Privacy Policy

Under the text on informing patients about the processing of personal data Data Officer with Law no. 6698 on the protection of personal data (“Law”); as data controller, your data will be processed by EZAY AĞIZ VE DİŞ SAĞLIĞI HİZMETLERİ TİCARET LİMİTED ŞİRKETİ (“EZAY AĞIZ VE DİŞ SAĞLIĞI HİZMETLERİ TİCARET LİMİTED ŞİRKETİ” or “Company”) to the extent described below. Methods of collecting personal data and the legal basis: Our Company collects personal data directly from you, our patients, in direct relation to the processing of personal data as established by law, from the contractual relationship between you and us, from our internet branch, mobile applications, social media accounts, email, mail, fax, communications from administrative and judicial authorities and data experienced acoustically, electronically or in writing through other communication channels. Under the following terms and conditions, mainly for the execution of the relationship between you and us and compliance of activities with the legislation and objectives, under the following legal grounds indicated in Articles 5 and 6 of the Law: Where we have a contractual relationship with you or it is directly related to our obligation to perform under that contract, the processing of your personal data (e.g. the processing of your identity details, communication and related data when initiating a contract) is strictly necessary for the establishment, exercise or protection of a right (e.g., Administration and planning of health insurance processes, ensuring information security, ensuring the security of legal transactions, monitoring and execution of legal matters, storage of personal data that may be required during the limitation period), cases where the process in which we process your personal data is clearly required by law (e.g. Retention of business records in accordance with the Act and Law No. 5651), in order to comply with our legal obligation (processing of your personal data due to the fulfillment of financial, tax and similar obligations, compliance with legal requirements in the context of regulatory and supervisory activities), where this is strictly necessary for our legitimate interests, provided that your fundamental rights and freedoms are not prejudiced (e. g. For example, conducting/auditing business activities, ensuring the security of data processing, transferring documents that may contain your personal data and payment records to the relevant parties/institutions during the necessary audits in the company’s processes such as mergers, demergers, and acquisitions), your explicit consent from you when required (e.g., the transfer of your biometric data to SSI, etc.), Purpose of the processing of your personal data, the establishment of a contractual relationship with you and the management of all stages of this contractual process, ensuring information security and the security of legal transactions, as well as the fulfillment of our legal obligations, these data may be processed for the following purposes that you have communicated to us: Carrying out information security processes: Ensuring transaction security in your diagnostic and treatment procedures, taking the necessary measures to ensure the timeliness and accuracy of the data processed, setting up and operating the information infrastructure, ensuring physical security and cybersecurity, ensuring the security of the Internet branch, ensuring transaction security and for this purpose IP processing of MAC address and similar data and log records [identity, communication, request/complaint/reputation management data, call center records]. Conduct audits/ethics activities: Conducting audit activities during your diagnosis and treatment, detecting and preventing fraudulent transactions, managing internal control and audit activities [identity data, communication data, financial data, health data, request/complaint/reputation management data]. Conducting activities in compliance with legal requirements: ensuring compliance with legal requirements in business processes, in particular Law No. 6698, ensuring that our actions are performed in compliance with internal procedures and relevant regulations, planning and executing activities [identity data, communication data, financial data, application/complaint/reputation management data, health data]. Execution of financial and accounting matters: Performing financial and accounting processes based on this information during your diagnosis and treatment, tracking accounting and purchasing transactions [identity, communication, financial data]. Prosecution and execution of legal matters: Pursuit of contract litigation and/or legal issues and motions, alternative dispute resolution methods and conclusion of litigation, management of litigation with notaries, judicial and administrative authorities [court opinions, traffic accident reports]. Carrying out communication activities: if necessary, contacting you according to the information you have provided, informing you about your contract, payment reminders, contacting you by SMS, email and telephone in the context of fulfilling the contract, planning, and/or carrying out customer service activities [ identity, contact, call center records, financial data]. Conducting/auditing business activities: Performing diagnostic and treatment procedures and monitoring the business activities we perform, planning internal reporting and business development activities, patient contact, and clinical staff follow-up [identity, communication, financial data, inquiry/complaint/reputation management data] Conducting sales processes for goods/services: Using your personal data in online appointment setting, technical support, and management strategies [identity, communications, financial data, audio data, inquiry/complaint/reputation management data]. Perforing patient relationship management processes: Managing our relationships related to the diagnostic and treatment services provided to you, fulfilling your requests and feedback [identity, contact data]. Executing supply chain management processes: executing processes related to diagnostic and treatment procedures for business partners, suppliers, and other stakeholders [identity, communications, financial data]. Provision of information to authorized persons, institutions, and organizations: Processing is carried out in the context of providing information as required by law and fulfilling requests from public authorities [identity, communication, financial, health data]. Transfer of processed personal data Our company takes care to process your personal data according to the “need to know” and “need to use” principles, ensuring the necessary data minimization and adopting the required technical and administrative security measures. We need to share the personal data we process with third parties for specific purposes, such as the execution or control of business activities, ensuring business continuity, and the operation of digital infrastructures require a continuous flow of data with various stakeholders. In addition, your personal data must be accurate and up-to-date so that we can fully and adequately fulfill our contractual and legal obligations. To this end, we need to work with various business partners and service providers. Your personal data are processed in the context of contracts with insurance companies and intermediaries in the context of private health insurance or the assignment of receivables or financing, with business partners and service providers who provide call center services for the provision of diagnostic and treatment services, in the context of and limited to the accomplishment of the aforementioned purposes, with the parties involved in the performance of these transactions for the purpose of carrying out the transactions, with our relevant business partners, consultants and service providers for the management of financial and accounting processes, the identification and assessment of risks, the prevention of fraud, with banks, financial advisors and the e-invoice business partner for the electronic delivery of the e-invoice to the patient, with freight and courier companies for the physical delivery of contracts or invoices, with tax authorities for the fulfillment of tax obligations, in the event of tax audits, with the representatives of the Ministry of Finance, with our business partners and service providers who provide, operate or provide services to our IT infrastructure, with attorneys and other advisors for the performance of contract litigation and litigation/enforcement proceedings, private integrators, independent auditors, customs authorities, financial advisors / with our business partners who provide accounting services, legally authorized public entities and private persons or organizations and third parties, attorneys, auditors, forensic experts, cybersecurity consultants tax advisors and other third parties from whom we receive consulting and services, as well as business partners in the context of fulfilling legal obligations, regulatory and supervisory institutions and other official institutions such as courts and law enforcement agencies, our shareholders in all processes, the implementation of risk management and financial reporting processes, other public institutions or organizations that are entitled to request your personal data, it may be transferred and processed domestically to a limited extent for the purposes set out in this text. Rights Of the Data Subject As a data subject whose personal data are processed, you may contact “Kozyatağı Mah. Şemsettin Günaltay Cad. No: 54/1 Kadıköy / Istanbul” to address your requests (noticing the processing of personal data, requesting information about the processing, noticing the purpose of the processing, noticing the transferred persons, requesting the rectification, erasure or destruction of incomplete or inaccurate processing, request for notification of all automated transactions to third parties, objection to the analysis, demand for compensation) under Article 11 of the Law, which regulates the rights of the data subject, under the Communiqué on the Application Procedures and Principles to the Data Controller. OPEN CONSENT Within the framework of the “EZAY AĞIZ VE DİŞ SAĞLIĞI HİZMETLERİ TİCARET LİMİTED ŞİRKETİ Patient Information Text,” I accept, declare and undertake that I give my consent to the transfer to the groups of buyers mentioned in the information text, both at home and abroad, limited to the specified processing of my health data, which is considered personal data of exceptional quality, limited to the purposes of conducting private health insurance processes, determining additional services, planning and execution of business processes. In this regard, I also declare that I have been informed of the rights granted to me by Article 11 of Law No. 6698 and how to use my rights granted to me by Article 11 of Law No. 6698, that I have the right and the power to withdraw at any time my express consent to the processing and/or communication of my personal data processed and/or communicated based on my express permission. I agree. I disagree. Name: Date: Signature: