This notice explains how TravelMedi processes personal data via our website, inquiry forms, and official communication channels. It also outlines your rights under applicable data protection rules, including KVKK (Türkiye) and GDPR (where applicable).
Overview
This Privacy & Data Protection Notice explains how TravelMedi International Sağlık Turizmi Limited Şirketi (“TravelMedi”, “we”) processes personal data via our website, inquiry forms, and official communication channels (including WhatsApp where used), in line with applicable data protection rules such as KVKK (Türkiye) and GDPR (where applicable).
TravelMedi provides coordination and patient support. Medical services and clinical decisions are provided by independent, duly licensed healthcare professionals and authorized medical institutions.
Data Controller
TravelMedi International Sağlık Turizmi Limited Şirketi
Cihannüma Mahallesi, Barbaros Bulvarı No:49/10Beşiktaş, Istanbul, 34351, Türkiye
Email: [email protected]
Privacy Contact: [email protected]
What Data We Process
Depending on how you contact us and which services you request, we may process:
- Identity & contact: name, phone, email, country, language preference
- Inquiry details: your messages, treatment interest, scheduling preferences
- Health-related information (only if you voluntarily share it): photos, medical notes, test results or other information needed to coordinate provider communication
- Technical data: IP address, device/browser information, cookies, analytics events
- Communication records: WhatsApp/email logs for continuity, safety, and quality purposes
Please do not share more medical information than necessary for your request.
Purposes of Processing
- Responding to your inquiry and coordinating an appropriate consultation pathway
- Operational logistics support (appointments, transfers, accommodation planning where applicable)
- Continuity-of-care coordination and post-visit follow-up support
- Quality assurance, service safety, and complaint/dispute handling
- Fraud prevention, abuse prevention, and platform security
- Website performance measurement and improvement (analytics)
- Legal compliance and record-keeping duties
Legal Bases (KVKK / GDPR)
We process personal data based on one or more legal grounds depending on context, such as:
- Contract / pre-contract steps (to provide requested coordination services)
- Legitimate interests (service continuity, security, quality management—balanced with your rights)
- Legal obligation (compliance with applicable laws and regulations)
- Consent (where required, e.g., certain marketing communications or cookie categories)
Health-related data is handled with heightened safeguards and used only to the extent required to coordinate appropriate provider communication.
Sharing & Recipients
We may share data on a need-to-know basis with:
- Authorized healthcare providers / institutions (to support your consultation and care coordination)
- Operational vendors (hosting, CRM, analytics, communication tools) acting as processors/service providers
- Legal/financial advisors (when necessary for compliance or dispute handling)
We do not sell personal data.
International Transfers
Because our patients are international and our service providers may use global infrastructure, your data may be transferred outside Türkiye and/or the EEA where applicable.
Transfers are protected with appropriate safeguards, including contractual protections, access controls, and adherence to ISO 27001, ISO 27701, and ISO 9001 certified security measures.
Retention
We retain personal data only as long as necessary for the purposes described above and as required by applicable laws.
Retention periods may vary depending on request type, operational workflow, and legal requirements.
Your Rights (KVKK / GDPR)
Depending on applicable law, you may have the right to request:
- Access to your personal data
- Correction or update
- Deletion (where conditions apply)
- Objection or restriction
- Data portability (GDPR contexts)
- Withdrawal of consent (where processing is based on consent)
To submit a request: [email protected]
Security
We apply comprehensive administrative, technical, and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. All processing is in line with GDPR, KVKK, and international cybersecurity standards, including ISO 27001, ISO 27701, and ISO 9001 certifications.
No system is risk-free; however, we continuously improve controls aligned with operational needs and risk levels.
Children
Our services are intended for adults. If you believe a minor’s data has been shared without appropriate authority, please contact us so we can review and address the issue.
Updates
We may update this notice to reflect legal, operational, or technical changes. Continued use of our channels constitutes acknowledgment of the most current version.
Contact
Email: [email protected]
Email (general): [email protected]