+995 (32) 2 93 1000

info@Mrcheveli.com

Patient Portal

Patient Portal

Patient Portal

PRIVACY STATEMENT

LLC Mrcheveli (Registration No. 204954497)

Preamble

This Privacy Statement is issued by LLC Mrcheveli (Registration No. 204954497) (hereinafter referred to as the “Clinic” or “We”), a medical institution established and operating in accordance with the legislation of Georgia. The Clinic’s activities encompass the provision of various medical services to patients, including laboratory diagnostics, radiology, and pediatric services.

The Clinic operates a website (www.mrcheveli.com), which is used to: provide interested parties with information regarding medical services; deliver medical services remotely through the personal user account available on the website — including online access to laboratory test results; facilitate remote scheduling of laboratory service appointments; and for other related purposes.

The purpose of this Privacy Statement is to inform you, as a user of the website (www.mrcheveli.com), about the processing of your personal data through the website and about your rights as provided under the Law of Georgia on Personal Data Protection.

Purposes of Data Processing

Certain information and services offered on our website require the processing of your personal data. Specifically, the Clinic processes website user data for the following purposes:

  • To ensure the proper functioning of the website;
  • For the purposes of user security;
  • To identify the number of website users, popular pages, and services;
  • To provide medical services remotely.

We do not process your information for any purpose other than those specified above, except as expressly provided for by the legislation of Georgia. We do not process your personal data for direct marketing purposes.

Legal Bases for Data Processing

Through the website, the Clinic processes data in accordance with the following legal bases:

(a) Pursuant to Article 5(1)(b) of the Law of Georgia on Personal Data Protection — processing is necessary for the performance of an obligation assumed under an agreement concluded with the data subject, or at the data subject’s request, for the purpose of concluding an agreement;

(b) The processing of data is provided for by law;

(c) The processing of data is necessary for the controller to fulfil obligations imposed upon it by the legislation of Georgia;

(d) Pursuant to Article 5(1)(i) of the Law of Georgia on Personal Data Protection — processing is necessary for the achievement of a significant legitimate interest of the controller or a third party;

(e) Pursuant to Article 5(1)(k) of the Law of Georgia on Personal Data Protection — processing is necessary for the consideration of an application submitted by the data subject (for the purpose of rendering services to the data subject).

Categories of Data Processed

(a) Website Use

For the purposes of website use, the following categories of user information are processed:

  • IP address;
  • User location: country, region, city;
  • Pages viewed by the user;
  • URLs visited by the user;
  • Date and time of visit and activity;
  • Language selected by the user.

(b) Website Security

For the purposes of website security, the following information is processed:

  • Unique user identifier;
  • IP address;
  • User location: country, region, city;
  • User device unique code and operating system;
  • Browser version used by the user;
  • Time of first and subsequent visits;
  • URLs visited by the user.

(c) Analytics — User Numbers, Popular Pages, and Services

For the purposes of identifying the number of website users, popular pages, and services, the following information is processed:

  • Number of visits and session duration;
  • Number of page views and user behaviour on the website;
  • Device type (e.g., mobile or laptop), browser, operating system, and location;
  • Traffic sources (how the user arrived at the website).

(d) Remote Provision of Medical Services

For the purposes of providing medical services remotely, the following categories of information are processed:

  • Identifying data: first name, last name, personal identification number, date of birth, sex;
  • Contact information: telephone number, email address, legal and/or actual address;
  • Health-related data: information contained in the results of examinations conducted by the patient.

(e) Facebook Messenger Chat

Only such data as is necessary and essential for the provision of services to the user shall be processed from the information voluntarily shared by the user in the course of communication via the said platform.

(f) Cookie-Related Information

Information regarding the grant or withdrawal of the user’s consent in connection with cookies, including the date and time of such grant or withdrawal.

We implement all necessary technical and organisational security measures to ensure the continuous accuracy and secure processing of your data.

Data Retention Periods

Personal data of website users that is necessary for the purposes of website use is retained for a period of 365 days.

For the purposes of website security, data is retained for 365 days.

For the purposes of identifying the number of website users, popular pages, and services, data is retained as follows:

  • Information regarding user activities (“log-ins,” “link clicks,” and other real-time activities): retained for 365 days;
  • Information regarding users (i.e., unique user identifiers, device types, operating systems, browser versions, locations, and their histories): retained for 365 days.

Data processed through the personal user account is retained for a period not exceeding 365 days.

Retention periods applicable to cookie-related information are set out in the Cookie Policy.

International Transfer of Data

No data processed through the website is subject to international transfer.

Data Sharing

Your data may be shared or transferred exclusively to state and/or administrative authorities, on the basis of Georgian legislation and/or a court judgment or ruling. The Clinic shares data only in accordance with Georgian legislation and only to the extent necessary to achieve a legitimate purpose.

Rights of the Data Subject

Pursuant to the Law of Georgia on Personal Data Protection, you have the right to:

  • Receive information regarding the processing of your data by the Clinic;
  • Access and obtain copies of your data;
  • Request the correction, updating, and/or completion of inaccurate, imprecise, and/or incomplete data held about you;
  • Request the restriction of processing, erasure, or destruction of your data;
  • Request the blocking of your data;
  • Request the portability of your data;
  • Exercise the right of appeal in the event of a violation of rights and established procedures as provided for by the Personal Data Protection Service (the supervisory authority for personal data protection in Georgia).

Data Security

The Clinic implements technical and security measures to protect your data against accidental or intentional manipulation, unauthorised access, use, loss, and destruction. Data is stored on secure servers. An encrypted connection (SSL) is employed. Passwords of personal user account holders are stored in encrypted form. Users are obligated to safeguard their own authentication credentials.

Access to your data within the Clinic is restricted exclusively to authorised personnel of the Clinic, who are bound by a duty of confidentiality with respect to all such information.

Data Protection Officer

Website users have the right to contact the Data Protection Officer regarding personal data processed by the website. The Data Protection Officer is LLC Data Privacy (Registration No. 400272469), reachable at the following contact details:

Email:  dpo@mrcheveli.com
Telephone:  +995 511 24 94 58
Address:  9 Kazbegi Avenue, Tbilisi, Georgia

Book a Lab
Appointment