BigMed Platform (Georgia)
Effective Date: 18 February 2026
1. Purpose and Scope
This Data Processing Agreement (“DPA”) governs the processing of personal data by BigMed (the “Operator”) when acting as a data processor on behalf of doctors and medical institutions (“Partners”).
This DPA forms an integral part of the Terms of Service and/or any service agreement concluded between the Operator and the Partner.
Processing is carried out in accordance with the Law of Georgia on Personal Data Protection and other applicable legislation.
2. Roles of the Parties
For the purposes of personal data processing:
- The Partner (Doctor/Clinic) acts as the Data Controller with respect to patient data received via the Platform.
- BigMed acts as the Data Processor when transmitting, storing, or technically processing booking-related personal data on behalf of the Partner.
For user account data processed for platform operation purposes, BigMed may act as an independent Data Controller.
3. Categories of Data Subjects
Personal data processed under this DPA may relate to:
- Patients / Users of the Platform
- Individuals booking appointments on behalf of third parties
4. Categories of Personal Data
Depending on the functionality used, data may include:
- Full name
- Email address
- Phone number
- Appointment date and time
- Language preference
- Comments related to booking
- Health-related information (only if explicitly provided by the user)
BigMed does not store medical files (PDFs, scans, lab results) unless explicitly enabled in future services.
5. Nature and Purpose of Processing
Processing activities may include:
- Receiving booking requests
- Temporarily storing booking data
- Transmitting booking data to the selected doctor/clinic
- Sending service notifications
- Maintaining secure system logs
- Preventing abuse and fraud
Processing is strictly limited to enabling booking functionality and maintaining platform security.
6. Duration of Processing
Personal data is processed:
- For the duration necessary to provide booking services
- During the term of cooperation with the Partner
- For statutory limitation periods where legally required
7. Operator Obligations
BigMed undertakes to:
- Process personal data only on documented instructions of the Partner
- Ensure confidentiality of personnel
- Implement appropriate technical and organizational security measures
- Use encrypted connections (SSL)
- Restrict access to authorized personnel only
- Maintain logging and security monitoring
- Notify the Partner without undue delay in case of a personal data breach affecting Partner-controlled data
8. Sub-processors
The Operator may engage sub-processors, including:
- Hosting providers
- Cloud infrastructure providers
- Email/SMS service providers
- Analytics providers
- AI service providers (e.g., OpenAI)
The Operator ensures that sub-processors are bound by data protection obligations consistent with this DPA.
9. International Transfers
Due to the use of international infrastructure providers and AI services, personal data may be processed outside Georgia.
The Operator undertakes reasonable safeguards to ensure adequate data protection.
10. Data Subject Rights
Where BigMed acts as Processor, the Partner is responsible for responding to data subject requests.
BigMed shall provide reasonable assistance where technically feasible.
10. Data Subject Rights
Where BigMed acts as Processor, the Partner is responsible for responding to data subject requests.
BigMed shall provide reasonable assistance where technically feasible.
12. Governing Law
This DPA is governed by the laws of Georgia.