2 10 10 10
English (EN)
COMPANY
  • About us
  • History
  • Team
  • Partners
    • INFORMATION
  • Audit Reports
  • Financial Statements
  • Terms & Conditions
    • HELP
  • Voice of Customer
  • FAQ
  • Insurance Houses
  • Contact
    • Georgian English
    Georgian English
    MY ROOM

    Terms and Conditions of Website/Application Use

    Please read these Terms and Conditions carefully.

    Please note that by using the website/mobile application, you automatically agree to these Terms and Conditions, which govern the relationship between JSC ARDI Insurance and the user.

    The insurance services provided on the website/mobile application are regulated by an individual insurance contract and applicable insurance legislation.

    JSC ARDI Insurance (ID: 405662242; Address: Tbilisi, 28 Z. Anjaparidze St.)
    (hereinafter referred to as “ARDI”, the “Corporation”, the “Insurer”, or “we”)

    User: Any person using the website (www.ardi.ge) and mobile application (ARDI Insurance)
    (hereinafter referred to as the “User” or “you”)

    The Corporation reserves the right to amend these Terms and Conditions at any time in accordance with applicable legislation. Such amendments shall enter into force upon their publication on the website/mobile application.

    Definitions

    For the purposes of these Terms and Conditions, the following definitions apply:

    • Website: The Corporation’s online platform – https://ardi.ge/ge
    • Mobile Application: The Corporation’s mobile software – ARDI Insurance
    • My Room: The User’s personal account used for remote management of their insurance policy
    • Insurance Policy: A signed document issued by the Insurer certifying the existence of an insurance contract
    • Digital Policy: An insurance policy issued in electronic form
    • Online Payment: A financial transaction performed electronically
    • Discriminatory Information: Any information that discriminates against, demeans, humiliates, or insults an individual based on specific characteristics
    • Copyright: Rights covering works of science, literature, and art, representing the result of intellectual and creative activity, regardless of purpose, value, genre, volume, form, or means of expression
    • Trademark: Any symbol registered in the trademark registry capable of distinguishing the goods and/or services of one enterprise from another
    • Third Parties: Any natural or legal person other than the Corporation
    • Force Majeure: Circumstances beyond the control of the parties caused by irresistible force

    Eligibility for Access

    It is assumed that any User accessing the website/mobile application is at least 18 years old, legally capable, and assumes all rights and obligations arising from actions performed in the online environment.

    The Corporation shall not be responsible for any legal consequences arising from the use of the website/mobile application by persons under 18 years of age.

    User Account and Security

    You may create a personal account (“My Room”) through the website or mobile application.

    The User is responsible for the accuracy and validity of the information used during account creation (name, surname, personal ID number, phone number, and password).

    We ensure the secure and uninterrupted use of the website/mobile application and your personal account.

    However, the Company shall not be liable if you disclose your account credentials to third parties or make them accessible through negligent action or omission.

    Sharing account credentials is permitted only if it serves your best interest.

    The dissemination of offensive, discriminatory, or defamatory content through the website/mobile application is strictly prohibited.

    Intellectual Property

    • All images, visuals, trademarks, texts, agreements, designs, and any other content размещებული on the website/mobile application belong to the Corporation, unless otherwise specified.
    • It is prohibited to copy, reproduce, distribute (including via social media), or use such materials for commercial purposes without prior written consent of the Corporation.
    • The website, its content, structure, and design are fully protected by ARDI’s copyright.
    • ARDI holds exclusive rights over all intellectual property created and registered by it, including the company name and trademarks.
    • Names, trademarks, logos, and links of third parties displayed on the website belong to their respective owners.

    Rights and Obligations of the Parties

    We:

    • Take all necessary measures to ensure the protection of your rights in compliance with applicable legislation
    • Ensure uninterrupted access to the website/mobile application
    • Are responsible for storing and processing personal data required for proper use of services (see Privacy Policy)
    • Reserve the right to restrict access in case of violation of these Terms
    • May amend these Terms in accordance with law and corporate policy

    You:

    • Have full access to all necessary functionalities
    • May request complete information regarding the platform
    • May report technical or informational inaccuracies
    • Undertake to use the platform in good faith and not upload unlawful or harmful content
    • Must keep your contact/banking details updated

    Limitation of Liability

    The Corporation shall not be liable for:

    • Technical failures unknown to us at the time
    • Errors caused by incorrect information provided by the User
    • Force majeure circumstances
    • Consequences of User negligence in sharing personal data
    • Outcomes related to third-party websites accessed via links

    Online Insurance Products and Services

    Through the website/mobile application, you may:

    • Purchase insurance policies online
    • Use “My Room” for policy management
    • Manage your profile and policies
    • Register claims (upload documents/photos)
    • Track claim status in real time
    • View policy terms and coverage
    • Receive notifications (payments, expiry, renewal)
    • Download/share digital policies (PDF)
    • Add family members and manage accounts
    • Choose payment methods

    We ensure:

    • Continuous improvement of platform functionality
    • Protection of user-provided data
    • Protection of user rights

    Location Data

    In the event that the User selects the “Near Me” filter in order to search for a clinic, the User is required to enable location-sharing functionality in order to identify clinics located nearby or within a preferred location.

    By activating this functionality, the User grants the application/website access to their location data.

    Location data is used solely in real time for the purpose of utilizing the clinic search filter and is neither stored, shared, nor used for any other purpose.

    The User may disable location-sharing functionality at any time through the settings of their device.

    Without granting access to location data, the “Near Me” filter will not function; however, all other features of the application/website will remain fully accessible.

    Governing Law and Dispute Resolution

    In the event of any dispute or disagreement, the parties shall seek to resolve the matter through mutual negotiations.

    In the event that such negotiations fail, the dispute shall be resolved by the common courts of Georgia in accordance with the legislation of Georgia.

    Contact Information

    You may contact ARDI via:

    • Phone: +995 32 2101010
    • Email: office@ardi.ge / quality@ardi.ge

    Personal Data Protection and Privacy Policy

    General Provisions

    This Personal Data Protection and Privacy Policy has been developed by JSC ARDI Insurance (hereinafter referred to as the “Insurance Company”, “ARDI”, or the “Insurer”) for the purpose of ensuring the protection and security of personal data, in compliance with both the legislation of Georgia and applicable international legal acts.

    It is important to note that the Insurance Company is a representative of the financial sector engaged in the provision of insurance services. The activities of insurance service providers are supervised by the regulatory state authority – LEPL Insurance State Supervision Service of Georgia.

    In the course of providing insurance services, ARDI processes personal data, the scope and variety of which depend on the nature of the respective insurance products, insurance activities, and the requirements necessary to ensure proper and complete service delivery.

    For the effective implementation of the Company’s objectives and core activities, it is essential to ensure the security of collected data and to establish internal processes in accordance with applicable legal requirements (confidentiality, availability, and integrity).

    Furthermore, information security within the insurance organization is regulated in accordance with the Law of Georgia on Information Security. Accordingly, the Insurance Company complies with the requirements established by personal data protection legislation and ensures the security of personal data, while also achieving a higher level of protection through adherence to information security regulations.

    ARDI safeguards all data entrusted to it, continuously develops internal data protection standards, and thereby offers its customers reliable, high-quality insurance services.

    Definitions and Abbreviations

    • Company – the Insurance Company, ARDI, the Insurer;
    • Insurance Activity – the activity of the Insurer related to the conclusion and performance of insurance and reinsurance contracts. The right to carry out insurance activity is obtained through licensing;
    • Insurance – a legal relationship aimed at protecting the personal and property interests of natural and legal persons upon the occurrence of a certain event (insured event), financed through monetary funds formed by insurance contributions (insurance premiums) paid by such persons, as well as other sources permitted by law;
    • Insurance relationships may be established in the form of both voluntary and mandatory insurance;
    • Policyholder (Insured Party / Applicant) – a natural or legal person who has entered into an insurance contract with the Insurer;
    • Insured – a natural or legal person in respect of whom insurance is effected. The Policyholder may simultaneously be the Insured, unless otherwise provided by the insurance contract;
    • Beneficiary – a natural or legal person who, in accordance with the insurance contract or applicable legislation on compulsory insurance, is entitled to receive insurance compensation;
    • Insurance Agent – a natural or legal person acting on behalf of and under the instruction of the Insurer, within the scope of authority granted by the Insurer;
    • Insurance Broker – an individual entrepreneur or a legal entity established in accordance with the legislation of Georgia, registered with the LEPL Insurance State Supervision Service of Georgia, and independently carrying out intermediary activities in the field of insurance as a form of entrepreneurial activity;
    • Reinsurance – an operation whereby the Insurer, on the basis of a reinsurance contract and taking into account the specific terms of each such contract, transfers, in whole or in part, the insurance risk and the associated loss to a reinsurer;
    • Insurance Policy – a signed document issued by the Insurer certifying the existence of an insurance contract;
    • Insurance Risk – an event characterized by the possibility and uncertainty of its occurrence, against which insurance is provided;
    • Insured Event – an event upon the occurrence of which the insurance contract provides for the payment of insurance compensation;
    • Object of Insurance – the lawful interest of the Insured related to life, health, property, or liability, the impairment, loss, or occurrence of which may give rise to the Insurer’s obligation to provide insurance compensation;
    • Contract – a transaction concluded by the Insurance Company with any other person (natural person, legal entity, public or private legal entity, etc.);
    • Availability – the requirement that any information system must ensure the availability of information when necessary to achieve its purpose. Accordingly, information systems used for storing and processing data, the security controls applied to protect such data, and the communication channels used for accessing it must function properly;
    • Company Data/Information – includes, but is not limited to: data/information generated by the Company; data/information over which the Company holds intellectual property rights; data/information owned or archived by the Company; communications sent from and received by the Company, regardless of the medium on which they are stored, including, for example: systems connected to corporate data or telephone networks; systems operated by the Company or by third parties on its behalf; mobile devices used to access the Company’s network or on which Company data is stored; and cloud services provided by third parties on behalf of the Company;
    • Computer – any computer or laptop, mobile device (e.g., mobile phone, smartphone, tablet, etc.), server and/or other storage device that:
      • i. is used in the provision of services;
      • ii. may be used to access a network or information carrier; or
      • iii. enables access to or storage of confidential information;
    • Confidential Information – any information, regardless of the format in which it is presented (e.g., oral, written, or in any other intangible form), including but not limited to: data, personal information, intellectual property, passwords, information relating to the Company’s customers, providers, partners, and personnel; information about the Company’s products that has not yet been made public; information related to transactions carried out in the course of payment services, including the User’s funds and related data; as well as information regarding performed operations (including attempted operations).
    • Confidentiality – the assurance of information security requirements, ensuring that information is not disclosed to the public and/or transmitted to unauthorized persons or entities, and is not used or transferred through any unauthorized processes;
    • Information Security Incident – an incident constituting an apparent or hidden violation of the Company’s information security policy or this Policy;
    • Security Incident Affecting Data Protection – an incident meaning a breach of personal data security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed, or any unauthorized collection or processing thereof. The identification of such circumstances constitutes the detection of a security incident affecting data protection;
    • Integrity – in the context of information security, the maintenance and assurance of the accuracy and completeness of data throughout its lifecycle (data cannot be altered without authorization or proper disclosure);
    • User – a person who uses the Company’s services;
    • Personal Data – any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to identifiers such as a name, surname, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person;
    • Identified – generally refers to identification by name; however, identification is not limited to a person’s name and surname, and the term “Personal Data” includes all elements relating to the identity of the data subject as described above;
    • Identifiable – means that a person can be identified by analyzing data or elements that are already available or can be obtained from other sources;
    • Data Subject – a natural person whose personal data is processed by the Company (e.g., employees, customers, or business partners – natural persons);
    • Processing of Personal Data – any operation or set of operations performed on personal data or sets of personal data, whether by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
    • Pseudonymized Data – the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data cannot be attributed to an identified or identifiable natural person;
    • Depersonalization (Anonymization) – the processing of data in such a way that it is impossible to link the data to a data subject or such linkage would require disproportionate effort, cost, and/or time. Anonymous data shall not be considered personal data;
    • Data Controller – a natural or legal person, whether private or public (including public authorities, institutions, and their territorial units), which determines the purposes and means of processing personal data and processes such data directly or through an authorized processor;
    • Data Processor – a natural or legal person, whether private or public, which processes personal data on behalf of and for the Company. This may include the Company’s service providers or affiliated entities that have access to personal data (e.g., training service providers, advertising agencies, or other entities processing data on behalf of the Company);
    • Joint Controller – a person who, together with the Company, determines the purposes and means of processing personal data;
    • Recipient – a public authority or any other body to which personal data is disclosed in accordance with the law, regardless of whether it is a third party;
    • Profiling – any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, reliability, behavior, location, or movements;
    • Consent – any freely given, informed, and explicit indication of the data subject’s wishes, whether in written or electronic form, by which the data subject signifies agreement to the processing of personal data. Confirmation shall be carried out in accordance with the form in which consent is given;
    • Special Category Data – data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning a person’s sex life, as well as data relating to criminal proceedings, criminal records, victim status, detention, and enforcement of penalties. This also includes biometric data (e.g., fingerprints, facial images), behavioral characteristics (e.g., gait), and genetic data (e.g., DNA, genetic heritage, stem cells, unique human data)

    Purpose of the Personal Data Protection and Privacy Policy

    The purpose of this Personal Data Protection and Privacy Policy is to ensure the legal compliance of the Company’s activities and services, which includes, inter alia:

    • ensuring that personal data is processed in accordance with legitimate purposes for which it was collected, and that collected data is protected through lawful processing;
    • reviewing and improving existing processes, as well as implementing new operational procedures aimed at maximizing the protection of personal data and enhancing data protection standards;
    • ensuring the availability of information regarding the processing of personal data to interested parties;
    • ensuring proper and adequate information is provided to data subjects;
    • establishing and verifying appropriate security and protection measures when processing personal data;
    • ensuring the secure storage of data within the Company’s day-to-day and core operational processes and preventing, by any means, unauthorized access to such data by third parties;
    • defining the rules of data confidentiality and acting in accordance with such rules to ensure their protection.

    Personal Data

    The Company conducts insurance activities both through service centers and via remote channels, including the ARDI website and mobile application. Accordingly, ARDI may collect data directly from the User and/or from third parties.

    In the course of carrying out insurance activities, entering into insurance contracts, and providing services, the Company processes various types of information/data, including but not limited to:

    identification data of natural persons; business-related information; information related to service/product development, marketing, and business planning; customer information; human resources data; consultation, partnership, and contractual information; information relating to a natural person’s health, property, ownership, possession, and banking details; inheritance-related information; information and documentation related to medical and other services provided to individuals; information about motor vehicles and their owners; professional information and information related to the performance of professional obligations; resumes (CVs); financial transaction data, including bank payments and receipts; communication data; and any other information that may arise in the course of the Company’s activities.

    Within the scope of insurance activities, the Company provides insurance products to Users. Depending on the type of such products, applicable legislation may establish similar and/or different approaches and rights for the proper management of insurance interests.

    Personal data includes any information relating to an identified or identifiable natural person, including, but not limited to:

    Categories of Personal Data

    Identification Data:

    • Name, surname;
    • Personal identification number;
    • Date and year of birth, age;
    • Gender;
    • Data contained in identification documents (including photograph and signature), birth certificates, vehicle ownership documents, marriage certificates, driving licenses, passports, residence permits, copies of such documents, etc.;
    • Citizenship, residency, and temporary residence data (including certificates and related information);
    • Data relating to the insured object.

    Contact Data:

    • Residential and/or registered addresses (including, where applicable, place of employment);
    • Email address;
    • Telephone number.

    Personal/Individual-Related Data:

    • Education, profession, CV/resume, copies of diplomas, qualification certificates, and other certifications;
    • Information about parents and family members (spouse, children, dependents), marital status;
    • User accounts within the Company’s applications;
    • Employment-related data, including employer name and identification data, work phone number, work email, position, department, manager’s name, employment start and termination dates;
    • Information regarding ownership, property, and related rights;
    • Information on legal proceedings;
    • Information/documentation related to the death of a person;
    • Birth certificate and related information.

    Economic Data:

    • Personal data related to payments, receipts, and financial documentation;
    • Banking data (including salary account details).

    Insurance-Related Data:

    • Policy number and policy-related information;
    • Information on insured events and damages;
    • Information about motor vehicles;
    • Insurance-related information;
    • Data related to inheritance, estate, and related matters, including family members’ data and banking information;
    • Information on the legal status and actions concerning the insured object;
    • Geolocation data (e.g., location of road accidents, trajectory, details, location of insured property, location of insured event, etc.);
    • In liability insurance cases: data regarding the insured’s qualifications, experience, services provided, disputes, and all related documentation (including claims, complaints, requests in any form, correspondence, records, etc.);
    • Information obtained for service improvement purposes;
    • Health-related information, including medical history (anamnesis);
    • Information regarding intoxication by alcohol and/or other narcotic substances while operating a motor vehicle.

    AML/KYC Data:

    • Information regarding a person’s (and, where applicable, family members’ or relatives’) political activity (including relationships with politically exposed persons, positions held by such persons) and/or origin;
    • Employment history for the past five years, where required;
    • PEP (Politically Exposed Person) status;
    • Passport/ID document data;
    • Information on source of income, activity, and approximate income.

    Technical Data:

    • Geolocation data (e.g., fuel stations used by employees, accident locations, trajectories, and related details);
    • IP address, login/authorization time;
    • Electronic identifiers, authentication, and registration data.

    Special Category Data (Sensitive Data):

    • Health-related data, including diagnoses;
    • Medical form N100 and physician notes regarding health condition, examinations, and/or prescribed treatments;
    • Data concerning medical services provided or to be provided, including related medical records;
    • Test results, medical analyses, conclusions, expert opinions;
    • Financial documentation related to medical services (calculations, receipts, proof of payment);
    • Information obtained from provider clinics (including dental/medical), including oral information, emergency, inpatient, and/or dental services, and related documentation;
    • Information related to contractual relationships/records arising from specific insurance claims or cases;
    • Information regarding medical consultations, including services provided by physicians where professional liability is insured;
    • Expert examination reports;
    • Official documentation issued by investigative and/or administrative authorities;
    • Clinical records, including history and progress of medical procedures (e.g., surgical history);
    • Any other data related to an insured event.

    The above list highlights a non-exhaustive переჩა of personal data, including special categories of data, as such data may exist in various forms and formats. However, their classification and distinction within personal data are determined by the following categorization and definitions.

    Information on the Processing of Personal Data in the Course of Insurance Activities and the Purpose of Processing

    Main Forms of Processing

    Collection – collection, obtaining, recording, capturing images (photography), audio recording (including call center audio monitoring), and video recording (where necessary and based on appropriate authorization);

    Processing – classification, organization, structuring, grouping, combination, consolidation, and linking;

    Use – utilization of data for defined purposes;

    Disclosure/Dissemination – disclosure means the transfer, distribution, or otherwise making data accessible;

    Maintenance – storage (on any type of information carrier), modification, restoration, restriction (blocking), erasure, and destruction.

    Purpose of Processing

    Personal data of users, potential users, and their legal representatives may be collected and processed in the course of specific activities, including the Company’s core insurance operations and projects, such as:

    • conclusion and performance of contracts, including service agreements and any other types of contracts;
    • compliance with legal obligations;
    • execution of marketing activities, including the distribution of newsletters and other promotional campaigns;
    • processing of customer data for research and underwriting purposes, aimed at improving insurance services and operations, including, where necessary, the application of data protection mechanisms;
    • organization of internal and external events;
    • processing operations carried out by external partners of the Company (such as advertising agencies, service providers, subcontractors);
    • sharing information with and receiving information from joint controllers;
    • exercising rights granted under insurance contracts and applicable legislation, including investigation of insured events, verification of contractual exclusions, allocation of payments in cases of double insurance, appointment of expert examinations, obtaining and reviewing expert conclusions, cooperation with administrative and judicial authorities for the purpose of obtaining and/or verifying information, and any other form of processing necessary for the performance of insurance activities and the exercise of related rights and obligations.

    Personal data of potential employees may be collected and processed for the purpose of employment and subsequent engagement, including:

    • conducting recruitment and hiring processes;
    • compliance with legal obligations, such as assessing candidates’ qualifications and skills prior to employment, maintaining occupational health and safety records, participation in training and educational programs, maintaining audit registers, withholding and paying legally required taxes, and providing benefits in accordance with applicable regulations;
    • reporting to competent authorities and institutions, where required;
    • evaluation of professional experience and provision of training for the development of professional growth programs, based on professional and technical assessments;
    • statistical and analytical purposes, and other related activities.

    Use of Personal Data and Data Security

    Regardless of the category of personal data, such data shall be used solely for the purposes for which it was collected from data subjects (including the Company’s customers, non-customers, employees, contractors, and partners), of which the data subject has been informed and/or to which the data subject has consented (where such consent is required), and only for the period necessary to achieve those purposes, as well as for the period required to comply with legal obligations or to protect the legitimate interests of the Company.

    For the same purpose, and to ensure the lawfulness of personal data processing, in the event that a data subject withdraws their consent to the processing of their personal data for marketing or other legitimate purposes requiring prior consent, the Company shall ensure the deletion of such personal data in accordance with applicable regulations.

    ARDI implements appropriate technical and organizational measures aimed at ensuring data security and confidentiality. Such measures include, but are not limited to, proper management of access rights to data, continuous training and awareness of employees, establishment of internal policies and procedures, identification of data security risks, and the implementation of processes tailored to mitigate such risks.

    Data Protection Officer

    The Data Protection Officer (LLC “Foresi” (ID: 406310291)), in accordance with the legislation of Georgia on personal data protection, ensures the Company’s compliance with applicable legal requirements and oversees the implementation and management of personal data protection measures within the Company.

    Legal Grounds for Data Processing

    The legal basis for processing personal data may include compliance with legal norms, obligations, and authorities established by legislation, as well as the data subject’s informed consent provided on the basis of agreements concluded with the data subject and/or through any other form of notification.

    The data subject shall have the right, at any time, to request suspension of data processing (including requesting additional information, erasure, transfer, restriction, or other actions) if, based on the information provided, the data subject does not wish certain processing activities to be carried out in relation to their personal data.

    It should be noted that such requests may affect or render impossible the provision of services.

    Where consent is required, the Company shall provide the data subject with full, prior, and accurate information, ensuring that such consent is freely given, specific, informed, and unambiguous.

    In addition, there are cases where the legal basis for processing is not consent, including, but not limited to:

    • where processing is necessary for the conclusion of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract;
    • where processing is required by law;
    • where processing is necessary to protect the vital interests of the data subject or another person, including for the purposes of monitoring and/or preventing the spread of epidemics, managing humanitarian crises, and natural or man-made disasters;
    • where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
    • where the data has been made public by the data subject or is otherwise publicly available;
    • where processing is necessary for the performance of tasks falling within the scope of public interest as defined by the legislation of Georgia;
    • where processing is necessary for the consideration of a request submitted by the data subject;
    • where processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject.

    Processing of Special Category Data

    Processing of special category (sensitive) data is strictly prohibited, except in cases permitted by applicable legislation, including but not limited to:

    • where the data subject has explicitly consented to such processing;
    • where processing is necessary for the purposes of carrying out obligations and exercising specific rights of the Company or the data subject in the field of employment, social security, or social protection;
    • where processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent;
    • where processing relates to data manifestly made public by the data subject;
    • where processing is necessary for the establishment, exercise, or defense of legal claims;
    • where processing is necessary for preventive, diagnostic, therapeutic, rehabilitative, or palliative healthcare, including ensuring the quality and safety of healthcare services, medical devices, and products, public health protection, or in connection with a contract with a healthcare professional (provided such data is processed by a person bound by professional confidentiality obligations);
    • where processing is necessary to ensure information security and cybersecurity;
    • where processing is necessary in the context of employment relationships, including for recruitment decisions or assessment of an employee’s professional capabilities;
    • where processing is necessary for archiving purposes in the public interest, scientific or historical research, or statistical purposes;
    • where data is processed for the functioning of institutional coordination mechanisms, including for the protection of a child’s life, health, safety, or best interests, and for the identification and/or management of risks or harm to a child’s rights, in accordance with the Child Rights Code of Georgia and applicable legislation.

    Consent for Processing Personal Data of Minors and Data Protection

    The processing of personal data relating to a minor on the basis of consent shall be permitted if the minor has reached the age of 16.

    For minors under the age of 16, the processing of personal data shall be permitted only with the consent of a parent or other legal representative, except in cases expressly provided by law, including cases where the consent of both the minor (aged between 16 and 18) and their parent or other legal representative is required.

    Furthermore, the processing of special category data relating to a minor shall be permitted only on the basis of duly obtained written consent from the parent or legal representative.

    For the processing of personal data of minors under the age of 16, the Company shall take reasonable and appropriate measures to verify the existence of consent provided by the minor’s parent or other legal representative.

    When processing personal data of a minor, the Company shall take into account and protect the best interests of the minor.

    The consent of a minor, their parent, or other legal representative shall not be considered valid if the processing of data poses a threat to or harms the best interests of the minor.

    Principles of Personal Data Processing

    Persons involved in the processing of personal data on behalf of the Company shall comply with the principles established under applicable personal data protection legislation, the key elements of which are outlined below:

    a) Principle of Lawfulness of Processing

    Personal data shall be processed lawfully, fairly, and in a manner that does not infringe upon the dignity of the data subject. This principle requires that data processing activities comply with applicable legal requirements, including the Law of Georgia on Personal Data Protection.

    b) Principle of Transparency

    Under the principle of transparency, data subjects, including customers, potential customers, and partners, shall be informed about the processing of their personal data in a clear and understandable manner. This ensures that they have access to information regarding data processing activities.

    Such information shall include contact points where data subjects may submit requests (e.g., email).

    For the same purpose, when using the Company’s website and/or application, users are provided with information regarding the use of cookies and similar technologies. The use of cookies is governed by a separate Cookie Policy, which describes in detail the types of cookies used, their purposes, and user choices.

    Upon receiving a request from a data subject regarding the processing of their personal data, the relevant structural unit shall involve the Data Protection Officer to ensure proper handling of the request. The Company shall respond to such requests within a maximum of 10 working days from receipt, in accordance with applicable data protection legislation. In exceptional cases, this period may be extended by no more than an additional 10 working days with proper justification, and the data subject shall be informed accordingly.

    Complaints or requests submitted by data subjects shall be reviewed in accordance with the Company’s internal procedures for handling such requests (where applicable).

    c) Principle of Purpose Limitation

    Personal data shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.

    d) Principle of Proportionality (Data Minimization)

    Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

    e) Principle of Storage Limitation

    Personal data shall be retained only for as long as necessary to achieve the legitimate purposes for which they are processed.

    All rights reserved
    • COMPANY
    INFORMATION
    HELP