Suave Dental Clinic — Privacy Policy (EU/UK)

Last updated: 7 November 2025

Effective from: 7 November 2025

1) Who we are

Controller: Suave Dental Clinic

Address: Şehit Muhtar, Tarlabaşı Blv 150 D:170, Beyoğlu, 34435 İstanbul, Türkiye

Email: privacy@suaveclinic.com | info@suaveclinic.com

Phone: +90 542 699 2911

2) Scope

This policy explains how we handle personal data collected through suaveclinic.com and channels linked from it (contact forms, email, phone, WhatsApp, live chat, booking tools). It does not cover third-party websites we link to.

3) What data do we collect

⦁ Identity and contact: name, email, phone, country or region, preferred contact time.
⦁ Enquiry details: treatment interests, messages, and uploaded files.
⦁ Clinical intake: health and dental history, x-rays, images, treatment notes, prescriptions, adverse events, and payment details. This includes special-category data (health).
⦁ Technical data: device, browser, IP address, referral URLs, pages viewed, event logs.
⦁ Marketing and cookie preferences: your choices about analytics and advertising.
⦁ Travel logistics (medical tourism): optional travel dates, accommodation preferences, and coordination details if you provide them.
⦁ Sources: you, your referrer (with your permission), and the systems we use to run our website and practice.

4) Purposes and legal bases

We process personal data for the following purposes. We identify the applicable legal bases under EU GDPR and UK GDPR.

⦁ Respond to enquiries and provide quotes: contact form, callback requests, WhatsApp follow-up. Legal basis: performance of a contract or steps prior to entering into a contract (Art. 6(1)(b)).
⦁ Book and deliver dental care: consultations, treatment planning, follow-ups, payments. Legal basis: performance of a contract (Art. 6(1)(b)); for health data, provision of health or social care (Art. 9(2)(h)) or explicit consent (Art. 9(2)(a)) where required.
⦁ Clinical records and safety: record-keeping, audit, adverse event reporting. Legal basis: legal obligation (Art. 6(1)(c)); for health data, Art. 9(2)(h).
⦁ Website security and abuse prevention: logs, rate limiting, fraud checks. Legal basis: legitimate interests (Art. 6(1)(f)).
⦁ Analytics: measuring site usage and improving content. Legal basis: consent (Art. 6(1)(a)).
⦁ Advertising and remarketing: Google Ads, YouTube, Demand Gen. Legal basis: consent (Art. 6(1)(a)).
⦁ Publishing identifiable testimonials and before/after images: case gallery, reviews. Legal basis: explicit consent (Art. 9(2)(a)), separate from any treatment consent.

Legitimate interests: For security and troubleshooting we rely on Art. 6(1)(f). You can object (see Section 13).

Provision requirement: If you do not provide data needed for pre-contract steps or care, we may be unable to offer a quote or treatment.

5) Cookies, CMP, and Google Consent Mode v2

We use a Google-certified Consent Management Platform (CMP) integrated with IAB TCF v2.2. In the EEA and UK, non-essential cookies and tags do not run without your consent. We send Consent Mode v2 signals (ad_storage, analytics_storage, ad_user_data, ad_personalization) so Google products adjust behavior based on your choice. If you deny consent, we may record non-identifying, aggregated measurement.

⦁ Manage choices: use “Cookie settings” in the site footer to review or withdraw consent any time.
⦁ CMP vendor: [CMP name], [CMP ID], [link to cookie declaration].
⦁ Essential cookies run to provide the site and ensure security. Analytics and Advertising run only with consent in the EEA and UK.

6) Advertising, profiling, and uploads to ad platforms

⦁ We use Google services for ads and measurement. In the EEA and UK, personalized ads only run after consent. If consent is denied, ads will be contextual or absent.
⦁ We may use Enhanced Conversions with your consent. Where used, we hash limited contact data before transmission and do not include any health information or treatment details.
⦁ We do not create audience segments based on health conditions. We do not upload clinical records to ad platforms.
⦁ You can withdraw consent at any time via “Cookie settings” or by contacting us.

7) Where your data is processed and international transfers

We are based in Türkiye. We also use processors in the EEA, the UK, and the USA. When transferring data from the EEA or UK to countries without an adequacy decision (including Türkiye), we use:

⦁ EU Standard Contractual Clauses (SCCs) and the UK IDTA or Addendum, plus supplementary measures; and/or
⦁ Providers participating in the EU-US Data Privacy Framework, where applicable.
You can request copies or a summary of safeguards.

8) Who receives your data

⦁ Infrastructure and practice systems: hosting, email, secure storage, practice management, secure messaging.
⦁ Analytics and advertising: Google services, honoring your CMP or Consent Mode signals.
⦁ Clinical labs and care partners: only when necessary for treatment.
⦁ Payment processors: when you make a payment.
⦁ Authorities and regulators: where legally required.
We have contracts with processors that require confidentiality, security, and GDPR-compliant processing.

9) Retention

⦁ Clinical records: kept in line with medical records laws and professional guidance applicable to our practice.
⦁ Enquiry data: up to 24 months after last contact if you do not become a patient.
⦁ Marketing preferences: until you withdraw consent.
⦁ Analytics and advertising events: per vendor defaults, typically 14–26 months in aggregated form.
We apply minimization and secure deletion or anonymization.

10) Your rights (EU/UK)

You can access, rectify, erase, restrict, object, and port your data, and you can withdraw consent at any time. We respond within one month. A reasonable fee may apply only for manifestly unfounded or excessive requests or duplicate copies.

How to exercise rights: email privacy@suaveclinic.com or info@suaveclinic.com. We may need to verify your identity.

You also have the right to complain to your local supervisory authority.

⦁ EU: contact your national data protection authority.
⦁ UK: Information Commissioner’s Office (ICO), ico.org.uk.

11) Children

Our marketing is not directed at under-18s. For treatment of minors, we process data with the involvement of a parent or legal guardian where required by law.

12) Testimonials and before/after images

If images are identifiable, we treat them as health data. We request explicit, written consent separate from treatment consent. Refusing will not affect your care. You can withdraw consent; we will stop further use and remove images where feasible.

13) Automated decision-making and profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. We use limited profiling for advertising only with your consent (see Section 6). You may withdraw consent at any time or object where profiling relies on legitimate interests.

14) Security

We use appropriate technical and organizational measures, including encryption in transit, access controls, role-based permissions, and staff training. No system is perfectly secure, but we aim to materially reduce risk.

15) Third-party services and messaging

If you contact us via WhatsApp or similar services, those providers are separate controllers of your data under their own privacy terms. We recommend not sharing sensitive medical information via unsecured channels.

16) How to contact us

Controller: Suave Dental Clinic — privacy@suaveclinic.com | info@suaveclinic.com

EU/UK representatives: see Section 1 once appointed.

17) Changes to this policy

We will update this page when our practices change and will date-stamp the policy. Material changes will be signposted on the website.

Cookie summary (EEA/UK)

⦁ Strictly necessary: site delivery and security. Runs without consent.
⦁ Analytics: only with consent; helps us improve the site.
⦁ Advertising: only with consent; enables remarketing and personalization.

Change your choices any time via “Cookie settings” in the footer.