Privacy Policy

PRIVACY POLICY AND DATA PROTECTION NOTICE

Last Updated: January 19, 2026

1. INTRODUCTION AND GENERAL INFORMATION

Welcome to the Privacy Policy of Smile Center Turkey (hereinafter referred to as “the Clinic”, “we”, “us”, or “our”). We are committed to protecting and respecting your privacy and your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal data when you visit our website (https://smilecenterturkey.com), contact us via digital channels, or utilise our dental treatment and health tourism services.

As a healthcare provider located in Türkiye offering services to international patients (specifically from the UK and EU), we align our data processing activities with both the Turkish Law on the Protection of Personal Data No. 6698 (“KVKK”) and the UK/EU General Data Protection Regulation (“GDPR”).

By accessing our website and using our services, you acknowledge that you have read and understood the terms of this policy.

2. DATA CONTROLLER

For the purposes of the GDPR and KVKK, the Data Controller responsible for your personal data is:

Smile Center Turkey Address: [Buraya Kliniğin Açık Adresini Giriniz], Antalya, Türkiye Email: info@smilecenterturkey.com Website: https://smilecenterturkey.com

3. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together follows:

A. Identity Data: First name, last name, username or similar identifier, marital status, title, date of birth, gender, and Passport / ID number (required for legal notification to security forces for accommodation and transfer services).

B. Contact Data: Billing address, email address, telephone numbers (including WhatsApp contact details).

C. Special Category Data (Health & Medical Data): As a dental healthcare provider, we process sensitive personal data including:

• Dental radiographs (Panoramic X-rays, Periapical X-rays).

• Intraoral and extraoral photographs (Smile design photos).

• Medical history (Anamnesis), including chronic diseases, regular medications, allergies, and previous surgical operations.

• Treatment plans and clinical notes.

• Legal Basis: We process this data based on your Explicit Consent and for the purposes of Medical Diagnosis and Treatment (GDPR Article 9(2)(h) and KVKK Article 6).

D. Technical & Usage Data: Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. This includes information about how you use our website, products, and services (via Google Analytics 4).

E. Transaction & Financial Data: Details about payments to and from you and other details of services you have purchased from us. Note: We do not store full credit card details on our servers; payments are processed via secure, PCI-DSS compliant third-party payment gateways.

F. Marketing and Communications Data: Your preferences in receiving marketing communications from us and your communication preferences.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

• Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, WhatsApp, or social media. This includes personal data you provide when you apply for our services, request a quote for dental treatment, or give us feedback.

• Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.

• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as analytics providers (e.g., Google Analytics) based outside the UK/EU.

5. PURPOSES AND LEGAL BASES FOR PROCESSING

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing dental implants, veneers, or arranging your hotel and transfer).

• Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., notifying the Turkish Ministry of Health, keeping tax records).

• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., network security, fraud prevention).

• Explicit Consent: Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third-party direct marketing communications to you or processing your sensitive health data for the initial consultation. You have the right to withdraw consent to marketing at any time.

6. DISCLOSURE OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below for the purposes set out in Paragraph 5:

• External Medical Partners: Dental laboratories (for the production of crowns, veneers, and prosthetics) and consulting specialist doctors.

   
   

• Service Providers (Health Tourism): VIP transfer companies and partner hotels in Antalya to facilitate your accommodation and transport packages. Only necessary “Identity Data” is shared.

   
   

• Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

   

• Government Authorities: The Turkish Ministry of Health, Revenue Administration, and Security Forces (Emniyet Genel Müdürlüğü) for identity notification (KBS system) as required by Turkish Law.

• Technology Providers: Google LLC (for Analytics and Ads services), Meta Platforms Inc. (WhatsApp and Instagram), and secure cloud storage providers.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. INTERNATIONAL TRANSFERS

Our clinic and servers are located in Türkiye. If you are accessing our website from the UK or the European Economic Area (EEA), please note that your data will be transferred to, stored, and processed in Türkiye.

By submitting your personal data and medical records for a treatment consultation, you explicitly acknowledge and consent to this transfer necessary for the performance of the medical contract between you and the Clinic (GDPR Article 49(1)(b)). We take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.

8. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These measures include SSL (Secure Socket Layer) encryption, firewalls, and strict access controls. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

9. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Medical Records: Under the Regulation on Personal Health Data in Türkiye, patient files and X-rays are retained for a minimum of 20 years.

• Financial and Tax Records: Retained for 10 years in accordance with the Turkish Tax Procedure Law.

• Marketing Data: Retained until you withdraw your consent or unsubscribe.

10. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws (GDPR & KVKK) in relation to your personal data. You have the right to:

• Request access to your personal data (commonly known as a “data subject access request”).

• Request correction of the personal data that we hold about you.

• Request erasure of your personal data (“Right to be forgotten”), subject to our legal obligations to retain medical records.

• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party).

• Request restriction of processing of your personal data.

• Request the transfer of your personal data to you or to a third party.

• Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us at info@smilecenterturkey.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

11. COOKIES AND GOOGLE TECHNOLOGIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

• Google Analytics 4: We use Google Analytics to measure traffic and usage trends. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors.

• Google Ads & Remarketing: We use Google Ads remarketing services to advertise on third-party websites (including Google) to previous visitors to our site. This could be in the form of an advertisement on the Google search results page or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits.

• Cookie Control: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

   

12. THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

13. CHANGES TO THE PRIVACY POLICY

We keep our privacy policy under regular review. This version was last updated on January 19, 2026. Any changes we make to our privacy policy in the future will be posted on this page.