PRIVACY AND PERSONAL DATA PROTECTION
POLICY
As the data controller, we take all necessary security measures and fulfill our legal obligations in order to ensure privacy and protect personal data.
1. PURPOSE:
We consider the principle of privacy as a matter of human dignity and as the right of an individual to think and decide independently (the Right to Be Left Alone). For this reason, this policy text has been prepared to inform you about what personal data is collected through our internet systems and for what purposes it is used.
2. IDENTITY OF THE DATA CONTROLLER:
All official information regarding the data controller is provided below. An abbreviation has been determined to avoid repeatedly stating the parties’ names throughout the policy text. In the following sections of this policy, the parties will be referred to by these abbreviated terms.
|
DATA CONTROLLER |
Address |
Name Referred to in This Policy |
Role in This Policy |
|
Dentaöz Sağlık Hizmetleri Limited Şirketi |
Meclis Mah. Atatürk Cd. No: 105/A, 34785 Sancaktepe/İstanbul |
Data Controller |
Data Controller |
3. LEGAL BASIS AND PURPOSES OF PROCESSING PERSONAL DATA:
In order to provide you, as data subjects, with better services and to fulfill our legal obligations, we need to process certain personal data, limited to these purposes and to the extent required by such processes.
Based on the provisions set forth in Article 5 of the Turkish Law No. 6698 on the Protection of Personal Data;
1) Personal data cannot be processed without the explicit consent of the data subject.
(2) If one of the following conditions exists, personal data may be processed without seeking the explicit consent of the data subject:
a) It is expressly stipulated in the laws.
b) It is mandatory for the protection of the life or physical integrity of the data subject or another person who is unable to express consent due to actual impossibility or whose consent is not legally valid.
c) Processing of personal data belonging to the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
ç) It is mandatory for the data controller to fulfill its legal obligation.
d) The data subject has made the personal data public.
e) Processing is mandatory for the establishment, exercise, or protection of a right.
f) Processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Personal data is processed on the basis of these legal grounds.
For detailed information regarding each data processing activity, you may access the relevant information notice via our website or through our authorized personnel.
In addition, various cookies are used on our website. For more detailed information about cookies, you may review the “Cookie Policy” text available on our website.
4. TRANSFER OF PERSONAL DATA:
Your personal data collected through the website is collected and processed in accordance with the collection methods explained below. The transfer of personal data is carried out in accordance with Article 8 of the Turkish Law No. 6698 on the Protection of Personal Data, which states that;
(1) Personal data cannot be transferred without the explicit consent of the data subject.
(2) Personal data may be transferred without seeking the explicit consent of the data subject, provided that one of the conditions specified in:
a) Paragraph 2 of Article 5,
b) Paragraph 3 of Article 6, provided that adequate measures are taken,
exists.
(3) The provisions set forth in other laws regarding the transfer of personal data are reserved. Transfers are carried out in compliance with the relevant conditions.
Your personal data is transferred to the persons specified in the relevant information notice, in accordance with the conditions set out above.
5. METHODS AND PURPOSES OF COLLECTING PERSONAL DATA:
The main purpose of collecting personal data is to improve the services we provide and to ensure communication with you, as data subjects. In addition, we also have the purposes explained in Article 3 of this policy.
Your personal data is collected and processed in accordance with the collection method specified in the relevant information notice.
6. RIGHTS OF THE DATA SUBJECT:
The data subject has the rights set forth in Article 11 of the Turkish Law No. 6698 on the Protection of Personal Data. Accordingly, the data subject has the right to:
a) Learn whether personal data is processed,
b) Request information if personal data has been processed,
c) Learn the purpose of processing personal data and whether it is used in accordance with that purpose,
ç) Know the third parties to whom personal data is transferred domestically or abroad,
d) Request correction of personal data if it is incomplete or inaccurately processed,
e) Request deletion or destruction of personal data within the framework of the conditions set forth in Article 7,
f) Request notification of the transactions carried out pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
g) Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
ğ) Request compensation for damages if personal data is processed unlawfully and the data subject suffers damages as a result.
If the data subject wishes to exercise one or more of the rights listed above, they may fill in the “Data Subject Application Form” and submit their request to the data controller by one of the methods listed below. Following receipt of the application, it will be concluded within a maximum of “30 days” and the data subject will be duly informed. In order to respond to the applicant within the 30-day legal period, it is essential that the data subject’s contact information is up-to-date and that the data subject is reachable. No fault may be attributed to the data controller if the data subject cannot exercise their rights due to incorrect or incomplete completion of the application form. It is the responsibility of the data subject to ensure that the information disclosed and provided to the data controller is accurate and up-to-date.
You may submit your requests within the scope of the Law by filling in the “Data Subject Application Form” available at https://www.dentaoz.com/ and;
-
Send a petition bearing your wet signature by courier to “Meclis Mah. Atatürk Cd. No: 105/A, 34785 Sancaktepe/İstanbul”, addressed to the attention of the “Data Protection Group” department, and write “Request for Information Under the Law on the Protection of Personal Data” on the envelope,
-
Submit your request via a notary public.
|
CONTACT INFORMATION TABLE |
Address |
|
KEP |
|
Meclis Mah. Atatürk Cd. No: 105/A,34785 Sancaktepe/İstanbul |
Meclis Mah. Atatürk Cd. No: 105/A, 34785 Sancaktepe/İstanbul |
info@dentaoz.com |
7. ACCURACY AND UP-TO-DATENESS OF PERSONAL DATA:
You, as valued data subjects, are obliged to provide us with accurate personal data about yourself. In addition, if the accurate personal data provided to us changes or is updated over time, our communication channels as the data controller will remain open and active. As also explained in Section 6 of this text, the data subject has the right to request correction if their personal data is inaccurate or incomplete.
8. STORAGE AND DISPOSAL OF PERSONAL DATA:
Depending on the collection methods specified in this policy, your personal data will be retained for certain periods in accordance with the “Retention and Disposal Policy” adopted by the data controller. When the data controller no longer has a legitimate interest in retaining the data or when the retention periods expire, the disposal process will be initiated using appropriate methods. At the end of the disposal process, personal data will be rendered irreversible and cannot be associated with any person.
9. DATA SECURITY POLICIES
The necessary technical and administrative measures are taken to ensure the security of personal data collected by the data controller. Taking into account developments in technology and updates to legal obligations, these technical and administrative measures are continuously reviewed and improved. As the data controller, we have taken necessary measures to prevent unauthorized access and to protect against cyber security breaches and physical threats. In the event of a personal data breach, notifications will be made to the Personal Data Protection Authority and, depending on the severity of the breach, to you as data subjects within the legal time limits specified in the law. We would also like to remind you that, after notifications are made to the Authority and to data subjects, both the data controller and the data subject have an obligation to mitigate and not increase damages.
The policies listed below have been prepared to ensure the security, retention, operation, and discipline regarding personal data within the data controller’s organization and its direct use in business activities.
-
Email Usage Policy: This policy sets out how email should be used and what should be considered during the stages of use.
-
Password Setting and Management Policy: This policy sets out the procedures for the use and creation of passwords in all areas where passwords are used.
-
Physical Security Fundamentals Policy: This policy regulates how the management and security of documents handled by employees—whether at the workplace, outside the workplace, or under remote working practices—will be ensured.
-
Computer Use and Management Policy: This policy explains, within a general framework, the issues employees must pay attention to in their actions performed via computers, regardless of the work environment.
-
Integrity Policy: This policy contains provisions to ensure the accuracy and up-to-dateness of personal data obtained by the data controller.
-
Remote Working and Security Policy: This policy regulates what employees working remotely should and should not do, and sets out requirements for the remote working environment, tools, and practices.
-
Access Awareness and Security Policy: This policy aims to define, implement, and improve access by determining what personal data employees should access during their work activities.
-
Confidentiality and Accessibility Policy: This policy explains how the confidentiality of all processed personal data is ensured and what methods are followed.
-
Mobile Devices Usage Policy: This policy text has been prepared to ensure the security of employees’ activities on mobile devices.
-
Policy on Processing Special Categories of Personal Data: Special categories of personal data require stricter protection than other personal data, as their disclosure may very likely lead to discrimination against the data subject. For this reason, your special categories of personal data are regulated in line with technological requirements and the company’s activities and are subject to a stricter protection regime. This policy has been prepared within this scope.
To access the policies listed above directly, you must contact the data controller as specified in Article 6.
10. AMENDMENTS AND UPDATES:
Our institution reserves the right to make changes to the content of this policy, primarily depending on business activities and legal regulations. Visiting our website at regular intervals will be beneficial to follow such changes.
11. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
In the tables below, the personal data processed by the data controller is categorized according to the relevant data subject groups, and the purposes of processing are matched with the legal grounds on which these purposes are based.
|
DATA SUBJECT |
DATA CATEGORY |
PURPOSE OF PROCESSING PERSONAL DATA |
LEGAL GROUND FOR PROCESSING FOR THE RELEVANT PURPOSE |
PATIENT / Service Recipient PATIENT / Service Recipient |
IDENTITY |
Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs; Carrying Out Goods/Services Sales Processes; Carrying Out Goods/Services Production and Operational Processes; Carrying Out Marketing Processes for Products/Services; Carrying Out Contract Processes; Monitoring Requests/Complaints; Providing Information to Authorized Persons, Institutions, and Organizations. |
Processing is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract; it is expressly stipulated in the laws; fulfillment of legal obligations. |
CONTACT |
Carrying Out Communication Activities; Carrying Out Marketing Processes for Products/Services; Carrying Out Goods/Services Sales Processes; Carrying Out Contract Processes; Monitoring Requests/Complaints. |
Processing is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract. |
|
|
LOCATION |
Ensuring Activities Are Carried Out in Compliance with Legislation; Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs. |
Processing is mandatory for the establishment, exercise, or protection of a right. |
|
|
CUSTOMER TRANSACTION |
Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs. |
Processing is mandatory for the establishment, exercise, or protection of a right. |
|
HEALTH DATA |
Carrying Out Service Sales Processes; Carrying Out Goods/Services Production and Operational Processes Carrying Out Contract Processes |
Personal data relating to health and sexual life may be processed without the explicit consent of the data subject, by persons under a duty of confidentiality or authorized institutions and organizations, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of health services and their financing. |
|
|
MARKETING DATA |
Carrying Out Marketing Analysis Activities; Carrying Out Advertising/Campaign/Promotion Processes; Carrying Out Marketing Processes for Products/Services |
Explicit Consent |
|
|
VISUAL AND AUDIO RECORDINGS |
Carrying Out Service Sales Processes; Carrying Out Goods/Services Production and Operational Processes Carrying Out Contract Processes
|
Processing is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract. |
|
|
Visual and Audio Recordings |
Carrying Out Advertising/Campaign/Promotion Processes; Carrying Out Marketing Processes for Products/Services |
Explicit Consent |
|
DATA SUBJECT |
DATA GROUP |
PURPOSES OF DATA PROCESSING |
LEGAL GROUND |
Supplier Authorized Person / Employee |
Identity |
Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs; Carrying Out Communication Activities; Managing Goods/Services Procurement Processes; Carrying Out Remuneration Policy; Providing Information to Authorized Persons and Organizations |
Processing is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract; processing is mandatory for the data controller to fulfill its legal obligation. |
|
Contact |
Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs; Carrying Out Communication Activities; Managing Goods/Services Procurement Processes; Carrying Out After-Sales Support Services |
Processing is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract. |
|
|
Customer Transaction |
Ensuring Activities Are Carried Out in Compliance with Legislation; Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs; Managing Goods/Services Procurement Processes; Providing Information to Authorized Persons, Institutions, and Organizations |
Processing is mandatory for the data controller to fulfill its legal obligation; processing is mandatory for the establishment, exercise, or protection of a right. |
|
|
Contact |
Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs; Carrying Out Communication Activities; Managing Goods/Services Procurement Processes; Carrying Out After-Sales Support Services |
Processing is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract. |
|
|
Customer Transaction |
Ensuring Activities Are Carried Out in Compliance with Legislation; Carrying Out Finance and Accounting Operations; Monitoring and Conducting Legal Affairs; Managing Goods/Services Procurement Processes; Providing Information to Authorized Persons, Institutions, and Organizations |
Processing is mandatory for the data controller to fulfill its legal obligation; processing is mandatory for the establishment, exercise, or protection of a right. |
