Privacy Policy
Last Updated: 3 July 2026
At Medsteps, we value our users’ privacy. This Privacy Policy explains the purposes for which we collect personal data from users of the Medsteps platform and its associated website and mobile applications, how this data is processed, with whom it may be shared, and how it is protected.
By using our platform, you are deemed to have accepted the practices set out in this Privacy Policy.
1. Data Controller
Personal data collected via this platform is processed by Medsteps in its capacity as data controller, in accordance with the legislation in force.
2. Information Collected
The following information may be collected whilst you are using the platform:
Identity Details
First name and surname
Date of birth
Gender
Nationality details
Contact Details
Telephone number
Email address
Country and city information
Account Details
Username
Password (stored in encrypted form)
Profile details
Health Information
If shared by a user via the platform;
Type of operation requested
Health information provided for the purposes of a preliminary assessment
Photographs and images
Doctor’s assessments
Treatment plans
This data can only be viewed by the relevant healthcare organisations and authorised users.
Technical Specifications
Whilst using the platform;
Your IP address
Browser information
Operating system
Device information
Cookie data
Session records
can be collected automatically.
3. For what purposes do we process personal data?
The information collected is used for the following purposes:
Creating a platform account
User verification
Facilitating communication with hospitals and doctors
Management of treatment requests
Conducting tender processes
Process management for patient representatives
Appointment and operation scheduling
Management of accommodation and transport arrangements
Provision of user support
Improving the quality of service
Security and anti-fraud measures
Compliance with legal obligations
4. Data Sharing
Your personal data may be shared with the following parties solely for the purpose of providing the service:
Our business partners
Hospitals listed on the platform
Doctors
Patient representatives
Accommodation and transfer service providers
Competent public bodies and organisations
Legally authorised authorities
None of your personal data will be sold or let to third parties for commercial purposes.
5. Health Data
Health data is classified as special category personal data under the current legislation on the protection of personal data.
In this context;
It cannot be viewed by unauthorised persons.
It is transmitted via encrypted communication channels.
It is protected by an authorisation system.
It is not to be used for any purpose other than the provision of the service.
6. Data Security
Medsteps implements appropriate technical and organisational measures to ensure the security of personal data.
These include:
SSL/TLS encryption
Secure server infrastructure
Authorisation systems
Regular security updates
Access logs
Data backup processes
is included.
7. Cookies
Our website uses cookies to enhance the user experience.
Cookies;
Session management
Security
Performance analysis
Remembering preferences
Improving the quality of service
can be used for this purpose.
You can manage your cookies at any time via your browser settings.
8. Data Retention Period
Personal data is retained for the period specified in the relevant legislation or for as long as is necessary for the purpose of processing.
At the end of the retention period, the data is deleted, destroyed or anonymised using secure methods.
9. User Rights
Under the relevant legislation, users:;
To find out whether your personal data is being processed,
Access to processed data,
Requesting the rectification of incomplete or incorrect data,
The right to request the erasure or destruction of data under certain conditions,
Objecting to data processing activities,
Exercising their other rights as provided for by law
are entitled to these rights.
Applications may be submitted to us in writing via our contact details or by the methods specified in the relevant legislation.
10. Third-Party Services
Our platform may utilise third-party services such as payment infrastructures, analytics tools, cloud services and communication services.
These service providers’ data processing procedures are subject to their own privacy policies.
11. Policy Updates
Medsteps may update this Privacy Policy where it deems necessary.
The latest version will always be published on our website, and the date of entry into force is stated at the beginning of the text.
12. Communication
If you have any questions regarding our Privacy Policy or the processing of your personal data, you can contact us via the following channels.
Medsteps
Email: info@medsteps.com