At Mediceflife, we take the protection of your personal data very seriously. In accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable privacy laws, this Privacy Policy explains how we collect, use, and protect your personal data, especially health-related information.

1. Data Controller

Mediceflife
Email: [email protected]
Phone: +90 535 707 02 02

2. Data We Collect

• Identity information: full name, date of birth.
• Contact details: email address, phone number, postal address.
• Medical information: medical history, treatments, diagnoses, laboratory or imaging data, medical photographs (for treatment planning or before/after comparisons).
• Payment information: billing details and transaction information (if services are paid).
• Technical data: IP address, device/browser data, and browsing information collected via cookies or similar technologies.

3. Purposes of Processing

• Appointments & patient management: booking, confirmations, reminders, and managing medical records.
• Treatment planning & care: evaluating cases and providing personalized treatment plans for Dental, Bariatric, Aesthetic, and Hair Transplant services.
• Communication: responding to inquiries, follow-up after procedures, and patient support.
• Legal & regulatory compliance: fulfilling obligations under healthcare and privacy regulations.
• Website improvement & security: analytics, performance monitoring, and fraud prevention.

4. Legal Basis for Processing

• Consent (Art. 6(1)(a) GDPR) – e.g., for specific communications or marketing where applicable.
• Performance of a contract (Art. 6(1)(b) GDPR) – to deliver our medical services.
• Legal obligations (Art. 6(1)(c) GDPR) – compliance with healthcare and tax laws.
• Provision of healthcare (Art. 9(2)(h) GDPR) – processing health data for medical diagnosis and care.
• Legitimate interests (Art. 6(1)(f) GDPR) – website security, fraud prevention, and service improvement (balanced against your rights).

5. Data Sharing

We share personal data only when necessary and with appropriate safeguards:

• Medical professionals & staff: licensed clinicians and authorized personnel involved in your care.
• Service providers: secure hosting, IT support, communication tools, appointment systems, and payment processors bound by data processing agreements.
• Health authorities or regulators: when required by law.

We do not transfer data outside the European Economic Area (EEA) unless necessary for your treatment or service delivery. If a transfer occurs, we implement appropriate safeguards (e.g., adequacy decisions or Standard Contractual Clauses).

6. Data Retention

• Medical records: retained in accordance with legal requirements (generally up to 10 years after the last visit, unless a longer period is required by law).
• Administrative/contract data: retained for statutory limitation and accounting periods.
• Marketing data: up to 3 years after your last interaction or until you withdraw consent.
• Cookies/analytics: per their lifespan and applicable laws (typically up to 13 months).

7. Data Security

We apply technical and organizational measures to protect your data, including secure EU-based hosting, access controls limited to authorized personnel, encryption of communications (SSL/TLS), and regular review of policies and staff training.

8. Your Rights

Under GDPR, you have the right to:

• Access your personal data;
• Request rectification or updates;
• Request erasure (“right to be forgotten”) where applicable;
• Restrict or object to processing;
• Data portability (receive your data in a commonly used format);
• Withdraw consent at any time (without affecting prior lawful processing);
• Lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at [email protected] .

9. Cookies

We use cookies and similar technologies to enhance your browsing experience, analyze traffic, and improve our services. You can manage your preferences via our cookie banner or your browser settings.

For details, please see our Cookie Policy.

10. Children’s Privacy

Our services are intended for adults. If we learn that we have collected personal data from a child without appropriate consent, we will take steps to delete such information.

11. Data Protection Officer (DPO)

Given the nature of our healthcare services, we may be required to appoint a Data Protection Officer. You can reach our DPO at [email protected].

12. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. Updates will be posted on this page with a revised “Last updated” date.