Iashvili Hospital

  • 032 2 05 15 15
  • Tbilisi. 13/6 Lubliana Street
Iashvili hospital

JSC “Vian”, Identification Number 402295716 (hereinafter also referred to as the Medical Center, Hospital), has adopted this Personal Data Processing Policy (hereinafter – the Policy) to ensure transparency in the processing of your personal data (hereinafter – the Data) during the provision of medical services and for the purposes related to such service provision.

The Medical center respects and protects fundamental human rights and freedoms and ensures compliance with the principles and data subject rights established under the Law of Georgia on Personal Data Protection.

The Medical center processes your Data in accordance with the Law of Georgia on Personal Data Protection, for specific, clearly defined purposes and on the legal grounds determined by the same law. Furthermore, The Medical center processes only such Data as is necessary to achieve its legitimate purposes.

In processing your Data, all principles established by the Law of Georgia on Personal Data Protection are duly observed. We make every effort to protect your Data and have implemented appropriate organizational and technical security measures for that purpose.

The terms used in this Policy have the meanings assigned to them under the Law of Georgia on Personal Data Protection.

Types of Data We Process, How and for What Purpose

We process only the Data that you voluntarily provide to us after receiving the necessary information, or Data whose processing is required for The Medical center to fulfill its legal obligations, protect its significant legitimate interests, or for purposes related to healthcare — including preventive, diagnostic, therapeutic, rehabilitative, and palliative care — as well as to ensure the quality and safety of medical devices and products, to protect public health, and to manage the healthcare system.

Your Data may also be processed on other legal grounds established under Articles 5 and 6 of the Law of Georgia on Personal Data Protection.

Obtaining and Processing of Personal Data, and Purposes of Processing:

Your personal data is collected and obtained verbally, in writing, or in visual or electronic media, through call center, internet site, verbally, in writing or similar other channels for conduct of such services as protection of public health, preventive medicine, medical diagnosis, treatment and maintenance services offered by JSC Vian, or for planning and management of healthcare services and financing, and in accordance with the fields of business of JSC Vian. 

Your general personal data and special personal data, especially your healthcare data, may be processed by The Medical center to a limited extent for all and any purposes, including, but not limited to, the following purposes:

Your identity data and information: Your first name, surname, Identity Number, passport number or temporary Identity Number, birth date and place, marital status, gender, as well as other identity data that may be helpful in identification of you by us; and

Your communication information: Your address, telephone number, electronic mail address and other communication data, and your verbal interview or call records kept by the customer services or patient services departments as per the call center standards, as well as your personal data collected when you communicate with us by electronic mail, letter or other communication means; and

Your accounting information: Your bank account number, IBAN number, credit card data, invoicing data and similar other financial data and information; and

Your private health insurance data and Social Security Agency data and information as needed for financing and planning of healthcare services; and

Your camera recordings and images taken and kept for security and audit purposes if and when you visit our hospital or medical center; and

Your healthcare information: Your personal data about your health and sexual life acquired and collected during provision or as a result of medical diagnosis, treatment and care services, including, but not limited to, your laboratory analysis results, test results, medical examination data, appointment data and information, check-up data, and prescription data and information; and

Your healthcare information and other personal data sent or inserted by you. 

All kinds of your personal data obtained by JSC Vian (including, but not limited to, your special personal data) may be processed for the following purposes:

  • For confirmation of your identity, and
  • For protection of public health, preventive medicine, medical diagnosis, treatment and maintenance services, and for planning and management of healthcare services and financing, and
  • Sharing of requested information with the Ministry of Health and other relevant public entities and administrations pursuant to the applicable laws and regulations, and
  • Planning and management of internal operations and daily operations of our Hospitals and Medical Centers, and
  • Measurement, enhancement and study of patient satisfaction by Hospital Management, Patient Rights and Patient Experience departments, and
  • Procurement of drugs, and
  • If you get an appointment, keeping you informed about the appointment, and
  • Performance of risk management and quality improvement activities, and
  • Performance of analyses for further development of healthcare services, and
  • Financing of your healthcare services by Patient Services, Financial Affairs and Marketing departments, and payment of your medical examination, diagnosis and treatment costs, and sharing of requested information with private health insurance firms as a part of your eligibility inquiry, and
  • Conduct of researches and studies, and
  • Compliance with legal and regulatory requirements and conditions, and
  • Sharing of requested information with private health insurance firms in the course of financing of healthcare services, and
  • Conduct of risk management and quality development activities by Quality, Patient Experience and Information Systems departments, and
  • Issuance of invoices by Patient Services, Financial Affairs and respective departments in consideration of our services, and confirmation of your relations with the contracted institutions and firms, and
  • Participation in campaigns and disclosure of campaign information, and designing and transmission of special contents, and discrete and abstract benefits in web and mobile channels, by Media and Communication, and Call Center departments.

Your personal data obtained and processed pursuant to the applicable laws and regulations may be transferred to physical archives and/or information systems of the Medical Center and may be kept and stored both in digital and in physical platforms.

Storage of Personal Data

Your personal data is stored for the periods established by law:

  • Data related to outpatient services – for 5 years;
  • Data related to inpatient services – for 15 years.

In cases where a specific period is not defined by law, personal data is stored only for as long as necessary to achieve the legitimate purpose of its processing. Once the purpose for which the data is processed is achieved, the data is deleted, destroyed, or kept in a depersonalized form. In addition, personal data collected on the basis of consent is stored until such consent is withdrawn.

2. Transfer of Personal Data

The Hospital may transfer your personal data to third parties with your written consent, or for purposes related to preventive, diagnostic, therapeutic, rehabilitative, and palliative healthcare, ensuring the quality and safety of medical services, devices, and products, public health, and the management of the healthcare system; or for fulfilling obligations under social security and social protection legislation; or for the exercise of specific rights of the data subject; as well as on other legal grounds established by law. Specifically:

  • Your data (including special category data) may be transferred to:
    • Databases within the system of the Ministry of Labour, Health, and Social Affairs of Georgia – including the Electronic Health Records (EHR) system; the system of electronic prescriptions for pharmaceutical products classified under Group II, issued by a physician; and the Cancer Registry.
    • Private insurance company systems;
    • Private funders without insurance company status (based on your written consent).
  • The Hospital uses the services of third parties for data processing, under appropriate agreements. In such relationships, the companies act as data processors, while the Hospital remains the data controller. Depending on the nature, purpose, and scope of the assigned tasks, these contractor companies may be granted access to patient data.

Your Rights Regarding the Protection of Personal Data

You have the right at any time, without explanation or justification, to withdraw your consent, in which case the processing of your data based on your consent will cease, except where there is another legal basis for processing under the Law of Georgia on Personal Data Protection.

Consent withdrawal is carried out by submitting the corresponding request (oral or written) to the Hospital. Before withdrawing consent, you have the right to request information from the Hospital regarding the possible consequences of withdrawal.

Additionally, under the Law of Georgia on Personal Data Protection, the data subject has the right, in cases defined by law, to:

  • Obtain information about the processing of their data;
  • Request access to the data and receive a copy;
  • Request updating, correction, or completion of the data;
  • Request cessation of processing or deletion of the data by withdrawing consent;
  • Request blocking of the data.

The Hospital ensures that the rights defined in Chapter III of the Law of Georgia on Personal Data Protection are protected, unless their exercise is restricted under the same law.

For exercising your rights or for any consultation regarding the processing of your personal data, please contact the Hospital’s Data Protection Officer (see the end of this document).

Restrictions on Data Subject Rights

The rights of the data subject under the Law of Georgia on Personal Data Protection may be restricted if this is expressly provided for by the legislation of Georgia, does not violate fundamental human rights and freedoms, and is a necessary and proportionate measure in a democratic society, and the exercise of these rights may jeopardise

a) national security, information security and cyber security and/or defence interests;

b) public safety interests;

c) crime prevention, investigation, prosecution, the administration of justice, the enforcement of detention and imprisonment, the execution of non-custodial sentences and probation, and the conduct of operative and investigative activities;

d) interests relating to financial or economic (including monetary, budgetary and taxation), public health and social protection issues of importance to the country;

e) the detection of the data subject’s violations of professional ethical standards, including those of a regulated profession, and the imposition of liability on the data subject;

g) the protection of the rights and freedoms, including freedom of expression, of the data subject and others;

h) the protection of state, commercial, professional and other secrets provided for by law;

i) the substantiation of a legal claim or a statement of defence.

A measure restricting the data subject’s rights may be applied only to the extent necessary to achieve the purpose of such restriction. Furthermore, where grounds for restricting the right exist, the Medical center shall inform the data subject of its decision in a manner that does not prejudice the purpose of the restriction. 

Data Security

Acıbadem protects your personal data in full and strict compliance with all technical and administrative security controls required to be taken in accordance with information security standards and procedures. Said security actions and measures are taken and provided at a level appropriate for the probable risks by also taking into consideration the technological possibilities.

Legal Causes of Obtaining of Personal Data

Law of Georgia on Personal Data Protection

Information defined by the Order No. 01-41 of 15 August 2011 of the Minister of Labour, Health and Social Affairs of Georgia “On the Approval of the Rule for Maintaining Outpatient Medical Documentation”.

Order No. 01-41 of 15 August 2011 of the Minister of Labour, Health and Social Affairs of Georgia “On the Approval of the Rule for Maintaining Outpatient Medical Documentation”;

Order No. 01-1/n of 3 January 2019 of the Minister of Labour, Health and Social Affairs of Georgia “On Defining the Rule for the Functioning and Maintenance of the Electronic Health Records (EHR) System”;

Order No. 01-29/n of 26 July 2016 of the Minister of Labour, Health and Social Affairs of Georgia “On the Approval of the Rule for Circulation of Electronic Prescriptions (Form No. 3) for Pharmaceutical Products (Medicinal Products) Classified under Group II”;

Order No. 108/n of 19 March 2009 “On the Approval of the Rule for Maintaining Inpatient Medical Documentation in Medical Institutions.”

Complaints and Communications

If you have any questions regarding this Privacy Policy or our personal data protection policy/practices, please contact us by email at:

Email: mariamtsilosani@vian.health

Phone number:   577 379 212

Data Protection Officer — Mariam Tsilosani

Contact information: 5 77 379 212