Gur Hair Transplant is a Fue Hair Transplant clinic in Istanbul

Clarification Text Regarding the Processing of Personal Data




Below, we, as Data Controller (GDPR Article 4(7), KVKK Article 3(1) (i)),

GÜR SAĞLIK HİZMETLERİ VE TURİZM LİMİTED ŞİRKETİ (hereinafter “Gür Health”, “company”, “we”), processing your personal data in connection with the use of our website as well as the sale of our services. (GDPR Article 4(2), Article 3(1) (e) of the KVKK)

If you need more information about the processing of your personal data, please contact us:



Gür Health, as a data controller, processes personal data limited to the following groups of persons.

• Our workers,

• Our worker candidates (including reference persons declared by job applicants)

• Our interns,

• Our patients,

• Persons who are interviewed and contacted for diagnosis, treatment or to receive such services,

• Relatives and companions of the patient,

• Parties to any commercial activity or persons with whom we are or will cooperate with due to commercial activity, or authorized or employees of companies (Supply, etc.)

• Shareholders or persons with whom shareholding is negotiated.

• Our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies,

• Visitors

• Legal representatives, parents, guardians or guardians of data subjects

• Persons who are parties in legal processes and their legal representatives


Gür Health, as a data controller, processes the following personal health data, general and special quality personal data, in accordance with the principles of "compliance with the law", "necessity", "fit for purpose" and "limitation".

Identity Data

Name, surname, nationality of the persons whose data will be processed. ID number, passport number and information if not a Turkish citizen or temporary T.R. identity number, place and date of birth, marital status, gender information.

Communication Data

It is all communication-related data such as residence address, correspondence address, mobile phone number, e-mail address.

Visual and Audio Data

The data in this context are listed below:

Image and audio recording taken by company security cameras, with special written consent and permission (consent), publicity, research, photo or video showing proof of medical procedure, photo or video recording for convincing other patient candidates for medical procedure

Employee data

It is the data obtained from the workers in accordance with the law or employment contract.

Education Data

It is the data on the educational status of the workers, candidate workers, interns or other related persons working in the company.

Job and Occupation Data

It is all data related to the job or profession in terms of workers, candidate workers, interns or other related persons working in the company. (Including professional experience, diploma, course data)

Comment and Complaint Data

It is the data of comments and complaints transmitted to our company through the website or other channels in order to evaluate the services we provide.

Location Data

It is the address and location data that people transmit with their own consent.

Transaction Security Data

This includes IP address, browser information, website login and password information (Mac ID, IP address information, website login and password information).

Legal Data

It is the data about the workers working in the company and any person who has a lawsuit or enforcement proceeding with the company.

Financial Data

It is data such as the bank account number and IBAN number of the persons. Financial data of employees and customers. Invoicing.

Health Data

Data that must be followed for legal reasons in medical files. Laboratory and imaging results processed with the consent of the person, disease information, drugs used, medical test results, blood group, inspection data, any health data obtained during the execution of medical diagnosis, treatment and care services, such as prescription information. In addition, the health report and other medical documents in the employee's personnel file are also within this scope.

Risk management

Data processed for the management of commercial, technical and administrative risks are within this scope.

Security Of The Place

Entry and exit registration information of employees and visitors, security camera records are the data within this scope.

Sex Life

Personal data about sexually transmitted diseases are collected for the treatment of our patients.


Height, Weight, Policy information (whether there is an existing policy, if any, from which company, policy number, policy term)



The processing of your personal data is performed in accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”), the EU General Data Protection Regulation (Reg. EU 2016/679) (“GDPR”) and the German laws (especially BDSG 2018), if applicable, (“Data Protection Legislation”).

In the following situations, we collect and use personal data directly from our users or from other sources (as presented below):



Your Personal and Private Personal Data mentioned above.

  1. Fulfilling legal obligations in official regulations pursuant to Article 6(1) (c) of GDPR, Article 5(2) (a), Article 5(2) (ç) of KVKK;
  2. Fulfillment of contractual provisions in accordance with GDPR Article 6(1) (b), KVKK Article 5(2) (c),
  3. Providing health services (medical or medical/cosmetic diagnosis, examination, treatment and all kinds of care services),
  4. Providing you with information about your appointment if you make an appointment,
  5. Based on your express consent in accordance with Article 6(1) (a) of GDPR, Article 5(1) of KVKK,
  6. Planning and managing the internal functioning of Gür Healthcare,
  7. Business requirements,
  8. Creation of online or paper consent forms, treatment follow-up and information forms for our patients and clients,
  9. Invoicing.
  10. Verification of your identity
  11. Protection of public health, preventive medicine, medical diagnosis, treatment and care services, with or without customers,
  12. Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations in accordance with the health legislation,
  13. Financing your health services, covering examination, diagnosis and treatment expenses,
  14. Measuring, increasing and researching patient satisfaction,
  15. Answering all kinds of questions and complaints about our health services
  16. Research and analysis to increase the quality of health services,
  17. Monitoring and preventing abuse or unauthorized transactions,
  18. Carrying out risk management activities
  19. Taking all necessary technical and administrative measures within the scope of data security,
  20. Designing special content, tangible and intangible benefits on the web and other mobile channels, social media, and communicating them to the interlocutors,
  21. To be able to carry out training activities by the institutions with which the institution cooperates.






Your personal data is obtained from channels such as:


  1. As a result of the meeting with our company,
  2. As a result of the meeting to be made by contacting Gür Health doctors or related personnel via phone, WhatsApp , e-mail etc.
  3. If you apply to Gür Health, as a result of face-to-face meetings with doctors or related personnel,
  4. On the contracts and other commercial documents of our Legal Advisors, Lawyers and Consultants,
  5. As a result of personal data being included in communication platforms,
  6. As a result of applications made through panels such as "contact us" or "get information" on our social media account,
  7. Obtaining data in the form of recording the MAC ID (Device Identity Information) from the logins to the website,
  8. We contact or they are contacted by Gür Health although without any commercial or legal connection,
  9.  Similarly, by other legal means of data acquisition


Your Personal Data and Special Qualified Personal Data mentioned above will be processed due to the following legal regulations:

  1. Health Services Basic Law No. 3359,
  2. Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,
  3. Regulation No. 26788 on Private Healthcare Institutions where Outpatient Diagnosis and Treatment is provided
  4. Law on Protection of Personal Data No. 6698,
  5. Regulation on Processing of Personal Health Data and Protection of Privacy
  6. Identity Notification Law No. 1774,
  7. Labor Law No. 4857,
  8. Social Insurance and General Health Insurance Law No. 5510,

Personal data relating to health and sexual life may only be processed, without seeking explicit consent of the data subject, by any person or authorised public institutions and organizations that have confidentiality obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.


Your personal data may be transferred with the following institutions for the purposes and legal reasons stated above:



Due to the fact that the mail extensions (Gmail, Yahoo, Hotmail, Yandex, Outlook, etc.) used by companies and individuals are foreign extensions and data storage centers are established abroad;

● sending or receiving your personal data via an E-Mail;     

● or keeping data in overseas storage centers (eg Google or Amazon data storage centres),       

Such activities are defined as data transfer abroad according to the Personal Data Protection Law (“Law”). The article of the Law regarding the conditions for transferring personal data abroad is as follows:

Transfer of personal data abroad

ARTICLE 9 – (1) Personal data shall not be transferred abroad without explicit consent of the data subject.


(2) Personal data may be transferred abroad without explicit consent of data subject upon the existence of one of the conditions referred to in Article 5(2) and Article 6(3) of the Law and if in the country where personal data are to be transferred;

(a) Adequate protection is provided.

(b) Adequate protection is not provided, upon the existence of commitment for adequate protection in writing by the data controllers in Turkey and in the relevant foreign country and authorisation of the Board.The Company may transfer your personal data to third-party service providers such as Google Analytics, HubSpot, as reasonably necessary and in accordance with its purpose, for regulatory purposes and to provide services.

Since the current legislation has not yet declared a country with adequate protection and it is not possible to make a commitment with large mail companies or data storage companies, the transfer of your personal data abroad within the scope specified above and limited to the stated purposes is only possible if you have your Express Consent. Express consent can be withdrawn at any time.


Gür Health, as a data controller, protects your above-mentioned data with great sensitivity and by fully complying with the provisions of the legislation, by taking all kinds of administrative and technical measures.

Gür Health has taken all kinds of administrative and technical measures to protect your personal data. For detailed information, you can check our VERBIS record or personal data inventory.

Gür Health is committed to protecting all personal data. In order to prevent the illegal processing and access of personal data and to ensure the preservation of personal data, technical and administrative measures are carried out by using various methods and security technologies to ensure the appropriate level of security.

Gür Health will not disclose the personal data it has obtained to others in violation of the provisions of the Law on Protection of Personal Data No. 6698 and will not use it for purposes other than processing.

Gür Health has implemented the necessary multi-faceted audit activities.


If you have given us your consent to process your personal data, we hereby inform you that you can withdraw this consent whenever you wish.

Please note that your withdrawal of consent is only effective for the future and does not affect the legality of data processing that has taken place in the past. In some cases, we may be entitled to continue to process your personal data despite your withdrawal of consent on a different legal basis, e.g. to perform a contract.


The personal data you send to us in order to benefit from Gür Health services will also be accessed from Turkey. Turkey has data protection legislation and a Data Protection Authority largely similar to that in the EU.


Under Law No. 6698 on the Protection of Personal Data, you have the rights listed below:

(a) Learn whether or not your personal data has been processed,

(b) Request information as to the processing if your personal data has been processed,

(c) Learn the purpose of processing your personal data and whether such data is used in accordance with this purpose,

(ç) Know the third parties in the country or abroad to whom your personal data has been transferred,

(d) Request rectification in case your personal data is processed incompletely or inaccurately,

(e) Request deletion or anonymization of your personal data provided that the purposes for processing your personal data have disappeared,

(f) Request notification of the transactions mentioned in points (d) and (e) to the third parties to whom your personal data has been transferred,

(g) Object to any result against you that has emerged from the analysis of your personal data exclusively through automated systems,

(ğ) Claim damages if you have suffered any damages due to the unlawful processing of your personal data.

You may send your requests regarding your rights above by applying in writing to our postal address: Küçükbakkalköy Mahallesi, Merdivenköy Yolu Caddesi No:12, 34750 Ataşehir/İstanbul

or by sending an e-mail to iletiş


According to KVKK, the information which is mandatory to be included in the application are;


(a) Name, surname and if the application is made in writing, the signature,

(b) Turkish I.D number or nationality along with passport number or foreign identity number, if any,

(c) Residential or work address for notification,

(d) E-mail address, telephone and fax number for notification, if any,

(e) The subject of the request.

Your application will be finalized as soon as possible (according to the nature of the request) and at the latest in 30 days.

If your application is not answered at all or in time or the response is found insufficient, you may file a complaint with the Personal Data Protection Board (Art. 14 and 15 of KVKK).




Kişisel Verileri Koruma Kurulu

Adress : Nasuh Akar Mah. Ziyabey Cad. 1407 Sok. No: 4 06520 Balgat-Çankaya/Ankara, Türkiye

Telephone : +90 312 216 5050

Web Site :


This text was revised on 20/01/2022.