Legal

Privacy Policy

This policy explains what personal data we collect, how it is used, how long it is retained, and what rights you have as a data subject. It applies to data collected through this website.

Last updated: May 2026

Important Notice

This policy has been prepared to reflect current data handling practices. It has not been formally reviewed by a qualified legal professional. If you have questions about your rights, you are encouraged to seek independent legal advice. We will update this document promptly when practices or applicable law change.

Data Controller

The entity responsible for the collection and processing of your personal data through this website is the dental practice operated by Dr. Barış Unan.

Practice name
Dr. Barış Unan — Private Dental Practice
Location
Harbiye Mah. Abdi İpekci Cad. Azer İş Merkezi No: 40 D: 15 Şişli / İstanbul, Turkey
Contact email
info@barisunan.com

Data We Collect

We collect only data that you voluntarily provide. We do not collect data automatically through cookies or tracking technologies beyond what is described in our Cookie Policy.

Contact Form Data

When you submit an appointment enquiry through the website contact form, we collect the following:

  • Full name
  • Email address
  • Phone number (optional)
  • Country of residence
  • Preferred language
  • Treatment category of interest (optional)
  • Free-text message

Health-Related Information

Your free-text message may contain information about your dental or general health. This is voluntarily disclosed by you. We treat all health-related information as special category data under applicable law.

If you subsequently send dental records, imaging, or other clinical documents by email ahead of a consultation, those documents are also processed as health data and handled accordingly.

Email Correspondence

If you contact us directly by email, we collect the content of that correspondence, including any attachments, along with your email address and any personal information contained in the message.

Data We Do Not Collect

We do not currently use analytics services, advertising networks, or tracking pixels on this website. We do not collect data from social media platforms. We do not collect payment information through this website.

See our Cookie Policy for a full description of what, if anything, is stored in your browser.

How We Use Your Data

We use the data you provide only for the purposes for which it was collected. We do not use your data for marketing, profiling, or any purpose unrelated to your clinical care or enquiry.

Responding to enquiries

To review your enquiry and respond with relevant information about availability, treatment options, or the appointment process.

Arranging appointments

To schedule consultations, confirm appointment details, and communicate with you before, during, and after your visit.

Clinical assessment and care

To review any records, imaging, or health information you share in advance of a consultation, so that a preliminary assessment can be carried out.

Compliance obligations

To comply with Turkish health regulations, professional licensing obligations, and applicable data protection law.

Legal Basis for Processing

We process your personal data on the following legal grounds under Turkish Law No. 6698 (KVKK) and, where applicable to data subjects in the European Economic Area, the General Data Protection Regulation (GDPR).

Explicit consent

When you submit the contact form, you provide explicit consent to the processing of your personal data — including any health-related information in your message — for the purpose of handling your enquiry. Consent is recorded via the KVKK consent checkbox on the form.

Legitimate interests

Where you contact us directly by email outside the form, processing is based on our legitimate interest in responding to your communication. We have assessed that this interest does not override your rights and freedoms.

Legal obligation

Some processing is required to comply with Turkish health law, professional dental regulations, and mandatory record-keeping obligations. This processing may continue even if you withdraw consent for other purposes.

Performance of a contract

Once an appointment is confirmed, processing is necessary to provide the agreed dental services, including maintaining clinical records as required by applicable health regulations.

Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.

Enquiry data (no appointment)
Patient enquiry records and related correspondence may be retained for as long as reasonably necessary for continuity of communication, legal obligations, record-keeping, and administrative purposes.
Clinical records
Clinical data created as a result of treatment is retained for the period required under applicable Turkish health regulations governing dental records. This retention may not be shortened upon request.
Email correspondence
General email correspondence is retained for as long as reasonably necessary for the purposes described in this policy. Where correspondence forms part of a clinical record, clinical retention periods apply.

Third-Party Services

This website uses a small number of third-party services. We take reasonable steps to ensure these services handle data appropriately. We do not sell, rent, or trade personal data.

Vercel (website hosting)

This website is hosted on Vercel's infrastructure. Vercel may process server logs including IP addresses and request metadata as part of operating the hosting service. Vercel's privacy policy is available at their website.

Google Fonts (typography)

This website loads the Inter typeface from Google Fonts. This involves a request to Google's servers, which may log your IP address. Google Fonts does not set cookies and Google states that font requests are not used to build advertising profiles.

Email service

Correspondence sent to info@barisunan.com is processed by our secure webmail provider.

No analytics or advertising

This website does not currently use any analytics service (such as Google Analytics), advertising network, or social media tracking pixel. If this changes, this policy will be updated before the service is activated.

Your Rights

Under Turkish Law No. 6698 (KVKK) and, where applicable, the GDPR, you have the following rights in relation to your personal data. We will respond to all valid requests within the timeframe required by applicable law.

Right to be informed

You have the right to know what data we hold about you and how it is used. This policy is intended to fulfil that obligation.

Right of access

You may request a copy of the personal data we hold about you at any time.

Right to rectification

If the data we hold is inaccurate or incomplete, you have the right to request that it be corrected.

Right to erasure

You may request deletion of your personal data where we have no overriding legal basis to retain it. Note that clinical records may be subject to mandatory retention obligations that limit this right.

Right to object

You may object to processing based on legitimate interests. We will assess your objection and cease processing unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing that took place before withdrawal.

Exercising Your Rights

To make a data subject request, or to ask any question about how we handle your personal data, contact us by email. We will acknowledge your request and respond within the legally required timeframe.

We may ask you to verify your identity before processing a request, to ensure data is not disclosed to or deleted for the wrong person.

Supervisory authority

If you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with the Personal Data Protection Authority of Turkey (Kişisel Verileri Koruma Kurumu — KVKK). If you are based in the EEA, you may also contact your local data protection authority.

Response time

Under KVKK, we are required to respond within 30 days of receiving a valid request. We aim to respond sooner where possible.

Changes to This Policy

We will update this policy when our data handling practices change, when new services are introduced, or when applicable law changes. The date at the top of this page indicates when the policy was last reviewed.

Material changes — such as the introduction of analytics or new third-party processors — will be reflected in this policy before they take effect.

Cookie Policy Contact Us