Privacy Policy

Privacy Policy
ConsultDoctorTurkey.com

Last updated: 7 July 2025

1. Purpose of this Policy

Consult Doctor Turkey (“CDT,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data—including sensitive health data—when you visit ConsultDoctorTurkey.com or use our services (together, the “Platform”).

Because CDT operates in Türkiye and may serve users in the European Economic Area (EEA) and other jurisdictions, this Policy has been drafted to comply with:

• Türkiye’s Law No. 6698 on the Protection of Personal Data (KVKK) and its 2024–25 amendments, as detailed by the Turkish Personal Data Protection Authority (“DPA”) and the Ministry of Health gentemizer.comroedl.itpaksoy.av.tr; and

• The EU General Data Protection Regulation (GDPR) where it applies.

2. Who is the Data Controller?

Consult Doctor Turkey Sağlık ve Danışmanlık Hizmetleri Ltd. Şti.
 İstanbul, Türkiye
E‑mail: consultdoctorturkey@gmail.com
Phone: +90 5340172822

3. What Data Do We Collect?

*Where more than one basis applies, we rely on the predominant basis for each purpose.

4. How and Why We Use Your Data

1. Telemedicine & appointment scheduling – to match you with licensed physicians, manage bookings, send reminders, and share records with the doctor you select.

2. Medical record maintenance – to create an electronic health file as required by the Ministry of Health for private outpatient providers gentemizer.com.

3. Customer support – to answer questions via chat, e‑mail, or phone.

4. Payment processing & invoicing – to collect our service fee and issue legal invoices.

5. Security & fraud prevention – to detect misuse, enforce our Terms of Service, and protect user accounts.

6. Analytics & service improvement – to analyse aggregated traffic patterns and improve our Platform (non‑essential cookies are opt‑in).

7. Legal compliance – to meet obligations under health‑care, tax, and data‑protection laws.

5. Special Protection for Health Data

Under Article 6 KVKK, data concerning health and sexual life is “special category” data and requires highest‑level security measures, including separate policies, restricted staff access, encryption in transit and at rest, two‑factor authentication for remote access, and secure logging roedl.itpaksoy.av.tr. CDT has implemented these technical and organisational safeguards, routinely trains employees, and revokes access immediately when staff leave.

6. Disclosure & Sharing

We share personal data only with:

• Doctors and clinics registered on the Platform (bound by medical confidentiality).

• Service providers (cloud hosting in Türkiye/EU, payment processors, SMS/e‑mail gateways) under written data‑processing agreements.

• Public authorities where required by law or court order.

• Third‑country recipients only if (a) the destination country is recognised as having adequate protection, or (b) we use DPA‑approved standard contractual clauses or obtain your explicit consent.

CDT never sells personal data.

7. International Data Transfers

Our primary servers are located in İstanbul. If we transfer data to servers in the EEA or elsewhere, we ensure an adequate level of protection through one of the mechanisms listed in §6.

8. Retention Periods

9. Your Rights

Under KVKK Articles 11 and 13 and, where applicable, GDPR Articles 15–22, you have the right to:

1. Know whether we process your data.

2. Request information about processing and recipients.

3. Correct incomplete or inaccurate data.

4. Erase or anonymise data that is no longer needed.

5. Object to processing for direct marketing or profiling.

6. Restrict processing under certain circumstances.

7. Data portability (GDPR only).

8. Withdraw consent at any time (does not affect past lawful processing).

9. Complain to the Turkish DPA or, if in the EEA, to your local supervisory authority.

You may exercise these rights by e‑mailing privacy@consultdoctorturkey.com or using the online form in your account dashboard. We will respond within 30 days (extendable by 30 days for complex requests).

10. Cookies and Similar Technologies

Our Cookie Banner lets you manage non‑essential cookies (analytics, advertising). Essential cookies—needed for secure login and appointment booking—are stored automatically. For more details, see our Cookie Policy (link in footer).

11. Automated Decision‑Making and Profiling

CDT does not use automated decision‑making that produces legal or similarly significant effects. Appointment suggestions are generated by simple rule‑based matching (e.g., specialty, language, schedule) and always require human confirmation.

12. Children’s Privacy

The Platform is intended for users aged 18 or older. A parent or legal guardian must create the account and provide consent when services are sought for minors.

13. Security Measures at a Glance

• End‑to‑end TLS 1.3 encryption for all traffic.

• AES‑256 encryption of health data at rest.

• Role‑based access controls and mandatory 2FA for staff.

• Annual penetration testing and ISO 27001‑aligned audits.

• Separate, encrypted backups stored off‑site.

• Incident‑response plan and 72‑hour breach‑notification protocol (GDPR Art. 33).

These measures align with the DPA’s 2018/10 Decision and the updated 2025 Guidelines on special‑category data roedl.itpaksoy.av.tr.

14. Changes to This Policy

Regulations evolve—e.g., the Ministry of Health’s April 2025 rule tightening electronic medical archives gentemizer.com. We will publish any material changes here and, where required, notify you by e‑mail or in‑app message at least 14 days before they take effect.

15. Contact Us

Questions, concerns, or complaints?
Data Protection Officer: Chahinez M Türker
E‑mail:  consultdoctorturkey@gmail.com
Address:  İstanbul, Türkiye