PDPL

Kazak Oral And Dental Health Services Domestic And Foreign Trade. LTD. ŞTİ.

Policy on Protection and Processing of Personal Data within the Scope of KVKK No. 6698

1. INTRODUCTION

Protection of personal data is among the top priorities of Kazak Oral and Dental Health Services. Ltd. Şti. The utmost care is exercised regarding the security of personal data, and great importance is attached to processing and safeguarding the privacy of our patients and all kinds of personal data related to them in the best and most meticulous way possible. In addition to our patients, the personal data of their companions, visitors, employees, and the staff of the institutions and organizations we collaborate with are protected in accordance with the Law on the Protection of Personal Data No. 6698, the Regulation on the Processing and Protection of Privacy of Personal Health Data, and related legislation within the framework of the following fundamental principles, which have been adopted as a corporate policy.

• Processing personal data in compliance with the law and the principles of integrity,
• Ensuring personal data is accurate and kept up-to-date when necessary,
• Processing personal data for specific, explicit, and legitimate purposes,
• Processing personal data in a manner that is relevant, limited, and proportional to the purpose for which they are processed,
• Retaining personal data for the duration stipulated in relevant legislation or as required for the purpose for which they are processed,
• Informing and enlightening personal data owners,
• Establishing a system to enable personal data owners to exercise their rights,
• Taking necessary measures to safeguard personal data,
• Acting in compliance with applicable legislation and the regulations of the Personal Data Protection Board when transferring personal data to third parties in line with the purpose of processing,
• Showing utmost sensitivity in the processing and protection of special categories of personal data,
• Deleting and destroying personal data in accordance with legal procedures and defined durations.

2. PURPOSE

The main purpose of this Policy is to provide explanations regarding the personal data processing activities conducted lawfully by Kazak Oral and Dental Health Services Ltd. Şti., and the measures taken to protect personal data. This Policy aims to ensure transparency by informing individuals whose personal data is processed by our institution, including but not limited to patients, visitors, employees, business partners, and suppliers. The personal data processed by Kazak Oral and Dental Health Services Ltd. Şti. may vary depending on the healthcare services provided and are collected through automated or non-automated methods. Special categories of personal data, particularly health data, as well as general personal data collected verbally, in writing, or electronically from our physicians, employees, business partners, their employees, and firms engaging in various commercial activities, may be processed for the purposes outlined below:

• Conducting medical diagnosis, treatment, and care services,
• Protecting public health,
• Planning and managing preventive healthcare services and their financing,
• Informing patients about their appointments,
• Planning and managing internal clinical procedures,
• Performing analyses to improve healthcare services,
• Training and developing our employees,
• Protecting our employees’ personnel processes and legal rights,
• Monitoring and preventing misuse and unauthorized transactions,
• Carrying out risk management and quality improvement activities,
• Fulfilling legal and regulatory requirements,
• Issuing invoices for services provided,
• Verifying your identity,
• Confirming your relationship with institutions partnered with the clinic,
• Sharing necessary information with private insurance companies within the scope of healthcare financing,
• Responding to any questions or complaints regarding our healthcare services,
• Taking all necessary technical and administrative measures to ensure data security for the clinic’s systems and applications,
• Analyzing your use of healthcare services and storing your health data to improve and enhance the services provided,
• Retaining health data that must be kept as required by applicable legislation,
• Ensuring financial reconciliation regarding healthcare services provided with institutions, banks, and all organizations involved in health-related expenditures (public and private),
• Sharing requested information with the Ministry of Health and other public institutions and organizations as required by applicable legislation,
• Measuring patient satisfaction and improving patient satisfaction,
• Conducting communication activities,
• Managing the processes of procuring goods and services,
• Conducting finance and accounting operations.

Personal data is collected and processed in any verbal, written, or electronic medium for the purposes mentioned above and to provide healthcare services within the defined legal framework. This ensures that Kazak Oral and Dental Health Services Ltd. Şti. fulfills its contractual and legal obligations properly and completely.

3. SCOPE

This Policy covers the personal data processed automatically or non-automatically, as defined below, of our patients, visitors, company officials, employees, and employees, officials, and third parties associated with individuals, organizations, and institutions with whom we have any form of legal relationship.

• Personal Data: Name, surname, Turkish ID number, passport number, or temporary Turkish ID number; place and date of birth; gender; marital status; and other identifying information of patients. Address, phone number, email address, and other contact information; financial data such as payment and billing details; verbal and digital information obtained by electronic or non-electronic means; and general and special categories of personal data, primarily personal health data obtained during the execution of medical diagnosis, examination, treatment, and care services. Additionally, data related to private health insurance for the financing and planning of health services are included.
• Depending on the groups of personal data subjects, the scope of this Policy may apply either in full (e.g., patients) or partially (e.g., employees, suppliers, etc.).

4. DEFINITIONS

• Explicit Consent: Consent given voluntarily, on a specific subject, and based on sufficient information.
• Anonymization: The modification of personal data in a way that it loses its personal data characteristics and becomes irreversibly anonymized. For example, techniques like masking, aggregation, or data distortion can be used to render personal data unidentifiable.
• Employees and Officials of Partner Organizations: Real persons working for organizations with which we maintain any type of business relationship (e.g., business partners, suppliers), including these organizations’ officials.
• Processing of Personal Data: Any operation performed on personal data, such as obtaining, recording, storing, retaining, modifying, rearranging, disclosing, transferring, acquiring, making available, classifying, or preventing its use, wholly or partially by automated or non-automated means as part of a data recording system.
• Personal Data Owner: A real person whose personal data is processed, such as patients and employees.
• Personal Data: Any information relating to an identified or identifiable real person. Therefore, information related to legal entities is not within the scope of the law. For example: name, surname, Turkish ID number, email address, address, date of birth, credit card number, bank account number, etc.
• Patient: A person who applies to our institution for examination and treatment and receives outpatient or inpatient treatment.
• Special Categories of Personal Data: Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs; appearance; membership in associations, foundations, or unions; health; sexual life; criminal convictions and security measures; biometric and genetic data.
• Third Party: Real persons associated with the above parties to ensure transaction security between these parties and our institution or to protect and provide rights and benefits (e.g., employees or officials of service providers, companions, etc.).
• Data Processor: A real or legal person who processes personal data on behalf of the data controller, based on the authority granted by them. For example, an IT company storing our institution’s data or employees entering patient data into the system.
• Data Controller: A person who determines the purposes and means of processing personal data and manages the place (data recording system) where the data is systematically stored.
• Visitor: Real persons entering physical areas owned by our institution for various purposes or visiting our websites.

5. IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION

The processing and protection of personal data are carried out within the framework of applicable legal regulations. The Personal Data Protection Policy of Kazak Ağız Ve Diş Sağlığı Hiz. İç ve Dış Tic. LTD. ŞTİ. has been prepared in compliance with current regulations.

The Policy is integrated with the practices of Kazak Ağız Ve Diş Sağlığı Hiz. İç ve Dış Tic. LTD. ŞTİ., considering the rules set out in the relevant legislation. The institution ensures compliance with preparation requirements, adhering to the enforcement timelines stipulated in the Personal Data Protection Law.

The personal data specified above may be processed within the framework of the provisions of relevant legislation, such as the Basic Law on Health Services (Law No. 3359), the Regulation on Private Health Institutions Providing Outpatient Diagnosis and Treatment, the Regulation on Private Hospitals, the Regulation on Personal Health Data, and regulations by the Ministry of Health. Such data may be transferred to the physical archives and IT systems of our clinics and/or suppliers/business partners.

Ultimately, personal data will be protected in both digital and physical environments according to the legal periods defined in institutional procedures.

6. ENSURING THE SECURITY OF PERSONAL DATA

Our organization takes the necessary technical and administrative measures to ensure the optimum level of security in order to prevent unlawful processing of the personal data it processes and to ensure the preservation of the data, and conducts or has the necessary audits carried out within this scope.

The actions and measures taken by our organization to ensure “data security” in accordance with Article 12 of the KVK Law are stated below.

• In order to ensure that personal data is processed in accordance with the law, our organization takes technical and administrative measures according to technological possibilities and implementation cost. Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the KVKK and cannot use it for purposes other than processing, and that this obligation will continue after they leave their duties, and necessary commitments are taken from them in this direction.
• Our organization takes technical and administrative measures to prevent all unlawful disclosure, access, transfer or other forms of unauthorized disclosure, access, transfer or other unlawful access to personal data.
• Our organization raises awareness as data processing institutions such as business partners and suppliers to whom personal data are transferred in order to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure that data are kept in accordance with the law.
• The obligations that our organization has to comply with when processing personal data as a data controller and the obligation to comply with the legal, administrative and technical measures it has developed in this regard Contracts are made to the data processing institutions that our organization is in relation with in various capacities such as suppliers and business partners in accordance with the nature of the activity they carry out in data processing
• Our organization conducts or has the necessary audits carried out within its own organization. The results of these audits are reported to the relevant department within the scope of the internal functioning of the Agency and necessary activities are carried out to improve the measures taken.
• In case the personal data processed in accordance with Article 12 of the KVK Law are obtained by others through unlawful means, our organization operates the system that ensures that the relevant personal data owner and the KVK Board are notified as soon as possible.

7. RIGHTS OF THE DATA SUBJECT

In the event that personal data owners submit their requests regarding their rights listed below to our Institution in writing by personal application and with a specially authorized power of attorney, our Institution concludes the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. Personal data owners;

• Learn whether personal data is being processed,
• Request information if their personal data has been processed,
• To learn the purpose of processing personal data and whether they are used for their intended purpose,
• To know the third parties to whom personal data are transferred domestically or abroad,
• To request correction of personal data in case of incomplete or incorrect processing,
• Request deletion or destruction of personal data,
• In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred,
• To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
• In case of damage due to unlawful processing of personal data, it has the right to demand compensation for the damage.

In accordance with paragraph 1 of Article 13 of the KVK Law, the request regarding the exercise of the above-mentioned rights must be submitted to our Institution (data controller) in writing.

In order to exercise the rights specified within the framework of the KVK, along with the necessary information identifying the identity and explanations regarding the rights to be exercised, the request should be forwarded to our institution by specifying which right specified in Article 11 of the Law is related to the use of the right; It will ensure that the application regarding the request is answered more quickly and effectively.

8. ENSURING THE SECURITY OF PERSONAL DATA OF SPECIAL NATURE

Kazak Oral And Dental Health Hiz. Domestic and Foreign Trade. LTD. ŞTİ. meticulously protects personal data with its technical and administrative facilities. The security measures taken by our clinic are provided at an optimum level, taking into account technological possibilities and possible risks.

A group of personal data is defined as “personal data of special nature” in the KVK Law due to the risk of causing victimization or discrimination when processed unlawfully.

These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

We act sensitively in the protection of the above-defined data, which are determined as “special quality” by the KVK Law and processed in accordance with the law.

The details of the technical and administrative measures applied during the storage of special categories of personal data are specified in the “Personal Data Storage and Destruction Policy” published by our Organization. These administrative and technical measures have been established in accordance with the Board decision published by the Personal Data Protection Board.

9. CLARIFICATION AND INFORMATION OF THE PERSONAL DATA SUBJECT

In accordance with Article 10 of the KVK Law, it enlightens personal data owners during the acquisition of personal data. In this context, our Institution informs personal data subjects about the identity of our Institution during the acquisition of their personal data, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data and the rights of the personal data subject within the scope of Article 11 of the KVK Law.

Article 20 of the Constitution stipulates that everyone has the right to be informed about personal data concerning him/her. In this direction, “requesting information” is also listed among the rights of the personal data owner in Article 11 of the KVK Law. In this context, in accordance with Article 20 of the Constitution and Article 11 of the KVK Law, our Authority provides the necessary information in case the personal data owner requests information.

By announcing the institution’s policy on the protection of personal data to personal data owners and those concerned through various public documents, our Authority ensures accountability and transparency in personal data processing activities. In addition, our organization also informs the persons concerned about its activities and the articles in the law by different methods, especially when the persons apply for “explicit consent”.

10.PROCESSING OF PERSONAL DATA

Our organization, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; accurate and up-to-date, in accordance with the law and honesty rules; pursuing specific, clear and legitimate purposes; It carries out personal data processing activities in a purpose-related, limited and measured manner.

Our organization retains personal data for the period stipulated by law or required by the purpose of personal data processing.

In accordance with Article 20 of the Constitution and Article 5 of the KVK Law, our organization processes personal data based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.

In accordance with Article 6 of the KVK Law, our organization acts in accordance with the regulations stipulated for the processing of special categories of personal data.

In accordance with Articles 8 and 9 of the KVK Law, our organization acts in accordance with the regulations stipulated in the law and set forth by the KVK Board regarding the transfer of personal data.

Processing of Personal Data in Compliance with the Principles Stipulated in the Legislation

Processing in accordance with the Law and Good Faith
Our organization acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. Our organization takes into account the proportionality requirements in the processing of personal data and does not use personal data for purposes other than the purpose.

Ensuring that Personal Data is Accurate and Up-to-Date When Necessary
Our organization takes the necessary measures to ensure that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their legal interests.

Processing for Specific, Explicit and Legitimate Purposes
Our organization clearly and precisely determines the purpose of processing personal data that is legitimate and lawful. Our organization processes personal data in connection with and to the extent necessary for the services it provides. The purpose for which personal data will be processed by our organization is notified before the personal data processing activity begins.

Being relevant, limited and proportionate to the purpose for which they are processed
Our organization processes personal data in a manner that is conducive to the realization of the specified purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed. For example, personal data processing activities are not carried out to meet the needs that may arise later.

Preservation for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed
Our Institution retains personal data only for the period specified in the relevant legislation or for the period required for the purpose for which they are processed. In this context, our Authority first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, if a period of time is determined, it acts in accordance with this period, and if a period of time is not determined, it keeps personal data for the period required for the purpose for which they are processed. In the event that the period expires or the reasons requiring the processing of personal data disappear, personal data are deleted, destroyed or anonymized by our Institution.

Terms of Processing of Personal Data

Protection of personal data is a constitutional right. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may only be processed in cases stipulated by law or with the explicit consent of the person. In this direction and in accordance with the Constitution, our Agency processes personal data only in cases stipulated by law or with the explicit consent of the person.

Although the legal grounds for the processing of personal data by our organization vary, we act in accordance with the general principles specified in Article 4 of Law No. 6698 in all kinds of personal data processing activities.

The explicit consent of the personal data owner is only one of the legal grounds that allow personal data to be processed in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity may be only one of the following conditions, or more than one of these conditions may be the basis of the same personal data processing activity. In case the processed data is personal data of special nature; the following conditions are applied.

• Explicit Consent of the Personal Data Owner
• Explicitly Stipulated in Laws
• Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility
• Direct Relevance to the Establishment or Performance of the Contract
• Fulfillment of Legal Obligation by the Institution
• Publicization of Personal Data by the Personal Data Owner
• Data Processing is Mandatory for the Establishment or Protection of a Right
• Data Processing is Mandatory for the Legitimate Interest of our Institution

Building, Facility Entrances and Personal Data Processing Activities within the Building Facility

Our Institution acts in accordance with the regulations in the KVK Law in carrying out camera surveillance activities for security purposes.

Personal data processing activities are carried out to monitor the entrances and exits of patients, personnel, visitors, and supplier company employees with security camera surveillance in the buildings and facilities of our organization.

Personal data processing activity is carried out by our Institution through the use of security cameras and recording guest entrances and exits.

In this context, our Organization acts in accordance with the Constitution, KVK Law and other relevant legislation.

Image recordings and, where necessary, voice recordings of our visitors are taken through the camera surveillance system at the building, facility entrances and inside the facility.

Within the scope of security camera surveillance activity, our institution aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of the institution, patients and other employees, and to protect the interests of patients regarding the healthcare and other services they receive.

Only authorized employees of the authorized institution and / or employees of the supplier company have access to the records recorded and stored in digital media.

In accordance with Article 12 of the KVK Law, necessary technical and administrative measures are taken by our organization to ensure the security of personal data obtained as a result of camera surveillance activities.

11. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

In the processing of personal data determined as “special categories” by the KVK Law, our organization acts in strict compliance with the regulations stipulated in the KVK Law.

In Article 6 of the PDP Law, some personal data that have the risk of causing victimization or discrimination when processed unlawfully are determined as “special categories”. These data are; race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

In accordance with the PDP Law, special categories of personal data are processed by our Institution in the following cases, provided that adequate measures to be determined by the PDP Board are taken:

• If the personal data subject has explicit consent or
• If the personal data owner does not have explicit consent;
• Sensitive personal data other than the health and sexual life of the personal data owner, in cases stipulated by law,
• Sensitive personal data relating to the health and sexual life of the personal data subject are processed only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality.

12. TRANSFER OF PERSONAL DATA

Our organization can transfer the personal data and sensitive personal data of the personal data owner to third parties by taking the necessary security measures in line with the lawful personal data processing purposes. In this direction, our organization acts in accordance with the regulations stipulated in Article 8 of the KVK Law.

Your personal data, within the scope of the Law and other legislation and for the above-mentioned purposes, the Ministry of Health, its sub-units and family medicine centers, private insurance companies (health, pension and life insurance and similar), Social Security Institution, General Directorate of Security and other law enforcement agencies, General Directorate of Population, Turkish Pharmacists Association, courts and all public institutions and organizations, laboratories, medical centers and third parties providing health services in Turkey or abroad (in case of explicit consent) with which we cooperate for medical diagnosis, the healthcare institution to which the patient is referred or to which the patient himself/herself applies, your authorized representatives, the institution to which you are affiliated and/or employed, third parties from whom we receive consultancy, including lawyers, tax consultants and auditors, regulatory and supervisory bodies and official authorities, our support service providers whose services we benefit from or cooperate with, clinical management software (cloud system) accredited by the Ministry of Health used for clinical and patient management, and our business partners.

Transfer of Personal Data Abroad

Your personal data is not transferred abroad by us under any circumstances.

13. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

As regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data is deleted, destroyed or anonymized based on the relevant procedures of our Institution or upon the request of the personal data owner if the reasons requiring its processing disappear.

In this context, our Institution trains and assigns the relevant business units and increases their awareness in order to fulfill its relevant obligation.

While obtaining the names and surnames of the persons coming to the buildings of our Institution or through the texts posted in the Institution or otherwise made available to the guests, the personal data owners in question are enlightened within this scope.

Detailed information on the deletion, destruction and anonymization of personal data is provided in the “Personal Data Retention and Destruction Policy” published by our Agency.

14. ENTRY INTO FORCE OF THE POLICY

Kazak Oral And Dental Health Hiz. Domestic and Foreign Trade. LTD. ŞTİ. Personal Data Protection and Processing Policy enters into force with signature on 31/12/2021. In the event that all or certain articles of the Policy are renewed, the effective date of the Policy is the date on which that article is revised for the renewed article.

Kazak Oral And Dental Health Hiz. Domestic and Foreign Trade. LTD. ŞTİ.

Clarification Text on Processing of Personal Data

Kazak Oral And Dental Health Hiz. İç ve Dış Tic. LTD. ŞTİ. as Data Controller, within the framework of the Personal Data Protection Law No. 6698 (“KVKK”) and related legislation, Kazak Oral and Dental Health Hiz. Domestic and Foreign Trade. LTD. ŞTİ. This clarification text (“Clarification Text”) has been prepared in order to inform you (“Relevant Person”) about the collection, processing and transfer of your personal data.

1 – Processed Personal Data
Among your personal data collected and processed;
(a) Identity data such as name, surname, Republic of Turkey (“TR”) identification number, passport number or temporary TR ID number for non-Turkish citizens, place and date of birth, marital status, gender,
(b) Contact data such as address, telephone number, e-mail address,
(c) Sensitive personal data obtained during the execution of medical diagnosis, treatment and care services such as examination, diagnosis, examination data and test, laboratory and imaging results, prescription information,
(d) Medical data relating to previous examinations, diagnoses and tests that you have submitted with your own consent or that have been lawfully obtained from the system of the Ministry of Health within the scope of the provision of preventive medicine services,
(e) Data on private health insurance and data from the Social Security Institution for the purpose of financing and planning health services,
(f) Financial data, such as bank account number, depending on possible payments,
(g) Responses and comments shared in order to evaluate the services received,
(h) Closed circuit camera system images taken during the clinic visit,
is in place.

2 – Processing of Personal Data
Among the purposes of processing your personal data;
(a) The protection of public health, preventive medicine, medical diagnosis, treatment and care services,
(b) Sharing information requested by the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation,
(c) Sharing requested medical information with private insurance companies within the scope of financing health services and covering the costs of examinations, diagnosis and treatment,
(d) Billing for the services you receive,
(e) Planning and managing the internal functioning of the Organization,
(f) Monitoring and preventing abuse and unauthorized transactions and ensuring spatial security by means of cameras
(g) Responding to all kinds of questions and complaints regarding the health services you have received, measuring, increasing and researching patient satisfaction,
(h) Providing information about the services you are receiving, complementary services
is in place.

3 – Collection of Personal Data and Legal Grounds
Among the means/methods of collecting your personal data;

(a) Data entry into hospital management software,
(b) Electronically issued or printed forms,
(c) Audio or silent security camera recordings,
is included.

Your personal data within this scope, Kazak Ağız Ve Diş Sağlığı Hiz. İç ve Dış Tic. LTD. ŞTİ. specified in Article 5 of the relevant legislation and KVKK for the realization of the above-mentioned purposes;
(a) It is clearly stipulated in the laws and it is mandatory for the data controller to fulfill its legal obligation;
(1) Basic Law No. 3359 on Health Services,
(2) Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations,
(3) Regulation on Private Hospitals,
(4) Emergency Health Regulations,
(5) Patient Rights Regulation,
(6) Regulation on Personal Health Data,
(7) Regulation on Private Health Institutions Providing Outpatient Diagnosis and Treatment Services
(b) the processing of personal data of the parties to a contract is necessary, provided that it is directly related to the conclusion or performance of that contract,
(c) Processing and protection are necessary for the establishment of a right
(d) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject
As specified in Article 6 of the KVKK,

Processing by persons and authorized institutions and organizations under the obligation to keep secrets for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning of health services and financing.

Kazak Oral And Dental Health Hiz. Domestic and Foreign Trade. LTD. ŞTİ. stores the collected and processed personal data for as long as it deems necessary, in order to constitute evidence in possible legal disputes, to assert rights or to establish defense, not shorter than the periods specified by the relevant laws and legislation, obligations arising from the contracts.

4 – Transfer of Personal Data
In line with the processing purposes in Article 2 of this clarification text and provided that the transfer conditions in the relevant laws are complied with and by taking the necessary administrative and technical measures
Your personal data;
(a) The Ministry of Health, its sub-units and family medicine centers,
(b) To private insurance companies for the financing of health care services and the coverage of costs for examinations, diagnostics and treatment,
(c) to the Social Security Institution,
(d) the General Directorate of Security and other law enforcement agencies,
(e) To the General Directorate of Population and Citizenship Affairs,
(f) To the Pharmacists Association of Turkey,
(g) To judicial authorities,
(h) Laboratories, medical centers, ambulances, medical devices and health service providers with whom you cooperate for medical diagnosis and treatment,
(ı) To the health facility to which you have been referred or to which you have self-referred,
(i) To your authorized legal representatives,
(j) In the event of a possible legal dispute, to its lawyers, tax advisors and auditors, third parties from whom it receives consultancy, who are legally or contractually obliged to keep confidential,
(k) Regulatory and supervisory authorities and public authorities,
(l) To the workplace physician if the billing is to be made to the employer,
(m) To our business partners within the legal limits for the continuity of the services you receive, and to clinical management software accredited by the Ministry of Health for clinical and patient management,

5 -Legal Rights Regarding Personal Data

Within the scope of KVKK and related legislation, regarding your personal data;
(a) To learn whether personal data is being processed,
(b) Request information if their personal data has been processed,
(c) To learn the purpose of processing personal data and whether they are used for their intended purpose,
(d) To know the third parties to whom personal data are transferred domestically or abroad,
(e) To request correction of personal data in case of incomplete or incorrect processing,
(f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
(g) To request notification of the transactions made pursuant to subparagraphs (e) and (f) to third parties to whom personal data are transferred,
(h) To object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
(ı) In case of damage due to unlawful processing of personal data, to demand the compensation of the damage

you have rights.

6 – Exercise of Legal Rights Regarding Personal Data
In accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller, you may submit your requests regarding your personal data to Kazak Oral and Dental Health Hiz. Domestic and Foreign Trade. LTD. ŞTİ. you can forward:

If you are applying on behalf of another person, with your own credentials;

(a) A copy of the civil registration certificate or a relevant document showing your relationship and authority with the person whose parent or guardian you are,
(b) In other cases, a copy of your specially authorized power of attorney

you are required to share in the application attachment.

Pursuant to the Communiqué on the Procedures and Principles of Application to the Data Controller, the following information must be included in the application

(a) Name, surname and signature if the application is in writing,
(b) Turkish Republic identification number for citizens of the Republic of Turkey; nationality, passport number or identification number, if any, for foreigners,
(c) The residential or business address for notification,
(d) Electronic mail address, telephone and fax number for notification, if any,
(e) The subject of the request.

I have fully read and understood the information provided

Name-Surname