Legal

Privacy Policy — Doctor Yilmaz Academy

Doctor Yilmaz Academy is a medical education platform providing online courses and hands-on training exclusively for licensed physicians. This policy explains what personal data we process, why we process it, and your rights under the GDPR.

MD / licensed physicians only
Accounts + enrollment
Lifetime course access*
No patient records

Last updated: March 2026

*Lifetime access applies for as long as the Doctor Yilmaz Academy platform remains operational.

Contents

1. Scope

This Privacy Policy applies to personal data processed via our website and Platform, including account creation, professional eligibility verification (MD-only), course enrollment, course access, payments, and support communication.

Important: The Academy is educational. We do not provide medical advice to patients and we do not process patient medical records as part of the Academy. Uploading patient-identifiable data to the Academy is strictly prohibited.

2. Data controller & contact

The data controller is the operator of Doctor Yilmaz Academy.

Controller: Doctor Yilmaz Academy
Chamber of Commerce (KvK): 88207439
VAT (BTW): NL004565957B25
Email: info@academy.doctoryilmaz.com

We do not publish a private address on this page. If a formal address is required for a specific legal purpose, we will provide it upon verified request via email.

3. Eligible users (MD-only)

The Platform is intended exclusively for licensed physicians. Patients, students and minors are not permitted to use this Platform. We may request information necessary to verify physician eligibility (for example, BIG number or equivalent medical license details).

We do not knowingly collect data from individuals under the age of 18.

4. Educational nature & clinical responsibility

All courses and trainings provided by Doctor Yilmaz Academy are educational in nature. Clinical decision-making, patient selection, informed consent, adherence to local laws and professional standards, and the execution of any procedure remain the sole responsibility of the treating physician at all times.

Doctor Yilmaz Academy does not provide patient care via this platform and does not replace formal medical training, licensing requirements, or institutional credentialing.

5. Personal accounts & non-transferability

Each account is strictly personal and may only be used by the physician to whom the account was issued. Account sharing, sublicensing, transferring login credentials or allowing third parties to access course content is strictly prohibited.

We may monitor basic security signals (such as unusual login patterns) to protect the Platform and its content. In case of suspected misuse or abuse, we may suspend or terminate access where necessary to protect the Platform.

Your responsibility: keep your login credentials confidential, use a strong password, and log out on shared devices.

6. Intellectual property & content protection

All course materials and Platform content, including but not limited to videos, images, slides, PDFs, protocols, day schedules, frameworks, checklists, written explanations, voice-overs, and course structure are the intellectual property of Doctor Yilmaz Academy (or its licensors) and are protected by applicable intellectual property laws.

Users are not permitted to copy, reproduce, distribute, share, publish, screen-record, download (except where an explicit download feature is provided), resell, sublicense, or otherwise exploit course materials or Platform content, in whole or in part, without prior written permission.

Violations may lead to suspension or termination of access and may result in further legal action where appropriate.

7. What data we process

Physicians receive an online account to enroll in courses and access course content. Depending on how you use the Platform, we may process:

  • Account data: name, email, password (hashed), account settings and preferences.
  • Physician verification data: BIG number or equivalent license data, country of practice, and other minimum data required to verify eligibility.
  • Enrollment & course data: enrollments, progress, completion status, certificates (if applicable), and support messages related to courses.
  • Payment & invoice data: transaction IDs, payment status, invoices and billing data required for administration (payment details are handled by the payment provider).
  • Technical data: IP address, device/browser information, timestamps, platform logs, and security/anti-abuse signals.
  • Contact data: content you provide when contacting support (email and messages).

We do not process patient records on this Platform. Uploading patient-identifiable medical data is prohibited.

8. Purposes

We process personal data only for legitimate purposes, including:

  • Providing secure login, account management, and course access.
  • Enabling enrollment, completion tracking, and course-related communication.
  • Maintaining an MD-only environment through eligibility verification.
  • Processing payments, refunds (if applicable), and financial administration.
  • Providing customer support and handling requests.
  • Protecting the Platform (security, anti-fraud, abuse prevention) and improving performance and usability.
  • Complying with legal obligations (e.g., tax/accounting requirements).

Lifetime access: Physicians who enroll in an online course receive lifetime access to the purchased course materials (including video content) for as long as the Doctor Yilmaz Academy Platform remains operational.

9. Legal bases (GDPR)

We rely on one or more of the following legal bases under the GDPR:

  • Contract (Art. 6(1)(b)): delivering accounts, enrollments, course access, platform features and support.
  • Legal obligation (Art. 6(1)(c)): invoicing, tax administration and statutory retention obligations.
  • Legitimate interests (Art. 6(1)(f)): platform security, fraud prevention, enforcing MD-only integrity, service improvement and business operations.
  • Consent (Art. 6(1)(a)): where required for optional activities (e.g., newsletters/marketing). You can withdraw consent at any time.

10. Sharing & processors

We do not sell your personal data. We share personal data only with parties who need it to operate the Platform or when legally required.

  • Service providers (processors): hosting, email delivery, platform tooling, security services and (if enabled) analytics.
  • Payment providers: to process transactions and refunds. Payment details are processed under the provider’s own privacy policy.
  • Professional advisors: legal/accounting advisors where necessary, under confidentiality.
  • Authorities: if required by law or to protect rights, safety and integrity of the Platform.

Where required, we use data processing agreements (DPAs) with processors.

11. International transfers

If any of our providers process data outside the European Economic Area (EEA), we use appropriate safeguards (such as Standard Contractual Clauses) where legally required.

12. Retention periods

We retain personal data only as long as necessary for the purposes described in this policy, including:

  • Account data: while your account remains active; deletion requests are honored where legally possible.
  • Course/enrollment data: stored to provide course access, track completion and protect Platform integrity, unless deletion is requested and permitted.
  • Financial records: retained for the legally required period under applicable tax/accounting law.
  • Security logs: retained for a limited period unless needed for incident investigation or legal compliance.

13. Security

We apply reasonable technical and organizational safeguards (access control, least-privilege access, secure hosting environments, and security monitoring) to protect personal data.

No system is 100% secure. If a security incident leads to a risk to your rights and freedoms, we will act in accordance with GDPR requirements.

14. Cookies

We use functional cookies required for login and core Platform operation. Optional cookies (analytics/embedded media) may be used based on your consent preferences.

See our Cookie Policy.

15. Your rights

You have rights under the GDPR, including the right to access, correct, delete (where applicable), restrict processing, object to processing, and request data portability.

To exercise your rights, contact us at info@academy.doctoryilmaz.com. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local authority.

16. Complaints procedure

If you have a complaint regarding the Platform, training or handling of your data, we encourage you to contact us first so we can attempt to resolve the issue directly.

If the complaint cannot be resolved, you may submit a formal complaint via Klachtenportaal Zorg, the independent Dutch healthcare complaints platform.

17. Minors

The Academy is intended exclusively for licensed physicians and is not directed to minors. We do not knowingly collect personal data from individuals under the age of 18.

18. Changes

We may update this Privacy Policy when necessary. The “Last updated” date reflects the most recent revision. The most recent version will always be available on our website.

Related pages: Terms & Conditions  ·  Cookie Policy  ·  Contact