Home » Privacy Policy

Privacy Policy

 

 

1.     Introduction and Scope

1.1 Who We Are and Our Commitment

OONE LIFE is an international medical tourism coordination service specializing in world-class implantology and cosmetic orthodontics delivered through our specialized clinics in Istanbul, Turkey.

This Privacy Policy governs the collection, processing, and safeguarding of your personal data when you interact with usfrom initial contact through post-treatment follow-up. Our commitment is not only to provide exceptional clinical care but also to maintain the highest standards of data security and confidentiality, particularly concerning the sensitive nature of your health information.

1.2 Governing Law and Competitive Advantage

While our clinical delivery takes place in Turkey, OONE LIFE is structured to adhere to stringent European data protection principles, setting us significantly apart from typical local agencies:

  • EU Regulation Benchmark: We voluntarily adhere to the principles, requirements, and strict standards outlined in the European Union’s General Data Protection Regulation (GDPR) 2016/679.
  • Purpose of Compliance: This adherence ensures that your data is handled with the same level of security, transparency, and accountability as if you were receiving treatment within the European Economic Area (EEA).
  • Operational Scope: This policy applies to all data collected via our website, email, WhatsApp, iMessage, SMS,phone calls, and documentation exchanged for the purpose of planning, organizing, and executing your treatment and travel.

2. Data We Collect

To effectively coordinate your medical treatment and travel logistics, OONE LIFE collects and processes various categories of personal data. The data we collect falls into the following essential categories:

  • 1 Personal Identification Data (P.I.I.)
    • Contact Information: Name, surname, date of birth, email address and preferred contact number (including WhatsApp and SMS details).
    • Passport/ID Details: Necessary for flight bookings, hotel registration, and compliance with local health regulations upon arrival in Turkey.
    • Financial Details: Information related to payments, billing address, and transaction confirmation data for treatment and package fees.
  • 2 Sensitive Health Data (Medical Records)
    • Diagnostic Imaging: Existing panoramic X-rays, CBCT (Cone Beam CT Scan) files, and intraoral scans required for precise treatment planning.
    • Clinical History: Current health status, allergies, relevant medical history, medication lists, and details of previous dental or surgical procedures.
    • Treatment Plan: The definitive, detailed medical plan prepared by our specialized dentists (e.g., implant types, number of implants, restorative materials, and surgical protocols).
    • Note: This sensitive health data is processed only under the strict condition of explicit consent, as required by GDPR principles.
  • 3 Logistical and Transactional Data
    • Travel Details: Flight numbers, arrival/departure times, and airport details (IST/SAW) necessary for arranging VIP transfers.
    • Accommodation Preferences: Information related to your booking at partner 4- or 5-Star Hotels to ensure comfort and proximity to the clinic.
    • Communication Records: Records of correspondence via email and secure messaging platforms (e.g., WhatsApp) for treatment coordination and scheduling.
  • 4 Technical and Usage Data
    • Website Usage: Information about how you use our website, including your IP address, browser type, operating system, and pages viewed, used for analysis and security purposes.

3. How We Use Your Data

We use the data collected strictly for the following purposes, based on legal grounds:

  • 1 Contractual Obligation (Treatment and Logistics)
    • To provide an accurate and definitive free online consultation and establish a precise treatment plan.
    • To schedule appointments with our maxillofacial surgeons and our specialist team.
    • To book and manage your premium accommodation and VIP airport transfers.
    • To process payments and activate your Certified 10-Year Guarantee.
  • 2 Legal and Regulatory Compliance
    • To maintain accurate medical records as required by the Turkish Ministry of Health and international medical record-keeping standards.
    • To fulfill tax, audit, and legal reporting obligations in the jurisdictions where OONE LIFE operates.
  • 3 Legitimate Business Interest
    • To communicate with you regarding your aftercare protocol and follow-up checks.
    • To monitor and improve our website functionality and user experience.
    • To prevent fraud and ensure the security of our data processing systems.

4. Data Sharing and Disclosure

We treat your personal and sensitive health data with the utmost confidentiality. Data is only shared with trusted third parties when strictly necessary to fulfill our contractual obligations to you (i.e., providing treatment and organizing logistics) or when required by law.

4.1 Sharing for Treatment and Clinical Necessity

We share your data internally and with our verified clinical partners to execute your treatment plan:

  • Clinical Team: We share your Sensitive Health Data (X-rays, CBCT scans, medical history) with our maxillofacial dentists in Turkey and the specialist implantology team responsible for designing and delivering your treatment.
  • The ComfyDent Laboratory: Your digital scan data (intraoral scans, CBCT data) is shared with our ComfyDent Laboratory to digitally design and manufacture your custom restorations (crowns, bridges) with micrometre accuracy.
  • EU Oversight: For auditing purposes related to our voluntary GDPR adherence, limited, anonymized data may be shared internally with our European coordination office.

4.2 Sharing for Logistical Fulfillment

To deliver the “all-inclusive” nature of our packages, we must share limited P.I.I. and logistical data:

  • Accommodation: Your name and arrival/departure dates are shared with our partner 4- or 5-Star Hotels to secure your accommodation booking.
  • VIP Transfers: Your name, flight numbers, and arrival times are shared with our trusted, private transfer service providers to ensure seamless, non-stop transportation between the airport, hotel, and clinic.

4.3 Legal and Regulatory Requirements

We will disclose your personal data if required to do so by law, including:

  • To comply with a legal obligation, such as responding to a court order, subpoena, or government request (e.g., Turkish Ministry of Health regulations).
  • To protect the rights, property, or safety of OONE LIFE, our patients, or others, including the enforcement of contracts and guarantees.

Crucial Note on Data Transfer (GDPR): As OONE LIFE transfers your data from the point of collection (often within the EEA) to our processing facility in Turkey, we ensure that all data transfers are secured and protected via robust technical and contractual safeguards, adhering strictly to the security standards required by GDPR.

5. Data Security and Storage

We employ a high-standard set of technical and organizational measures designed to protect your data against accidental loss, unauthorized access, alteration, or disclosure:

  • Encryption and Access Control: All sensitive medical files (CBCT, X-rays) are stored on secure, access-controlled servers protected by encryption protocols. Access is strictly limited to clinical and essential coordination staff.
  • Physical Security: Our main clinical facility in Nişantaşı maintains high-level physical security measures for all hard-copy records and clinical access points.
  • Data Retention: Given the long-term nature of implantology and our commitment to the Certified 10-Year Guarantee, we retain medical records for a period exceeding the standard legal minimum, ensuring we have the necessary data to honor our guarantee and provide comprehensive aftercare.

6. Your Rights

Under EU GDPR principles, you have the right to exercise the following control over your data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to ask us to correct any incomplete or inaccurate data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data; however, this right is subject to exceptions, particularly where the retention of medical records is necessary for legal compliance or the fulfillment of our 10-Year Guarantee 
  • Right to Restriction and Objection: You have the right to request the restriction or objection to the processing of your personal data under certain conditions.
iMessage Us