PRIVACY AND DATA PROTECTION POLICY

Effective Date: 05 Feb 2012 | Last Updated: May 2026

This Privacy Policy describes how MEDLIFE EXPERT Sağlık Medikal Turizm Taşımacılık A.Ş. ("we", "us", or "our") collects, uses, processes, and discloses your personal information. We provide international health tourism services with our headquarters and clinical operations based in Istanbul, Turkey.

This Policy is designed to comply with the Turkish Personal Data Protection Law No. 6698 (KVKK), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA), as well as the Basic Healthcare Services Law No. 3359, Decree-Law No. 663 on the Organization and Duties of the Ministry of Health, and other applicable Turkish healthcare regulations.

1. DATA CONTROLLER

Company: MEDLIFE EXPERT Sağlık Medikal Turizm Taşımacılık A.Ş.
Address: Adnan Kahveci Blv., No:23, Esenyurt, İstanbul, Türkiye
Email: info@cesurgerycenter.com
Website: https://cesurgerycenter.com/
Phone: +90 539 777 54 78

2. WHO WE COLLECT DATA FROM

As Data Controller ("Data Supervisor" under KVKK), "CE Surgery Center" collects personal data from the following categories of individuals:

  • Patients and prospective patients seeking medical consultation or treatment
  • Patient relatives, companions, and legal representatives
  • Persons contacted for diagnosis, treatment planning, or cost estimation
  • Job applicants, employees, interns, and on-the-job trainees
  • Business partners, suppliers, consultants, legal advisors, and their employees
  • Shareholders and persons involved in shareholding negotiations
  • Website visitors and individuals contacting us via digital channels
  • Third parties involved in legal processes related to our operations

3. CATEGORIES OF DATA WE COLLECT

We collect only the data necessary to provide medical consultancy, treatment planning, price quotes, and travel arrangements.

A. Identity & Contact Information

  • Full name, date and place of birth, gender, marital status
  • Turkish ID number (T.C. Kimlik No), passport number, or temporary TR identity number
  • Address, phone number, email address, and other contact details

B. Sensitive Health Data

  • Medical history, health conditions, and treatment expectations
  • Photos and videos submitted for pre-consultation
  • Laboratory results, test results, medical examination and prescription data
  • Appointment and check-up records
  • Health insurance and Social Security Institution (SGK) data

C. Communication Data

  • Records of messages sent via WhatsApp, email, contact forms, and live chat
  • Call center and customer service interaction logs
  • Voice recordings maintained per call center standards

D. Financial & Accounting Data

  • Bank account numbers, IBAN, credit card details, and invoicing information

E. Technical & Analytics Data

  • IP address, browser type, device identifiers (MAC ID), and website interaction data
  • Data collected via Google Analytics (anonymized traffic analysis) and Meta (Facebook) Pixel (conversion tracking and retargeting)
  • Vehicle license plate numbers (for parking facilities)
  • CCTV recordings and security camera images at our medical facilities

4. SENSITIVE PERSONAL DATA & EXPLICIT CONSENT

Under both KVKK (Article 6) and GDPR, health-related information, photographs of health conditions, and sexual life data are classified as Sensitive Personal Data and require a higher standard of protection.

Consent: By submitting medical photos, health history, or other sensitive information through our contact forms, WhatsApp channel, or online consultation tools, you provide your Explicit Consent for us to process this data solely to deliver a medical assessment and cost estimate.

Withdrawal: You may withdraw consent at any time by contacting us at info@cesurgerycenter.com. Please note that withdrawal may prevent us from providing further medical consultation. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Minors: Personal data collected about persons under the age of 18 is limited to name, surname, age, and relationship details, and must be provided by the relevant legal guardian or parent.

5. HOW WE COLLECT YOUR DATA

Your personal data is collected through the following channels:

  • Contact forms and consultation request pages on our website
  • WhatsApp Business communications initiated by or with you
  • Email correspondence
  • Live chat support on our website
  • Phone calls and SMS communications with our medical or marketing teams
  • Face-to-face consultations at our Istanbul facilities
  • Social media enquiry forms ("Contact Us" / "Get Information" panels)
  • Wi-Fi network access (phone number and MAC ID collected pursuant to legal requirements)
  • Commercial contracts and business activity documentation
  • Applications submitted through CE Surgery Center platforms or job portals

6. THIRD-PARTY TOOLS: ANALYTICS & ADVERTISING

We use the following industry-standard tools to analyze our website performance and run targeted advertising:

Google Analytics: We use Google Analytics to understand website traffic and user behavior. Data is anonymized and subject to Google's Privacy Policy.

Meta (Facebook) Pixel: We use Meta Pixel for conversion tracking and retargeting based on your visits to our landing pages. This tool is subject to Meta's Data Policy.

WhatsApp Business API: Direct consultations are conducted via the WhatsApp Business platform. Communications via WhatsApp are also subject to Meta's own Privacy Policy. We do not use WhatsApp data for advertising purposes.

We do not use cookies for tracking purposes beyond what is described above. Google AdSense is not enabled on our website. Your personal data will not be sold, exchanged, or transferred to any third party for commercial purposes without your consent, except as required to deliver the service you requested.

7. LEGAL BASES FOR PROCESSING

  • Explicit Consent: For marketing communications, tracking pixels, and processing of sensitive health data
  • Contractual Necessity: To provide the medical consultations, quotes, and travel arrangements you have requested
  • Legal Obligation: Compliance with Turkish Ministry of Health regulations, KVKK, and other applicable laws
  • Legitimate Interest: To ensure website and data security, improve service quality, and conduct patient satisfaction measurement

8. TRANSFER OF PERSONAL DATA

Your personal data may be shared with the following parties where required by law or to provide our services:

Domestic Transfers (Turkey)

  • Ministry of Health and its sub-units, family medicine centers
  • Social Security Institution (SGK)
  • Ministry of Family, Labor and Social Policies
  • General Directorate of Security and other law enforcement agencies
  • General Directorate of Population and Citizenship Affairs
  • Turkish Pharmacists Association
  • Judicial authorities, enforcement offices, and mediators
  • Private health insurance and pension companies
  • Laboratories, medical centers, and ambulance services with which we cooperate
  • Banks, cargo/courier companies, and transportation providers
  • Our legal advisors, auditors, tax consultants, and outsourced service providers

International Transfers

As a Turkish company serving patients globally, data collected from international patients is transferred to and stored on our secure servers in Turkey. For transfers to countries not recognized as providing adequate protection, we apply Standard Contractual Clauses (SCCs) or other safeguards required under GDPR and KVKK to ensure your data receives an equivalent level of protection.

9. DATA RETENTION

  • General Inquiries and Consultation Requests: retained for 24 months if no treatment is booked
  • Medical Records: Retained for the periods mandated by Turkish Healthcare Laws
  • Marketing Data: Retained until you unsubscribe or withdraw consent
  • Financial Data: Retained as required by Turkish tax and commercial laws
  • Employee data: Retained for the legally required period following end of employment

10. DATA SECURITY

CE Surgery Center implements high-level technical and organizational security measures to protect your personal data, including:

  • SSL/TLS encryption for all data transmitted via our website and digital channels
  • Restricted access controls for medical data, limited to authorized clinical and administrative staff
  • Secure physical archiving and electronic data systems with access logging
  • Regular review of security practices in line with information security standards
  • Contractual data protection obligations imposed on all third-party service providers.

CE Surgery Center is registered with VERBIS (the VERİ BİLGİ SİSTEMİ data controller registry) and maintains a Personal Data Inventory in accordance with KVKK requirements. We will not disclose personal data in violation of KVKK No. 6698 and will not use it for purposes other than those stated in this Policy.

11. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Under Article 11 of KVKK, GDPR, and CCPA/CPRA (as applicable to your place of residence), you have the following rights:

  • Access: Learn whether your personal data is being processed and request a copy
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure (Right to be Forgotten): Request deletion or anonymization of your data, subject to legal retention requirements
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format (GDPR)
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Opt-Out (CCPA): Object to the "sharing" of your data for cross-contextual behavioral advertising
  • Sensitive Data Limitation (CCPA/CPRA): Request limitation of the use of your sensitive personal information
  • Automated Decision-Making: Object to decisions made solely through automated systems
  • Compensation: Request remediation for damages arising from unlawful data processing

You may also request the destruction (deletion, disposal, or anonymization) of your personal data under Article 7 of KVKK. CE Surgery Center will assess the most appropriate destruction method based on the circumstances of your request and will inform you of the chosen method upon request.

12. EXCEPTIONS TO YOUR RIGHTS

Pursuant to Article 28 of KVKK, personal data owners may not exercise their application rights in the following circumstances:

  • Processing of anonymized data for research, planning, or official statistics
  • Processing for artistic, historical, literary, or scientific purposes within the scope of freedom of expression, provided does not violate personal rights
  • Preventive, protective, or intelligence activities of authorized public bodies for national or public security
  • Processing by judicial or enforcement authorities in connection with investigation, prosecution, or execution proceedings
  • Processing necessary for crime prevention or criminal investigation
  • Processing of data voluntarily made public by the data subject
  • Processing necessary for supervisory duties of authorized public institutions and professional organizations
  • Processing necessary to protect the State's economic and financial interests in budgetary, tax, or financial matters

13. HOW TO EXERCISE YOUR RIGHTS

To exercise any of your rights, you may contact CE Surgery Center by any of the following methods:

Your requests will generally be processed free of charge within 30 business days of receipt. However, if the transaction requires an additional cost, CE Surgery Center may charge the fee in the tariff determined by the Personal Data Protection Board (per the KVKK Communiqué on the Procedures and Principles of Application to the Data Controller). If the application is due to an error by CE Surgery Center as the Data Controller, any fees paid will be refunded.

To verify your identity and protect your rights, CE Surgery Center may request additional confirmatory information (such as a verification call or message to your registered contact). By proceeding with your application, you consent to these verification steps unless you explicitly cancel your request.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational updates. Any material changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Policy periodically. Continued use of our services after changes are posted constitutes your acceptance of the updated Policy.

15. CONTACT INFORMATION

MEDLIFE EXPERT Sağlık Medikal Turizm Taşımacılık A.Ş.

Address: Adnan Kahveci Blv., No:23, Esenyurt, İstanbul, Türkiye
Email: info@cesurgerycenter.com
Website: https://cesurgerycenter.com/
Phone: +90 539 777 54 78

For data rights requests under KVKK, GDPR, or CCPA/CPRA, please contact us at the email above with the subject line "Data Rights Request" and specify the right you wish to exercise.

ABOUT US

CE Surgery Center has over 13 years experience in various plastic surgery procedures with perfect results, visitors from the whole world, global reputation, and high level of service quality.
Services are provided within the scope of health tourism.

CONTACT US

Address: Adnan Kahveci Blv., No:23, Esenyurt, İstanbul, Türkiye
+905397775478
Email: info@cesurgerycenter.com
International Health Tourism Authorization Agency MEDLIFE EXPERT Sağlık Medikal Turizm Taşımacılık A.Ş. Authorization Certificate Document No: ST-2704

LET US CALL YOU

Full Name is Required
Phone number is required!
Without country code

© 2026 CE Surgery Center. All rights reserved. Privacy Policy and Data Protection