Privacy Policy

Last updated: April 2026

1. Who We Are

BergemHealth is a medical tourism facilitation company headquartered in Istanbul, Turkey. We act as an intermediary service connecting international patients with licensed partner medical facilities, including Liv Hospital Ulus, Istanbul, for hair transplant procedures (FUE, Sapphire FUE, and DHI techniques) and related healthcare services.

We are not a medical provider ourselves. All clinical procedures are performed by licensed, independent partner clinics and surgeons. BergemHealth coordinates consultations, travel logistics, accommodation, and post-operative support on behalf of patients.

Data Controller:
BergemHealth
Istanbul, Turkey
Email: info@bergemhealth.com
Phone: +90 531 309 47 88

2. What Personal Data We Collect

We collect personal data only to the extent necessary to provide you with our services. The types of data we may collect include:

a) Contact and Identification Data

• Full name
• Email address
• Phone number (including WhatsApp if provided)
• Country of residence

b) Medical and Health Data

• Medical history relevant to hair transplant procedures (e.g. scalp conditions, previous surgeries, medications, allergies)
• Photographs of the scalp and hair loss areas submitted for assessment purposes
• Hair loss severity and pattern (e.g. Norwood scale classification)
• Pre-existing medical conditions that may affect treatment eligibility or outcomes

c) Communication Data

• Messages and enquiries submitted through our contact or consultation forms
• Email and WhatsApp correspondence records
• Consultation notes and treatment preference information

d) Technical and Usage Data

• IP address and approximate geographic location
• Browser type and version
• Pages visited and time spent on site
• Referring website or search query
• Device type (desktop, mobile, tablet)
• UTM parameters and advertising campaign identifiers

3. How We Collect Your Data

We collect data through the following means:

• Consultation forms: When you complete a free consultation request form on our website, you voluntarily provide contact information, medical history, and optionally upload photos.
• Direct communications: Via email, WhatsApp, or phone enquiries you initiate.
• Cookies and analytics tools: Automatically collected through your browser when you visit our website (see Section 7 — Cookies).
• Referral partners: Occasionally, partner agencies or clinics may refer patients to us with prior consent.

4. Why We Collect and Use Your Data

We process your personal data for the following purposes:

• Medical consultation facilitation: To assess your suitability for hair transplant procedures and provide you with an initial, non-binding evaluation to share with our partner clinic.
• Treatment planning coordination: To prepare and communicate treatment proposals, surgical plans, and quotations on your behalf.
• Communication and follow-up: To respond to your enquiries, confirm appointments, and keep you informed about your consultation or booking status.
• Medical photo assessment: Photographs of your scalp are used exclusively for clinical evaluation by our medical team and partner clinic surgeons to recommend the appropriate procedure and estimate graft numbers. Photos are never used for marketing purposes without separate explicit written consent.
• Travel and logistics coordination: To assist with accommodation, airport transfers, and scheduling during your visit to Istanbul.
• Legal and regulatory compliance: To meet our obligations under Turkish law (including the KVKK — Personal Data Protection Law) and applicable EU/UK data protection regulations where relevant.
• Service improvement: Aggregated, anonymised analytics data to understand how users interact with our website and improve usability.
• Marketing communications: Where you have given explicit consent, to send you relevant information about our services, promotions, or follow-up offers. You may withdraw this consent at any time.

The legal basis for processing your data includes:

• Contractual necessity: Processing required to perform services you have requested.
• Legitimate interests: Improving our services, fraud prevention, and internal communications — balanced against your privacy rights.
• Consent: For marketing communications and photo use in non-clinical contexts.
• Legal obligation: Compliance with Turkish health law and data protection regulations.

5. Medical Photos — Special Category Data

Photographs you submit (e.g. scalp images for hair loss assessment) constitute special category health-related data and are treated with the highest level of care and confidentiality. Such images are:

• Transmitted over encrypted SSL connections and stored in a secure, access-controlled environment on our servers in Turkey.
• Accessible only to authorised BergemHealth medical coordinators and the partner clinic's clinical team directly responsible for your case.
• Never shared publicly, used in advertising, or disclosed to any third party without your explicit written consent.
• Retained for a minimum of 10 years in compliance with Turkish health record retention regulations (or longer if required by applicable law), and deleted upon your verifiable request after this period, subject to any legal retention obligations.

You may withdraw consent for medical photo storage at any time by contacting us at info@bergemhealth.com. Note that withdrawal of consent may limit our ability to provide certain services.

6. How We Store Your Data

Your personal data is stored in a WordPress-powered database hosted on servers physically located in Turkey, operated by a reputable hosting provider with industry-standard security measures. Data at rest is protected by AES-256 encryption, and all data in transit is protected by SSL/TLS encryption (HTTPS).

Key security measures include:

• SSL/TLS encryption for all data transmitted between your browser and our website.
• Encrypted database storage for all personal and medical records.
• Access controls limiting data access to authorised personnel only, on a need-to-know basis.
• Regular security audits and software updates to prevent vulnerabilities.
• Two-factor authentication for administrative access to our systems.
• Regular encrypted backups stored in geographically separate locations.

Despite our rigorous security practices, no method of transmission over the Internet is 100% secure. We cannot guarantee the absolute security of data transmitted to or from our website, but we take all reasonable steps to protect your information.

7. Cookies

Our website uses cookies — small text files stored on your device — to enable essential functionality, improve performance, and understand how visitors use our site. Cookies are grouped into the following categories:

Essential Cookies

Required for the website to function correctly. They cannot be disabled. Examples include session management and CSRF (cross-site request forgery) protection tokens.

Analytics Cookies

We use Google Analytics 4 to collect anonymised data about how visitors use our website (pages visited, session duration, traffic sources). This helps us improve the site. Google Analytics sets cookies such as _ga and _gid. Data is processed by Google LLC in accordance with their privacy policy. You can opt out via Google's opt-out tool.

Advertising Cookies

We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This may involve cookies set by Google's advertising network. Advertising cookies are only activated with your prior consent where required by applicable law.

Functional Cookies

We use the Autoglot plugin for automatic language translation. This sets a cookie to remember your language preference across pages.

You can manage or withdraw cookie consent at any time through your browser settings. See Section 10 for more detail on managing your preferences. Note that disabling certain cookies may affect the functionality of our website.

8. Third-Party Data Sharing

We do not sell, trade, or rent your personal data. We may share your data with the following categories of third parties, solely to the extent necessary to provide our services:

• Partner medical clinics (primarily Liv Hospital Ulus, Istanbul): Your medical information and assessment data are shared with the clinical team responsible for your treatment, under strict confidentiality obligations and in compliance with Turkish healthcare law.
• Internal team notifications: We use Telegram for internal operational notifications. Consultation requests may generate automated notifications to our team containing your name and contact information. This data is processed within our internal team only and is not shared further.
• Google LLC: Through Google Analytics 4 and Google Ads, certain usage and behavioural data is shared with Google for analytics and advertising measurement purposes. Google processes this data in accordance with its own Privacy Policy.
• Hosting and infrastructure providers: Our hosting provider has access to server infrastructure but does not process personal data for its own purposes.
• Legal authorities: We may disclose personal data if required by Turkish law, court order, or regulatory authority.

All third parties with whom we share data are required to handle it securely and in accordance with applicable data protection law.

9. Data Retention

We retain personal data for different periods depending on the type and purpose:

• Medical records and health data (including photos): A minimum of 10 years from the date of consultation or procedure, as required by Turkish health regulations (Turkish Ministry of Health Regulation on Patient Rights and Medical Records). After this period, data is securely deleted unless a longer retention period is required by law.
• General enquiry and contact data: Up to 3 years from last contact, to allow for follow-up and service continuity.
• Marketing consent records: Until you withdraw consent, plus an additional 1 year for compliance audit purposes.
• Analytics and technical data: As defined by Google Analytics retention settings (default: 14 months for user-level data).
• Financial and booking records: Up to 10 years in compliance with Turkish commercial law.

You may request early deletion of your data (subject to legal retention obligations) by contacting us at info@bergemhealth.com.

10. Your Rights

Depending on your country of residence, you may have the following rights regarding your personal data. These rights apply under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Turkish Personal Data Protection Law (KVKK — Kişisel Verilerin Korunması Kanunu):

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of any inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): You may request deletion of your personal data, subject to legal retention obligations (e.g. medical records required to be kept for 10 years by Turkish law).
• Right to data portability: Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
• Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
• Right to object: You may object to processing based on our legitimate interests, or to direct marketing at any time.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with the Turkish Personal Data Protection Authority (KVKK — www.kvkk.gov.tr), or with your national data protection authority if you reside in an EU or EEA country.

To exercise any of these rights, please contact us at info@bergemhealth.com. We will respond to all verifiable requests within 30 days. We may need to verify your identity before processing your request.

11. International Data Transfers

BergemHealth is based in Turkey. Turkey has been assessed by the European Commission in the context of adequacy, though formal adequacy decisions may vary. Where personal data is transferred to or from the European Union or European Economic Area, we take appropriate safeguards as required under GDPR, including using standard contractual clauses or relying on other lawful transfer mechanisms.

Google Analytics and Google Ads may transfer data to the United States. Google participates in the EU-US Data Privacy Framework and applies appropriate safeguards for international transfers.

12. Children's Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@bergemhealth.com and we will promptly delete it.

13. Links to Third-Party Websites

Our website may contain links to third-party websites (e.g. Liv Hospital, Google Maps). These sites have their own privacy policies, which we do not control. We are not responsible for the privacy practices or content of any external site. We encourage you to review the privacy policy of any website you visit.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website or services after any changes constitutes your acceptance of the revised policy. If you do not agree with the updated policy, please discontinue use of our services and contact us to request deletion of your data.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our data protection point of contact:

BergemHealth — Data Privacy
Email: info@bergemhealth.com
Phone: +90 531 309 47 88
Address: Istanbul, Turkey

We aim to respond to all privacy-related enquiries within 30 days of receipt.