Legal Information
Privacy Policy
Last updated: May 31, 2026
This policy explains how we, as Serteser Consulting, protect the data we receive throughout the consulting relationship, via the website and communication channels. For detailed legal information within the scope of KVKK, please see the KVKK Disclosure Notice.
1. Categories of Data We Collect
- Contact data: Name, email, organization, brief meeting topic.
- Consulting files: Anonymized clinical data, manuscript drafts, analysis outputs, code snippets, slides (intellectual property belonging to you).
- Anonymous site statistics: Page views, country, browser, and referrer via cookie-less Umami.
2. Our Data Processing Principles
- Minimal data: We request only the minimum data required to provide the consulting service. Clinical data is always requested in de-identified form; patient national ID, name, date of birth, and images with burned-in annotation are not accepted.
- Clear scope: Which data will be used for what purpose is specified in writing in the contract or email approval.
- Controlled access: Only the principal (Burak Serteser) accesses consulting data. If there is an external participant (subcontractor), an NDA signature is mandatory and approval is obtained from the client beforehand.
- Encrypted transfer and storage: Sharing large files by email is not recommended; end-to-end encrypted channels (Tresorit, ProtonMail, or the organization's own provided channel) are preferred. Local storage uses full-disk encryption (FileVault / LUKS).
- Backup: Encrypted backups are made; KVKK retention periods apply to the backups.
3. Academic Publication Processes (ICMJE Vancouver)
In academic consulting relationships:
- Data collection and patient selection are the responsibility of the research team (you); we do not audit data gaps or make changes to patient files.
- If the contribution we provide (analysis design, statistical code, systematic review methodology) does not meet all of the ICMJE Vancouver authorship criteria, we do not claim authorship. An acknowledgement such as “Serteser Consulting (biostatistics support)” in the Acknowledgements section is sufficient.
- In cases where we provide contributions that meet the full authorship criteria, we appear as a co-author in accordance with the journal's policy.
4. Retention and Destruction
- Active consulting files are retained for the duration of the project.
- Thirty days after the project ends, unless the client makes an additional request, the consulting files (clinical data, dataset, analysis output) are destroyed; analysis scripts and documentation are retained for 5 years (for reference purposes, kept in anonymized form at the client's request).
- Data retained due to financial or legal obligations (invoices, contracts) is retained in accordance with the Tax Procedure Law.
5. Transfer to Third Parties
Client data is not transferred to third parties without explicit written consent. The only exception is official authorities or a judicial decision within the scope of Article 8 of the KVKK.
6. The Client's Rights
At any time you may:
- Ask about the categories of data we hold about you.
- Request the deletion or return of your data (subject to legal retention obligations).
- Terminate the service at any time.
7. Data Breach Notification
In the event of a possible data breach, notification is made to the Personal Data Protection Board and to the affected data subjects within 72 hours at the latest, in accordance with Article 12/5 of the KVKK.
8. Contact
For any questions regarding privacy: burak@serteser.com.tr.