First & Only Medical Tourism Platform with certification of
American MTQUA in Turkiye since 2017

This notice explains how TravelMedi processes personal data via our website, inquiry forms, and official communication channels. It also outlines your rights under applicable data protection rules, including KVKK (Türkiye) and GDPR (where applicable).

Overview

This Privacy & Data Protection Notice explains how TravelMedi International Sağlık Turizmi Limited Şirketi (“TravelMedi”, “we”) processes personal data via our website, inquiry forms, and official communication channels (including WhatsApp where used), in line with applicable data protection rules such as KVKK (Türkiye) and GDPR (where applicable).

TravelMedi provides coordination and patient support. Medical services and clinical decisions are provided by independent, duly licensed healthcare professionals and authorized medical institutions.

Data Controller

TravelMedi International Sağlık Turizmi Limited Şirketi

Cihannüma Mahallesi, Barbaros Bulvarı No:49/10
Beşiktaş, Istanbul, 34351, Türkiye

Email: [email protected]

Privacy Contact: [email protected]

What Data We Process

Depending on how you contact us and which services you request, we may process:

  • Identity & contact: name, phone, email, country, language preference
  • Inquiry details: your messages, treatment interest, scheduling preferences
  • Health-related information (only if you voluntarily share it): photos, medical notes, test results or other information needed to coordinate provider communication
  • Technical data: IP address, device/browser information, cookies, analytics events
  • Communication records: WhatsApp/email logs for continuity, safety, and quality purposes

Please do not share more medical information than necessary for your request.

Purposes of Processing
  • Responding to your inquiry and coordinating an appropriate consultation pathway
  • Operational logistics support (appointments, transfers, accommodation planning where applicable)
  • Continuity-of-care coordination and post-visit follow-up support
  • Quality assurance, service safety, and complaint/dispute handling
  • Fraud prevention, abuse prevention, and platform security
  • Website performance measurement and improvement (analytics)
  • Legal compliance and record-keeping duties
Sharing & Recipients

We may share data on a need-to-know basis with:

  • Authorized healthcare providers / institutions (to support your consultation and care coordination)
  • Operational vendors (hosting, CRM, analytics, communication tools) acting as processors/service providers
  • Legal/financial advisors (when necessary for compliance or dispute handling)

We do not sell personal data.

International Transfers

Because our patients are international and our service providers may use global infrastructure, your data may be transferred outside Türkiye and/or the EEA where applicable.

Transfers are protected with appropriate safeguards, including contractual protections, access controls, and adherence to ISO 27001, ISO 27701, and ISO 9001 certified security measures.

Retention

We retain personal data only as long as necessary for the purposes described above and as required by applicable laws.

Retention periods may vary depending on request type, operational workflow, and legal requirements.

Cookies & Analytics

We use cookies and similar technologies to ensure core site functionality, protect the site, and understand how visitors interact with pages.

  • Strictly necessary: required for basic site operation
  • Analytics: measure usage and improve content
  • Marketing (if enabled): campaign measurement, subject to applicable consent rules

Best practice: publish a separate Cookie Notice listing categories, providers, and how to change preferences.

Your Rights (KVKK / GDPR)

Depending on applicable law, you may have the right to request:

  • Access to your personal data
  • Correction or update
  • Deletion (where conditions apply)
  • Objection or restriction
  • Data portability (GDPR contexts)
  • Withdrawal of consent (where processing is based on consent)

To submit a request: [email protected]

Security

We apply comprehensive administrative, technical, and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. All processing is in line with GDPR, KVKK, and international cybersecurity standards, including ISO 27001, ISO 27701, and ISO 9001 certifications.

No system is risk-free; however, we continuously improve controls aligned with operational needs and risk levels.

Children

Our services are intended for adults. If you believe a minor’s data has been shared without appropriate authority, please contact us so we can review and address the issue.

Updates

We may update this notice to reflect legal, operational, or technical changes. Continued use of our channels constitutes acknowledgment of the most current version.

Contact

Email: [email protected]

Email (general): [email protected]

WhatsApp