Book Online Appointment

PERSONAL DATA PROCESSING AND PROTECTION POLICY

PURPOSE AND SCOPE

As Dentadent Oral and Dental Health Center (the “Clinic”), located at Zuhurat Baba Mah. Yüce Tarla Cad. Tamburacı Osman Sok. No: 8 Bakırköy, Istanbul, we attach utmost importance to the protection of personal data of all natural persons with whom we come into contact in the course of our activities, in compliance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”), which is regulated as a constitutional right, and the provisions of the European Union General Data Protection Regulation (“GDPR”).

This Personal Data Protection Policy has been prepared to inform you about the processes regarding the collection, use, sharing and storage of personal data by the Clinic located at the above-mentioned address. In the processing and protection of personal data, the provisions of the applicable legislation in force shall primarily apply.

The main purpose of this Personal Data Protection and Processing Policy (“Policy”) is to set forth, in a methodological manner, the rules, measures, duties and responsibilities adopted by the Clinic within the scope of personal data protection legislation and to ensure transparency regarding the measures implemented for the protection of personal data.

DEFINITIONS AND ABBREVIATIONS

The terms used in the implementation of this Policy shall have the meanings set forth below:

  • Employees: Refers to the employees of the Clinic.
  • Contact Person: The person responsible for individually monitoring personal data processing activities within the Clinic and ensuring the implementation of KVK Policies and Procedures.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The natural person whose personal data is processed.
  • Processing of Personal Data: Any operation performed on personal data, whether fully or partially by automated means or by non-automated means provided that it forms part of a data recording system.
  • KVK Law: Refers to the Turkish Personal Data Protection Law No. 6698.
  • GDPR: The European Union General Data Protection Regulation.

PRINCIPLES OF PERSONAL DATA PROCESSING

The Clinic processes personal data in accordance with the procedures and principles stipulated in the KVKK and other applicable legislation.

The following principles are observed in the processing of personal data:

  1. Lawfulness and fairness: Personal data is processed in compliance with legislation, law and the principles of good faith. Data subjects are duly informed.
  2. Accuracy and up-to-dateness: Necessary measures are taken to ensure that personal data is accurate and kept up to date where required.
  3. Processing for specific, explicit and legitimate purposes: The Clinic clearly determines legitimate and lawful purposes for processing personal data and processes data only to the extent necessary for the services provided.
  4. Relevance, limitation and proportionality: Personal data is processed only to the extent necessary for achieving the determined purposes and unnecessary data is not collected, processed or retained.
  5. Retention for the period stipulated by legislation or required for the purpose: Personal data is retained in accordance with legal retention periods and deleted, anonymized or destroyed once the period expires.

CONDITIONS FOR PROCESSING PERSONAL DATA

While processing personal data, the Clinic complies with the provisions of KVKK No. 6698.

Personal data cannot be processed without the explicit consent of the data subject unless otherwise stipulated by law.

However, personal data may be processed without explicit consent where one of the following legal grounds exists:

  1. Explicitly provided for by law.
  2. Necessary to protect the life or physical integrity of a person who is unable to give consent due to actual impossibility or whose consent is not legally valid.
  3. Necessary for the establishment or performance of a contract.
  4. Necessary for compliance with a legal obligation of the data controller.
  5. Made public by the data subject.
  6. Necessary for the establishment, exercise or protection of a legal right.
  7. Necessary for the legitimate interests of the data controller, provided that fundamental rights and freedoms of the data subject are not harmed.

CONDITIONS FOR PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA

The Clinic complies with the regulations set forth under Article 6 of the Turkish Personal Data Protection Law No. 6698 regarding the processing of special categories of personal data.

Pursuant to Article 6 of the KVKK, data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are defined as special categories of personal data.

The Clinic processes special categories of personal data under the following conditions:

  1. With the explicit consent of the data subject;
  2. Without explicit consent in cases explicitly provided for by law for special categories of personal data other than health and sexual life data;
  3. Health and sexual life data may be processed without explicit consent solely for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of healthcare services and financing, by persons or authorized institutions under a confidentiality obligation.

METHODS OF COLLECTION AND PROCESSING OF PERSONAL DATA

In accordance with Articles 4, 5 and 6 of the KVKK and Articles 5, 7, 9 and 10 of the relevant Regulation, the Clinic processes personal data based on the Personal Data Processing Inventory, which is required to include the following information:

  • Data category
  • Purposes of processing and legal grounds
  • Recipient / recipient groups to whom the data is transferred
  • Data subject groups
  • Maximum retention period required for processing purposes
  • Transfers to foreign countries
  • Administrative and technical measures taken for data security

THIRD PARTIES TO WHOM PERSONAL DATA IS TRANSFERRED AND PURPOSES OF TRANSFER

In the transfer of personal data to third parties, the Clinic strictly complies with the conditions set forth under the KVKK, without prejudice to provisions in other applicable legislation. Personal data is not transferred to third parties without the explicit consent of the data subject.

However, personal data may be transferred without explicit consent where one of the following legal grounds exists:

  • Explicitly provided for by law;
  • Necessary to protect the life or physical integrity of a person who is unable to give consent;
  • Necessary for the establishment or performance of a contract;
  • Necessary for compliance with a legal obligation;
  • Made public by the data subject;
  • Necessary for the establishment, exercise or protection of a legal right;
  • Necessary for the legitimate interests of the data controller, provided that fundamental rights and freedoms of the data subject are not harmed.

RETENTION OF PERSONAL DATA UNDER APPLICABLE LEGISLATION

The Clinic retains personal data securely in physical or electronic environments for the period required to fulfill its activities in compliance with the KVKK and other relevant legislation. Where a specific retention period is stipulated by law, such period is observed. If no such period is specified, data is retained for the period necessary for the purpose of processing.

Upon expiration of the retention period, personal data is deleted, destroyed or anonymized.

Where the data controller has a legitimate interest, personal data may be retained until the expiration of the general statute of limitations (ten years) under the Turkish Code of Obligations, provided that this does not harm the fundamental rights and freedoms of the data subject.

The Clinic provides necessary training to relevant internal units and ensures awareness regarding these obligations.

MEASURES TAKEN FOR DATA SECURITY

The Clinic takes all necessary administrative and technical measures to ensure an appropriate level of security for the protection of personal data.

Pursuant to Article 12(1) of the KVKK, the Clinic implements measures to:

  • Prevent unlawful processing of personal data,
  • Prevent unlawful access to personal data,
  • Ensure the secure retention of personal data.

The measures implemented by the Clinic include the following:

Administrative Measures

  • The Clinic conducts necessary audits to ensure compliance with legal requirements.
  • In the event personal data is unlawfully obtained by third parties, the Clinic promptly notifies the data subject and the Personal Data Protection Authority.
  • Data security is ensured through framework agreements, consent forms, explicit consent declarations and contractual clauses with parties to whom personal data is transferred.
  • The Clinic employs qualified personnel knowledgeable in data protection and provides regular data protection training.

Technical Measures

  • The Clinic employs competent and experienced personnel to ensure data security.
  • Necessary internal controls are carried out within established systems.
  • Technical infrastructure is implemented to prevent and monitor unauthorized data leakage and appropriate monitoring matrices are established.

RIGHTS OF DATA SUBJECTS UNDER ARTICLE 11 OF THE KVKK

Pursuant to Article 11 of the Turkish Personal Data Protection Law No. 6698, data subjects may apply to the Clinic and request:

  1. To learn whether their personal data is processed,
  2. To request information if their personal data has been processed,
  3. To learn the purpose of processing and whether it is used in accordance with its purpose,
  4. To learn the third parties to whom personal data is transferred domestically or abroad,
  5. To request correction of incomplete or inaccurate data,
  6. To request deletion or destruction of personal data in accordance with KVKK and other relevant legislation,
  7. To request notification of correction, deletion or destruction to third parties to whom personal data has been transferred,
  8. To object to a result arising against them due to analysis by exclusively automated systems,
  9. To request compensation in case of damage arising from unlawful processing.

RIGHTS OF DATA SUBJECTS UNDER GDPR

Where the GDPR applies (e.g., EU citizens or residents of EU Member States), personal data is also protected under the General Data Protection Regulation. The rights of data subjects under the GDPR include:

  • Right of Access (Article 15): The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed and to access such data.
  • Right to Rectification (Article 16): The data subject has the right to request correction of inaccurate personal data.
  • Right to Erasure (Article 17): The data subject has the right to request deletion of personal data under the conditions set out in Article 17 of the GDPR.
  • Right to Restriction of Processing (Article 18):
    • Where the accuracy of the data is contested, processing may be restricted until verification is completed.
    • If processing is unlawful and the data subject opposes erasure, restriction may be requested.
    • If the Clinic no longer needs the data but the data subject requires it for legal claims, restriction may be requested.
    • Where objection under Article 21 is pending verification, restriction may be requested.
  • Right to Data Portability (Article 20): Where technically feasible and processing is based on consent or contract, the data subject may request transfer of their data to another controller.
  • Right to Object (Article 21): The data subject has the right to object to processing based on legitimate interests.

ARE COOKIES AND OTHER TECHNOLOGIES USED TO COLLECT PERSONAL INFORMATION?

Yes. We may use cookies and similar technologies such as web beacons to collect information through our website.

A cookie is a small text file placed on your device by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. They are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.

The primary purpose of cookies is to provide convenience and improve user experience. For example, if you register on our website, a cookie may help recall your personal information such as billing or contact details during subsequent visits, allowing you to use personalized features without re-entering your information.

A web beacon is a small graphic image embedded in a web page or email that enables tracking of certain information, such as the browser type, IP address, and the time the content was viewed. Web beacons may be invisible to users and can be used to analyze website traffic and email engagement.

We may use web beacons to track visitor numbers, monitor navigation within the website, and measure the effectiveness of email communications.

Third-party vendors may also use cookies on our website. For example, we may engage third-party service providers to analyze anonymous usage statistics and collect aggregated data about visitor interactions. Such data is shared externally only in anonymous and aggregated form.

We may also contract with third parties to send emails to registered users. These third parties may use cookies to measure and improve the effectiveness of email communications. Any data collected by such parties on behalf of the Clinic is used solely for the Clinic’s purposes.

From time to time, we may allow third parties to display advertisements on our website. Such advertisements may contain cookies or web beacons provided by the third party. This Privacy Policy does not govern the use of information collected by third-party advertising servers. We do not control these cookies and encourage you to review the privacy policies of those advertisers before interacting with their content.

Most web browsers automatically accept cookies. However, you may modify your browser settings to decline cookies if you prefer. Please note that disabling cookies may limit certain interactive features of the Clinic’s website.