📍 Nişantaşı, Istanbul 🕐 Mon–Fri 09:00–18:00 USHAŞ Certified
WhatsApp: +90 544 850 72 32 info@ayhanisikerdal.com
Consultation →

Privacy Policy

Legal information about how this Site, the clinic, and your data are handled.

This privacy policy explains how Doç. Dr. Ayhan Işık Erdal's clinic (operating at Teşvikiye Caddesi No:9/12, Şişli, Istanbul) collects, uses, stores, and protects your personal data when you contact us through this website, WhatsApp, email, or telephone. The clinic complies with the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and, where applicable, with the European General Data Protection Regulation (GDPR).

1. Data Controller

The data controller is Doç. Dr. Ayhan Işık Erdal, MD, FACS, FEBOPRAS, practicing at Teşvikiye Caddesi No:9/12, Şişli, Istanbul 34365, Turkey. For any data-protection enquiry: info@ayhanisikerdal.com.

2. What data we collect

  • Contact-form data: name, email, phone number (optional), country of residence, age, the procedure you are asking about, and the free-text message you submit.
  • WhatsApp / email correspondence: any clinical or personal information you choose to share, including photographs of your ears if you send them voluntarily for an initial assessment.
  • Technical data: standard server logs (IP address, browser user-agent, referring URL, timestamps). These are retained briefly for security and analytics purposes.
  • Cookies: this site uses minimal cookies — essential cookies only by default. No third-party advertising or behavioural-tracking cookies are set without your consent.

3. Why we collect it (lawful basis)

Personal data submitted through the website is processed for the following purposes, under the following legal bases:

  • To respond to your enquiry and provide medical-tourism information about otoplasty — lawful basis: your consent (you initiated contact) and our legitimate interest in operating a clinical practice.
  • To arrange a consultation, surgery date, hotel transfer, or follow-up if you choose to proceed — lawful basis: contract performance.
  • To comply with our regulatory obligations under the Turkish Ministry of Health, USHAŞ international health-tourism regulations, and medical-records legislation — lawful basis: legal obligation.

4. Sensitive health data

Information about your ears, photographs, prior surgeries, allergies, or medical history is special-category data under both KVKK and GDPR. This data is only processed once you have explicitly given your consent (e.g. by sending it to us voluntarily for an initial assessment), and only by the treating surgeon and a small team strictly involved in your care. It is never shared with marketing parties.

5. Data sharing

We do not sell or rent your data. We share the minimum necessary information with:

  • The accredited hospital where surgery is performed (for theatre booking, anaesthesia, post-op care).
  • Anaesthesia and nursing team members involved in your care.
  • Our hotel and transfer partners (only your name, arrival date, and contact phone — never clinical details).
  • Regulatory bodies and government health authorities (USHAŞ, Ministry of Health) when legally required.
  • Payment processors (only the minimum required to process the transaction you have authorised).

6. International data transfers

Because we serve international patients, your data may cross borders. We ensure adequate safeguards: data is stored on EU- or UK-hosted servers wherever possible; transfers to Turkey are protected under KVKK; and contractual data protection clauses are in place with our hosting providers (Netlify).

7. How long we keep your data

  • Enquiries that do not lead to treatment: deleted within 12 months unless you ask us to retain them for ongoing dialogue.
  • Patient records (where you do undergo treatment): kept for the period required by Turkish medical-records law (currently 20 years from the last entry).
  • Server logs: 30–90 days.

8. Your rights

Under KVKK Art. 11 and GDPR Art. 12–22 you have the right to:

  • Request a copy of the personal data we hold about you.
  • Have inaccurate data corrected.
  • Request deletion of your data (subject to medical-records retention law).
  • Object to or restrict processing in defined circumstances.
  • Withdraw consent at any time.
  • Lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) or, if you are an EU resident, your national supervisory authority.

To exercise any of these rights, email info@ayhanisikerdal.com with the subject line “Data subject request”.

9. Security

The site is served over HTTPS only. Form submissions are transmitted encrypted to our hosting provider (Netlify). Patient records held inside the clinic are stored under access control. WhatsApp messages between you and the clinic are end-to-end encrypted by WhatsApp's own protocol.

10. Cookies

By default we set only essential cookies needed for the site to function. We do not use behavioural advertising cookies, cross-site trackers, or fingerprinting. If analytics are enabled, IP addresses are anonymised.

11. Changes to this policy

We may update this policy from time to time. The “last updated” date below will reflect any change. Material changes will be highlighted.

12. Contact

For privacy questions, data-subject requests, or to withdraw consent:

  • Email: info@ayhanisikerdal.com
  • WhatsApp: +90 544 850 72 32
  • Postal address: Teşvikiye Caddesi No:9/12, Şişli, Istanbul 34365, Turkey

Last updated: May 2026.

WhatsApp WhatsApp