Privacy policy

Privacy policy

BigMed Platform (Georgia)

Effective Date: 18 February 2026

1. General Provisions

This Privacy Policy (the “Policy”) governs the processing of personal data of users of the BigMed web platform (the “Platform”) available at bigmed.ge and related subdomains, including mobile versions and other related services.

As of the publication date of this Policy, the Platform is operated by a natural person — the owner of the BigMed project (the “Operator”). After registration of a legal entity in Georgia (LLC), the Operator’s rights and obligations under this Policy may be transferred to the registered company upon notice to users by publishing updated details on the Platform.

Personal data is processed in accordance with the Georgian Law “On Personal Data Protection” and other applicable legal provisions.

By using the Platform, the User confirms that they have read and understood this Policy.

2. Platform Status

BigMed is an informational online platform enabling users to:

  • search for doctors and medical institutions in Georgia;
  • submit appointment booking requests;
  • access informational materials.

BigMed:

  • is not a medical institution;
  • does not provide medical services;
  • does not provide telemedicine services;
  • does not diagnose or prescribe treatment;
  • does not accept payments for medical services at the current stage;
  • does not store or transfer users’ medical documents in file format (PDFs, images, lab results, etc.).

Medical services are provided exclusively by doctors and clinics.

3. Categories of Data Processed

3.1. User data (patients and persons booking on behalf of others):

  • full name;
  • phone number;
  • email address;
  • city;
  • preferred service language;
  • information about the selected doctor/clinic and booking time.

3.2. Booking-related data (at the user’s discretion):

  • description of symptoms or reason for visit;
  • health-related information — processed only based on the user’s explicit consent.

3.3. Doctors’ and clinic representatives’ data (where applicable):

  • full name;
  • specialization and professional information;
  • practice address(es);
  • contact details;
  • service languages;
  • photo (if published);
  • account data (for managed profiles).

3.4. Technical data:

  • IP address;
  • device and browser data;
  • time zone;
  • server logs;
  • anonymized analytics data.

4. Purposes of Processing

Data is processed solely for:

  • organizing appointment bookings;
  • transmitting booking requests to the selected doctor/clinic;
  • operating user accounts;
  • communicating with users (booking confirmations, rescheduling, cancellations);
  • ensuring information security;
  • preventing abuse and fraud;
  • improving the Platform (analytics and statistics);
  • complying with legal obligations.

5. Legal Bases

We process personal data based on:

  • performance of a contract (use of the Platform and its features);
  • legitimate interests of the Operator (security, abuse prevention, service stability);
  • explicit consent — for health data and other sensitive data (where applicable).

6. Data Sharing

Personal data may be shared with:

  • the doctor/clinic selected by the user (to the extent necessary to arrange the appointment);
  • IT and hosting providers;
  • email/SMS/messenger service providers;
  • analytics providers (in anonymized/minimized form);
  • legal/accounting advisors (where necessary);
  • public authorities where legally required.

After data is transferred to a doctor/clinic, the Platform does not control the further processing by the medical provider.

7. Use of AI (OpenAI)

The Platform uses AI technologies (including OpenAI) for:

  • analyzing text requests;
  • assisting with navigation/specialist selection;
  • improving search;
  • detecting spam and abuse;
  • generating informational content.

AI:

  • is not medical advice;
  • does not replace a doctor;
  • may contain errors or inaccuracies.

Some text data may be processed via third-party infrastructure and/or outside Georgia in accordance with provider terms.

8. International Processing

Due to the use of international infrastructure (including AI providers), personal data may be processed outside Georgia. The Operator takes reasonable measures to ensure an appropriate level of protection.

9. Cookies and Analytics

The Platform uses:

  • session cookies;
  • persistent cookies;
  • third-party analytics tools.

Cookies are used for:

  • authentication;
  • saving preferences;
  • analytics;
  • service improvement.

Users can manage cookies in their browser settings. Limiting cookies may affect certain features.

10. Retention

Personal data is retained no longer than necessary:

  • during the period of Platform use;
  • additionally, for applicable limitation periods to protect legal interests;
  • health data — until consent is withdrawn (where processing is based on consent), unless otherwise required by law.

11. User Rights

Users may:

  • request information and access to their data;
  • request rectification or completion;
  • request erasure (where applicable);
  • restrict processing;
  • object to processing (where provided by law);
  • withdraw consent (where processing is based on consent);
  • lodge a complaint with the Georgian Personal Data Protection Service.

12. Security

The Operator applies technical and organizational security measures, including:

  • SSL encryption;
  • access controls;
  • activity logging;
  • regular security checks;
  • restricted employee/contractor access.

13. Contact

For personal data matters, the User may contact the Operator via the email address provided in the “Contacts” section of the Platform.

14. Amendments

The Operator may amend this Policy. The current version is published on the Platform.