Gazident Ağız ve Diş Sağlığı Hizmetleri Ltd. Şti. (hereinafter referred to as the “Company” or the “Clinic”), acting as the Data Controller within the scope of the Personal Data Protection Law No. 6698 (the “Law”), the European Union General Data Protection Regulation (“GDPR”), and the relevant legislation, may process your personal data within the framework explained in detail below.
Detailed information regarding the protection, processing, storage, and destruction of your personal data can be accessed under the “Protection of Personal Data and Privacy” section on our website.
A. Collection, Processing, and Purposes of Processing Personal Data
1. Collection of Personal Data
Your personal data that you share with our Company may be collected verbally, in writing, or electronically, by automatic or non-automatic means, through offices, agencies, clinics/branches, call centers, websites, social media channels, SMS channels, mobile applications, business/program partners, and similar channels.
The Company may use cookies in order to provide its services more effectively and to adapt the content to individual needs and interests. Disabling cookies in the browser does not prevent the use of the services on the website; however, it may cause certain technical issues. Cookies are also used to collect general statistical information regarding the user’s use of the website. Our detailed Cookie Policy is available on our website.
Personal data may also be collected through digital environments such as the Company’s websites, software and applications made available via computers or certain smart devices, and social media accounts activated by persons authorized to provide services on behalf of the Company.
Image recordings of our visitors are obtained through camera surveillance systems at the entrances of the Company’s buildings and facilities and within the facilities. Within the scope of security camera surveillance, the Company aims to increase the quality of the service provided, ensure its reliability, provide the security of our Company, customers, and other persons, and protect the interests of customers regarding the services they receive. Our detailed clarification text regarding camera surveillance activities is available on the website.
2. Processing of Personal Data
The Company may process your special categories of personal data, particularly your health data, and your personal data of a general nature for the purposes specified below:
- Identity information: Your name, surname, Turkish Republic Identity Number, passport number or temporary Turkish Republic Identity Number, place and date of birth, marital status, gender, insurance information, and/or any other identity data that may identify you;
- Contact information: Your address, telephone number, e-mail address, and other contact data; voice call recordings kept by customer representatives or customer services in accordance with call center standards; your personal data obtained when you contact us via e-mail, letter, or other means; and any other personal data you send to us through our communication channels;
- Information regarding family members and relatives: Information regarding the data subject’s children and spouses, together with identity information;
- Bank account information: Your bank account number, IBAN, only the information appearing on the credit card slip, billing information, invoice information, and similar financial data;
- Physical premises security information: Your vehicle license plate information if you use the parking area belonging to our customers, visitor information, entry and exit information, images obtained from camera recordings continuously recorded in common areas, and your audio recording;
- Legal transaction information: Requests for information received from judicial and administrative authorities, and data generated as a result of audits and inspections;
- Human resources and employment data: If you apply for a job with the Company, your personal data obtained in this regard, including your CV; and, if you are an employee of the Company or an associated employee, all personal data related to your employment contract, your private health insurance data, and your Social Security Institution data for the purpose of financing and planning healthcare services;
- Marketing information: Targeting information that may affect the service, cookie records, surveys completed by our customers, thank-you and complaint letters, satisfaction results, and other notifications you provide for evaluation purposes;
- Special categories of personal data: Data that must be obtained due to the nature of the service provided or pursuant to legal legislation, primarily data related to race, health and sexual life, criminal convictions and security measures, and biometric data.
3. Purposes of Processing Personal Data
Your personal data shared by you may be processed for the following purposes:
- To enable you and/or the institutions and organizations you represent to benefit from the products and services offered by our Company;
- To carry out the necessary activities, including but not limited to determining and implementing our Company’s commercial and business strategies, conducting marketing activities, and carrying out business development and planning activities;
- To ensure the physical security and supervision of the locations used by our Company;
- To establish relationships with business partners/customers/suppliers, including their authorized representatives or employees;
- To fulfill contractual requirements and ensure financial reconciliation regarding products and services offered together with our business partners, suppliers, or other third parties;
- To follow up legal and administrative affairs and human resources policies;
- To process data when our Company’s call center is contacted, our website is used, and/or participation is provided in trainings, seminars, or organizations arranged by our Company.
4. Storage of Personal Data
Your personal data will be stored in electronic and/or physical environments. Business processes and technical security infrastructure improvements are designed and implemented in order to prevent unauthorized access, manipulation, loss, or damage to the personal data obtained and stored by our Company in the environments where such data is stored.
Your personal data will be processed and stored, with all necessary information security measures taken, provided that it is not used outside the purposes and scope notified to you, for the statutory retention period, or if no such period is prescribed, for the period required by the purpose of processing. At the end of this period, your personal data will be removed from our Company’s data flows by deletion, destruction, or anonymization methods.
The Company adopts the principle of acting in compliance with the law when sharing data with its business and solution partners. Data is shared with business and solution partners under a data confidentiality commitment and only to the extent required by the service, and such parties are required to take the necessary measures to ensure data security.
In accordance with the Law on the Regulation of Commerce and the Regulation on Commercial Communication and Commercial Electronic Messages, electronic messages for advertising purposes may be sent only to persons from whom prior approval has been obtained. The explicit existence of the approval of the person to whom the advertisement will be sent is required. The Company complies with the details of “approval” determined under the same legislation. This approval may be obtained in writing in a physical environment or through any electronic communication tool.
If a contractual relationship has been established with our customers and prospective customers, the collected personal data may be used without obtaining the customer’s separate approval. However, such use shall be carried out in line with the purpose of the contract. Conversely, the data left to us by our prospective customers is processed in order to provide them with easier and higher-quality service subsequently. If there is no contractual relationship, such data is deleted upon their request.
Data received by our Company is entered into the system only to the extent necessary. Excess information is not recorded in the system; it is deleted or anonymized. Such data may be used for statistical purposes.
We hereby inform you, within the scope of the data controller’s obligation to provide information, that your personal data mentioned above may be processed pursuant to the provisions of the Basic Law on Health Services No. 3359, Decree-Law No. 663 on the Organization and Duties of the Ministry of Health and Its Affiliated Institutions, the Regulation on Private Hospitals / the Regulation on Private Healthcare Institutions Providing Oral and Dental Health Services, the Regulation on the Processing of Personal Health Data and the Protection of Privacy, Ministry of Health regulations, and other relevant legislation; and that such data may be transferred to the physical archives and information systems of the Clinic and/or our suppliers and may be kept under protection in both digital and physical environments.
B. Transfer of Personal Data
The Company may transfer personal data domestically or abroad if the conditions for the transfer of personal data are met, in accordance with Articles 8 and 9 of the Law and the additional regulations determined by the Personal Data Protection Board.
The transfer of personal data to third parties within the country may be carried out by the Company if at least one of the data processing conditions set forth in Articles 5 and 6 of the Law exists and provided that the fundamental principles regarding data processing conditions are complied with.
The transfer of personal data to third parties abroad may be carried out if the Company and the data controller in the relevant country undertake adequate protection in writing, the Personal Data Protection Board permits such processing, and at least one of the data processing conditions set forth in Articles 5 and 6 of the Law exists.
You may obtain the conditions and detailed information regarding the transfer of your personal data from the Personal Data Protection and Processing Policy available on our website.
| Category of Party Shared With | Scope | Purpose of Transfer |
|---|---|---|
| Business Partner | Parties with whom the Company establishes business partnerships while carrying out its commercial activities. | Sharing of personal data limited to ensuring the fulfillment of the purposes for which the business partnership was established. |
| Supplier | Parties that provide services for the continuation of the Company’s commercial activities in line with the instructions received from the Company and based on the agreement between the Company and the supplier. | Transfer limited to receiving services obtained externally from the supplier. |
| Affiliate | Companies in which the Company has an affiliate relationship and/or affiliated companies. | Transfer of personal data limited to carrying out commercial activities that require the participation of affiliates. |
| Legally Authorized Public Institution | Public institutions and organizations legally authorized to receive information and documents from the Company. | Sharing of personal data limited to the purpose of responding to information requests from the relevant public institutions and organizations. |
| Legally Authorized Private Institution | Private legal entities legally authorized to receive information and documents from the Company. | Sharing of data limited to the purpose requested by the relevant private law persons within the scope of their legal authority. |
C. Destruction of Your Personal Data
Although personal data may have been processed in accordance with the relevant provisions of the law, if the reasons requiring its processing cease to exist, personal data may be deleted or destroyed by the Company upon its own decision or upon the request of the personal data subject.
The deletion or destruction techniques used by us include physical destruction, secure deletion from software, and secure deletion by an expert.
The Company has the right to anonymize personal data when the reasons requiring the processing of personal data processed in accordance with the law cease to exist. Anonymization of personal data means rendering personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching it with other data.
In accordance with Article 28 of the Personal Data Protection Law, anonymized personal data may be processed for purposes such as research, planning, and statistics. Such processing falls outside the scope of the Personal Data Protection Law, and the explicit consent of the personal data subject will not be sought.
D. Cases Where Personal Data May Be Processed Without Explicit Consent Under the Personal Data Protection Law
Pursuant to Article 5 of the Personal Data Protection Law, your personal data specified below may be processed without seeking your explicit consent in the following cases:
- Where it is expressly provided for by law.
- Where it is mandatory for the protection of the life or physical integrity of the person who is unable to express consent due to actual impossibility or whose consent is not legally valid, or of another person.
- Where the processing of personal data belonging to the parties to a contract is necessary, provided that it is directly related to the establishment or performance of a contract.
- Where it is mandatory for the data controller to fulfill its legal obligation.
- Where the data has been made public by the data subject himself/herself.
- Where data processing is mandatory for the establishment, exercise, or protection of a right.
- Where data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
E. Data Security
As the Company, we attach importance to the protection of your personal data. Therefore, we hereby inform you that we protect your personal data against possible risks within the scope of our technical and administrative capabilities, in accordance with information security standards and procedures.
F. Your Rights Regarding the Protection of Your Personal Data
Pursuant to Article 11 of the Personal Data Protection Law, you may exercise your legal rights regarding your personal data under the relevant legislation by completing the “Data Subject Application Form” available on our website and delivering the wet-signed form by hand to the workplace address where you received service, sending it via notary public, sending it from your registered electronic mail address to our Company’s registered electronic mail (KEP) address, or sending a Word or PDF file signed with secure electronic signature through info@gazident.com / https://gazident.com/ communication channels.
