Effective date: 2026-05-15 · Version 2.0
The data controller responsible for the personal data described in this policy is:
References to «we», «us» and «MedBridge» mean the data controller named above.
This policy covers personal data we receive when you:
It does not cover Astghik Medical Center's internal processing of patient data, which is governed by Astghik's own privacy notice and Armenian healthcare regulations.
| Category | Examples | Source |
|---|---|---|
| Identification | First and last name, email, country of residence, phone / WhatsApp number | You, via the application form |
| Programme details | Education level, preferred specialty, programme length, preferred start date, free-text notes | You, via the application form |
| Optional special-category data | Health-related information you voluntarily share (e.g. dietary requirements, allergies, accessibility needs) in the «Anything we should know?» field | You, only if you choose to share |
| Technical data | IP address, user-agent string, page-referrer, the medbridge.am host string | Automatically, when you submit the form |
| Communications | Email, phone and WhatsApp messages between you and our team | You and our team |
| Contractual records | Acceptance letter, signed programme agreement, payment confirmations, certificate of completion | You and our team (only if you are accepted) |
We do not knowingly collect special-category data (health, religion, sexual orientation, biometric data) unless you voluntarily share it. Where you do, we treat that data under the higher protections of Article 9 GDPR / equivalent provisions of Armenian law and only with your explicit consent.
| Purpose | Lawful basis |
|---|---|
| Review your application and respond within two business days | Steps taken prior to entering into a contract at your request (GDPR Art. 6(1)(b)) / equivalent under Armenian Law on Personal Data Protection |
| Coordinate your rotation with Astghik Medical Center, including communicating logistics, accommodation and transfers | Performance of a contract (Art. 6(1)(b)) |
| Send you a personalised quote, acceptance letter, invoice and onboarding information | Performance of a contract (Art. 6(1)(b)) |
| Maintain accounting and tax records | Compliance with a legal obligation under Armenian law (Art. 6(1)(c)) |
| Process any health-related information you share (allergies, accessibility needs) | Your explicit consent (Art. 9(2)(a)) |
| Improve the programme based on aggregated, non-identifying feedback | Our legitimate interest in improving the service (Art. 6(1)(f)) |
| Defend or pursue legal claims arising from the programme | Our legitimate interest / establishment of legal claims (Art. 6(1)(f) / Art. 9(2)(f)) |
We do not use your data for automated decision-making or profiling within the meaning of Article 22 GDPR. Every application is reviewed by a human member of the MedBridge team.
The MedBridge programme is open to applicants aged 18 or older. Applicants under 18 may apply only with verifiable written consent from a parent or legal guardian, and only for observational programmes that do not involve hands-on exposure. We do not knowingly collect personal data from anyone under 16. If you believe a person under 16 has provided us with personal data, please contact info@medbridge.am and we will delete it.
We share the minimum necessary personal data with the following categories of recipients:
| Recipient | What we share | Why |
|---|---|---|
| Astghik Medical Center (Yerevan, Armenia) | Identification, programme details, contractual records | To plan and deliver your rotation |
| Google LLC / Google Ireland Ltd (Workspace, Sheets, Mail, Apps Script — our application backend and email) | The full application payload, the «Applications» Google Sheet, email notifications | Hosting our application backend |
| GitHub, Inc. (GitHub Pages, hosting medbridge.am) | Server logs (IP, user-agent, request paths) | Hosting the website |
| Meta Platforms Ireland Ltd (WhatsApp / Telegram, if you contact us through them) | The messages you send us | To respond to messages you choose to send through these channels |
| Accommodation, transfer and visa-letter partners | Name, country, dates of stay, contact details — only if you opt in to these services | Booking your accommodation, airport transfer or visa invitation letter |
| Professional advisors (accountants, lawyers, auditors) | Contractual records only, on a need-to-know basis | Legal, accounting and audit obligations |
| Competent public authorities | Only what is strictly required | Where required by Armenian law, court order or comparable legal process |
We do not sell, rent or trade your personal data.
Because we rely on Google Workspace, GitHub Pages and (where you choose) WhatsApp / Telegram, some of your personal data is processed on servers located outside Armenia, including in the European Economic Area, the United Kingdom and the United States.
Where transfers leave the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the data processing terms published by the respective providers (Google Workspace Data Processing Addendum; GitHub Data Protection Agreement; WhatsApp Business Terms). Where you contact us through Telegram or WhatsApp, you do so under those services' own terms.
You can request a summary of the safeguards in place by emailing info@medbridge.am.
| Data | Retention period |
|---|---|
| Unsuccessful or withdrawn applications | Up to 12 months from the date of application, then deleted or anonymised |
| Accepted applications & participation records | Up to 3 years from the end of the programme |
| Contractual, accounting and tax records | For the period required by Armenian accounting and tax law (currently 5 years from the end of the financial year) |
| Email and WhatsApp correspondence | Up to 3 years from the last interaction |
| Server access logs | Managed by GitHub Pages — typically up to 30 days |
After the retention period we delete or irreversibly anonymise the data.
medbridge.am uses only the cookies and storage that are strictly necessary to make the site work (for example, remembering your cookie-consent choice in localStorage). We do not currently use advertising, profiling or third-party analytics cookies, and we self-host all typefaces — no third-party font CDN is contacted from your browser. If we add analytics in the future, we will request your consent through the cookie banner before any non-essential cookies are set, in line with the EU ePrivacy Directive.
We apply appropriate technical and organisational measures to protect personal data, including:
No system is perfectly secure. If you suspect your personal data may have been compromised, email info@medbridge.am immediately.
Subject to the conditions and exemptions of the GDPR (for residents of the EEA / UK) and of the Armenian Law on Personal Data Protection (for residents of Armenia), you have the right to:
To exercise these rights, email info@medbridge.am. We may need to verify your identity before responding. We aim to respond within 30 days.
See section 5. The programme is targeted at applicants aged 18 and older. We do not knowingly process personal data of children under 16 without verifiable parental consent.
We may update this policy from time to time. The «Effective date» and «Version» at the top of this page will reflect the most recent revision. Material changes will be communicated by email to active applicants and participants and announced on the website. See the version history below.
Email info@medbridge.am · Tel +374 77 33 83 33 · Post: MedBridge, 13 Khanjyan str., Yerevan, Armenia.
| Version | Date | Summary of changes |
|---|---|---|
| 2.0 | 2026-05-15 | Identified data controller; expanded data-categories and processors tables; added international-transfers section; documented age policy; added all eight GDPR rights; documented retention by category. |
| 1.0 | 2026-05-15 | Initial template policy. |