GENERAL DATA PROTECTION REGULATION (GDPR) INFORMATION NOTICE

1. Data Controller Information

This information notice has been prepared by MODE SAĞLIK TURİZMİ VE EĞİTİM DANIŞMANLIK HİZMETLERİ LİMİTED ŞİRKETİ (“Company” or “MODE Health Services”) to inform natural persons whose personal data is processed, in accordance with the European Union General Data Protection Regulation (GDPR).

• Company Name: MODE SAĞLIK TURİZMİ VE EĞİTİM DANIŞMANLIK HİZMETLERİ LİMİTED ŞİRKETİ
• Address: Bahçelievler Mah. Ressam Halim Sk. Kadir Has No:7, Apt. No:16, Bahçelievler / İstanbul, Türkiye
• Tax Office: Merter
• Tax Number: 6220828365
• Contact: info@modehealthservices.com | +90 (555) 142 4669
• Website: www.modehealthservices.com
• Personal Data Processed

Our Company may process your personal data in the following categories:

• Identity Information (Name, surname, date of birth, Turkish ID number, etc.)
• Contact Information (Phone number, email address, mailing address, etc.)
• Health Data (Medical history, diagnoses, treatment information, test results, imaging data, etc.)
• Financial Information (Bank account details, payment history, etc.)
• Transaction Security and Log Records
• Location Data (Approximate location derived from IP address)
• Internet Traffic and Cookie Data (Collected in accordance with the cookie policy)

3. Purposes of Personal Data Processing

Your personal data is processed for the following purposes:

• Provision and planning of healthcare services
• Execution of medical diagnosis, treatment, and care services
• Coordination of domestic and international patient consultancy processes
• Monitoring of patient satisfaction processes
• Appointment creation and notification processes
• Marketing, promotional, and informational activities (with your consent)
• Compliance with legal regulations and fulfillment of legal obligations
• Execution of billing, collection, and accounting operations
• Improvement of internal company processes and operations
• Execution of information security procedures

4. Transfer of Personal Data

Your personal data may be transferred to the following entities, provided that necessary administrative and technical measures are taken under GDPR and national data protection laws:

• The Ministry of Health and its affiliated institutions
• Insurance companies (domestic and international)
• Foreign-based healthcare institutions and partners
• Authorized public institutions and organizations
• Data processors located abroad (e.g., server and software providers)
• Authorized third-party consultancy, legal, and accounting firms
• Foreign healthcare institutions with patient consent

5. International Data Transfer

MODE Health Services may transfer your personal data to data processors and partners located in countries outside the EU, depending on the nature of processing activities. These transfers are secured under Article 44 and subsequent provisions of the GDPR, using adequacy decisions or standard contractual clauses approved by the European Commission.

6. Data Subject Rights (Articles 15–22 of the GDPR)

As a data subject, you have the following rights:

• Right to access your personal data
• Right to request correction of incorrect or incomplete data
• Right to request deletion or destruction of your personal data
• Right to object to data processing activities
• Right to object to automated processing and profiling
• Right to data portability
• Right to withdraw your consent for processing based on consent
• Right to lodge a complaint with your country’s Data Protection Authority

You may submit your requests regarding these rights through the following channels:

• Email: info@modehealthservices.com
• Mailing Address: Bahçelievler Mah. Ressam Halim Sk. Kadir Has No:7, Apt. No:16, Bahçelievler / İstanbul, Türkiye

7. Data Retention Period

Our Company retains personal data only for the period necessary to fulfill the purposes of processing or as required by applicable legislation. Once the retention period ends, the data is deleted, destroyed, or anonymized.

8. Security Measures

MODE Health Services implements the following technical and administrative security measures to protect your personal data in accordance with the GDPR:

• Data transmission over SSL
• Use of encryption technologies
• Access authorization and audit mechanisms
• Comprehensive backup and disaster recovery systems
• Employee confidentiality agreements and regular training

9. Cookie Policy

Our website uses cookies to enhance user experience, measure site performance, and conduct analytics for advertising/remarketing purposes. You can manage your cookie preferences via your browser settings.

10. Patient Explicit Consent Form

Sensitive personal data (including health data) of patients receiving our services is processed only with your explicit consent. You will be informed and asked to give your voluntary approval through the “Explicit Consent Form” before, during, and after treatment.

11. Patient Informed Consent Form

Before any medical intervention, informed consent is obtained. This form includes details of the procedure, risks, alternatives, and possible complications. It becomes legally valid upon your signature.

12. Modifications and Updates

This GDPR Information Notice may be updated from time to time due to changes in legal regulations or company policies. The most recent version will be published on our website.