Privacy Policy

Last updated: March 2026

Zum Special Health Tourism Oral and Dental Health Industry and Trade Limited Company, trading as DentVita Dental Clinic (“DentVita”, “we”, “us”), acts as the data controller for the personal data described in this policy.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we may share it with, how long we keep it, and what rights you may have.

It applies when you use our website, contact us, request information, send us photographs or scans, ask for a treatment plan, arrange travel-related services connected with your visit, attend the clinic, or receive treatment from us.

Where applicable, this policy is intended to support our transparency obligations under Law No. 6698 on the Protection of Personal Data (KVKK) and, for patients and website users in relevant jurisdictions, the EU GDPR and UK GDPR. Under these rules, a privacy notice should tell people who is collecting their data, why, the legal basis, who receives it, how long it is kept, what rights apply, how consent can be withdrawn, and how complaints can be made.

1. Data controller

Zum Special Health Tourism Oral and Dental Health Industry and Trade Limited Company
Trading name: DentVita Dental Clinic
Güzeloba Mah. Barınaklar Bul. No:176/2
Muratpaşa, Antalya, Turkey

Phone: +90 532 449 92 77
Email: zumozelsaglik@hs01.kep.tr

For privacy-related enquiries:
Dr. Onur Tarakçı
Email: clinic@dentvita.com
Phone: +90 532 771 70 77

2. Personal data we collect

The data we collect depends on how you interact with us.

Contact and enquiry data may include your name, phone number, email address, country, treatment interest, preferred dates, preferred contact method, and the contents of messages you send to us.

Patient and appointment data may include identity details, date of birth, passport or identification details where needed, appointment history, invoices, payment records, and communications relating to your care.

Health data may include your dental and medical history, symptoms, allergies, medications, radiographs, scans, photographs, videos, clinical findings, treatment plans, laboratory information, prescriptions, and follow-up notes. Health data is treated as sensitive data and handled with additional care.

Health tourism and visit coordination data may include travel dates, flight details, hotel information, transfer pick-up details, passport details needed for invitation or booking support, and language or translation requirements, but only where relevant to your requested services.

Technical and website usage data may include IP address, browser type, device information, pages viewed, click path, referral source, approximate location based on IP, and cookie or analytics data.

Marketing preference data may include your consent status, communication preferences, and limited engagement data connected with campaigns or newsletters.

[If used] Security and communication records may include CCTV footage recorded for clinic security and safety, and records of calls or messages where necessary for service quality, appointment handling, or dispute resolution.

3. How we collect personal data

We collect data directly from you when you:

complete a website form
contact us by phone, email, WhatsApp, or social media
send images, scans, medical information, or travel details
ask for a quote, treatment plan, or appointment
attend the clinic or receive treatment
choose to receive marketing communications
give permission for before-and-after use of your images

We may also receive limited data from third parties where this is necessary for your care or visit, such as laboratories, imaging providers, translators, transfer providers, accommodation partners, insurers, or referral partners.

Some data is collected automatically through the website through cookies, server logs, and analytics tools.

4. Why we use personal data

We may use your personal data to:

answer questions and respond to enquiries
assess whether we can offer suitable treatment
prepare treatment plans, quotations, and appointment schedules
deliver dental care and maintain clinical records
arrange operational support connected with your visit, including accommodation or transfer coordination where requested
process payments and maintain financial records
send appointment reminders and service communications
maintain website security, performance, and analytics
improve our services and patient experience
comply with health, tax, accounting, regulatory, and legal obligations
establish, exercise, or defend legal claims
send marketing communications where we have a lawful basis to do so

5. Legal basis for processing

Where GDPR or UK GDPR applies, we may process personal data because:

it is necessary to take steps at your request before entering into a contract
it is necessary to perform a contract with you
it is necessary to comply with a legal obligation
it is necessary for our legitimate interests, provided your rights do not override those interests
you have given consent, where consent is required

Where we process health data or other sensitive data, an additional condition is required. Depending on the situation, this may be the provision of healthcare, medical diagnosis, treatment management, legal obligations, public health obligations, or your explicit consent where that is the correct basis. Article 13 GDPR specifically requires the notice to state both purposes and legal bases, and to identify recipients, transfers, retention, rights, complaint rights, consent withdrawal, and whether data must be provided.

Where KVKK applies, we process personal data on one or more legal grounds recognised by law, including where processing is expressly permitted by law, necessary for the establishment or performance of a contract, necessary to comply with legal obligations, necessary for the protection of life or physical integrity, necessary for the establishment or defence of a right, or based on explicit consent where required. KVKK’s transparency requirements also require the notice to explain the controller’s identity, purposes, transfers, collection method, legal reason, and Article 11 rights.

6. Treatment images and before-and-after use

Clinical photographs, scans, X-rays, and related records may be used for consultation, diagnosis, treatment planning, laboratory work, treatment delivery, and follow-up.

We do not use treatment images, videos, or before-and-after results for advertising, social media, or other public marketing use unless a separate and valid permission is obtained where required. That permission is separate from this privacy notice. KVKK’s 2026 principle decision explicitly states that clarification texts and consent texts should be separate, and that controllers should not use another controller’s text verbatim.

We may share personal data, where necessary and lawful, with:

dentists, clinicians, and authorised clinic staff
dental laboratories, imaging centres, and other healthcare providers involved in your care
payment processors, accountants, auditors, and legal advisers
IT providers, website hosts, software providers, and communication tools
translators, hotels, and transfer providers where you ask us to coordinate those services
insurers or finance-related parties where you ask us to deal with them
courts, regulators, public authorities, or law enforcement where disclosure is legally required or permitted

We do not sell personal data.

8. International transfers

Because we work with international patients and use digital systems, some personal data may be processed outside Turkey or outside the country where you are located.

Where that happens, we take steps intended to ensure a lawful transfer and appropriate safeguards. Depending on the transfer, this may include contractual safeguards, provider commitments, technical measures, or explicit consent where required. Article 13 GDPR requires the notice to identify intended third-country transfers and to explain the safeguards or how a copy can be obtained.

9. How long we keep personal data

We do not keep personal data indefinitely.

Where a specific legal retention period applies, we follow that period. Where the law does not impose a fixed period, we keep the data for as long as necessary for the purpose for which it was collected, then delete, destroy, or anonymise it as appropriate. That is the general approach reflected both in ICO guidance and in KVKK’s published materials.

Our current retention approach is as follows:

Website enquiry records: normally up to 24 months from the last meaningful contact, unless a longer period is needed for dispute handling or conversion into a patient record
Patient and treatment records: kept for the period required by applicable healthcare, legal, regulatory, and claims-related obligations. Where a fixed legal period applies, we follow it
Billing, invoice, and accounting records: kept for the period required under applicable tax and commercial record-keeping rules
Marketing consent records: kept for as long as needed to evidence consent status and manage withdrawals
[If used] CCTV recordings: typically kept for a limited security period, unless a longer retention is required for an incident, investigation, or legal claim
Cookie and analytics data: retained in line with the settings and retention schedules of the relevant tools, as described in our Cookie Policy

Bu bölümü daha da güçlendirmek istiyorsan, kendi gerçek operasyonuna göre şunu netleştir:
hasta kayıtları için tam süre, CCTV süresi, lead form verisi süresi, before/after consent log süresi.

10. If you do not provide personal data

You do not have to provide every piece of information we ask for. But if you do not provide data that is necessary for us to assess your case, plan treatment, verify identity where needed, comply with legal obligations, or provide care safely, we may not be able to answer fully, offer treatment, or complete your booking.

11. Your rights

Depending on the law that applies, you may have the right to:

learn whether your personal data is processed
request access to your personal data
request correction of inaccurate or incomplete data
request deletion, destruction, or anonymisation where the legal conditions are met
request restriction of processing
object to certain processing activities
request data portability where applicable
withdraw consent at any time where processing relies on consent
request information about third parties to whom data has been transferred where applicable
complain to a competent supervisory authority

Where GDPR or UK GDPR applies, the privacy notice should also make the right to withdraw consent clear and explain that complaints can be made to a supervisory authority. ICO guidance says this should be stated clearly, and the right to object should be brought to the person’s attention separately.

Where KVKK applies, you may exercise your rights under Article 11 of the KVKK.

12. How to make a privacy request

If you want to exercise your rights, you may contact us using one of the methods permitted under the applicable rules.

For KVKK-related requests, you may apply:

in writing, with a signed request sent to or delivered at our clinic address
via KEP, to: zumozelsaglik@hs01.kep.tr
via the email address previously notified to us and already registered in our systems, to: clinic@dentvita.com or another address we confirm for that purpose
by other valid methods permitted by law, such as secure electronic signature, mobile signature, or a dedicated application if we make one available

Please include enough information for us to identify you and understand your request.

We aim to respond as soon as reasonably possible and, where KVKK applies, no later than 30 days, subject to the law and the complexity of the request. The KVKK authority’s published guidance and notices describe these channels and emphasise that non-compliant or needlessly restrictive methods should be avoided.

13. Complaints

If you have concerns about how we handle your data, please contact us first.

If KVKK applies, you may also follow the complaint procedures available under Turkish law. If the GDPR or UK GDPR applies to your situation, you may complain to the supervisory authority in the country where you live, work, or where the issue occurred. ICO guidance also says it is good practice to provide the likely supervisory authority’s details where relevant.

14. Cookies, analytics, and similar technologies

Our website may use cookies and similar technologies for security, functionality, analytics, and, where permitted, marketing.

Strictly necessary cookies may operate without consent where allowed. Optional analytics or advertising cookies should only be activated where the required consent has been obtained. ICO guidance treats cookie information and privacy information as related but distinct, and a layered approach is acceptable.

If you use analytics, advertising pixels, chat widgets, or WhatsApp widgets, publish a separate Cookie Policy and name the tools you actually use.
Do not claim a Cookie Policy exists unless it is live.

15. Changes to this policy

We may update this policy from time to time to reflect changes in law, technology, our services, or our data practices.

When we do, we will update the “Last updated” date at the top of this page.

16. Contact

DentVita Dental Clinic
Zum Special Health Tourism Oral and Dental Health Industry and Trade Limited Company
Güzeloba Mah. Barınaklar Bul. No:176/2
Muratpaşa, Antalya, Turkey