How enquiry data and intake data are kept separate.

Who the controller is

ATDERA GLOBAL LIMITED (Companies House No. 17173428), with its registered office at 102 Rookery Court, 80 Ruckholt Road, London E10 5FA, United Kingdom, is the data controller for personal data collected through atdera.com. ATDERA does not operate its own clinical facility or hold its own corporate address in Türkiye; clinical care and structured education are delivered by independent licensed clinicians and accredited partner facilities in Türkiye, each of whom remains separately responsible for any clinical data they collect on their own systems.

• Website data — name, contact details, requested service area, enquiry content — is controlled by ATDERA GLOBAL LIMITED in London.
• Clinical records generated by an independent partner clinician or facility remain under that clinician's or facility's own data-protection responsibility.

Controller identity and privacy contact

For the purposes of these legal pages, the published controller is ATDERA GLOBAL LIMITED at 102 Rookery Court, 80 Ruckholt Road, London E10 5FA, United Kingdom. ATDERA is registered with the UK Information Commissioner's Office (ICO) as a data controller under registration reference C1938074. Privacy-rights requests and related data-protection communications should be directed to hello@atdera.com.

• Data controller: ATDERA GLOBAL LIMITED (Companies House 17173428).
• ICO data-controller registration reference: C1938074.
• Privacy contact email: hello@atdera.com.

Right to complain to the supervisory authority

If you are not satisfied with how ATDERA has handled your personal data or your data-subject rights request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the supervisory authority for UK data protection. You can contact the ICO at ico.org.uk, by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom, or by phone on 0303 123 1113. ATDERA's ICO data-controller registration reference is C1938074 and can be verified on the ICO public register at https://ico.org.uk/ESDWebPages/Entry/C1938074.

• Lodging a complaint with the ICO does not require a fee.
• Where another supervisory authority has jurisdiction in your country of residence, you may also contact that authority.

Jurisdiction and privacy-by-design

Because ATDERA addresses an international English-speaking audience from London and coordinates care with independent partner clinicians and accredited facilities in Türkiye, the website and form architecture are designed to meet UK GDPR standards as the primary framework, while respecting any KVKK obligations that apply to partner clinicians on their own systems.

• UK GDPR is the primary legal framework for the website and for ATDERA's processing as controller.
• KVKK applies at the partner level for clinical processing that takes place on partner systems in Türkiye.
• The site is designed to maintain a privacy-by-design structure across forms, cookies and disclosures.

Representative position

ATDERA GLOBAL LIMITED does not require a separate UK representative under UK GDPR Article 27 because it is already established in the United Kingdom as the registered controller. ATDERA does not maintain a corporate office or registered legal entity in Türkiye; the partner clinicians and facilities ATDERA coordinates with are independent third parties, each responsible for their own regulatory standing and any representative obligations under local law.

Collection methods and categories

Personal data is collected electronically through website forms by wholly or partly automated means. The core categories described in counsel's review include contact data, routing information, enquiry content and basic transaction-security data needed to operate the platform.

Legal bases for public forms

General contact requests are processed on the basis of ATDERA's legitimate interests and the need to answer the user's request. Medical care and education enquiries are processed as steps directly related to the establishment or performance of a requested coordination service or programme.

• Name, email address, contact number and the requested service area may be handled without explicit consent at this stage.
• Terms acceptance may be required for formation of the site relationship, but reading the notice itself should not be turned into a mandatory consent checkbox.

Health data and data minimisation

Special category health data, including medical history, test results and similar protected health information, requires explicit consent when processed. ATDERA's public forms are therefore kept data-light and do not act as a public medical-record intake.

• Medical files, imaging and similar records should only move through the separate secure operational intake when requested.
• Public forms should not collect religion, ethnicity, political opinions, philosophical beliefs, trade-union membership, biometric data, genetic data, card details or unrelated financial records.

Notice and consent must stay separate

Counsel requires a clear split between the privacy notice and any explicit-consent language. The notice should sit near the submission point as a readable information layer, while any future consent for health-data processing or marketing communications should appear as separate, unticked and optional checkboxes.

Operational sharing for coordination

To evaluate an enquiry, route it to the correct speciality and organise suitable medical or educational coordination, ATDERA may share the submitted information with the independent partner clinicians and accredited facilities in Türkiye that handle the relevant pathway and, where appropriate and within the user's approval framework, with other licensed professionals involved in the case.

Cross-border infrastructure transfers

ATDERA may transfer personal data to global technology suppliers that provide hosting, databases, email delivery and related infrastructure from the United Kingdom, the European Union and the United States.

• Counsel directs that these transfers be described as supported by Standard Contractual Clauses and other recognised safeguards.
• Service-provider visibility should be maintained at least by category, region and function, with an updated sub-processor list available on request.

Retention and disposal

Retention must follow the lifecycle of the data. Closed public enquiries that do not convert into treatment or education should be kept only for a limited period, generally between one and three years after closure, to preserve evidence for possible disputes while respecting proportionality and data-minimisation requirements.

• Where a medical service is actually delivered, the underlying patient records may be subject to substantially longer statutory retention periods, including a minimum twenty-year benchmark referenced in counsel's review.
• When retention expires, data should be irreversibly deleted or anonymised through periodic disposal procedures.

Data-subject rights and response timing

ATDERA recognises the right to request access, rectification, erasure, restriction, objection and, where applicable, portability. Privacy-rights requests should be sent to hello@atdera.com, and counsel directs that these requests be answered as soon as possible and, depending on the regime that applies, no later than thirty (30) days or one month.