GDPR & Your Data Rights

1.1. Data Controller

GetClinic Teknologi A.Ş. is a technology company headquartered in Istanbul, Turkey, dedicated to improving healthcare accessibility through innovative digital solutions.

1.2. Registered Address

Maslak Mah. Büyükdere Cd. No:255, Sarıyer, Istanbul, Turkey

1.3. Privacy Contact

For privacy-related inquiries, please contact us at privacy@getclinic.com. We aim to respond to all queries within 30 days.

1.4. Data Protection Officer

Our Data Protection Officer can be reached at dpo@getclinic.com for any concerns regarding your personal data and its processing.

1.5. EU / UK Representative

For EU/UK data subjects, our appointed representative can be contacted through our main privacy contact at privacy@getclinic.com.

2.1. Request access to my data

You have the right to request a copy of your personal data. This includes details on how we utilize and share your information with others, ensuring transparency and control over your personal information.

2.2. Request deletion

You have the right to request the deletion of your personal data when it is no longer necessary for our purposes or if you decide to withdraw your consent for its use.

2.3. Correct my data

You are entitled to modify or rectify any personal information that is found to be inaccurate or incomplete. It is your right to ensure that your details are correct and up to date.

2.4. Export my data

You have the option to download your personal data in a structured format that is widely used and easily readable by machines, ensuring you can access and utilize your information effectively.

2.5. Marketing opt-out

At any time, you have the option to unsubscribe from marketing emails and promotional messages. Your preferences matter, and we respect your choice to stop receiving these communications whenever you decide.

2.6. Cookie preferences

At any time, you have the ability to review and manage your cookie consent and tracking preferences. This ensures that you have control over your data and how it is used while browsing.

3.1. Data You Provide Directly

When you use our services, you may provide us with the following information:

• Full name
• Email address
• Country and city preferences
• Treatment interests and inquiry messages
• Files you choose to upload (such as photos or reports), only when explicitly submitted by you

3.2. Data Collected Automatically

We automatically collect certain data when you use our platform:

• Device and browser information
• IP address and approximate location (city/country level)
• Website usage events (pages visited, interactions, timestamps)
• Cookies and local storage identifiers, subject to your consent preferences

3.3. Data Received from Clinics

When you interact with clinics through our platform, we may receive:

• Quotation details
• Appointment confirmations
• Post-treatment support and follow-up planning
• Follow-up or coordination notes related to your request

4.1. Core Service Purposes

We process your data to deliver our core services:

• Provide relevant clinic, treatment, or package options based on your preferences
• Match patients with verified clinics and providers
• Coordinate inquiries and facilitate communication

4.2. Communication

We use your contact information to communicate with you:

• Respond to inquiries and requests
• Contact you via WhatsApp, email, or phone regarding options, updates, or clarifications

4.3. Security & Fraud Prevention

We process data to maintain platform security:

• Detect and prevent fraudulent or abusive activity
• Ensure platform integrity and user safety
• Verify identity when necessary

4.4. Customer Support

We use your data to provide customer support:

• Handle support requests
• Manage complaints or disputes related to inquiries or services

4.5. Platform Improvement

We analyze data to improve our services:

• Analyze platform usage and interaction patterns
• Improve features, workflows, and reliability
• Analytics are used in accordance with applicable consent requirements

4.6. Marketing & Communication

With your consent, we may send marketing communications:

• Send promotional or informational communications
• Marketing messages are sent only where required consent has been obtained
• You can opt out at any time

5.1. Lawful Basis for Processing Personal Data

We process your personal data based on various lawful bases including consent, contract performance, legal obligations, and legitimate interests. The specific basis depends on the purpose of processing.

6.1. Clinics & Medical Providers

Your information may be shared with clinics and medical providers to facilitate your treatment inquiries and coordinate care.

6.2. Service Providers

We work with trusted service providers who help us operate our platform, including hosting, analytics, and customer support services.

6.3. Payment Providers (if applicable)

If you make payments through our platform, your payment information may be processed by secure payment providers.

6.4. Legal & Regulatory Authorities

We may disclose your data to legal authorities when required by law or to protect our rights and the safety of our users.

7.1. Where your data may be processed

Your data may be processed in Turkey, the European Union, and other countries where our service providers operate.

7.2. Safeguards for international transfers

We use standard contractual clauses, adequacy decisions, and other appropriate mechanisms to ensure your data is protected during international transfers.

8.1. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After this period, your data is securely deleted or anonymized.

9.1. Your Rights Under GDPR

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You also have the right to withdraw consent at any time.

10.1. Submit a GDPR Request

To exercise your data rights, please contact us at privacy@getclinic.com. We will respond to your request within 30 days as required by GDPR.

11.1. Email Marketing

You can opt out of email marketing at any time by clicking the unsubscribe link in our emails or contacting us directly.

11.2. WhatsApp & SMS Communications

You can manage your WhatsApp and SMS communication preferences through your account settings or by contacting our support team.

13.1. Access controls

We implement strict access controls to ensure only authorized personnel can access your data.

13.2. Encryption in transit

All data transmitted between your device and our servers is encrypted using industry-standard protocols.

13.3. Limited access

Access to personal data is limited to employees who need it to perform their job functions.

13.4. Vendor due diligence

We carefully evaluate all third-party vendors to ensure they meet our security standards.

13.5. Continuous monitoring

We continuously monitor our systems for security threats and vulnerabilities.