Privacy and Information Security Policy

Medicert International Certification Privacy and Information Security Policy. GDPR, KVKK, and CCPA compliant data protection standards.

OFFICIAL POLICY

Privacy and Information Security Policy

As Medicert International Certification Ltd. Co. (hereinafter referred to as “the Company”), we maintain the highest level of security and privacy in our ISO certification, CE conformity assessment, test laboratory, and training services.

01PURPOSE AND SCOPE

This policy defines the principles regarding the processing, storage, and protection of data obtained within the scope of all services provided by Medicert. Our policy is established to be compliant with:

  • European Union General Data Protection Regulation (GDPR)
  • Turkey Personal Data Protection Law (KVKK - 6698)
  • United States data protection regulations (CCPA/CPRA)

02COLLECTED DATA

Identity and Contact:

  • • Full Name, ID / Passport No
  • • Company Name and Tax Information
  • • Email, Phone, and Address Details

Technical and Digital:

  • • Product Technical Files and Test Data
  • • IP Address and Browser Logs
  • • QR Verification and Document Access Records

03DATA COLLECTION METHOD

Your data is obtained through website forms, SSL-encrypted email communication, portal logins, and audit processes via automated or manual means. All digital data flow is protected by world-class encryption protocols.

04DATA PROCESSING PURPOSES

The collected data is processed for the following limited purposes:

  • ISO/CE Certification Processes
  • Laboratory Testing and Reporting
  • Training Certificate Verification
  • Accreditation Rules (17021/17025)

06DATA SECURITY AND INFRASTRUCTURE

Industry standards we apply to protect your data:

  • Cloudflare Infrastructure: Our website and portals are served through Cloudflare, protected by DDoS protection and high-security WAF systems.
  • Encryption: All data transfers are encrypted with SSL/TLS protocols; AES-256 standard is applied server-side.
  • Access Control: Following the principle of “least privilege,” each staff member can only access relevant data based on their role.

07QR AND DOCUMENT VERIFICATION TRANSPARENCY

Inquiries made via QR codes or verification links on certificates and test reports produced by Medicert are logged by our system. This data is processed for:

• Monitoring document security and preventing forgery,

• Reporting inquiry statistics anonymously for performance analysis.

08DATA TRANSFER

Your personal data may be shared on a limited basis with authorized public institutions and organizations (Ministry of Health, Accreditation Bodies, etc.) to fulfill our legal obligations. It is never sold or rented to third parties for commercial purposes.

09DATA SUBJECT RIGHTS

Pursuant to KVKK Art. 11 and GDPR, you have the right to learn whether your data is being processed, to request its correction or deletion, and to object to its processing. You may submit your requests to info@medicert.com.tr.

10COOKIES AND LINK SHORTENER STATISTICS

Operational cookies are used on our website. Additionally, for access through link shortener services (YOURLS / KV infrastructure), anonymous statistics such as access time, country, and browser information may be kept for system security and performance analysis.

11RETENTION PERIOD

Your data is securely retained for the duration of the service relationship or for the legally required limitation periods (generally 10 years), in the manner required by accreditation rules.

12DATA PROTECTION REQUESTS AND CONTACT

Data Protection Officer

info@medicert.com.tr

Last Updated: March 27, 2026  |  MEDICERT

HAVE A QUESTION?