1. Who We Are
MMV Medical is a dental tourism facilitation service connecting European patients with specialist dental clinics in Istanbul, Turkey.
Data Controller: MMV Medical
Legal entity: [To be updated upon company registration]
Email: hello@mmvmedical.org
WhatsApp: +90 552 782 7698
2. What Data We Collect
When you submit a consultation request or contact us, we collect:
- Identity data: Full name
- Contact data: Email address, WhatsApp number
- Health data: Details about your dental condition, treatment history, and X-rays you choose to share
- Financial data: Budget range (broad range only — no card or bank details)
- Travel data: Preferred travel month and country of residence
- Usage data: Pages visited, time on site (via analytics — see Section 7)
We do not collect payment card details. All treatment payments are made directly to the clinic.
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Preparing and sending your personalised treatment plan | Contract (pre-contractual steps) |
| Coordinating your trip, flights, and clinic appointments | Contract |
| Sending your treatment plan to Dr. Mat Dental Clinic for clinical review | Contract / Legitimate Interest |
| Responding to enquiries and follow-up communication | Legitimate Interest |
| Improving our website and services | Legitimate Interest |
| Complying with legal obligations | Legal Obligation |
We will never use your health data for marketing purposes.
4. Health Data
Dental records, X-rays, and treatment history constitute special category data under GDPR. We process this data only to facilitate your requested treatment consultation, to share with Dr. Mat Dental Clinic for clinical assessment, and with your explicit consent where required.
By submitting health information through our consultation form, you consent to us processing it for the above purposes.
5. Who We Share Your Data With
We share your data only where necessary:
Dr. Mat Dental Clinic (Istanbul, Turkey)
Your consultation details and health information are shared with the treating clinic to prepare your treatment plan. Turkey is not an EU/EEA country; data transfers are made under appropriate safeguards (Standard Contractual Clauses or equivalent).
Service Providers
- Supabase — secure cloud database (EU region)
- Vercel — website hosting
- Google Analytics — anonymised website analytics
- HubSpot — CRM and enquiry management
We do not sell, rent, or share your personal data with third parties for marketing.
6. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Consultation requests (no treatment) | 12 months |
| Patient coordination records | 5 years |
| Financial records | 7 years (legal requirement) |
| Website analytics | 26 months (anonymised) |
7. Cookies and Analytics
Our website uses cookies to understand how visitors use the site. You can manage your cookie preferences at any time using the consent banner that appears when you first visit the site.
- Essential cookies — required for the site to function. No consent needed.
- Analytics cookies — Google Analytics (anonymised IP). Requires your consent.
- Marketing cookies — Google Ads, HubSpot. Requires your consent.
8. Your Rights
Depending on your country of residence, you have the following rights:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, you may withdraw at any time
To exercise any of these rights, contact us at: hello@mmvmedical.org. We will respond within 30 days.
UK: Information Commissioner's Office — ico.org.uk
Netherlands: Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl
Belgium: Data Protection Authority — dataprotectionauthority.be
Ireland: Data Protection Commission — dataprotectioncommission.ie
Romania: ANSPDCP — dataprotection.ro
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), access controls limiting who can view patient data, and secure cloud storage with row-level security.
10. Children
Our services are intended for adults aged 18 and over. We do not knowingly collect data from children under 16. If you believe we have inadvertently collected data from a minor, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page.
12. Contact
Email: hello@mmvmedical.org
WhatsApp: +90 552 782 7698
Address: [To be updated upon company registration]