Privacy Policy - Livera Dental Clinic
calendar_month Book Appointment

Privacy Policy

Last updated: 23.05.2026

At Livera Dental Clinic ("Livera", "the clinic", "we", "us") we treat the protection of personal data of all visitors, patients and their relatives who use our website (liveradentalclinic.com), appointment forms and digital communication channels as one of our primary responsibilities. This Privacy Policy describes which personal data we collect, for what purpose and by which methods we collect it, how long we retain it, with whom we may share it, and the rights you have as a data subject under the EU General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK) No. 6698 and other applicable legislation.

1. Data Controller

Controller: Livera Dental Clinic
Address: Florya Asfaltı No:3/18, Bakırköy 34140, Istanbul, Türkiye
E-mail: info@liveradentalclinic.com
Phone: +90 543 207 13 24
Contact representative: Dt. Ahmet Eren Baş

2. Categories of Personal Data We Process

To deliver our services we may process the following categories of personal data:

  • Identity data: First name, last name, date of birth (only if needed for treatment).
  • Contact data: Phone number, e-mail address, country, city.
  • Health data (special category): Current oral and dental status, treatment history, allergies, medication in use, radiological images. This is special category data under GDPR Art. 9 and KVKK Art. 6 and is processed only on the basis of your explicit consent or Art. 9(2)(h) GDPR (provision of health care).
  • Audio/visual data: Photographs and panoramic X-rays you send for pre-appointment treatment planning.
  • Transaction data: Appointment dates, treatment type, payment information (card numbers are never stored; they are processed only by a PCI-DSS compliant payment provider).
  • Security data: IP address, browser type, device information, session identifier, cookie data.
  • Marketing data: E-mail address (if you subscribe to our newsletter), explicit-consent-based SMS/WhatsApp communication preferences.

3. Purposes of Processing

  • Responding to your appointment requests and planning your treatment,
  • Providing, monitoring and improving the quality of our clinical services,
  • Meeting legal obligations (health regulations, taxation, invoicing),
  • Communicating with our patients (WhatsApp, phone, e-mail),
  • Evaluating complaints and suggestions,
  • Ensuring site security and preventing fraud,
  • Carrying out marketing communications based on your explicit consent,
  • Statistical analysis and measurement of site performance.

4. Lawful Basis (GDPR Art. 6 and 9)

  • Art. 6(1)(b): Performance of a contract (treatment agreement).
  • Art. 6(1)(c): Compliance with a legal obligation (health legislation, invoice retention).
  • Art. 6(1)(f): Legitimate interests (clinic security, service improvement).
  • Art. 6(1)(a) and Art. 9(2)(a): Explicit consent for special category data, before/after marketing photographs and direct marketing communication.
  • Art. 9(2)(h): Processing necessary for the provision of health care.

5. Retention Periods

  • Health data: At least 20 years, as required by the Ministry of Health regulations.
  • Invoices and financial records: 5 years, as required by the Tax Procedure Law.
  • Contact form data: 2 years following the resolution of your request.
  • Marketing consents: Until consent is withdrawn or after 2 years of inactivity.
  • Site log records: 6 months.

6. Data Transfers

Your personal data is only shared with third parties under appropriate contractual and technical security measures:

  • Within Türkiye: Hosting provider (Hetzner Online GmbH, Türkiye data center), accounting office, official authorities where required by law.
  • International transfers: Google Analytics (USA - EU-US Data Privacy Framework certified), Meta Platforms (USA - DPF certified), Mailgun e-mail delivery service (USA), WhatsApp Business API. These transfers are made only on the basis of your explicit consent or under standard contractual clauses pursuant to Art. 46 GDPR / Art. 9 KVKK.

7. Cookies

Our site uses strictly necessary cookies (session, security), preference cookies and consent-based analytics/marketing cookies. For details please review our Cookie Policy.

8. Data Subject Rights

Under the GDPR (Art. 15-22) and KVKK Art. 11 you have the right to:

  • Request confirmation of whether we process your personal data,
  • Request access to your personal data and information about how it is processed,
  • Request rectification of inaccurate or incomplete data,
  • Request erasure ("right to be forgotten") under the conditions set out in Art. 17 GDPR,
  • Request restriction of processing (Art. 18 GDPR),
  • Receive your personal data in a portable format (Art. 20 GDPR),
  • Object to processing carried out for legitimate interests or direct marketing (Art. 21 GDPR),
  • Not be subject to a decision based solely on automated processing (Art. 22 GDPR),
  • Withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise these rights please send a written request to info@liveradentalclinic.com. Requests are processed within 30 days. You have the right to lodge a complaint with the Turkish Data Protection Authority (KVKK - www.kvkk.gov.tr) or your local supervisory authority in the EU/EEA.

9. Security Measures

To protect your data we apply TLS 1.2+ encryption, multi-factor authentication, regular security updates, access logging and physical security measures.

10. Changes

This Privacy Policy may be updated in line with changes in legislation or in the scope of our services. The current version is always published on this page.

For questions or requests: info@liveradentalclinic.com