Patient consultation at MRV Dental with panoramic X-ray and treatment plan

Privacy and Data Protection Notice (KVKK & GDPR Alignment)

MRV Dental Private Health Services Industry and Trade Limited Company (“MRV”), acting as the Data Controller, is committed to protecting the privacy of its patients. As a healthcare provider based in Turkey, MRV processes your personal data primarily under the Turkish Personal Data Protection Law No. 6698 (KVKK). The KVKK is largely aligned with the principles of the EU General Data Protection Regulation (GDPR), and this notice also highlights that our practices meet GDPR standards to reassure patients from the United Kingdom and the European Union.

1. METHOD AND LEGAL BASIS FOR COLLECTING PERSONAL DATA

Your personal data may be collected verbally, in writing, visually, or electronically, including:

  • During in-clinic registration and treatment processes,
  • Through call centers and phone communications,
  • Via websites, online forms, and mobile applications,
  • Through email, messaging apps, and other digital communication tools,
  • From medical services provided by our healthcare professionals,
  • By CCTV and security systems at our facilities.

The legal bases for processing are:

  • KVKK (Law No. 6698) obligations applicable in Turkey,
  • UK GDPR and Data Protection Act 2018 principles, as aligned with KVKK,
  • Explicit patient consent where required,
  • The necessity to protect public health and provide medical diagnosis, treatment, and care services,
  • The necessity to comply with legal obligations,
  • The performance of healthcare service contracts,
  • Legitimate interests pursued by MRV, provided these do not override fundamental rights and freedoms.

2. TYPES OF PERSONAL DATA PROCESSED

The categories of personal data we may process include:

  • Identity information: Full name, date of birth, nationality, gender, ID/passport details.
  • Contact information: Address, phone number, email.
  • Financial information: Bank account details, insurance information, billing and payment records.
  • Health information (special category data): Medical history, laboratory and imaging results, prescriptions, doctor’s notes, test results, genetic and biometric data when applicable.
  • Insurance and administrative data: Social Security Institution or private insurance records for eligibility and claims.
  • Technical data: IP address, cookies, browser data, log files from online services.
  • Visual and audio data: CCTV footage within our premises, call recordings, or photographs submitted for treatment purposes.

3. PURPOSES OF PROCESSING PERSONAL DATA

Your personal data may be processed for:

  • Protection of public health, preventive medicine, medical diagnosis, treatment, and care services,
  • Planning and management of healthcare services and financing,
  • Compliance with legal and regulatory requirements,
  • Patient identity verification,
  • Communication regarding appointments, treatments, and services,
  • Processing of insurance and billing transactions,
  • Conducting audits, quality control, and risk management,
  • Ensuring patient satisfaction through surveys and feedback collection,
  • Protecting the security of our facilities, IT systems, and medical records,
  • Research, training, and scientific purposes in compliance with legal frameworks,
  • Responding to patient requests, complaints, or inquiries.

4. TRANSFER OF PERSONAL DATA

Your personal data may be transferred, where necessary and legally permitted, to:

  • The Turkish Ministry of Health and affiliated public institutions,
  • Social Security Institution and private insurance companies,
  • Laboratories, partner healthcare facilities, and emergency medical services,
  • Law enforcement agencies, judicial authorities, and regulatory bodies,
  • Legal representatives, lawyers, tax advisors, and auditors,
  • Service providers, IT companies, archive providers, and business partners assisting MRV in service delivery.

All transfers are made in accordance with KVKK, while upholding GDPR principles of data minimization, necessity, and proportionality.

5. YOUR RIGHTS UNDER KVKK AND GDPR PRINCIPLES

As a patient, you have the right to:

  • Learn whether your personal data is processed,
  • Request information about the processing activities,
  • Access your personal data,
  • Request correction of inaccurate or incomplete data,
  • Request deletion or anonymization of your personal data,
  • Be informed of third parties to whom your data has been transferred,
  • Object to processing where it negatively impacts you,
  • Request compensation in case of unlawful processing and damages.

Additionally, under GDPR principles, you also have the rights to:

  • Data portability (receiving your data in a structured electronic format),
  • Restrict processing in specific cases,
  • Object to automated decision-making and profiling.

6. DATA SECURITY AND RETENTION

MRV ensures that personal data is stored securely, with appropriate technical and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction.

Personal data is retained only for as long as required to fulfill the purposes outlined in this notice and to comply with applicable laws. Once retention periods expire, data is securely deleted or anonymized.

7. CONTACT INFORMATION

For questions, requests, or to exercise your data protection rights, you may contact us at:

Patients in the United Kingdom may also note that MRV’s practices are designed to be consistent with UK GDPR principles, although our primary legal obligations fall under Turkish KVKK.