Skip to content

Privacy Policy

This policy explains how Eyeglow Health collects, uses and protects your personal information. It applies to all visitors, prospective patients and active patients interacting with our website or services.

Effective: 1 January 2026 · Last updated: 10 June 2026 · Compliant with KVKK (Türkiye 6698) and GDPR.

1. Data controller

Eyeglow Health (the "Controller", "we", "our", "us") is the data controller of personal data collected through this website and our patient-coordination services. Our office address and contact details are provided at the end of this document.

2. What information we collect

Information you provide directly

  • Contact details — name, email address, phone or WhatsApp number, country of residence;
  • Medical information — ocular history, current symptoms, prior treatments, medical or surgical history relevant to your enquiry;
  • Identity documents — when required for international medical travel coordination (passport copy for transfer booking, etc.);
  • Communication content — messages you send via our contact form, email, WhatsApp or phone.

Information collected automatically

  • Technical data — IP address, browser type, device characteristics, referring URL;
  • Usage analytics — anonymised page-view data via a privacy-respecting analytics service;
  • Cookies — see our Cookie Policy for details.

3. Why we process your data (legal basis)

  • To respond to your enquiry and provide written care plans — based on your consent (KVKK Art. 5(1) / GDPR Art. 6(1)(a)) and the necessity to take steps before entering into a contract (GDPR Art. 6(1)(b));
  • To coordinate your treatment — based on the contract for services between you and Eyeglow Health (KVKK Art. 5(2)(c) / GDPR Art. 6(1)(b));
  • To process special-category health data — based on your explicit consent (KVKK Art. 6 / GDPR Art. 9(2)(a)) and the necessity for the provision of healthcare (GDPR Art. 9(2)(h));
  • To meet legal obligations — Turkish tax, health-tourism reporting, and identity verification (KVKK Art. 5(2)(a) / GDPR Art. 6(1)(c));
  • To improve our services — anonymised analytics, based on legitimate interests (GDPR Art. 6(1)(f)).

4. Who we share your data with

We share your data only with parties that need it to deliver the services you have requested, and only the minimum necessary:

  • Partner surgeons and hospital staff — for clinical assessment and treatment;
  • Hotel and transfer providers — name and travel dates only;
  • Payment processors — billing details necessary to process payment;
  • Translators / coordinators — only the information needed for the conversation;
  • Tax authorities and regulators — when required by Turkish law.

We do not sell, rent or trade your personal information with any third party for marketing purposes.

5. International transfers

Where your data is transferred outside Türkiye or the European Economic Area, we ensure adequate safeguards (Standard Contractual Clauses or equivalent) are in place. Most data processing takes place within Türkiye.

6. How long we keep your data

We retain personal data only for as long as necessary:

  • Enquiry data without a follow-up — up to 24 months;
  • Patient records — up to 20 years from the last contact, in line with Turkish medical record-keeping requirements;
  • Financial and accounting records — 10 years (Turkish Tax Procedure Law);
  • Marketing communications — until you withdraw consent.

7. Your rights (KVKK & GDPR)

You have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data (subject to legal retention obligations);
  • Restrict or object to processing in certain circumstances;
  • Portability — receive your data in a structured, machine-readable format;
  • Withdraw consent at any time without affecting the lawfulness of past processing;
  • Lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) or your local supervisory authority (EU residents).

To exercise any of these rights, contact us at [email protected]. We respond within 30 days.

8. Security measures

We use industry-standard technical and organisational measures to protect your data, including HTTPS encryption, access controls, regular security reviews and staff training on data handling. No internet-based service can guarantee absolute security, but we work continuously to reduce risk.

9. Children

Our services are not directed at children under 18. We do not knowingly collect data from minors without parental consent. If we learn that we have collected data from a minor without proper consent, we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes are communicated by email to active patients. The "Last updated" date at the top reflects the most recent change.

11. Contact and complaints

Data controller contact:
Email: [email protected]
Phone: +90 541 478 18 71
Office: Esenler, İstanbul Ticaret Sarayı · Istanbul, Türkiye

KVKK / GDPR rights. If you believe your privacy rights have been violated, you may also contact the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu) directly at kvkk.gov.tr.