Introduction
LLC “Pineo Medical Ecosystem” (hereinafter referred to as the “Institution”) places significant emphasis on the protection of personal data. Respecting the rights of data subjects and adhering to the standards set forth by Georgian legislation form the foundation of our organization’s activities.
The purpose of this Privacy Policy is to ensure transparency, legitimacy, and reliability in the data processing procedures. This document complies with the Law of Georgia on “Personal Data Protection” and defines our organization’s approaches to data processing.
We are committed to safeguarding the rights of data subjects, including their rights to access, correct, update, and delete their data. This policy outlines in detail the principles, objectives, and mechanisms for protecting the rights of data subjects during data processing.
The institution ensures that personal data is processed using reliable technical and organizational measures, minimizing the risk of data security breaches.
Categories of Personal Data of Data Subjects
The institution processes the personal data of data subjects for specific purposes and in full compliance with the Law of Georgia on “Personal Data Protection.” Personal data is categorized as follows:
- Identification Data: Includes information such as name, surname, personal identification number, date of birth, address, and contact information (phone number, email).
- Medical Data: Includes information about health conditions, medical histories, diagnoses, and medical services necessary for patient treatment and care.
- Financial Data: Includes payment information, banking details, and information related to insurance companies used for financial settlements and service funding.
- Biometric Data: When necessary, includes photographs, video recordings, or other biometric data used for security or organizational purposes.
- Employment Data: Relates to information about the institution’s employees, including their position, work schedule, employment contract details, and fitness for work.
Data within these categories is processed only to the extent necessary for specific purposes and is protected in full compliance with data protection principles. Personal data security is ensured through technical and organizational measures, preventing unauthorized use or access.
Purpose of Processing
The institution processes personal data solely for predefined, legitimate purposes in compliance with Georgian legislation. The primary goal of data processing is to provide diagnostic, treatment, and rehabilitation services to patients. This requires monitoring health conditions and maintaining medical histories, ensuring the organization of both emergency and planned medical assistance.
Additionally, data is processed to fulfill public and legal obligations, including maintaining medical documentation and providing information to relevant state authorities as required by Georgian law.
Data processing is also crucial for carrying out financial operations, which include settlements with patients and related parties, as well as collaboration with insurance companies to organize service funding.
For security purposes, personal data may be processed through video and audio monitoring on the institution’s premises, ensuring the safety of individuals and property.
Data processing is also necessary for managing labor relations with employees, including the administration of work processes and responsibilities. Furthermore, data is used to enhance services by better understanding customer needs, increasing satisfaction, and conducting data analysis and research to improve offerings.
Principles of Processing
In the process of personal data processing, the institution adheres to the principles defined by Georgian legislation. All data is processed lawfully, fairly, and transparently, respecting the rights and dignity of data subjects.
Data processing is conducted solely for specific, clearly defined, and legitimate purposes. Further processing for purposes incompatible with the original intent is prohibited.
Personal data is processed only to the extent necessary to achieve the intended purpose. Processing is always proportional to the objective for which the data is processed.
The institution ensures the accuracy, reliability, and timely updating of personal data as necessary. Inaccurate or incorrect data is corrected, deleted, or destroyed without undue delay.
Personal data is stored only for the period required to achieve the processing purpose. Once the purpose is fulfilled, the data is deleted, destroyed, or stored in a depersonalized format unless otherwise required by law.
To ensure data security, the institution employs appropriate technical and organizational measures to protect against unauthorized access, unlawful processing, accidental loss, damage, or destruction.
The institution also ensures compliance with all data processing principles and can demonstrate adherence to them.
Legal Grounds for Processing
The institution processes personal data only on legal grounds as defined by the Law of Georgia on “Personal Data Protection.” Data processing is permissible if the data subject has given consent for a specific purpose. Additionally, processing is necessary to fulfill obligations arising from a contract with the data subject or to take steps to enter into such a contract at the data subject’s request.
The institution processes data in compliance with the law when required to fulfill legal obligations, including for registration and reporting purposes. Data processing is also permissible if the data is publicly available or has been made public by the data subject. In exceptional cases, data processing is conducted to protect the life or health of the data subject or another person.
Moreover, data may be processed to protect legitimate interests, provided these do not override the rights and freedoms of the data subject. The institution ensures that all legal grounds are fully considered in the data processing process.
Personal Data Protection Officer
Sandro Machavariani
Phone: 595 18 88 89
Email: [email protected]
Address: Tbilisi, St. Petersburg Street N 11 / 14
