Privacy Policy

Last Updated: 3 July 2026

At Medsteps, we value our users’ privacy. This Privacy Policy explains the purposes for which we collect personal data from users of the Medsteps platform and its associated website and mobile applications, how this data is processed, with whom it may be shared, and how it is protected.

By using our platform, you are deemed to have accepted the practices set out in this Privacy Policy.


1. Data Controller

Personal data collected via this platform is processed by Medsteps in its capacity as data controller, in accordance with the legislation in force.


2. Information Collected

The following information may be collected whilst you are using the platform:

Identity Details

  • First name and surname

  • Date of birth

  • Gender

  • Nationality details

Contact Details

  • Telephone number

  • Email address

  • Country and city information

Account Details

  • Username

  • Password (stored in encrypted form)

  • Profile details

Health Information

If shared by a user via the platform;

  • Type of operation requested

  • Health information provided for the purposes of a preliminary assessment

  • Photographs and images

  • Doctor’s assessments

  • Treatment plans

This data can only be viewed by the relevant healthcare organisations and authorised users.

Technical Specifications

Whilst using the platform;

  • Your IP address

  • Browser information

  • Operating system

  • Device information

  • Cookie data

  • Session records

can be collected automatically.


3. For what purposes do we process personal data?

The information collected is used for the following purposes:

  • Creating a platform account

  • User verification

  • Facilitating communication with hospitals and doctors

  • Management of treatment requests

  • Conducting tender processes

  • Process management for patient representatives

  • Appointment and operation scheduling

  • Management of accommodation and transport arrangements

  • Provision of user support

  • Improving the quality of service

  • Security and anti-fraud measures

  • Compliance with legal obligations


4. Data Sharing

Your personal data may be shared with the following parties solely for the purpose of providing the service:

  • Our business partners

  • Hospitals listed on the platform

  • Doctors

  • Patient representatives

  • Accommodation and transfer service providers

  • Competent public bodies and organisations

  • Legally authorised authorities

None of your personal data will be sold or let to third parties for commercial purposes.


5. Health Data

Health data is classified as special category personal data under the current legislation on the protection of personal data.

In this context;

  • It cannot be viewed by unauthorised persons.

  • It is transmitted via encrypted communication channels.

  • It is protected by an authorisation system.

  • It is not to be used for any purpose other than the provision of the service.


6. Data Security

Medsteps implements appropriate technical and organisational measures to ensure the security of personal data.

These include:

  • SSL/TLS encryption

  • Secure server infrastructure

  • Authorisation systems

  • Regular security updates

  • Access logs

  • Data backup processes

is included.


7. Cookies

Our website uses cookies to enhance the user experience.

Cookies;

  • Session management

  • Security

  • Performance analysis

  • Remembering preferences

  • Improving the quality of service

can be used for this purpose.

You can manage your cookies at any time via your browser settings.


8. Data Retention Period

Personal data is retained for the period specified in the relevant legislation or for as long as is necessary for the purpose of processing.

At the end of the retention period, the data is deleted, destroyed or anonymised using secure methods.


9. User Rights

Under the relevant legislation, users:;

  • To find out whether your personal data is being processed,

  • Access to processed data,

  • Requesting the rectification of incomplete or incorrect data,

  • The right to request the erasure or destruction of data under certain conditions,

  • Objecting to data processing activities,

  • Exercising their other rights as provided for by law

are entitled to these rights.

Applications may be submitted to us in writing via our contact details or by the methods specified in the relevant legislation.


10. Third-Party Services

Our platform may utilise third-party services such as payment infrastructures, analytics tools, cloud services and communication services.

These service providers’ data processing procedures are subject to their own privacy policies.


11. Policy Updates

Medsteps may update this Privacy Policy where it deems necessary.

The latest version will always be published on our website, and the date of entry into force is stated at the beginning of the text.


12. Communication

If you have any questions regarding our Privacy Policy or the processing of your personal data, you can contact us via the following channels.

Medsteps

Email: info@medsteps.com