top of page

Personal Data Protection Policy
In Vitro Fertilization Center (LeaderMed) LLC
Date: 08.01.2025

Company Name: "In Vitro Fertilization Center" LLC
Trademark: LeaderMed
IN: 202462708
Legal Address: 21 Nodar Bokhua Street, Tbilisi, Georgia
Phone: +995 32 2 157777
Email: info@leadermed.ge
Website: www.leadermed.net
Data Controller: "In Vitro Fertilization Center" LLC

 

Introduction

 

"In Vitro Fertilization Center"  LLC (hereinafter referred to as "LeaderMed" or "we") is a medical institution. This policy document is based on and complies with the personal data protection laws of Georgia. Personal data is processed in accordance with the Law of Georgia on Personal Data Protection and other applicable regulations.

LeaderMed processes personal data following key principles outlined in Georgian and international legislation, including:

  • Principle of fairness

  • Transparency

  • Purpose limitation

  • Data minimization

  • Storage limitation

  • Accuracy

  • Security

This document outlines, but is not limited to, the procedures and rules for obtaining, collecting, processing, and protecting personal data by LeaderMed in accordance with the law. It ensures individuals are informed in a clear and understandable language about how their data is processed.

LeaderMed is committed to protecting fundamental human rights and freedoms, especially regarding personal privacy and data protection. Particular emphasis is placed on safeguarding the personal data of employees, patients/beneficiaries, and contractual partners.

 

Definitions

 

This section outlines the meanings of key terms based on the Law of Georgia on Personal Data Protection:

  • Data Controller: Person/entity that determines purposes and means of processing personal data.

  • Data Processor: Entity that processes data on behalf of the controller.

  • Data Subject: Any individual whose personal data is collected or processed.

  • Consent: The data subject’s freely given, specific, informed, and unambiguous agreement to data processing.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Special Category Data: Sensitive information such as racial origin, health, biometrics, and criminal records.

  • Processing: Any operation performed on personal data (e.g., collection, storage, use, deletion).

  • Direct Marketing: Sending information for commercial or promotional purposes directly to individuals.

  • Automated Processing: Data processed via IT systems.

  • Non-Automated Processing: Data processing without IT systems.

  • Semi-Automated Processing: A combination of automated and manual processing.

  • Recipient: A party to whom personal data is disclosed.

  • Incident: Breach of data security that causes unauthorized access or processing.

 

Categories of Personal Data Collected

 

LeaderMed may collect the following categories of personal data:

  • Name and surname

  • Personal or identification number

  • Date of birth and gender

  • Address

  • Phone number

  • Email

  • Bank details

  • Medical records (history, diagnoses, treatments, lab results)

  • Special category data (e.g., health, nationality, addiction history)

  • Audio and video surveillance recordings

  • Educational qualifications and certificates

  • Employment-related data (e.g., CVs, position, work experience)

  • Legal documents and other identifiable records

 

Data Collection Methods

 

Personal data may be collected through:

  • Direct communication with the data subject

  • Employment or pre-contractual relationship

  • Use of services (website, phone, clinic visit)

  • Submission of letters/emails

  • Documents from family members or legal representatives

  • Electronic Health Record (EHR) systems

  • State/local program platforms

  • Referrals from other medical institutions

  • Insurance companies

  • Recruitment websites (e.g., jobs.ge, hr.ge)

LeaderMed may also obtain data from publicly available sources, when permitted.

 

Purpose of Data Processing

 

Data is processed for various purposes, including but not limited to:

  • Providing medical services

  • Managing health systems

  • Accurate medical documentation

  • Diagnosing and treating patients

  • Legal obligations

  • Employment recruitment

  • Responding to claims and requests

  • Ensuring patient rights and security

  • Conducting direct marketing (with consent)

 

Principles of Data Processing

 

LeaderMed processes data:

  • Lawfully, fairly, and transparently

  • Only for clearly defined and legitimate purposes

  • In a limited scope necessary for its intended use

  • With accurate and up-to-date information

  • For no longer than necessary

  • Using appropriate security measures to prevent unauthorized access, loss, or damage

 

Legal Grounds for Processing

 

LeaderMed processes personal data on the following grounds:

  • Consent from the data subject

  • Fulfillment of a contract

  • Legal obligations

  • Public interest

  • Protection of vital interests

  • Legitimate interest of the data controller or third party

Special category data is processed only when:

  • Written consent is obtained

  • It is vital for the data subject’s or another person’s life

  • Required by law (e.g., medical care, public health, employment)

 

Third-Party Processing and Transfers

 

LeaderMed may transfer data to authorized processors or third parties, including:

  • Law enforcement

  • Courts

  • Public agencies

  • Foreign medical institutions

  • Insurance companies

  • Intermediaries (e.g., surrogacy agencies)

Each transfer is governed by contracts and follows applicable legal requirements.

Data Subject Rights

 

Data subjects have the right to:

  • Know what data is collected and why

  • Request access, copies, or corrections

  • Block, delete, or restrict processing

  • Withdraw consent at any time

  • Receive data in a structured, machine-readable format

  • Lodge complaints with the Data Protection Office or court

 

Audio and Video Monitoring

LeaderMed uses audio and video monitoring:

  • For service quality and security

  • With proper prior notice and legal compliance

  • Only in designated areas (excluding private spaces like changing rooms or bathrooms)

  • Direct Marketing

Data is used for direct marketing only with explicit consent. You may opt-out at any time, and LeaderMed must comply within 7 business days.

Data Retention and Security

Data is stored:

  • Securely

  • For a period based on legal, contractual, and organizational criteria

  • With regular backups, access control, encryption, and monitoring systems

Data Protection Officer (DPO)

LeaderMed has appointed a DPO responsible for:

Incidents and Breaches

Any data breach must be reported within 3 business days to the Personal Data Protection Service. All staff must immediately notify the DPO upon discovering a breach.

Employee Responsibilities

Employees must:

  • Follow the data protection policy

  • Ensure confidentiality and proper storage of documents

  • Avoid unauthorized disclosure or misuse

  • Respect patient privacy even after employment ends

  • Adhere to all internal and external legal obligations

Violation of this policy may result in disciplinary actions.

Policy Updates and Contact

LeaderMed reserves the right to update this policy. The most current version will be posted on www.leadermed.net.

For inquiries or to exercise your rights, contact:
📍 21 Street Nodar Bokhua , Tbilisi
📧 info@leadermed.ge
🌐 www.leadermed.net or www.personaldata.ge

bottom of page