we process:

• processed legally, fairly and transparently;
• is collected for clear, specific and legitimate purposes and only in accordance with those purposes;
• is adequate, relevant and not excessive for the purposes for which it is developed;
• are accurate and updated as necessary;
• Stored in a form that allows the identification of data subjects for the period necessary for the purposes for which these data are processed.

4. Synevo Georgia processes information about the data subject or third party(s) named by him for specific purposes, you agree to the collection and processing of such information by Synevo Georgia for the purposes described in this document. The information we collect and process from you may include the following: including, but not limited to, the following personal data:

• Name and surname of the data subject;
• the number of your ID card or any other identification document and the country of issue;
• personal number;
• Registered and / or actual residential address;
• Phone / cell phone number;
• Email address;
• demographic data (such as your gender and date of birth);
• Medical history (information about the patient's health and social status, information about the workplace, doctor's visits, current health status, information about past illnesses, biological and genetic data, laboratory research results, information about the costs (calculation) of medical services, etc.) , prescriptions, medications and more.
• Audio and video monitoring records (if any);
• Any other data that is related to the data subject and as a result of which it is possible to identify and/or characterize the data subject and/or to group him with other customers by physical, physiological, psychological, economic, cultural or social features of the person. The first 6 and/or last digits of the debit/credit card 4 numbers, name and surname of the card holder and unique operation code;
• Transactions for payment of the cost of purchased services/products;
• Insurance data (such as your insurance company, insurance policy data, insurance application data, warranty letter, insurance plan and insurance draft);
• Data of the person for whom you decide to call laboratory analyzes at home (name, surname, personal number, citizenship, date of birth, gender and E-mail).
• Any other data related to the data subject and as a result of which it is possible to identify and / or characterize the data subject and / or group him / her with other clients by physical, physiological, psychological, economic, cultural or social characteristics of the person.
• Any other information you voluntarily choose to provide to us (such as photo, height, weight, allergies, blood type, etc.).

5. Data processing by the company will be carried out for the following purposes: to register the user on the company's portal and database, to conduct laboratory/clinical studies, to process the results and send them to the user, to interpret the results of the answers or analysis, to regulate the relationship between the company and the user, to refer to the referring doctor. In addition, this should be carried out in accordance with the requirements of the applicable legislation in the scope and scope necessary to provide the service, without obtaining any additional consent.
6. Data processing includes any activity performed by the Company, including data collection, extraction, access, photography, video surveillance and / or audio monitoring, organizing, grouping, interconnecting, storing, modifying, restoring, retrieving, using, blocking, deleting, or destroying , The disclosure of data through its transmission, publicity, dissemination or otherwise accessible. The data will be processed by the Company only for the purpose for which it was collected and / or provided by law.
7. To the extent necessary to provide services to the patient/customer, Synevo Georgia will provide information to contractors working on behalf of Synevo Georgia or with Synevo Georgia to operate the Application/Website. In such event, you authorize us to disclose your personal information for this purpose only to contractors with whom we will maintain strict confidentiality obligations.
8. You agree that the medical facilities, insurance companies and other providers of Synevo Georgia (hereinafter referred to as "Providers") whose services you choose to receive through the Company's application/website, may process and share with Synevo Georgia your personal data that they process/share. Necessary to provide the Services to you. The said data will be processed to the extent and within the scope necessary to provide you with the services provided by the application/website.
9. Notwithstanding the foregoing, Synevo Georgia is not responsible for the privacy, security or dissemination of your personal information by our partners/providers and third parties beyond the scope of the agreement signed with such partners and third parties. In addition, Synevo Georgia is not responsible for any breach of security or actions of third parties or events beyond Synevo Georgia's control, including, without limitation, government actions, computer hacking, unauthorized access to computer data and data storage equipment, computer crashes, security and coding violations, poor quality of internet service or "customer" telephone service, etc.
10. Depending on the complexity of the company's services, your data may be shared with the company Medicover Sp. z o. o. registered office in Warsaw (00-807), al. 96 of Yerosolimsk; (with registration number 0000021314, NIP (tax identification number) 525-15-77-627, REGON (statistical number) 012396508), which is the company's contractor in terms of data processing and to which data is sent for statistical analysis and business research only in aggregated or de-identified form. Adequate guarantees of protection of data sent to Medicover company are provided by the general agreement signed between Synevo Georgia and Medicover on data sharing and processing.
11. The company does not store/distribute/process the user's personal data outside the European Economic Area, unless the user himself or his doctor is outside this area.
12. The transfer of the patient's personal information to third parties (except for the above-mentioned persons), in particular, the state, regulatory bodies, persons financing the service or its part, law enforcement bodies and others, will be carried out in accordance with the law. The mentioned information may be transferred even in cases not directly foreseen by the legislation, for the protection of legal interests, based on the reasonable need and/or the essence of the request;
13. During the use of the Company's services, as well as after its termination, the Company will continue to process the patient's personal information for the purposes specified for the purposes of the medical services and / or required by regulatory bodies and / or provided by law.
14. You also consent to the processing of your personal data for direct marketing purposes within the limits and in the manner permitted by law.
15. You acknowledge that you have received complete and exhaustive information about your rights under Georgian law, including the fact that, at your request, the data processor is obliged to correct, update, add, block, delete or destroy data if it is incomplete, inaccurate, Not updated, or if their collection and processing was carried out against the law.
16. If you do not agree with the data collection, processing, sharing and protection methods described in the "Data Protection Policy", do not use Synevo Georgia Services.
17. By signing this document, you agree to the methods of collection, processing and disclosure of your personal data described in the "Data Protection Policy".
18. In certain cases, you have the following data protection rights:

• The right to access, update or delete the information we have about you. At any time, whenever possible, you will be able to view, update your "Personal Data" or request its deletion. If you are unable to perform these actions yourself, please contact us for assistance.
• Right to rectification: You have the right to correct your information if it is not correct or complete.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where Synevo Georgia needs your consent to process your personal information. If you no longer want Synevo Georgia to process your personal information, please contact us info@synevo.geon Such withdrawal of consent will result in cancellation/termination of your profile (if any).

* Please note that before responding to such a request, we have the right to request your personal identification.

19. If you wish to deactivate or cancel your account/profile and/or request that we no longer use your information to provide you with the Services, please contact us at this email address info@synevo.ge with the help of. We have the right to retain your information as long as your Services account is active and as long as it is necessary to provide the Services to you. We will not retain such information for longer than is necessary for the purposes for which we may lawfully use the information or as otherwise required by then-current law. We may de-identify and aggregate and then store your data if such action is necessary to provide our services more effectively. Additionally, de-identified data will only be used for analytical/statistical purposes. Please note that as a result of your withdrawing your consent or canceling your account, Synevo Georgia will no longer be able to provide you with services or terminate any relationship with you.
20. If you are the legal representative of another person (for example, your child), you represent that you are authorized to (I) acknowledge the "Data Protection Policy" on behalf of that person and (II) consent to the collection, processing, sharing and The protection methods described in the "Data Protection Policy".
21. The company has the right to update the "Data Protection Policy" at any time. In the event that significant changes have been made to the handling of patient/user personally identifiable information or to the "Data Protection Policy", you will be notified accordingly. And in the event that you object to any changes to the Terms and no longer wish to receive the Services, contact us by email to deactivate "your" account. info@synevo.ge
22. If you do not wish to receive advertising and marketing information about the Services, please send us an email to the following email address: info@synevo.ge
23. For any issues related to the protection of personal data in "Synevo Georgia" Ltd. you can contact us at the following E-mail address: info@synevo.ge

contact information:

Full legal name of the company: Synevo Georgia LLC

Identification number: 204525736

Legal address: Georgia, St. Tbilisi, Tsinandli st. No. 9

E-mail: info@synevo.ge

Phone: (+ 995) 32 2800 111