Privacy Policy

1) Introduction and Contact Details of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about the handling of your personal data when using our website. Personal data includes all data that can personally identify you.

1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is NOYAN CLINIC ESTETIK VE SAGLIK HIZMETLERI Ltd., FENERYOLU MAH. BAGDAT CAD. NO: 115 IÇ KAPI NO: 4, 34724 KADIKÖY/ ISTANBUL, Turkey, Tel.: +90 541 206 42 95, Email: info@novaesthetica.com. The responsible party for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, that is, if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server of the website (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data transmitted in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or otherwise used. However, we reserve the right to retrospectively review the server log files if specific indications of unlawful use are detected.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 Cloudflare

We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts faster through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

3.2 QUIC.cloud

We use a Content Delivery Network from the following provider: QUIC.cloud Inc., 233 Mt. Airy Road, Suite 100, Basking Ridge, NJ 07920, USA

For data transfers to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European data protection level.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (“session cookies”), while others remain on your device for a longer period and allow the storage of page settings (“persistent cookies”). In the latter case, you can find the storage duration in your web browser’s cookie settings overview.

If personal data is processed through individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR to fulfill the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the optimal functionality of the website and a customer-friendly and efficient design of the website visit.

You can configure your browser to notify you about the setting of cookies and decide individually whether to accept them, exclude cookies for certain cases, or generally prevent them.

Please note that the functionality of our website may be limited if cookies are not accepted.

5) Contact

5.1 WhatsApp Business

You have the option to contact us via the messaging service WhatsApp, provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the “Business Version” of WhatsApp.

If you contact us via WhatsApp regarding a specific business matter (e.g., a completed order), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 para. 1 lit. b GDPR to process and respond to your request. Based on the same legal basis, we may ask you via WhatsApp to provide additional information (order number, customer number, address, or email address) to assign your request to a specific case.

If you use our WhatsApp contact for general inquiries (e.g., about our range of services, availability, or our website), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing the requested information efficiently and promptly.

Your data will only be used to respond to your inquiry via WhatsApp. It will not be shared with third parties.

Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers the phone numbers stored in the address book to a server of its parent company, Meta Platforms Inc., in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book contains only the WhatsApp contact details of users who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transfer of their WhatsApp phone number from their chat contacts’ address books in accordance with Art. 6 para. 1 lit. a GDPR by accepting WhatsApp’s terms of use when first using the app on their device. The transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For information on the purpose and scope of data collection, further processing, and use of the data by WhatsApp, as well as your related rights and settings options to protect your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.

As part of the aforementioned processing activities, data may be transferred to servers of Meta Platforms Inc. in the USA.

5.2 When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your inquiry has been fully processed. This is the case when the circumstances indicate that the matter has been conclusively resolved and provided there are no statutory retention obligations that conflict with deletion.

6) Online Marketing

Google AdSense

This website uses Google AdSense, a web advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses cookies, which are text files stored on your computer, to analyze your use of the website. Additionally, Google AdSense uses so-called “web beacons” (small invisible graphics) to collect information. Through the use of these web beacons, simple actions such as visitor traffic on the website can be recorded, collected, and evaluated. The information generated by the cookie and/or web beacon (including your IP address) about your use of this website is generally transmitted to a Google server and stored there. This may also involve transmission to servers of Google LLC. in the USA.

Google uses the information obtained in this way to analyze your usage behavior with regard to AdSense advertisements. The IP address transmitted by your browser as part of Google AdSense is not merged with other data from Google. The information collected by Google may be transferred to third parties if required by law and/or if third parties process this data on behalf of Google.
All processing described above, particularly reading information on the device used via cookies and/or web beacons, will only be carried out if you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Google AdSense will not be used during your visit to the website.

You can revoke your consent at any time with future effect by disabling this service in the “cookie consent tool” provided on the website.

Further information on Google’s privacy policies can be found here: https://business.safety.google/intl/en/privacy/ and https://www.google.com/policies/privacy/

7) Web Analytics Services

7.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows an analysis of your use of our website.

By default, Google Analytics 4 sets cookies when visiting the website, which are small text files stored on your device and collect certain information. This information includes your IP address, which is truncated by Google by the last digits to exclude direct personal identification.

The information is transmitted to Google servers and further processed there. Transfers to Google LLC, located in the USA, may also occur.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website and internet usage. The IP address transmitted and truncated by your browser as part of Google Analytics is not merged with other Google data. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted.

All the processing described above, especially the setting of cookies on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with future effect. To exercise your right to withdraw consent, please deactivate this service using the “cookie consent tool” provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy?hl=en&gl=en, and https://policies.google.com/technologies/partner-sites

Demographic Features
Google Analytics 4 uses the special “demographic features” function, which can create statistics providing information about the age, gender, and interests of website visitors. This is achieved through the analysis of advertisements and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be linked to any specific person and is deleted after a storage period of two months.

Google Signals
As an extension of Google Analytics 4, this website may use Google Signals to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the “Personalized Ads” feature in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en. More information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs
As an extension of Google Analytics 4, the “UserIDs” feature may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, created an account on this website, and logged in to this account on various devices, your activities, including conversions, can be analyzed across devices.

7.2 Google Tag Manager

This website uses the “Google Tag Manager,” a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

The Google Tag Manager provides a technical foundation to bundle various web applications, including tracking and analytics services, and calibrate, control, and condition them through a unified user interface. The Google Tag Manager itself does not store or read any information on user devices. Nor does the service perform independent data analysis. However, when a page is accessed, the Google Tag Manager transmits your IP address to Google, where it may be stored. Transfers to servers of Google LLC in the USA may also occur.

This processing will only take place if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the Google Tag Manager will not be used during your visit to the website. You can withdraw your consent at any time with future effect. To exercise your withdrawal, please disable this service via the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

Further legal information about Google Tag Manager can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en

8) Website Features

8.1 YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC., USA

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. In this process, certain information, including your IP address, is transmitted to the provider.

If playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, generate playback statistics, and prevent misuse.

If you are logged into a user account with the provider during your visit to the website, your data will be directly assigned to your account when you click on a video. If you do not want the data to be assigned to your account, you must log out before clicking the play button.

All the aforementioned processing, especially the setting of cookies to read information on the device used, will only occur if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with future effect by disabling this service via the “cookie consent tool” provided on the website.

8.2 Google reCAPTCHA

We use the CAPTCHA service of the following provider on this website: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses “Google Fonts,” which are fonts loaded from the internet by Google. No further processing of information beyond what is already transferred through the functionality of reCAPTCHA to Google occurs during this process.

The service checks whether an input is made by a natural person or abusively through machine and automated processing, and it blocks spam, DDoS attacks, and similar automated malicious activities. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type, as well as the date and duration of the visit, and transmits this information to the provider’s servers for evaluation. Cookies, which are small text files stored in the browser of the device, may be used in this process.

If the above-described processing is based on cookies, these will only be set if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by disabling this service via the “cookie consent tool” provided on the website.

If the above-described processing occurs without the use of cookies, the legal basis is our legitimate interest in determining individual accountability on the internet and preventing misuse and spam in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/en/privacy/

9) Tools and Other Services

Cookie Consent Tool

This website uses a “cookie consent tool” to obtain valid user consent for cookies requiring consent and cookie-based applications. The “cookie consent tool” is presented to users as an interactive user interface when they access the site, allowing them to grant consent for certain cookies and/or cookie-based applications by checking boxes. Through the use of this tool, all cookies/services requiring consent are only loaded if the respective user provides consent by checking the appropriate boxes. This ensures that such cookies are only placed on the user’s device if consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

Another legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the responsible party, we are legally obligated to make the use of non-essential cookies dependent on the respective user’s consent.

If necessary, we have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

Further information about the provider and the settings options for the cookie consent tool can be found directly in the corresponding user interface on our website.

10) Rights of the Data Subject

10.1 The applicable data protection law grants you the following rights as a data subject with respect to the processing of your personal data by the controller (rights of access and intervention). The specific legal basis for each right is referenced below:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

10.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

11) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data based on explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data will be stored until you withdraw your consent.

If statutory retention periods apply to data processed in the context of legal or quasi-legal obligations based on Art. 6 para. 1 lit. b GDPR, such data will be routinely deleted after the retention periods have expired, provided they are no longer required for contract fulfillment or initiation and/or there is no legitimate interest on our part in continuing to store the data.

When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing purposes based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.