Privacy Policy

1. Introduction

“Lash Smart Health” LLC (I/N 400300919) (hereinafter- “the Company“) undertakes to protect the privacy of the personal data of the user (hereinafter - "the Data Subject") registered in the “medik” application (hereinafter – "the Application"). Company owns and develops a software system designed to improve and develop healthcare services. Application connects the Data Subject with the medical institution with which the Company has a relevant agreement. The Application is a “read-only” platform, therefore, after registration of a Data Subject as a user in the Application, electronic medical records/information are automatically sent from the medical institution. The Application enables the Data Subject to access her/his medical records/information and receive relevant digital services. Company collects, stores, processes and protects the personal data of the Data Subject, including special category data. The present Privacy Policy (hereinafter – “the Policy) Policy is drafted in accordance with the Law of Georgia on Personal Data Protection and international standards.

2. Consent to Privacy Policy

Application automatically displays the personal data of the Data Subject during the visit to the medical institution, based on the written consent of this Data Subject, as well as the consent integrated into the process of account registration in the Application. By agreeing to the present Policy by the Data Subject, he/she declares and agrees that he/she has read and agreed to the contents of the present Policy, including the purposes, principles, methods of disclosure, and has no remarks and/or complaints concerning the contents of this Policy.

3. Scope and Change of Privacy Policy

The present Policy is fully applicable to the Company and applies to the processing of personal data.

The present Policy may occasionally be revised and updated. However, in case of substantial changes, a notification of such changes will be displayed in the Application. If the Data Subject continues to use the Application after such changes are displayed, the consent of the Data Subject shall be implied.

In case the Data Subject does not agree with the changes in the Policy, he/she shall stop using the Application. The message shall be sent to the following email address:

4. Data Security

The Company has developed appropriate security measures and procedures to protect the personal data in the Application from unauthorized access, improper use and disclosure, unauthorized modification, and illegal destruction and/or accidental loss.

For the protection and security of personal data, the registered account belonging to the Data Subject in the application is protected by a password. However, when logging in to a Data Subject account, the app may provide a different authorization rule, including two-step authentication.

5. Objectives and Principles of Data Processing

The Company processes the personal data of Data Subject in the following cases:

Personal data related to the Data Subject shall be stored for a period defined by law and/or for the period necessary to achieve the purpose. After achieving this purpose, the data will be blocked, deleted, destroyed, and/or stored in such a way as to exclude the identification of the Data Subject.

6. Data Category and their Processing

The Company mainly collects and processes personal data such as:

The Company processes special category data for the management and operation of the health care system, as well as for the protection of security through the identification/verification of the Data Subject.

In case of inaccessibility of the information listed in Paragraph 6.1 of the present Policy, the Data Subject may have limited access to the digital services of the Application.

7. Rights and Obligations of the Data Subject

Within the framework provided by legislation, the Data Subject has the right, to request the following information:

The Data Subject is entitled to contact the Company at any time and request the deletion and/ or destruction of her/his data, as well as the data processing be stopped.

In case the Data Subject considers that the information about him/her in the Application is not accurate and/or is incomplete, he/she shall immediately inform the Company in writing.

8. Disclosure of the Data to the Third Parties

The Company is entitled to transfer the data of the Data Subject to its employees, partners, agents who need to process the data to perform their obligations within the functionality of the Application, to deliver digital services to the Data Subject. The Company is entitled to transfer the data of the Data Subject to a third party/parties in a manner precluding the identification of the Data Subject. The subjects listed in Paragraph 8.1 of the present Policy are fully covered by the Policy. They are obliged to strictly protect the confidentiality of information on the Data Subject, and the Company is obliged to require such subject to strictly protect the personal data belonging to the Data Subject.

9. Cookie Policy

The Application may use Cookies and/or other technologies for collecting data, to simplify the process of registration, creation of an account of the data subject, operation of the Application. Cookies are small text files that Application stores in an electronic device belonging to a Data Subject. Cookies help the Company to better manage, improve the functioning of the Application. The Data Subject is entitled to block the Cookies by adjusting the settings of the Application, which may weaken the operation of the Application and/or disable certain features.

10. Contact Information

If you have any questions regarding the privacy policy, collection, processing, use, disclosure, and/or protection of the personal data by the Company. please do not hesitate to contact us via the following email: