Schnelles Angebot
Beratung erhalten Beratung erhalten

Privacy Policy Letzte Aktualisierung vor 1 Monat

Privacy Policy

Last updated: 22 May 2026

This Privacy Policy explains what personal data we process about patients, clinics, hospitals, doctors, experts, affiliate/partner users, and visitors using the Clinictus platform, why we process it, who we may share it with, and your rights.

Clinictus may act as a data controller or, for certain technical operations, as a processor under the EU General Data Protection Regulation (GDPR), UK GDPR/Data Protection Act, Turkish Personal Data Protection Law No. 6698 (KVKK), and other applicable data protection rules.

1. Categories of data we process

  • Identity and contact data: name, surname, email, phone, country, city, address, account type, language preference.
  • Patient and healthcare journey data: treatment request, category, description, preferred language, health history, symptoms/concerns, treatment photos, reports, and documents you upload.
  • Provider/professional data: clinic, hospital, doctor, and expert profiles, licenses/specialties, services, prices, languages, images, reviews, and verification documents.
  • Communication and support data: messages, offer comments, online consultation metadata, support tickets, live chat, and email correspondence.
  • Payment and transaction data: orders, invoices/receipts, payment status, currency, refunds, commissions, affiliate/referral records. Full card data may be processed by payment institutions or partner payment SDKs; Clinictus does not store full card data unless strictly necessary.
  • Travel and booking data: hotel stay dates, guest details, flight/hotel/tour search parameters, booking references, cancellation/refund status, vouchers, and partner references.
  • Technical data: IP address, device, browser, session, cookies, referral code, logs, security records, and usage analytics.

2. Special category health data

Health data may be special category data under GDPR/UK GDPR and sensitive personal data under KVKK. We process it only where we have your explicit consent, where processing is necessary for steps related to your service request, healthcare referral, legal obligations, legitimate security/fraud prevention purposes, or other legal bases permitted by applicable law.

You should upload health documents only when necessary. Such documents may be shared, on a need-to-know basis, with eligible healthcare providers responding to your request or accepted by you, our support team, and legally required recipients.

3. Purposes and legal bases

We process data to create accounts, run verification checks, create treatment requests, manage offer flows, provide online consultation and support, process payments/bookings, track affiliate/referral activity, ensure security, prevent fraud, comply with legal/accounting obligations, improve user experience, and send communications you have allowed.

Legal bases may include contract performance, steps before entering a contract, explicit consent, legal obligation, legitimate interests, establishment/exercise/defence of legal claims, and, where applicable, specific rules for public health/medical diagnosis/treatment processes.

4. Sharing data

We may share your data only where necessary with the following categories of recipients:

  • Clinics, hospitals, doctors, and experts responding to or accepted for your request.
  • Payment institutions, banks, accounting, tax, invoice, and receipt service providers.
  • Travel and experience partners: LiteAPI/Nuitee Travel Limited, Viator, Travelpayouts, and their connected suppliers, advertisers, hotels, airlines, OTAs, tour/activity, or transfer providers.
  • Technical infrastructure, hosting, email, SMS/WhatsApp, live chat, support, security, error monitoring, and analytics providers.
  • Affiliate/partner program participants receive only necessary referral, lead, and commission status information; health documents and detailed medical information are not shared with affiliates.
  • Courts, regulators, law enforcement, and legally authorized public bodies.

Third-party travel/experience providers may act as independent controllers or processors for their own services. Their own privacy policies, booking conditions, and support processes may apply.

5. International transfers

Clinictus and its partners may use service providers in the European Union/EEA, Türkiye, the United Kingdom, the United States, and other countries. Your data may be transferred outside your country. Where required, we use appropriate transfer mechanisms such as standard contractual clauses, adequacy decisions, data processing agreements, explicit consent, or other mechanisms recognized by applicable law.

6. Retention

We keep data only as long as necessary. Account data may be kept while your account is active; treatment requests, offers, payments, and booking records may be kept for legal, accounting, dispute, refund, and security requirements; support conversations may be retained for reasonable support and audit periods; technical logs are generally kept for shorter security and debugging periods.

Health documents are kept limited to the request purpose where possible and deleted, anonymized, or access-restricted when no longer needed.

7. Cookies, referrals, and analytics

The platform may use session, security, preference, language, theme, affiliate/referral, performance, and analytics cookies. When you arrive through an affiliate or partner link, a referral code may be stored for a limited period. Travelpayouts, Viator, or other third-party redirects may apply their own cookie and tracking rules.

8. Your rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, port, object to processing, withdraw consent, object to automated decision-making, and complain to a data protection authority. Under KVKK, you may also have rights to learn the purpose of processing, recipients of domestic/international transfers, and request compensation for unlawful processing damage.

You can submit rights requests through a support ticket or the contact page. We may ask for additional information to verify your identity and handle the request securely.

9. Security

Clinictus uses technical and organizational measures such as access controls, authorization, encryption, logging, data minimization, restricted employee/provider access, and security monitoring. No system is risk-free; you should protect your account, use strong passwords, and share sensitive documents only where necessary.

10. Children

The platform is not directed at children. If a treatment request or booking is made for a minor, parental/legal guardian consent and the relevant provider's acceptance conditions are required.

11. Automated decision-making

Clinictus may use automated tools for user experience, search, matching, security, and fraud prevention. Medical diagnosis or treatment decisions are not made solely by automated systems and should be assessed by relevant healthcare professionals.

12. Changes and contact

This policy may be updated as products, partners, legal requirements, or security needs change. Material changes will be communicated where appropriate. For privacy questions or rights requests, create a support ticket or contact us through the contact page.

Live-Support
Clinictus Betreuungsteam Benötigen Sie Hilfe zu Behandlung, Reise, Hotel oder Ihrem Konto? Starten Sie einen sicheren Live-Chat.
WhatsApp Telegram Messenger Instagram