Privacy Policy

1. Introduction and General Information

Welcome to the Privacy Policy of Smile Center Turkey (“the Clinic”, “we”, “us”, or “our”). We are committed to protecting your privacy and personal data. This policy explains how we collect, use, process, and protect your personal data when you visit the Smile Center Turkey website, contact us through digital channels, or use our dental treatment and health tourism services.

As a healthcare provider in Türkiye offering services to international patients, our processing activities are aligned with the Turkish Law on the Protection of Personal Data No. 6698 (KVKK) and applicable UK/EU GDPR principles where relevant.

2. Data Controller

For GDPR and KVKK purposes, the data controller is:

Smile Center Turkey
Head Office: Sinan Mah. 1254 Sok. No:1/502 Muratpaşa/Antalya, Türkiye
Clinic: Barbaros, Mescit Sk. No:19, 07100 Muratpaşa/Antalya, Türkiye
Email: smile@smilecenterturkey.com
Website: Smile Center Turkey website
Contact page: Contact Smile Center Turkey

3. The Data We Collect About You

Personal data means information from which an individual can be identified. We may collect and process the following categories:

• A. Identity Data: First name, last name, title, date of birth, gender, and passport/ID number where required for legal accommodation and transfer notifications.
• B. Contact Data: Billing address, email address, phone number, and WhatsApp contact details.
• C. Special Category Data (Health Data): Dental radiographs, intraoral/extraoral photographs, medical history (including chronic conditions, medications, allergies, prior operations), treatment plans, and clinical notes.
• Legal basis for health data: Explicit consent and medical diagnosis/treatment (GDPR Article 9(2)(h), KVKK Article 6).
• D. Technical and Usage Data: IP address, browser type/version, time zone, device information, and website usage patterns (including Google Analytics 4).
• E. Transaction and Financial Data: Payment and purchased-service details. We do not store full card details on our servers; payments are handled by secure PCI-DSS compliant providers.
• F. Marketing and Communications Data: Preferences for marketing communications and contact channels.

4. How Is Your Personal Data Collected?

• Direct interactions: Forms, calls, email, WhatsApp, social media, and consultation/treatment requests.
• Automated technologies: Cookies, server logs, and similar tools when you use our website.
• Third parties: Analytics providers and service partners where legally permitted.

5. Purposes and Legal Bases for Processing

We only process personal data where lawful. Common legal bases include:

• Performance of a contract: To provide clinical and related services.
• Legal obligation: To comply with healthcare, tax, and regulatory requirements.
• Legitimate interests: Security, fraud prevention, and service improvement where your rights do not override these interests.
• Explicit consent: Marketing communications and sensitive health-data processing where required.

6. Disclosure of Your Personal Data

We may share data with the following categories for defined purposes:

• External medical partners: Dental laboratories and consulting specialists.
• Health tourism providers: VIP transfer companies and partner hotels (only required identity data).
• Professional advisers: Lawyers, auditors, insurers, accounting/banking advisers.
• Government authorities: Turkish Ministry of Health, tax authorities, and security authorities where legally required.
• Technology providers: Google, Meta, and secure cloud infrastructure providers.

7. International Transfers

Our clinic and primary operations are located in Türkiye. If you access services from the UK/EEA, your data may be transferred to and processed in Türkiye. Where required, transfer safeguards are applied under applicable law.

8. Data Security

We apply technical and organisational measures to protect personal data against loss, unauthorised access, alteration, or disclosure, including SSL encryption, restricted access controls, and confidentiality obligations for authorised personnel.

9. Data Retention

• Medical records: Minimum 20 years under applicable Turkish healthcare record-retention requirements.
• Financial/tax records: Typically 10 years under Turkish tax/accounting requirements.
• Marketing data: Until consent is withdrawn or you unsubscribe.

10. Your Legal Rights

Subject to applicable law, you may have rights to:

• Request access to your personal data
• Request correction of inaccurate data
• Request erasure (where legally available)
• Object to processing based on legitimate interests
• Request restriction of processing
• Request data portability
• Withdraw consent where processing depends on consent

To exercise your rights, contact smile@smilecenterturkey.com.

11. Cookies and Google Technologies

Our website uses cookies and similar technologies to improve user experience, analyse traffic, and support marketing where consent is provided.

• Google Analytics 4: Measures traffic and usage patterns.
• Google Ads and remarketing: May display ads to previous website visitors.
• Cookie control: Browser settings can block or limit cookies; some site functions may be affected.

Cookie information is included in this section and may also be published separately in the future.

12. Third-Party Links

Our website may include links to third-party sites, plug-ins, or applications. We do not control third-party privacy practices and recommend reviewing each third-party privacy policy before sharing personal data.

13. Changes to This Privacy Policy

We review this policy regularly and may update it to reflect legal, technical, or operational changes. The latest version is always published on this page.