KVKK Information Text

Prof. Dr. Mustafa ÖZDEMİR

Dermatology and Venereology Specialist

Ataköy 7-8-9-10. Kısım Mahallesi Çobançeşme E-5 Yanyol Caddesi Ataköy Towers B Block No:76 Bakırköy/Istanbul

mustafaozdemir@yahoo.com

Information Text on the Protection and Processing of Personal Data in Accordance with the Law on the Protection of Personal Data No. 6698

Dear visitor,

Information has been one of our most important assets throughout history, becoming the greatest source of wealth, wisdom, and, most importantly, technology. Information is sometimes stored on our desks, in books, on paper, or in specially designed systems. Most importantly, information resides in the minds of individuals. In today’s world, the collection of personal data has become inevitable for organizations to continue providing services, effectively deliver public services, develop and distribute products and services. Therefore, collected personal data must be protected properly, regardless of the environment.

The purpose of this information text on the Protection and Processing of Personal Data is to inform all individuals related to our clinic, including those who benefit from our products and services or those who contact our clinic for this purpose, our employees, job applicants, and business partners, about the protection of all kinds of personal data belonging to real persons in compliance with relevant laws and regulations, to ensure that personal data is not unlawfully disclosed, accessed, transferred, or subject to any security vulnerabilities, and to provide information regarding the fulfillment of the obligation to inform under Article 12 of the Personal Data Protection Law, acting as the data controller within this scope, taking administrative and technical measures at the highest level to ensure the protection of personal data in accordance with the legislation to be published and/or already published, and to perform inspections or have them performed.

  1. Data Controller

In accordance with the Personal Data Protection Law No. 6698, the data controller responsible for the processing of your personal data is Prof. Dr. Mustafa ÖZDEMİR, a dermatology and venereology specialist, registered with the Bakırköy Tax Office with tax identification number 6790056849, located at Ataköy Towers B Block No:76 Bakırköy/Istanbul.

As the data controller, we declare that your personal data may be recorded, stored, preserved, reorganized, shared with competent authorities to request these personal data in accordance with the law when necessary, classified, deleted upon request of the relevant individual, and processed in accordance with the provisions of the Law, within the framework of the purposes requiring their processing; furthermore, your personal data may be transferred to third parties, domestically or abroad, in accordance with the law and conditions specified in the relevant legislation and we, as the data controller, take the necessary administrative and technical measures to provide the highest level of security required for the protection of your personal data in compliance with the legislation to be published and/or already published.

  1. Processed Personal Data

The personal data to be processed by the data controller include your data as defined in the Law on the Protection of Personal Data, which means “any kind of information related to a specific or identifiable real person.” Moreover, within the scope of the same Law, special-category personal data are defined as “data on race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, clothing and dressing, membership of associations, foundations, or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.”

Our clinic may obtain, classify, record, and maintain personal or special-category personal data, whether in whole or in part, with the consent of patients/visitors, and keep them for the period specified in the relevant law or as required by the purpose of obtaining personal data.

In this context, the categories of personal data to be processed by us, including but not limited to, are as follows:

Identity data Name, surname, T.C. ID number, SGK (Social Security Institution) registration number, signature, marital status, identity card serial and sequence number, date of birth, place of birth, identity card, driver’s license, passport photocopies.

Contact data Phone number, email address, residential address.

Financial data Your bank account number, IBAN (International Bank Account Number), credit card information, billing information.

Insurance Data Data related to private health insurance for the financing and planning of health services and Social Security Institution data.

Special-category personal data (Your health data) Your laboratory results, test results, examination data, appointment information, check-up information, measurements, drawings, various patterns, prescription information, including but not limited to these, all kinds of health and sexual life-related personal data obtained during the provision of medical diagnosis, treatment, and care services, or as a result of these services.

Family and relative data In cases where necessary, the names, surnames, contact information, and family health information of relatives of patients may be processed.

It is your responsibility to inform your family members and relatives before providing their information to our clinic. As the data controller, we do not assume any responsibility for the accuracy and legality of the data provided by you. We also do not have any responsibility in case of disputes arising from the sharing of personal data with third parties without your knowledge or consent.

  1. Purposes of Processing Personal Data

Personal data obtained within the scope of our clinic may be processed in accordance with the legislation, to benefit you as the data owner, to ensure that you receive better services, to fulfill our legal obligations, and to ensure the execution of all our activities within the framework of corporate governance principles in accordance with the purposes stated in the “Personal Data Processing and Protection Policy” to be determined by our clinic. The purposes of processing personal data are as follows:

Ensuring the security of our clinic, its environment, and the persons in the clinic, Ensuring the legal and commercial security of our clinic, Fulfillment of legal obligations, Ensuring the physical security of the clinic, its employees, and visitors, Fulfilling the requirement of the explicit consent of the data owner when processing special-category personal data, Providing physical and electronic security within the clinic, Execution of business processes to ensure the continuity of services, Improving the quality of products and services, Providing better and personalized services to you, Execution of the necessary work by our business units to benefit you as the data owner, Realization of marketing and campaign activities of our clinic, Providing information about our products and services, Improving the quality of products and services, Providing better and personalized services to you, Execution of the necessary work by our business units to benefit you as the data owner, Realization of marketing and campaign activities of our clinic, Providing information about our products and services, Communication with you, Ensuring data security and confidentiality, Ensuring the physical security of the clinic, its employees, and visitors, Data security processes of our company, Execution of our company’s operational activities, Carrying out corporate communication activities, Management of customer requests and complaints.

  1. Legal Reasons for Processing Personal Data

Your personal data may be processed in accordance with the principles stipulated in the Personal Data Protection Law No. 6698 and in accordance with the rules and conditions specified in Article 5 and Article 6 of the Law on the Protection of Personal Data. As a clinic, we process your personal data in accordance with the following legal reasons, primarily for the purpose of complying with the legal obligations stipulated in the relevant legislation:

Explicit consent of the data owner, It is clearly stipulated in the laws, It is mandatory for the protection of life or bodily integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid, Processing of personal data of the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract, It is mandatory for the data controller to fulfill its legal obligation, Data processing is mandatory for the establishment, exercise, or protection of a right, Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner, Processing of special-category personal data other than health and sexual life data, without the explicit consent of the data owner who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid, is mandatory for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, planning, and management of health services and financing.

  1. Transfer of Personal Data

Your personal data may be transferred domestically and abroad, limited to the purpose of processing personal data, in accordance with the legislation. Within this framework, personal data may be transferred to our business partners, shareholders, group companies, suppliers, legally authorized public institutions, private law legal entities, local and foreign authorities, and domestic and international organizations, and any other third parties to whom personal data is required to be transferred due to legal obligations, without obtaining explicit consent from you.

In the event of a personal data transfer, we will take the necessary precautions to ensure that your personal data is processed in accordance with the Personal Data Protection Law No. 6698 and that the necessary security measures are taken during the transfer process. When transferring personal data abroad, if the relevant country is not included in the list of countries deemed to provide an adequate level of protection by the Personal Data Protection Board, we will ensure that adequate safeguards are provided for the protection of personal data, and we will obtain the necessary permissions from the Personal Data Protection Board, if required by the legislation.

  1. Retention Period of Personal Data

Your personal data will be retained for the period stipulated in the relevant legislation or as required by the purpose of processing personal data, and then they will be deleted, destroyed, or anonymized by our clinic, in accordance with the principles set out in the “Personal Data Processing and Protection Policy” to be determined by our clinic.

  1. Rights of Data Owners

As the data owner, if you submit your requests regarding your rights to our clinic in writing or through the other methods specified in the Personal Data Protection Law No. 6698 and the relevant legislation, our clinic will conclude your request free of charge within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee determined by the Personal Data Protection Board may be charged. In this context, data owners have the following rights:

Learning whether personal data is processed, Requesting information if personal data has been processed, Learning the purpose of processing personal data and whether they are used appropriately for their purpose, Knowing the third parties to whom personal data is transferred domestically or abroad, Requesting correction of personal data if it is incomplete or incorrectly processed, Requesting the deletion or destruction of personal data, Requesting the correction of incomplete or incorrect personal data, if any, Requesting that the personal data be deleted or destroyed, Requesting notification of the transactions made in accordance with the above subparagraphs to third parties to whom personal data has been transferred, Objecting to the occurrence of a result against the data owner by analyzing the processed data exclusively through automated systems, Requesting the compensation of the damage in case of damage due to the processing of personal data unlawfully.

You can send your requests regarding your rights to our clinic in writing, or you can submit them to our clinic in accordance with the other methods specified in the Personal Data Protection Law No. 6698 and the relevant legislation. You can use the data controller application form on the website of the Personal Data Protection Board (https://www.kvkk.gov.tr) to submit your requests to us.

  1. Data Security Measures

Our clinic, as the data controller, undertakes to take all technical and administrative measures required to ensure the appropriate level of security within the framework of the “Personal Data Processing and Protection Policy” to be determined by our clinic, in order to prevent unauthorized access to personal data, loss, misuse, disclosure, alteration, or destruction of personal data and to ensure the proper protection and processing of your personal data. In this context, we take the following technical and administrative measures to ensure data security:

Technical Measures: Access to personal data is restricted with appropriate authorization levels. Measures have been taken to prevent unauthorized access to the server room where personal data is stored. Regular backups of personal data are taken to prevent data loss. Firewall systems are used to prevent external access to the network infrastructure. Antivirus and anti-malware software are used to protect against malicious software. Data loss prevention systems are used to prevent data leakage. Data encryption methods are applied when necessary. Regular security scans and vulnerability assessments are conducted.

Administrative Measures: Our employees are regularly trained on data protection and security. Access to personal data is logged and monitored. Data protection policies and procedures are in place. Incident response and data breach notification procedures are established. Regular audits and assessments of data protection practices are conducted.

  1. Data Controller Contact Information

As the data controller, our clinic can be contacted through the following contact information for your requests and questions regarding the processing and protection of personal data:

[Your Clinic’s Name] Address: [Clinic’s Address] Phone: [Clinic’s Phone Number] Email: [Clinic’s Email Address]

  1. Amendments to the Privacy Policy

Our clinic reserves the right to amend or update this Privacy Policy in line with changes in legislation and our clinic’s practices. Any changes to this Privacy Policy will be posted on our website, and the revised policy will be effective from the date of publication.

This Privacy Policy was last updated on [Date of Last Update].

[Your Clinic’s Name] [Your Clinic’s Logo]

Note: This is a template Privacy Policy, and you should consult with legal counsel or experts to ensure that it complies with applicable laws and regulations in your jurisdiction. Additionally, you should tailor the policy to your specific clinic’s practices and needs.