Book Online Appointment

PERSONAL DATA PROCESSING AND PROTECTION POLICY
PERSONAL DATA RETENTION AND DESTRUCTION POLICY
POLICY ON SPECIAL CATEGORIES OF PERSONAL DATA
COOKIE POLICY
GENERAL INFORMATION NOTICE ON THE PROTECTION OF PERSONAL DATA
PATIENT INFORMATION NOTICE
WHATSAPP INFORMATION NOTICE
SWITCHBOARD INFORMATION NOTICE
CALL CENTER INFORMATION NOTICE
CCTV INFORMATION NOTICE
EMPLOYEE INFORMATION NOTICE

GENERAL INFORMATION NOTICE ON THE PROTECTION OF PERSONAL DATA

This Information Notice has been prepared by Dentadent Ağız ve Diş Hastanesi Ticaret Ltd. Şti., acting in its capacity as the Data Controller, in accordance with Article 10 of the Turkish Personal Data Protection Law No. 6698 and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform.

1. Identity of the Data Controller

Data Controller:

  • Trade Name: Dentadent Ağız ve Diş Hastanesi Ticaret Ltd. Şti.
  • Website: Dentadent Ağız ve Diş Hastanesi
  • Phone Number: +90 212 660 44 00
  • E-mail Address: info@dentadent.com.tr
  • Address: Zuhuratbaba Mahallesi Yücetarla Caddesi Tamburacı Osman Sokak No:8 34147 Bakırköy / Istanbul – TURKEY

2. Collection of Personal Data and Purposes of Processing

In order to provide you with services at high standards, we collect your Personal Data verbally, in writing, visually, or electronically through our Call Center, website, mobile applications, physical premises, and similar channels, depending on the nature of the service provided.

Within this scope, primarily including Personal Health Data required for the execution of all medical diagnosis, examination, treatment, and care services, the main categories of general and Special Categories of Personal Data processed are listed below:

  • Identity information such as your name, surname, Turkish ID number, date of birth, etc.
  • Contact information such as your address, phone number, and e-mail address
  • Financial information such as your bank account number and IBAN
  • Data related to healthcare services, including examination data, test results, prescriptions, and similar medical records
  • Call center records, CCTV footage, website browsing information, and similar data

3. Storage of Personal Data

Your Personal Data is safeguarded with due care and is stored, in compliance with applicable legislation, in physical and electronic archives held by external service providers.

4. Method and Legal Basis for Collecting Personal Data

Your Personal Data is collected and processed within the legal framework and for the purposes of Dentadent’s activities. The legal basis for these processing activities includes:

  • Turkish Personal Data Protection Law No. 6698
  • Basic Law on Health Services No. 3359
  • Other relevant provisions of applicable legislation

5. Transfer of Personal Data

Your Personal Data may be shared with the institutions and for the purposes set out under the laws and regulations mentioned above, within the framework permitted by applicable legislation.

6. Rights of the Data Subject

Data Subjects have the rights specified under Article 11 of the Turkish Personal Data Protection Law No. 6698. In order to exercise these rights, they may apply to the Data Controller using the required information. Requests will be assessed and concluded free of charge as soon as possible and in any event within thirty (30) days; however, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff to be determined by the Personal Data Protection Board.

DENTADENT AĞIZ ve DİŞ HASTANESİ TİCARET LTD. ŞTİ. POLICY ON THE PROCESSING AND PROTECTION OF SPECIAL CATEGORIES OF PERSONAL DATA

SECTION 1


1.1 INTRODUCTION

This Policy on Special Categories of Personal Data may be updated from time to time by Nesil Grup Teknoloji Tic. A.Ş. (www.nesilteknoloji.com) in order to ensure compliance with changing conditions and applicable legislation.
Dentadent Ağız ve Diş Hastanesi Ticaret Ltd. Şti. attaches utmost importance to the lawful protection and processing of Personal Data in accordance with the Turkish Personal Data Protection Law No. 6698 (“Law”) and acts with due diligence in all planning and activities. The Company carefully implements all necessary administrative and technical measures required for the protection of Personal Data. Since Special Categories of Personal Data are data that may lead to discrimination or victimization of the Data Subject if disclosed, additional specific administrative and technical safeguards are implemented, in addition to the measures applied to general Personal Data, in line with the nature and sensitivity of such data.


1.2 PURPOSE
The purpose of this Policy on the Processing and Protection of Special Categories of Personal Data (“Policy”) is to inform Data Subjects and to ensure that the Company fulfills its obligations as Data Controller by implementing the necessary technical and administrative measures within the framework of the Constitution, the Turkish Personal Data Protection Law No. 6698, relevant legislation, the Personal Data Protection Board Decision dated 31.01.2018 and numbered 2018/10, and other related decisions.


1.3 SCOPE
This Policy covers company partners, shareholders, company officials, employees, employee candidates, interns, intern candidates, customers, customer representatives and employees, potential product or service recipients, supplier employees and representatives, visitors, consultants, and all natural persons whose Special Categories of Personal Data are processed by the Company, as well as the activities carried out regarding the processing, protection, and security of such data.

This Policy applies to all recording environments within the Company where Special Categories of Personal Data are processed and to all activities involving the processing of such data, whether fully or partially automated or processed by non-automated means provided that it forms part of a data recording system.


1.4 DEFINITIONS AND ABBREVIATIONS

COMPANY: DENTADENT AĞIZ ve DİŞ HASTANESİ TİCARET LTD. ŞTİ.
EXPLICIT CONSENT: Consent that is related to a specific matter, based on informed consent and expressed freely.

ANONYMIZATION: Rendering Personal Data in such a way that it cannot be associated with an identified or identifiable natural person, even if matched with other data.

Example: Masking, aggregation, data distortion, or similar techniques used to prevent data from being linked to a natural person.

DATA SUBJECT: The natural person whose Personal Data is processed (e.g., customers, visitors, employees, and employee candidates).

PERSONAL DATA: Any information relating to an identified or identifiable natural person. Information relating to legal entities is not covered by the Law.

Example: name, surname, Turkish ID number, e-mail, address, date of birth, credit card number, bank account number, etc.

SPECIAL CATEGORIES OF PERSONAL DATA: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

PROCESSING OF PERSONAL DATA: Any operation performed upon Personal Data such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use, whether fully or partially automated or processed by non-automated means as part of a data recording system.

DATA CONTROLLER: The natural or legal person who determines the purposes and means of processing Personal Data and manages the data recording system where such data is systematically kept.

DATA SUBJECT APPLICATION FORM: The application form used by Data Subjects when exercising their rights under Article 11 of the Turkish Personal Data Protection Law.

CONSTITUTION: The Constitution of the Republic of Türkiye No. 2709, dated 7 November 1982 and published in the Official Gazette dated 9 November 1982 and numbered 17863.

PERSONAL DATA PROTECTION LAW: The Turkish Personal Data Protection Law No. 6698, dated 24 March 2016 and published in the Official Gazette dated 7 April 2016 and numbered 29677.

POLICY: The Policy on the Processing and Protection of Special Categories of Personal Data.

COMMUNIQUÉ ON THE PROCEDURES AND PRINCIPLES TO BE FOLLOWED IN FULFILLING THE OBLIGATION TO INFORM: The Communiqué published in the Official Gazette dated 10 March 2018 and numbered 30356.

PERSONAL DATA RETENTION AND DESTRUCTION POLICY: The policy established by the Company pursuant to the Regulation on the Deletion, Destruction or Anonymization of Personal Data, determining the maximum retention periods and procedures for deletion, destruction, and anonymization.

PERIODIC DESTRUCTION: The deletion, destruction, or anonymization process carried out at recurring intervals in the event that all conditions for processing Personal Data under the Law cease to exist.

REGISTERED ELECTRONIC MAIL (KEP): A secure system that preserves commercial and legal correspondence and documents as sent, identifies the recipient with certainty, ensures that content remains unaltered, and provides legally valid and secure evidence.

DATA CONTROLLERS’ REGISTRY INFORMATION SYSTEM (VERBIS): The information system created and managed by the Presidency, accessible via the internet, used by Data Controllers in applications and other related processes concerning the Registry.

SECTION 2

This Policy on Special Categories of Personal Data may be updated from time to time by Nesil Grup Teknoloji Tic. A.Ş. (www.nesilteknoloji.com) in order to ensure compliance with changing conditions and applicable legislation.


PROTECTION, PROCESSING, PURPOSES OF PROCESSING AND FUNDAMENTAL PRINCIPLES REGARDING SPECIAL CATEGORIES OF PERSONAL DATA

2.1 Special Categories of Personal Data

Data relating to individuals’ race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data constitute Special Categories of Personal Data.


2.2 Protection of Special Categories of Personal Data
Since Special Categories of Personal Data are data that may lead to discrimination or victimization of the Data Subject if disclosed, the administrative and technical measures taken by the Company for the protection of such lawfully processed data are implemented with particular diligence. Necessary internal audits are carried out within the Company. In addition, the adequate safeguards determined by the Personal Data Protection Board are implemented in the processing of Special Categories of Personal Data.


2.3 Processing of Special Categories of Personal Data
The Company demonstrates special sensitivity in the processing of Special Categories of Personal Data, which are considered more critical in terms of protecting the Data Subject. Such data are processed in accordance with the principles set out in this Policy, by implementing all necessary administrative and technical measures, including those determined by the Personal Data Protection Board, and only under the following conditions:


(i) Special Categories of Personal Data other than health and sexual life may be processed without the Explicit Consent of the Data Subject if explicitly stipulated by law; in other words, where there is a clear legal provision in the legislation governing the relevant activity. Otherwise, Explicit Consent must be obtained.


(ii) Special Categories of Personal Data relating to health and sexual life may be processed without Explicit Consent by persons under an obligation of confidentiality or authorized institutions and organizations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of healthcare services and their financing. Otherwise, Explicit Consent must be obtained.


2.4 Purposes of Processing Special Categories of Personal Data
Special Categories of Personal Data may be processed in accordance with the principles set out in Article 4 of the Law and the procedures and principles specified in relevant legislation, and under the data processing conditions stated in Articles 5 and 6 of the Law. Special Categories of Personal Data collected by lawful means may be processed and retained within the scope of employment relationships, products, services, commercial activities, or other relationships with Data Subjects, limited and proportionate to the following purposes:

– Execution of Emergency Management Processes
– Fulfillment of obligations arising from employment contracts and legislation for employees
– Execution of fringe benefits and employee benefits processes
– Conducting employee work activities
– Evaluation of employee application processes
– Ensuring compliance of activities with legislation
– Planning of human resources activities
– Execution of occupational health and safety activities
– Providing information to authorized persons, institutions and organizations
– Notifying authorized persons, institutions and organizations


2.5 General Principles Regarding the Processing of Special Categories of Personal Data
One of the primary considerations for the Company is compliance with the general principles set forth in the legislation when processing Special Categories of Personal Data. Accordingly, the Company acts in compliance with the Constitution and the Turkish Personal Data Protection Law and adheres to the following principles:

a. Lawfulness and Fairness
The Company processes Special Categories of Personal Data in accordance with Article 4 of the Law; lawfully and in good faith; accurately and, where necessary, up to date; for specific, explicit and legitimate purposes; in a manner that is relevant, limited and proportionate to the purpose. The Company observes the principle of proportionality and does not use such data beyond what is required for the intended purpose.

b. Ensuring Accuracy and Currency of Data
The Company ensures that Special Categories of Personal Data are accurate and up to date, taking into account the fundamental rights of the Data Subject and its own legitimate interests, and establishes systems to ensure this.

c. Processing for Specific, Explicit and Legitimate Purposes
The Company processes Special Categories of Personal Data for legitimate and lawful reasons, in connection with its activities and to the extent necessary. The purposes of processing are determined before the processing activity begins.

d. Relevance, Limitation and Proportionality
The Company processes Special Categories of Personal Data in a manner suitable for achieving the specified purposes and refrains from processing data that is unrelated or unnecessary. Processing activities aimed at potential future needs are not carried out.

e. Retention for the Period Stipulated in Relevant Legislation or Required for the Purpose of Processing

The Company retains Special Categories of Personal Data only for the period stipulated in relevant legislation or required for the purpose of processing, in accordance with Article 138 of the Turkish Penal Code and Articles 4 and 7 of the Law.

If a retention period is specified by law, the Company complies with that period. If no legal period is specified, data are retained for the duration necessary for the purpose of processing. Upon expiry of retention periods, Special Categories of Personal Data are destroyed in accordance with periodic destruction schedules or upon the request of the Data Subject, by deletion, destruction or anonymization as set out in the Personal Data Retention and Destruction Policy.

SECTION 3


TRANSFER OF SPECIAL CATEGORIES OF PERSONAL DATA AND CONDITIONS

3.1 Transfer of Special Categories of Personal Data
Considering that Special Categories of Personal Data may lead to discrimination or victimization of the Data Subject if disclosed, the Company exercises utmost diligence in transfer processes and implements necessary administrative and technical measures in accordance with the law. Such data may be transferred to third parties in line with processing purposes and applicable legislation.

3.2 Conditions for Domestic Transfer
Special Categories of Personal Data may be transferred to third parties within Türkiye with the Explicit Consent of the Data Subject and by implementing necessary safeguards. As a rule, such data cannot be transferred without Explicit Consent.

However, Special Categories of Personal Data other than health and sexual life may be transferred without Explicit Consent if explicitly stipulated by law. In this context, such data may be transferred if:

– The Data Subject has provided Explicit Consent,
– It is explicitly stipulated by law,
– It is necessary to protect the life or physical integrity of the Data Subject or another person and consent cannot be obtained due to actual impossibility,
– It is necessary for the establishment or performance of a contract,
– It is necessary for the Company to fulfill its legal obligations,
– The data have been made public by the Data Subject,
– It is necessary for the establishment, exercise or protection of a legal claim,
– It is necessary for the Company’s legitimate interests, provided that it does not harm the fundamental rights and freedoms of the Data Subject.

b. Conditions for International Transfer of Special Categories of Personal Data:
The Company may transfer Special Categories of Personal Data abroad in line with lawful and legitimate processing purposes by implementing the administrative and technical safeguards required by applicable legislation and those determined by the Personal Data Protection Board. As a rule, such data cannot be transferred abroad without the Explicit Consent of the Data Subject.

However, Special Categories of Personal Data other than health and sexual life may be transferred without Explicit Consent if explicitly stipulated by law and if transferred to countries declared by the Board to have adequate protection. In the absence of adequate protection, transfer may only take place if Data Controllers in Türkiye and in the relevant foreign country undertake adequate protection in writing and obtain the permission of the Board.

Special Categories of Personal Data relating to health and sexual life may be transferred without Explicit Consent only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of healthcare services and their financing, and only to countries with adequate protection declared by the Board. In the absence of adequate protection, transfer may occur only upon the written undertaking of adequate protection by Data Controllers and with the permission of the Board.

SECTION 4


DELETION, DESTRUCTION OR ANONYMIZATION OF SPECIAL CATEGORIES OF PERSONAL DATA

Although processed in accordance with the Law and other applicable legislation, Special Categories of Personal Data shall be deleted, destroyed or anonymized by the Company ex officio or upon request of the Data Subject if the reasons requiring their processing cease to exist.

In the deletion, destruction or anonymization of such data, the Company acts in accordance with the general principles set forth in Article 4 of the Law, the technical and administrative safeguards required under Article 12, relevant legislation, Board decisions and the Personal Data Retention and Destruction Policy.

SECTION 5

In order to ensure secure storage of Special Categories of Personal Data, prevent unlawful processing and access, and ensure lawful destruction, the Company implements the administrative and technical measures required under Article 12 of the Law and the adequate safeguards determined by the Board pursuant to Article 6(4). The technical and administrative measures adopted are detailed in the Personal Data Processing and Protection Policy and the Personal Data Retention and Destruction Policy. In addition, the Company implements the following measures:

5.1 Measures for Employees Involved in Processing:
– Employees receive training on legislation and data security relating to Special Categories of Personal Data.
– Confidentiality agreements are executed and disciplinary procedures are applied.
– Access authorizations and durations are clearly defined.
– Authorization checks are carried out periodically.
– Access rights of employees who change roles or leave employment are immediately revoked and assigned equipment is retrieved.

5.2 Measures for Electronic Environments:
– Data are stored using cryptographic methods.
– Cryptographic keys are kept securely and separately.
– Logs of data processing activities are securely maintained.
– Security updates are continuously monitored and penetration tests are regularly conducted.
– User authorization and security testing of relevant software are ensured.
– At least two-factor authentication is implemented for remote access.

5.3 Measures for Physical Environments:
– Physical storage areas (archives, cabinets, etc.) are secured and locked.
– Adequate security measures against risks such as fire, flooding or theft are implemented.
– Unauthorized access is prevented through physical security controls.

5.4 Measures for Data Transfer:
– If Special Categories of Personal Data are transferred by e-mail, they are encrypted and sent via corporate e-mail or Registered Electronic Mail (KEP). Passwords are not included in the same message.
– If transferred via portable devices (USB, CD, etc.), data are encrypted and keys stored separately.
– If transferred between servers, VPN or SFTP methods are used.
– If transferred in physical documents, necessary precautions are taken against loss or unauthorized access and documents are marked as confidential.

SECTION 6
6.1 Implementation of the Policy and Relevant Legislation

Applicable legislation concerning the processing and protection of Special Categories of Personal Data shall primarily apply. In case of conflict between legislation and this Policy, the Company acknowledges that applicable legislation shall prevail. The Policy concretizes the rules set forth in legislation within Company practices. In case of amendments, the effective date and relevant provisions shall be updated accordingly.

6.2 Entry into Force

This Policy entered into force on 02/02/2024. It is published on the Company’s website https://www.dentadent.com.tr/ and made available to Data Subjects upon request.

6.3 Distribution
The Policy is announced to third parties and employees by publication on the Company’s website.

Information Notice on Personal Data Processed Through Cookies

As DENTADENT Ağız ve Diş Hastanesi Ticaret Ltd. Şti. (“Dentadent” or the “Hospital”), the privacy and security of your Personal Data are among our highest priorities. Within this scope, and in order to fulfill our obligation to inform arising from Article 10 of the Turkish Personal Data Protection Law No. 6698 (“Law”), we would like to inform you about the processing of your Personal Data. Personal Data refers to any information that identifies or makes you identifiable.

The website with the domain https://www.dentadent.com.tr/ operated by our Company uses cookies. A cookie is a small text file, usually consisting of a combination of letters and numbers, stored on your terminal device, which enables the identification of such device.

This Cookie Information Notice

The purpose of this Cookie Information Notice is to provide you with information regarding the processing of your Personal Data automatically obtained through cookies placed on your terminal devices via our website https://www.dentadent.com.tr/, including which types of cookies we use for which purposes and how you can manage these cookies.

Types of Cookies Used on Our Website

Cookies by Duration of Use

Session cookies and persistent cookies are used on our website depending on their duration. Session cookies are used to ensure the continuity of the session and are deleted when you close your browser. Persistent cookies are not deleted when you close your browser and are automatically deleted after the predetermined retention period expires.

First-Party and Third-Party Cookies

Whether a cookie is first-party or third-party depends on who places the cookie. First-party cookies are placed directly by our Website, namely the URL address you see in your browser’s address bar (https://www.dentadent.com.tr/). Third-party cookies are placed by a different domain other than the one you see in your address bar.

Types of Cookies by Purpose of Use

The following types of cookies are used on our Website based on their purpose:

Strictly Necessary Cookies

These cookies are strictly necessary for the operation of our Website. They are first-party cookies and are used to ensure that the Website functions properly. These cookies are mandatory for providing the services you request (such as logging in, filling out forms, and remembering privacy preferences).

Performance – Analytics Cookies

These cookies determine the number of unique visitors, measure user traffic on our Website, identify the effectiveness of keywords used in search engines, monitor user navigation behavior, measure and improve Website performance, and analyze page popularity and the effectiveness of advertisements.

Functional Cookies

These cookies are used to make our Website more functional and personalized (other than privacy preferences), such as remembering your preferences when you revisit the Website.

Advertising and Marketing Cookies

These cookies are placed by our business partners via our Website and are third-party cookies. They are used by our partners to determine your interests and to display advertisements relevant to you.

Purposes and Legal Grounds for Processing and Information on Cookies Used

Strictly Necessary Cookies

Your Personal Data collected through strictly necessary cookies are processed pursuant to Article 5(2)(f) of the Law on the legal ground that “processing is mandatory for the legitimate interests of the Data Controller, provided that it does not harm the fundamental rights and freedoms of the Data Subject.” Information regarding strictly necessary cookies used on our Website is provided in the table below:

Cookie NameProviderDescriptionDurationType
__cfruiddentadent.zendesk.comThis cookie is part of services provided by Cloudflare, including load balancing, website content delivery and DNS connection services.SessionHTTP Cookie
__RequestVerificationTokendentadent.com.trHelps prevent Cross-Site Request Forgery (CSRF) attacks.SessionHTTP Cookie
__zlciddentadent.com.trNecessary for the functioning of the live chat feature on the website.SessionHTTP Cookie
__zlcstoredentadent.com.trRequired for the proper operation of the live chat function.PersistentHTML Local Storage
_cfuviddentadent.zendesk.comPart of Cloudflare services used for load balancing and content delivery.SessionHTTP Cookie
ASP.NET_SessionIddentadent.com.trMaintains the visitor’s session state across page requests.SessionHTTP Cookie
AWSALBCORSzopim.comRegisters which server cluster is serving the visitor for load balancing purposes.7 DaysHTTP Cookie
CookieConsentdentadent.com.trStores the user’s cookie consent status for the current domain.1 YearHTTP Cookie
rc::agstatic.comUsed to distinguish between humans and bots to generate valid website usage reports.PersistentHTML Local Storage
rc::cgstatic.comUsed to distinguish between humans and bots.SessionHTML Local Storage
test_cookiedoubleclick.netUsed to check whether the user’s browser supports cookies.1 DayHTTP Cookie
ZD-suidstatic.zdassets.comUnique identifier that identifies the user session.PersistentHTML Local Storage

Functional Cookies

Your Personal Data collected through performance and analytics cookies are processed based on your Explicit Consent pursuant to Article 5(1) of the Law. Where cross-border transfer applies, data are transferred abroad solely based on your Explicit Consent.

Your Personal Data collected through advertising and marketing cookies are processed based on your Explicit Consent pursuant to Article 5(1) of the Law. Where applicable, cross-border transfers are carried out solely based on Explicit Consent.

Parties to Whom Personal Data May Be Transferred and Purpose of Transfer

As Dentadent, we may transfer your Personal Data to third parties in compliance with Articles 8 and 9 of the Law and applicable national legislation. Your Personal Data may be transferred to our suppliers and legally authorized public institutions strictly limited to the purposes stated above and in accordance with the Law.

Some cookies used on the Website are provided by Google, a third-party service provider located abroad. These cookies are used to collect statistical data and improve the presentation and use of the Website. If you provide Explicit Consent, your Personal Data may be shared with Google Inc., located abroad, for the purpose of improving the Website experience.

How to Control or Disable Cookies

Your preferences regarding cookies are essential to us. However, strictly necessary cookies must be used for the Website to function properly. Please note that disabling certain cookies via browser settings may result in some functions of the Website not working partially or entirely.

Requests of Data Subjects

Pursuant to Article 11 of the Turkish Personal Data Protection Law No. 6698, Data Subjects have the right to:

You may submit your requests regarding your rights listed above by completing the Data Subject Application Form available on our website or by other methods stipulated in the legislation. Your request will be concluded free of charge within thirty (30) days at the latest; however, if the transaction requires an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.

After completing and signing the application form below, you may send it to us via WhatsApp communication or by e-mail at info@dentadent.com.tr.

To download the KVKK Application Form: Download the KVKK Application Form