Skip to content
Editorial-first US hair transplant directory ABHRS & ISHRS verified
Find a clinic →
For Clinics Find a Clinic

Privacy Policy

Last updated: 1 May 2026

1. Data controller

Right Hair Transplant ("we", "us"), an independent editorial directory operated from the Republic of Turkey, is the data controller for personal data processed through righthairtransplant.com. KVKK contact: [email protected].

2. What we collect

  • Consultation request form data — your name, email, phone, city, procedure of interest, and the optional message you provide.
  • Basic web analytics — page views, referrer, and rough geographic region (to confirm city-level interest), aggregated and de-identified.
  • Cookies — strictly necessary cookies for site function and basic privacy-respecting analytics. We do not use advertising or cross-site tracking cookies.
  • Clinic-claim data — when a clinic claims its listing, we collect the contact name, email, phone, and proof of credentials of the person submitting the claim.

3. Legal bases (KVKK Art. 5 / GDPR Art. 6)

  • Consent — for forwarding your consultation request to up to three matching clinics.
  • Contract / pre-contract — for handling clinic-claim and editorial accounts.
  • Legitimate interest — for fraud prevention, basic analytics, and editorial verification, balanced against your privacy.
  • Legal obligation — for tax, accounting, and law-enforcement compliance.

4. What we do with it

Consultation request form data is forwarded to up to three matching clinics in the city you specify, plus retained on our side for editorial follow-up (to verify the clinic actually responded). We never sell your data, never run retargeting ads against it, and never share it with third parties beyond the clinics you explicitly request a consultation from.

5. Cross-border data transfer

Right Hair Transplant operates from the Republic of Turkey and serves users worldwide, primarily in the United States and the EU. Your personal data may be transferred to, and processed in, Turkey, the United States (clinic recipients of your consultation request, hosting, transactional email), and the European Union (analytics edge servers). Where required, we use appropriate safeguards (KVKK explicit consent, GDPR Standard Contractual Clauses) for these transfers.

6. Your rights under KVKK (Turkey)

If you are a Turkish citizen or resident, under Turkish Personal Data Protection Law (KVKK Art. 11) you have the right to: learn whether your data is processed; request information; learn the purpose; know any third parties to whom data is transferred; request correction or deletion; request notification of corrections to third parties; object to outcomes of automated processing that produce adverse effects; and claim damages for unlawful processing. Submit requests in writing to [email protected]; we respond within 30 days.

7. Your rights under GDPR (EU / EEA / UK)

If you are in the European Union, EEA, or United Kingdom, under GDPR / UK GDPR you have the rights of access, rectification, erasure ("right to be forgotten"), restriction, portability, and objection, plus the right to lodge a complaint with your supervisory authority. Email [email protected] to exercise any of these rights.

8. Your rights under CCPA / CPRA (California)

If you are a California resident, under the California Consumer Privacy Act and the California Privacy Rights Act you have the rights to: know what personal information is collected; know whether it is sold or disclosed and to whom; opt out of the sale of personal information (we do not sell personal information); access personal information; delete personal information; and non-discrimination for exercising your rights. Email [email protected] with subject "California Privacy Request" to exercise any of these rights.

9. Cookies

We set strictly necessary cookies for session and form state, plus a privacy-respecting analytics cookie (no cross-site tracking, no advertising IDs). You can clear cookies at any time from your browser; the site continues to work without them.

10. Third parties

We use the following third-party services with strict data-minimization:

  • Hostinger — web hosting (servers in the EU).
  • Google Maps — loaded only when you click "Get directions"; subject to Google's privacy policy.
  • Resend — transactional email delivery for consultation requests and editorial replies.

We do not use analytics or marketing pixels from Meta, TikTok, X (Twitter), or similar networks.

11. Data retention

Consultation request data is retained for 24 months for editorial follow-up, then permanently deleted. Clinic-claim records are retained for the lifetime of the claim plus 3 years for accounting / dispute purposes. Aggregated, de-identified analytics may be retained indefinitely.

12. Children

Right Hair Transplant is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has submitted personal data, contact us and we will delete it.

13. Security

We use TLS encryption in transit, role-based access controls, and reasonable organizational and technical measures to protect personal data. No system is perfectly secure; if a breach occurs we will notify affected users and the relevant supervisory authority within the timeframes required by applicable law (KVKK: 72 hours; GDPR: 72 hours; CCPA: without unreasonable delay).

14. Changes to this policy

If we make material changes, we will update the "Last updated" date and, where appropriate, post a prominent notice on the site for at least 14 days. Substantive changes affecting consent will require renewed consent.