This Privacy Policy explains how Kopru collects, uses, shares, transfers, stores, and protects personal information when you visit the website, submit a form, contact us, request support, or communicate with us before, during, or after a healthcare journey.
Kopru supports healthcare travel coordination, which may involve sensitive health-related information. We aim to collect only what is reasonably necessary for the requested support and to handle it with care. This policy does not replace the privacy notices of hospitals, clinics, doctors, hotels, transfer providers, payment providers, messaging platforms, or other third parties that may process your information separately.
1. Who we are and our role
Kopru is a patient-side support service helping users understand, compare, and coordinate healthcare-related journeys in Turkey. For information processed through this website and our direct communications, Kopru acts as the organization responsible for deciding why and how that information is used, unless we clearly act only on behalf of another party.
2. Information we collect
We may collect identity and contact details such as name, email address, phone number, WhatsApp number, country, language, preferred contact method, companion details, and communication history.
We may collect request and journey details such as treatment interest, preferred destination, provider preferences, budget range, timing, travel plans, accommodation needs, transfer needs, support category, questions, complaints, feedback, and documents you choose to provide.
We may collect health-related or special category information if you choose to share it or if it is needed to support your request. This may include medical history, symptoms, photos, scans, test results, prescriptions, allergies, medication lists, previous treatment details, provider notes, discharge documents, and recovery updates.
We may collect technical and usage data such as IP address, device type, browser, operating system, approximate location, pages viewed, referring URLs, timestamps, cookie identifiers, form-submission metadata, security logs, and analytics events.
3. How we collect information
We collect information directly from you when you use forms, send messages, upload or share documents, call us, use messaging apps, request a quote, or otherwise communicate with us.
We may also receive information from providers, partners, companions, family members, translators, travel suppliers, public sources, or other parties involved in your request, where this is relevant to coordination or follow-up.
4. How we use information
We use personal information to respond to enquiries, understand your needs, assess what practical support may be relevant, coordinate communications with providers or partners, prepare patient files, organize appointments or logistics, follow up on your request, and provide customer support.
We may also use information to maintain records, manage relationships with providers and partners, improve the website and services, troubleshoot technical issues, prevent fraud or misuse, protect legal rights, comply with legal obligations, and send service-related communications.
We do not use your health-related information to make medical decisions. Kopru does not diagnose, prescribe, create official medical records, or determine treatment suitability.
5. Legal bases for processing
Depending on the context and applicable law, we may process personal information because you have given consent, because processing is necessary to take steps at your request before entering into or performing a service arrangement, because we have a legitimate interest in operating and improving Kopru, because processing is necessary to comply with legal obligations, or because it is necessary to protect vital interests in urgent circumstances.
Where we process health-related or other special category information, we do so with your explicit consent where required, for healthcare coordination at your request, for legal claims or compliance where applicable, or under another legal basis permitted by applicable law.
6. Sharing information
We may share relevant information with clinics, hospitals, doctors, provider coordinators, laboratories, translators, hotels, transfer providers, travel-support partners, insurers, payment providers, technology providers, email and messaging providers, hosting providers, analytics providers, professional advisers, and other parties needed to respond to your request or operate Kopru.
We share only what we reasonably consider necessary for the purpose. For example, a clinic may need health-related details to consider whether to offer a consultation, while a transfer provider usually needs only pickup and contact details.
We may disclose information if required by law, regulation, court order, government authority, professional obligation, safety concern, fraud investigation, legal claim, business transfer, or to protect the rights, safety, and security of Kopru, users, providers, or others.
We do not sell personal information. We do not allow third parties to use your health-related information for their own unrelated marketing without your permission.
7. International transfers
Because Kopru supports healthcare journeys in Turkey and may use international technology or communication providers, your information may be processed in countries other than your country of residence. These countries may have different data protection laws.
Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual commitments, transfer assessments, provider security measures, user consent, or another lawful transfer mechanism.
8. Retention
We keep personal information only for as long as reasonably necessary for the purposes described in this policy. The retention period may depend on the type of information, the status of your request, provider follow-up needs, legal obligations, dispute risk, accounting records, security needs, and whether you ask us to delete information.
Health-related files and communications are not kept indefinitely unless there is a legitimate reason to retain them. We may keep limited records after a request is closed where needed for legal, compliance, fraud-prevention, accounting, or dispute-management purposes.
9. Security
We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, account security, limited internal access, secure hosting practices, and careful handling of sensitive files.
No website, database, messaging platform, email system, or internet transmission is completely secure. You should avoid sending unnecessary sensitive information and should use secure channels where available for highly sensitive documents.
10. Your choices and rights
Depending on applicable law, you may have rights to request access to your personal information, correction, deletion, restriction, objection, portability, withdrawal of consent, and information about how your data is used. You may also have the right to complain to a data protection authority.
Withdrawing consent may limit our ability to continue supporting your request, especially where health-related information is needed for provider coordination. Some information may need to be retained where required or permitted by law.
11. Marketing communications
We may send service-related messages about your request. We will send promotional marketing only where permitted by law and, where required, with your consent. You may opt out of marketing communications, but we may still send non-marketing messages needed for your request or legal reasons.
12. Cookies and analytics
We may use cookies and similar technologies to operate the website, remember preferences, improve performance, understand usage, secure forms, and support analytics. Please read the Cookie Policy for more information about cookie categories and controls.
13. Children and representatives
Kopru is not intended for direct use by children. If the patient is under 18 or cannot legally act alone, a parent, guardian, or authorized representative must contact us and must have the right to share the patient's information.
14. Automated decision-making
Kopru does not use automated decision-making to determine medical suitability, approve treatment, or make legally significant decisions about users. Providers remain responsible for their own clinical assessments and decisions.
15. Third-party websites and providers
The website or our communications may link to third-party websites, platforms, or providers. Their privacy practices are governed by their own policies. Kopru is not responsible for how third parties collect, use, store, or protect your information once they receive it as independent controllers or service providers.
16. Updates
We may update this Privacy Policy from time to time. The latest version will be available on this page and will apply from the date shown above unless a later effective date is stated.
17. Contact
For questions about this Privacy Policy or to make a privacy request, contact Kopru through the contact page. We may need to verify your identity before responding to certain requests.