Hekimdoktor - The Universal Language of Health

GDPR Compliance & Data Protection

GDPR Compliance at HekimDoktor

HekimDoktor is fully committed to complying with the General Data Protection Regulation (GDPR) — EU Regulation 2016/679 — ensuring the highest standard of data privacy for all users in the European Economic Area.

🔐 Data Encryption

All data transmitted between your device and our servers is encrypted with TLS 1.3. At rest, your data is protected with AES-256 encryption — a military-grade standard used by governments and financial institutions globally.

📋 Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Correct inaccurate personal data.
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing (Art. 18): Limit how we use your data.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting prior processing.

🔑 Role-Based Access Control (RBAC)

Your data is accessible only to authorized individuals:

  • Patients access only their own records.
  • Healthcare Providers access data only within their care relationship.
  • Platform Administrators manage operations without access to individual health data.

📊 Data Processing

HekimDoktor acts as a Data Processor. We process personal data only for the following lawful bases:

  • Consent: You explicitly agree to data processing (e.g., account creation, appointment booking).
  • Contract Performance: Processing necessary to provide our services.
  • Legitimate Interest: Platform security, fraud prevention, and service improvement.
  • Legal Obligation: Compliance with applicable laws and regulations.

🛡️ Cloudflare Enterprise Protection

Our infrastructure is secured by Cloudflare Enterprise:

  • Web Application Firewall (WAF) against OWASP Top 10 threats
  • Enterprise-grade DDoS mitigation
  • Bot management and rate limiting
  • Global CDN with EU data processing capabilities

🏗️ Technical Infrastructure

  • Next.js modern web framework with server-side rendering
  • PostgreSQL database with encrypted connections
  • Regular security audits and penetration testing
  • Data Processing Agreements (DPA) with all sub-processors

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@hekimdoktor.com.

You also have the right to lodge a complaint with your local Data Protection Authority (DPA).

Last updated: March 2026