PRIVACY NOTICE FOR ESTENOVE
Nove Grup Sağlık Turizm Organizasyon Sanayi Ticaret Anonim Şirketi (“Nove Grup” or “we”) acts as the data controller for the purposes of this Privacy Notice. Nove Grup respects your privacy and takes the protection of your personal data seriously. We value your trust and are committed to protecting your data and ensuring you remain in control of it.
This Notice explains how we handle your data and how you can manage it. This Notice applies when you use our Services (as defined below) that link to this Notice.
If you have any questions about how Nove Grup processes your personal data, please contact us.
Data Controller:
Nove Grup Sağlık Turizm Organizasyon Sanayi Ticaret Anonim Şirketi
Address: Esentepe Mah. Büyükdere Cad. Levent Plaza Blok No: 173 İç Kapı No: 31 Şişli/Istanbul
Phone: +90 549 968 15 04
Email: info@estenove.com
Data Protection Officer (DPO):
WHAT IS IN THIS PRIVACY NOTICE?
- SOURCES OF PERSONAL INFORMATION
- WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT?
- HOW DO WE USE YOUR PERSONAL INFORMATION?
- COOKIE NOTICE
- SHARING OF PERSONAL INFORMATION
- HOW DO WE PROTECT PERSONAL INFORMATION?
- HOW LONG DO WE RETAIN PERSONAL INFORMATION?
- YOUR PRIVACY CHOICES
- DATA OF MINORS
- INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
- CHANGES TO THIS PRIVACY NOTICE
1. SOURCES OF PERSONAL INFORMATION
Personal data means anything that identifies you directly or indirectly, or as defined by applicable privacy laws. This Notice applies to personal data collected by Nove Grup from you or about you from the following sources (Services):
Nove Grup websites.
Consumer-facing websites, mobile sites, and mini-sites operated on third-party social networks such as Facebook and smartphone applications operated by us or on our behalf, including sites operated under our own domains/URLs.
Device Data.
Information from devices you use to access our websites or applications.
Online requests.
When you make a direct request from us.
Customer Services.
Information you provide during your interaction with Customer Services.
In-person interactions.
We collect information from you when we use closed-circuit video surveillance cameras (CCTV) at one of our locations.
Advertising interactions.
Interactions with our advertisements (e.g., if you interact with one of our advertisements on a third-party website, we may receive information about that interaction).
Data we generate.
We may generate personal data about you during our interactions with you (such as data automatically collected when you access our websites or applications, including IP address, device ID, browser type, and your interaction with our sites).
Data obtained from other sources.
We may collect information about you from our third-party business partners, including: data analytics providers (e.g., Google Analytics and Meta), third-party tools for tracking user experience information including mouse clicks and page scrolling, social networks (e.g., Meta), advertising networks (e.g., Google), advertising partners, market research companies (where feedback is not provided anonymously), third-party data aggregators, marketing companies, Nove Grup promotional partners, publicly available sources such as professional information on LinkedIn, and data acquired when we purchase other companies.
2. WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT?
Information you choose to provide us.
Depending on how you interact with our Services, we collect the personal data you choose to share with us, including the following categories of personal data:
| Category | Examples |
| Contact and Account Information | Name, email address, postal address, phone number, age range and date of birth, personal digital certificate (for user authentication), government-issued ID or other identity identifier. |
| Communications with Us | Emails, web forms and telephone calls |
| Demographic Information | Information describing your demographic characteristics such as your age range and geographic location (e.g., postal code). |
| Health Data | Medical history, medical assessment information, pre- and post-operative photographs, treatment information, prescription information, laboratory results, allergy information, health declarations, and other health data related to treatment. |
| Other Information (with your consent) | Where necessary, with your consent we may collect: audio recordings, videos, photographs and other media files. |
Information we collect automatically.
We automatically collect certain information from your computers, mobile devices and other devices about the use of and in connection with our Services, and this may constitute personal data. This information is collected automatically using cookies, pixels, web beacons and similar technologies.
| Category | Examples |
| Device Usage and Location Information | Information about the computer system or other technological device you use to access our Services, for example: internet protocol (IP) address; device type and identification number; internet service provider; mobile network; operating system type; browser type and version; system events; approximate location from an IP address or connections to Wi-Fi, Bluetooth or wireless network services. How your computer or mobile device interacts with our Services including: date and time of access to our Services; search queries and results; mouse clicks and movements; specific web pages accessed; page scrolling and text entered into website forms; links clicked and videos watched; traffic and usage metrics; data about third-party sites or services accessed before interacting with our Services. Website usage data obtained using first- and third-party cookies and other tracking technologies to determine the popularity of products/services and online activities. Please refer to our Cookie Notice for further details. |
| Audio and Visual Information | We may collect audio and visual information when you visit us. For example, some of our locations may have CCTV installed which may collect audio, visual and similar information. |
Information collected from third parties.
We occasionally receive personal data from third parties that we use to learn more about our consumers, personalise the consumer experience, and promote and improve our Services more effectively.
| Category | Examples |
| Third-Party Business Partners | We collect and receive from our business partners, analytics service providers, marketing service providers and other third parties information about our activities on and off our Services, such as: personal data shared by business partners; personal data from publicly available sources such as information you have shared publicly on a third-party social network; personal data you have requested third-party business partners to share with us. We may combine information we hold about you or combine data from third-party data sources. We require each third-party data provider to confirm that the sharing of personal data with Nove Grup is transparent to consumers and is otherwise lawful. |
3. HOW DO WE USE YOUR PERSONAL INFORMATION?
The list below sets out the purposes for which we collect your personal data, along with some examples. Any additional use will only occur as permitted by law, with notice to you where required, and with your consent.
- To comply with laws and policies. For example, we may use your contact and account information or other communications to protect against fraud, identify security incidents, or monitor and enforce compliance with consumer agreements.
- To fulfil our legal obligations or address legal claims or disputes. For example, certain laws and regulations may require us to process certain information, maintain appropriate records for internal administrative purposes, comply with applicable laws and regulatory obligations, and respond to lawful government requests or claims.
- Your health data may be processed for the purposes of providing health tourism services to you, conducting preliminary assessments, creating appropriate treatment plans, carrying out treatment processes, providing medical consultancy, managing pre- and post-operative processes, maintaining patient records, and fulfilling legal obligations. Your health data is considered special category personal data under Article 9 of the GDPR. This data is processed where necessary on the basis of your explicit consent pursuant to Article 9(2)(a) of the GDPR and/or for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems pursuant to Article 9(2)(h) of the GDPR.
Legal Bases for Processing.
In some jurisdictions, we are required to inform you of the legal bases on which we process your personal data. We rely on the following legal bases:
- To comply with applicable laws. Certain laws and regulations require us to process certain personal data, maintain appropriate records for internal administrative purposes, and respond to lawful government requests where necessary.
- To fulfil our legal obligations or address legal claims or disputes. For example, certain laws and regulations may require us to process certain information, maintain appropriate records, comply with applicable laws and regulatory obligations, and respond to lawful government requests or claims.
- Special category personal data, such as health data, may be processed where you have given your explicit consent, or for the purposes of providing health care services, medical diagnosis, treatment, and management of care services.
4. COOKIE NOTICE
Nove Grup Sağlık Turizm Organizasyon Sanayi Ticaret Anonim Şirketi informs you that, where you have provided your explicit consent, your health data may be processed. We hereby inform you that you may withdraw any explicit consent you have given at any time.
I declare that I have been informed within the scope of the Privacy Notice and hereby give my explicit consent to the processing of my special category health data by Nove Grup Sağlık Turizm Organizasyon Sanayi Ticaret Anonim Şirketi for the purposes of providing health tourism services, evaluating and organising treatment processes.
5. SHARING OF PERSONAL INFORMATION
We share personal data with the following categories of recipients:
- Professional advisers such as lawyers, accountants, insurers, and information security and forensic information experts, on the legal basis that processing is necessary for the purposes of the legitimate interests pursued by the data controller, provided those interests are not overridden by the fundamental rights and freedoms of the data subject.
- Your health data is shared only with clinics providing healthcare services, physicians, medical consultants and relevant healthcare providers.
- Service providers, including marketing vendors, advertising agencies, cloud storage solutions, payment processors, technology providers, website and data hosting, product and Services provision, data analytics, data security, e-commerce operations, surveys, research, and the management of promotions, offers and loyalty programmes, in order to perform services on our behalf and help us run our business. This includes audience analysis, audience expansion and audience targeting. We rely on the legal basis that processing is necessary for the purposes of the legitimate interests pursued by the data controller, provided those interests are not overridden by the fundamental rights and freedoms of the data subject.
- Third-party online advertising networks, social media companies and other third-party services so that they may collect information about your use of our Services over time in order to play or display their own advertisements on other devices, applications and platforms you may use. We rely on your explicit consent where provided.
- Business partners in order to provide you with complementary offers and access to information belonging to our partners. We rely on your explicit consent where provided.
- Potential or actual purchasers or investors and their professional advisers in connection with any actual or proposed merger, acquisition or investment involving all or any part of our business. We rely on the legal basis that processing is necessary for the purposes of the legitimate interests pursued by the data controller, provided those interests are not overridden by the fundamental rights and freedoms of the data subject.
- Authorised law enforcement agencies, government regulators and courts where we believe disclosure is necessary to: (i) comply with the law; (ii) exercise, establish or defend legal rights; or (iii) protect the rights, property and safety of Nove Grup, our consumers, business partners, service providers or any other third party. We rely on the legal bases that processing is expressly provided for by law, that processing is necessary for compliance with a legal obligation to which the controller is subject, that processing is necessary for the establishment, exercise or protection of a right, and that processing is necessary for the purposes of the legitimate interests pursued by the data controller, provided those interests are not overridden by the fundamental rights and freedoms of the data subject.
Where we share personal data, we require recipients to handle the personal data in accordance with this Notice, to comply with applicable privacy laws, and to use your personal data only for the purpose for which it was shared.
6. HOW DO WE PROTECT PERSONAL INFORMATION?
Nove Grup takes care to secure and protect the personal data entrusted to us. We use technical, physical and administrative measures designed to protect the personal data we process and to reduce the risk of your personal data being lost, misused, accessed without authorisation, disclosed or altered. We regularly test, assess, review and update our security measures; however, due to the nature of cybersecurity risks, we cannot entirely eliminate the security risks associated with personal data processing.
If we become aware of a breach affecting the security of your personal data, we will notify you and all relevant data protection regulators as required by applicable law. Where permitted by applicable law, Nove Grup will provide this notification to you using the email address associated with your account or another permitted method associated with your account.
7. HOW LONG DO WE RETAIN PERSONAL INFORMATION?
We retain your personal data for as long as necessary to provide our Services, comply with our data retention policy and applicable legal requirements, resolve disputes and enforce our agreements.
In determining the applicable retention period, we consider various criteria, including:
- How long the record is required in order to provide the Services you have requested (e.g., photographs and videos provided as part of a digital marketing experience are retained only for a limited period following the end of the marketing promotion);
- How long the record is required to support and improve our business processes;
- How long the record is required to protect our rights and legal interests; and
- How long the record must be retained to comply with applicable laws and regulations (e.g., maintaining records of data subject requests).
| Data Category | Retention Period |
| Contact and account information | 2 years from account closure |
| Health data | 10 years |
| Accounting and billing records | 10 years |
| Marketing data | Until consent is withdrawn |
| CCTV footage | 60 days |
| Data subject request records | 5 years from the date of request |
Anonymised data is no longer personal data; however, we still process it in accordance with applicable laws and agreements.
8. YOUR PRIVACY CHOICES
You may exercise certain choices regarding how Nove Grup handles your personal data. You can manage your privacy settings using the various tools accessible through your browser or provided to you by Nove Grup depending on your jurisdiction, and you may contact us. In some cases, your ability to access or control your personal data is limited by applicable law.
Exercise Your Privacy Choices: You have the following rights:
- The right to obtain confirmation as to whether your personal data is being processed and, if so, to request access to it;
- The right to receive information about the purposes for which your personal data is processed, the categories of data concerned, recipients or categories of recipients, retention periods, and the source of the personal data;
- The right to request the rectification of incomplete or inaccurate personal data;
- The right to request the erasure of your personal data under certain conditions;
- The right to request the restriction of processing of your personal data under certain conditions;
- The right to receive your personal data in a structured, commonly used and machine-readable format and to have it transferred to another data controller where technically feasible (data portability);
- The right to object to the processing of your personal data on the basis of legitimate interests by raising grounds relating to your particular situation;
- The right to object at any time to the processing of your personal data for direct marketing purposes;
- The right not to be subject to, and to object to, decisions based solely on automated processing activities, including profiling, which produce legal effects concerning you or similarly significantly affect you;
- Where the processing of your personal data is based on your explicit consent, the right to withdraw that consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to its withdrawal;
- The right to lodge a complaint with the competent data protection authority if you consider that the processing of your personal data infringes applicable data protection legislation;
- The right to seek compensation where you have suffered damage as a result of a breach of applicable data protection legislation.
Submitting Requests.
To exercise your privacy choices and submit a privacy request, please contact us. When submitting your request, you may be required to provide certain personal data (e.g., name, email address, place of residence, identification number) so that we can fulfil your request. Your application will be concluded as soon as possible and, in principle, free of charge, within a maximum of thirty days depending on the nature of your request.
Agent or Representative Requests.
You may authorise an agent or other representative to submit privacy requests on your behalf. We may require you to directly confirm this authorisation. Once your agent or representative has been verified, they may act on your behalf as permitted by law.
9. DATA OF MINORS
Unless otherwise expressly stated in any of our Services, Nove Grup does not knowingly collect Personal Data from children under the age of 18, or the age prescribed by applicable local laws, without complying with any applicable restrictions on the processing of minors’ data (e.g., obtaining legally required parental consent).
Some of our Services have age restrictions in place to ensure our compliance with applicable laws; for example, in some jurisdictions children are only permitted to use our Services with verifiable parental or guardian consent. If we learn that we have collected or received personal data from a child without the consent or other appropriate legal basis required by applicable laws, we will delete such information.
10. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
Nove Grup may transfer personal data across borders to any location where we, our suppliers and our business partners operate.
Where your personal data is transferred across borders by us or on our behalf, we use appropriate safeguards, such as the adoption of standard contractual clauses or model clauses, to protect your personal data in accordance with this Notice and applicable laws. These safeguards require our affiliates, suppliers and business partners to protect personal data in accordance with applicable privacy laws.
11. CHANGES TO THIS PRIVACY NOTICE
As our business and technology evolve, this Notice may be updated to reflect those changes. The most recent version, together with its Effective Date, will be published on the website. Some laws may require additional steps, such as notifying you of or obtaining your consent to material changes before they take effect. Reviewing this Notice periodically will keep you informed of updates regarding the use of your personal data.
