Vista Smile Studio

    Privacy Policy

    Last updated: 1 May 2026

    Vista Smile Studio (“we”, “us”, “our”) operates the website vistasmileturkey.com and provides dental treatment from our clinic in Didim, Aydın, Turkey. This Privacy Policy explains how we handle personal data of visitors and patients, in particular UK residents enquiring about treatment with us. We process personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as well as Turkish Law No. 6698 on the Protection of Personal Data (KVKK).

    1. Who we are and how to contact us

    Vista Smile Studio is a private dental practice based in Didim (Altinkum), Aydın, Turkey. For any privacy-related questions, to make a request about your data, or to raise a concern, contact us at vistasmilestudio@gmail.com or +44 7399 614 576.

    2. The personal data we collect

    • Identity and contact data: name, email address, telephone number, country of residence.
    • Clinical and treatment data: dental photos, X-rays, CBCT scans, medical history, medication, allergies, treatment preferences and quotes you request.
    • Travel data: arrival/return dates, flight numbers, accommodation preferences (where you ask us to arrange transfers or hotels).
    • Technical data: IP address, device type, browser, pages viewed and referrer, collected via cookies and analytics (see our Cookie Policy).
    • Marketing data: your preferences for receiving updates and review/testimonial content you choose to share.

    3. How we collect your data

    We collect data when you complete a contact or quote form, message us on WhatsApp, email or call us, send clinical photos or scans, attend a consultation (in person or online), book travel through us, or browse our website.

    4. Lawful bases for processing

    • Contract: to provide quotes, treatment plans and dental care you have requested.
    • Legal obligation: to keep clinical records as required by Turkish healthcare law.
    • Legitimate interests: to respond to enquiries, improve our services, and protect the security of our website.
    • Consent: for marketing emails, optional cookies, and the use of before/after photos in promotional material.
    • Vital interests: in a clinical emergency, to protect your life or health.

    5. Special category (health) data

    Dental and medical information is special category data under UK GDPR Article 9. We process it on the basis of your explicit consent when you submit clinical information, and because it is necessary for the provision of healthcare under Article 9(2)(h).

    6. Sharing your data

    We share data only where necessary, with: our clinical team and dental laboratory; transfer and accommodation providers you ask us to book; payment processors; secure cloud and email providers; and regulators or law enforcement where legally required. We do not sell personal data.

    7. International transfers

    Because our clinic is in Turkey, your data is transferred outside the UK/EEA. Turkey is not currently the subject of a UK adequacy decision. We rely on your explicit consent (given when you contact us about treatment in Turkey) and on appropriate safeguards including the UK International Data Transfer Addendum with our suppliers where applicable.

    8. How long we keep data

    Enquiry data is kept for up to 24 months from your last contact. Clinical records are retained for at least 15 years after your last treatment, in line with Turkish Ministry of Health requirements. Accounting records are retained for 10 years.

    9. Your rights

    Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing of your data, the right to data portability, and the right to withdraw consent at any time. To exercise any right, email vistasmilestudio@gmail.com. If you are not satisfied with our response, you can complain to the UK Information Commissioner’s Office (ico.org.uk) or to the Turkish Data Protection Authority (KVKK).

    10. Security

    We use encrypted storage, access controls, secure messaging and staff training to protect your data. No system is 100% secure; if a breach affects you we will notify you and the relevant regulator within 72 hours where required.

    11. Changes to this policy

    We may update this Privacy Policy from time to time. Material changes will be notified on this page with a new “last updated” date.