BrainViaSpineBrainViaSpine

Privacy Policy

Last Updated: 24 January 2026 | v04

1. General Information and Data Controller

This Privacy Policy determines the procedures and principles of processing personal data collected through the BrainViaSpine platform operated by BVS DOCTORS SAĞLIK VE TURİZM İTHALAT İHRACAT LİMİTED ŞİRKETİ ("Company").

Our company commits to fully comply with Law No. 6698 on the Protection of Personal Data (KVKK) and the European Union General Data Protection Regulation (GDPR), as well as all international data protection standards, in order to ensure the privacy and security of your data.

Data Controller Information:

  • Company Name: BVS DOCTORS SAĞLIK VE TURİZM İTHALAT İHRACAT LİMİTED ŞİRKETİ
  • Tax ID (VKN): 1950962794
  • MERSIS Number: 0195096279400001
  • Address: Mimar Sinan Mahallesi Ziya Gökalp Bulvarı Mimarin Medikal No:28 D:2 Alsancak, Konak, İzmir 35220
  • Phone: +90 532 174 49 00
  • Website: https://www.brainviaspine.com
  • KEP Address: bvsdoctors@hs06.kep.tr
  • Data Protection Contact: privacy@brainviaspine.com

2. Categories of Personal Data Processed

BrainViaSpine processes personal data in the following categories within the scope of neurosurgery services, its area of expertise:

  • A. Identity Information: Name, surname, nationality, T.C. ID number or passport number, date of birth, gender.
  • B. Contact Information: Email address, phone number, physical address, country and city information.
  • C. Health Data (Special Category Personal Data): Medical history related to brain and spinal cord health, current complaints and symptoms, medications used, allergy information, past surgery notes, radiology images (MRI, CT, X-ray, PET-CT, etc.), laboratory results, genetic and biometric data (when necessary).
  • D. Financial Data: Bank account information, transaction records through payment systems, billing and payment details.
  • E. Digital Trace and Internet Data: IP address, browser type and version, operating system information, in-site navigation data, cookies, and device identification information.

3. Data Processing Purposes and Retention Periods

Your personal data is processed for the following purposes within the framework of specified legal bases:

  • Service Provision: Health tourism consultancy, obtaining expert opinion (Second Opinion) in the field of brain and spinal surgery, and treatment planning. (Legal Basis: Performance of contract and KVKK Art.6. Retention: 30 years from the end of treatment).
  • Financial Management: Invoicing, payment transaction control, and accounting process management. (Legal Basis: Legal obligation - Tax Procedure Law. Retention: 5-10 years).
  • Follow-up and Coordination: Post-treatment recovery process monitoring and hospital/doctor coordination. (Legal Basis: Performance of contract. Retention: Periods prescribed by legislation).
  • Service Quality: User experience improvement, platform performance analysis, and satisfaction surveys. (Legal Basis: Legitimate interest. Retention: 2 years).
  • Information and Marketing: New treatment methods, campaign, and newsletter communications with user consent. (Legal Basis: Explicit consent. Retention: Until consent is withdrawn).

4. Legal Basis for Data Processing

Our company processes data in accordance with KVKK Articles 5 and 6 and GDPR Articles 6 and 9. "Special Category Personal Data" such as health data is processed only with the "Explicit Consent" of the data subject or for "Public Health Protection, Preventive Medicine, Medical Diagnosis, Treatment and Care Services" by persons under confidentiality obligations, except for exceptions provided by law.

5. Sharing and Transfer of Personal Data

Your personal data may be shared with the following parties only to the extent necessary for the provision of service:

  • Internal Sharing: Medical consultants, administrative personnel, and IT security team whose access to data is mandatory due to their job description.
  • External Sharing: Contracted private hospitals and clinics where treatment will be performed, laboratories conducting analyses, imaging centers, insurance companies, payment institutions, and authorized public institutions in case of legal obligation.
  • International Transfer: Due to the global access of the Platform, your data may be shared with health institutions abroad or technical infrastructure providers (AWS, Cloudflare, etc.) with your explicit consent or under secure data transfer protocols (SCCs).

6. Data Security and Technical Measures

BrainViaSpine implements industry-standard security measures to prevent unlawful processing of your data:

  • All data is transmitted encrypted with TLS 1.3 protocol and stored with AES-256 method.
  • Two-factor authentication (2FA) and role-based access control (RBAC) are implemented in systems.
  • Regular penetration tests and cybersecurity audits are conducted.
  • In case of any data breach detection, our Company commits to notify the relevant persons and the Personal Data Protection Authority within 72 hours.

7. Rights of the Personal Data Subject

Under KVKK Article 11 and GDPR, you have the following rights:

  • Learning whether your personal data is processed and requesting information if processed.
  • Requesting correction of incomplete or incorrectly processed data.
  • Requesting deletion or destruction of data within the framework of legal conditions.
  • Requesting notification of third parties to whom data has been transferred.
  • Objecting to a result against you as a result of analysis of processed data by automatic systems.
  • Requesting a copy of your data in machine-readable format under the right to data portability.

8. Contact and Application

You can use the following channels to exercise your rights or submit your questions about privacy:

  • Email: privacy@brainviaspine.com
  • Written Application: Mimar Sinan Mahallesi Ziya Gökalp Bulvarı Mimarin Medikal No:28 D:2 Alsancak, Konak, İzmir
  • Phone: +90 532 174 49 00

Our company will finalize your requests free of charge within 30 (thirty) days at the latest after identity verification.

9. Legal Notice

BrainViaSpine is not a medical institution; it is an intermediary organization providing coordination and consultancy services. Your health data is processed only to provide you with this coordination service. This text is an integral part of other legal notices on the website (Terms of Use and Cookie Policy).