Privacy Policy

Effective date: 2026-05-15 · Version 2.0

This Privacy Policy explains who we are, what personal data we collect through medbridge.am, why we collect it, who we share it with, how long we keep it, what your rights are and how to exercise them. It applies to applicants, participants and visitors to our website.

1. Data controller

The data controller responsible for the personal data described in this policy is:

References to «we», «us» and «MedBridge» mean the data controller named above.

2. Scope

This policy covers personal data we receive when you:

It does not cover Astghik Medical Center's internal processing of patient data, which is governed by Astghik's own privacy notice and Armenian healthcare regulations.

3. Categories of personal data we collect

CategoryExamplesSource
IdentificationFirst and last name, email, country of residence, phone / WhatsApp numberYou, via the application form
Programme detailsEducation level, preferred specialty, programme length, preferred start date, free-text notesYou, via the application form
Optional special-category dataHealth-related information you voluntarily share (e.g. dietary requirements, allergies, accessibility needs) in the «Anything we should know?» fieldYou, only if you choose to share
Technical dataIP address, user-agent string, page-referrer, the medbridge.am host stringAutomatically, when you submit the form
CommunicationsEmail, phone and WhatsApp messages between you and our teamYou and our team
Contractual recordsAcceptance letter, signed programme agreement, payment confirmations, certificate of completionYou and our team (only if you are accepted)

We do not knowingly collect special-category data (health, religion, sexual orientation, biometric data) unless you voluntarily share it. Where you do, we treat that data under the higher protections of Article 9 GDPR / equivalent provisions of Armenian law and only with your explicit consent.

4. Purposes and lawful bases

PurposeLawful basis
Review your application and respond within two business daysSteps taken prior to entering into a contract at your request (GDPR Art. 6(1)(b)) / equivalent under Armenian Law on Personal Data Protection
Coordinate your rotation with Astghik Medical Center, including communicating logistics, accommodation and transfersPerformance of a contract (Art. 6(1)(b))
Send you a personalised quote, acceptance letter, invoice and onboarding informationPerformance of a contract (Art. 6(1)(b))
Maintain accounting and tax recordsCompliance with a legal obligation under Armenian law (Art. 6(1)(c))
Process any health-related information you share (allergies, accessibility needs)Your explicit consent (Art. 9(2)(a))
Improve the programme based on aggregated, non-identifying feedbackOur legitimate interest in improving the service (Art. 6(1)(f))
Defend or pursue legal claims arising from the programmeOur legitimate interest / establishment of legal claims (Art. 6(1)(f) / Art. 9(2)(f))

We do not use your data for automated decision-making or profiling within the meaning of Article 22 GDPR. Every application is reviewed by a human member of the MedBridge team.

5. Age requirements

The MedBridge programme is open to applicants aged 18 or older. Applicants under 18 may apply only with verifiable written consent from a parent or legal guardian, and only for observational programmes that do not involve hands-on exposure. We do not knowingly collect personal data from anyone under 16. If you believe a person under 16 has provided us with personal data, please contact info@medbridge.am and we will delete it.

6. Who we share your data with

We share the minimum necessary personal data with the following categories of recipients:

RecipientWhat we shareWhy
Astghik Medical Center (Yerevan, Armenia)Identification, programme details, contractual recordsTo plan and deliver your rotation
Google LLC / Google Ireland Ltd (Workspace, Sheets, Mail, Apps Script — our application backend and email)The full application payload, the «Applications» Google Sheet, email notificationsHosting our application backend
GitHub, Inc. (GitHub Pages, hosting medbridge.am)Server logs (IP, user-agent, request paths)Hosting the website
Meta Platforms Ireland Ltd (WhatsApp / Telegram, if you contact us through them)The messages you send usTo respond to messages you choose to send through these channels
Accommodation, transfer and visa-letter partnersName, country, dates of stay, contact details — only if you opt in to these servicesBooking your accommodation, airport transfer or visa invitation letter
Professional advisors (accountants, lawyers, auditors)Contractual records only, on a need-to-know basisLegal, accounting and audit obligations
Competent public authoritiesOnly what is strictly requiredWhere required by Armenian law, court order or comparable legal process

We do not sell, rent or trade your personal data.

7. International transfers

Because we rely on Google Workspace, GitHub Pages and (where you choose) WhatsApp / Telegram, some of your personal data is processed on servers located outside Armenia, including in the European Economic Area, the United Kingdom and the United States.

Where transfers leave the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the data processing terms published by the respective providers (Google Workspace Data Processing Addendum; GitHub Data Protection Agreement; WhatsApp Business Terms). Where you contact us through Telegram or WhatsApp, you do so under those services' own terms.

You can request a summary of the safeguards in place by emailing info@medbridge.am.

8. Retention

DataRetention period
Unsuccessful or withdrawn applicationsUp to 12 months from the date of application, then deleted or anonymised
Accepted applications & participation recordsUp to 3 years from the end of the programme
Contractual, accounting and tax recordsFor the period required by Armenian accounting and tax law (currently 5 years from the end of the financial year)
Email and WhatsApp correspondenceUp to 3 years from the last interaction
Server access logsManaged by GitHub Pages — typically up to 30 days

After the retention period we delete or irreversibly anonymise the data.

9. Cookies and similar technologies

medbridge.am uses only the cookies and storage that are strictly necessary to make the site work (for example, remembering your cookie-consent choice in localStorage). We do not currently use advertising, profiling or third-party analytics cookies, and we self-host all typefaces — no third-party font CDN is contacted from your browser. If we add analytics in the future, we will request your consent through the cookie banner before any non-essential cookies are set, in line with the EU ePrivacy Directive.

10. Security

We apply appropriate technical and organisational measures to protect personal data, including:

No system is perfectly secure. If you suspect your personal data may have been compromised, email info@medbridge.am immediately.

11. Your rights

Subject to the conditions and exemptions of the GDPR (for residents of the EEA / UK) and of the Armenian Law on Personal Data Protection (for residents of Armenia), you have the right to:

To exercise these rights, email info@medbridge.am. We may need to verify your identity before responding. We aim to respond within 30 days.

12. Children

See section 5. The programme is targeted at applicants aged 18 and older. We do not knowingly process personal data of children under 16 without verifiable parental consent.

13. Changes to this policy

We may update this policy from time to time. The «Effective date» and «Version» at the top of this page will reflect the most recent revision. Material changes will be communicated by email to active applicants and participants and announced on the website. See the version history below.

14. Contact

Email info@medbridge.am · Tel +374 77 33 83 33 · Post: MedBridge, 13 Khanjyan str., Yerevan, Armenia.

Version history

VersionDateSummary of changes
2.02026-05-15Identified data controller; expanded data-categories and processors tables; added international-transfers section; documented age policy; added all eight GDPR rights; documented retention by category.
1.02026-05-15Initial template policy.
← Back to MedBridge