top of page

QBA Medi Tours
General Privacy Policy

Your privacy is important to us. Please read our General Privacy Policy carefully.

privacy policy-46.png

In accordance with the Article 13 of the European Union General Data Protection Regulation ("GDPR") and the Article 10 of the Law on the Protection of Personal Data Numbered 6698 ("KVKK"), we would like to enlighten data owners about our personal data processing activities. In accordance with the GDPR and KVKK, your personal data; shall be able to be processed, saved, stored, classified, updated and disclosed/transferred by QBA Medi Turizm Sağlık ve Dış Ticaret Anonim Şirketi (“QBA Medi Tours”) as a Data Controller to 3rd parties where permitted by legislation and/or limited to the purpose for which they are processed within the scope of the purposes explained below, in accordance with the law and good faith.

1. Purpose of Personal Data Processing 

Personal data of employees, customers, potential customers, relatives, accompanying persons and suppliers are stored within the body of QBA Medi Tours. The processed personal data of the relevant persons are detailed below;

  • Employees': Identity, contact, criminal record, salary and iban, photo, personal, voice record, health and professional information

  • Our customers': Identity, contact, credit card, invoice, health, request-complaint, voice record, flight and accommodation information

  • Customer relatives': Identity, contact, request-complaint, voice record and agreement price information

  • Our potential customers': Identity, contact, personal, health, credit card, voice record and cookie information

  • Accompanying persons': Identity, contact, invoice, request-complaint, voice record, flight and accommodation information

  • Our suppliers': Identity, contact, iban and invoice information are processed.

QBA Medi Tours processes the personal data of the above-mentioned data owners for the following detailed purposes;

  • In order to evaluate the requests and complaints regarding the services provided by QBA Medi Tours, the name, surname, telephone and request-complaint details of the customer, customer relatives and accompanying persons are processed by using the "Customer Request and Complaint Notification Form".

  • Name, surname, contact, credit card, how they are informed about QBA Medi Tours and health information obtained in order to evaluate the suitability of customers and potential customers to the health service they want to receive, are requested. It is aimed to obtain compliance for treatment by sharing the requested personal data with the Cuban Ministry of Health after the name, surname, health and country information are translated by the translation offices. In order to carry out the consultancy service, collections are made by credit card.

  • Cookie information is obtained automatically, as it is requested to analyze the use of the site by our visitors who visit our site.

  • Your information is translated in translation offices so that the consultancy services can be carried out smoothly and the declared information can be correctly given to authorized institutions particularly the Ministry of Health of Cuba.

  • "Patient Files" are created in order to conduct inspection of public institutions in Turkey and The Ministry of Health of Cuba and to meet the official request to be occurred and access is provided only by authorized personnel. Identity, professional and foreign language information of our employees are transferred in the process of informing the Ministry of Health about the services provided to our customers.

  • Within the scope of the consultancy service, identity, contact, health, flight and accommodation information are processed in order to obtain visas, flight, accommodation, guidance and conduct transfer processes for themselves and their accompanying persons.  

  • Your card information is transferred to the banking system via web virtual pos in order to carry out collections regarding the assistance and consultancy services provided to our customers.

  • In return for the service provided to our customers, personal data are processed in order to issue invoices and make collections within the scope of the Tax Procedure Law Numbered 213.

  • In order to determine the convictions of the medical consultancy service to be provided, your personal data regarding the identity, contact and agreement price are processed when agreements are made with the customer or their relatives.

  • Identity, contact and bank account information of our suppliers are processed in order to enter into agreement with suppliers and service providers and to issue invoices for the service received. In addition, telephone, mail and address information are processed in order to ensure the sustainability of our activities with suppliers and service providers and to reach them on time.

  • Within the scope of the Labor Law numbered 4857, identity, contact, professional information, photograph, personal, health, bank account and iban information are processed in order to prepare the personal files of the employees, to fulfill legal obligations, to manage leaves, to issue payrolls and to fulfill the terms of the agreement. In addition, criminal record information is requested from the employee to ensure the security of QBA Medi Tours.

  • Within the scope of the Social Insurance and General Health Insurance Law Numbered 5510, employee identity, personal and salary information are processed in order to insure our employees and to pay their insurance premiums. In addition, within the scope of the Income Tax Law Numbered 193, the information declared in the identity and AGİ (Minimum Living Allowance) Form are processed so that the minimum living allowance is granted to our employees.

  • In their phone calls to QBA Medi Tours, voice records of data owners who are the subject of Medical Consultancy are stored by the switchboard system. In line with the requests of the Republic of Turkey Ministry of Health, audio recordings can be shared.

  • Personal data are stored in order to fulfill the requests of authorized persons, institutions and organizations, to provide information and to carry out legal processes.

2. Deletion of Personal Data

As QBA Medi Tours, we process your personal data automatically, based on the following legal reasons, in accordance with the Article 5 of the KVKK.

  • All personal data in the personal files of our employees and used for their operations are stored for 10 years after the termination of employment and then destroyed.

  • Personal data of customers, potential customers, relatives and accompanying persons which are subject of medical consultancy activities, are stored for 10 years following termination of consultancy service and then destroyed.

  • Personal data received from suppliers and service providers are stored and destroyed for 10 years following the end of the agreement.

  • Voice records of data subjects which are subject of medical consultancy are stored for 2 years and then deleted.

3. Data Sharing

Your personal data are shared with third party institutions for the purposes stated below.

Your personal data transferred domestically;

  • In case of a legal problem with customers, potential customers, relatives, attendants, employees and suppliers, personal data requested with contracted law firms and authorized public institutions and organizations can be shared.

  • In order to complete the visa procedures of customers and accompanying persons, your identity, contact and health information are transferred to the consulates through contracted agencies.

  • Your card information is shared with banks via web virtual pos in order to collect the service fee provided to our customers and potential customers.

  • In order to declare the invoice issued to the customers and accompanying persons, the personal data included in the invoice are shared with contracted financial advisors.

  • Your identity, passport and contact information are transferred to airline companies through contracted service providers in order to purchase flight tickets for our customers and accompanying persons.

  • In order to evaluate the suitability of customers and potential customers without any problem for the health service they want to receive, the identity and health information declared during the pre-application are transferred to the Translation Offices.

  • Salary information is shared with banks so that salaries of our employees can be paid.

  • In order for our employees to carry out leave, insurance and Network notification processes, your information in the identity, salary and Agi (Minimum Living Allowance) Form are shared with the contracted financial advisors.

  • In order to carry out inspection regarding medical consultancy provided to customers and potential customers and to consider requests and complaints, information requested and voice records are shared with the Republic of Turkey the Ministry of Health.

Your personal data transferred abroad;

  • In order to obtain suitability of customers and potential customers for the health service they want to receive, identity and health information are shared with Cuba Ministry of Health. The accommodation information of the customer and his/her accompanying person whose treatment has been approved is shared with Cuba Ministry of Health.

  • The name, surname, contact, flight and hotel information of the customer and accompanying person are shared with the service providers that will provide guidance services in Cuba.

In the event that the transfer of personal data to third party persons/institutions does not fulfill the data processing conditions specified in the Articles 5, 6 and 9 of the KVKK (the Law on the Protection of Personal Data), personal data are processed by obtaining explicit consent from the data owners.

4. Methods and Legal Reasons for the Collection of Your Personal Data 

Your personal data are processed based on the following legal reasons specified in the Article 5 of the KVKK (Law on the Protection of Personal Data);

  • Your explicit consent,

  • In the event that it is clearly stipulated by the laws,

  • In the event that it is required to process personal data of the parties of the agreement, provided that the processing is directly related to the conclusion or fulfilment of that agreement,

  • In the event that it is mandatory for the data controller to fulfill his/her legal obligations,

  • If data processing is required for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed.

We process based on legal reasons.


Your personal data; is obtained by hand delivery, e-mail, pre-application form, web virtual pos, switchboard system, written and verbal declarations and processed securely.

5. Ensuring Security of Personal Data 

The security of your personal data has been ensured so that only authorized persons/support companies who signed confidentiality agreement can access it. QBA Medi Tours has taken the necessary administrative and technical measures within this scope.

Virus protection systems and software and hardware protection are provided. Access to personal data is restricted according to the principle of least authorization at QBA Medi Tours. Access and authorization definitions are implemented in accordance with the process requirements. The compliance of the access with authorization is checked. It is ensured that the points that pose a risk are determined and necessary administrative and technical measures are taken. Thanks to the security systems and security personnel of the plaza where QBA Medi Tours is located, physical security measures are kept at the highest level. Backups of personal data are kept in a way that only authorized personnel can access them. Passwords with a complex structure are used on user computers. Secure data transfer is provided by using an SSL certificate on the web page where personal data is obtained. Personal data are stored in locked environments. The maintenance of equipment that supports the protection of personal data is carried out periodically.

QBA Medi Tours employs knowledgeable and experienced people to ensure data security. Risks are identified within the scope of the systems installed and actions are planned. For personal data security, job descriptions of "Data Controller Contact Person" were constituted within QBA Medi Tours. The Data Controller Contact Person takes the necessary administrative measures in order to ensure the security of personal data and supervises the work of the employees in accordance with these measures. Employees are informed that they cannot disclose the personal data they have learned to anyone in violation of the provisions of the Law, cannot use them for purposes other than processing, and that this obligation will continue even after they leave their job. Necessary undertakings are taken from the employees within this scope. In case the employees act against the law, disciplinary processes are carried out. Regarding the sharing of personal data with third parties, it signs a confidentiality agreement with the persons with whom personal data is shared or provides personal data security with the provisions to be added to the agreements. Third parties with whom personal data are shared accept the provisions that they will take necessary security measures to protect personal data and ensure that these measures are followed in their own institutions.


Unit-based personal data inventory is constituted in order to analyze personal data properly. Policies and procedures regarding the management of personal data within the institution have been published.

6. Rights of the Concerned Person Whose Personal Data Is Processed 

You can exercise the following rights regarding the processing of your personal data with a request to QBA Medi Tours. The requests submitted within this scope shall be concluded free of charge by QBA Medi Tours within thirty days at the latest. However, if a fee is stipulated by the Personal Data Protection Board, QBA Medi Tours may charge a fee in the specified tariff. In this context, as personal data owner you have the right;

  • To learn whether personal data has been processed or not,

  • To request information regarding the personal data if they are processed,

  • To learn the purpose for the processing of personal data and whether they have been used in accordance with the purpose or not,

  • To learn the third parties to whom his/her personal data is transferred at home or abroad,

  • To request the rectification of the data in the event they are processed incompletely or inaccurately,

  • To request your personal data to be deleted or destroyed,

  • To request that these transactions be notified to third parties to whom your personal data has been transferred in case your personal data is corrected, deleted or destroyed,

  • In case the reasons justifying the process of the personal data are ceased, to request deletion, destruction or anonymization of them and to request that the transaction performed under this scope to be informed to the third parties to whom the personal data are transferred,

  • You have the right to object to the emergence of a result against you by analyzing your processed data exclusively through automated systems, and to demand the compensation of the damage if you suffer damage due to unlawful processing of your personal data.

7. Contact Methods 

You can exercise your rights regarding your personal data by using the following methods;

Data Controller: QBA Medi Turizm Sağlık ve Dış Ticaret Anonim Şirketi


You can do it by filling out the document of the Personal Data Application Form while carrying out your personal data applications. You can apply by using the following methods;


Application Method

Delivery to address by hand

Esentepe, Kore Şehitleri Cd. No:43/3, 34394 Şişli/İstanbul

Via KEP (Registered Electronic Mail)

Notary Intermediary

Esentepe, Kore Şehitleri Cd. No:43/3, 34394 Şişli/İstanbul

In order to follow up your legal right for 30 (thirty) days without any problem, your applications sent by courier must be notarized and sent by registered mail. Applications within this scope shall be accepted following the identity verification to be carried out by us, and the relevant persons shall be answered in writing or electronically within the legal period.

bottom of page
$w.onReady(function () { let mylink=$w('#aramabuttonu'); let numbers=['tel:+905531701145','tel:+905531701045','tel:+905521875101','tel:+905521875100']; let rastgele=Math.floor(Math.random()*4);[rastgele]; });