Esnan Oral and Dental Health and Health Services. Singing. ve Tic. Inc. (Referred to as the Company or Esnan) as a Personal Data Controller, will be able to process your personal data within the scope of the Personal Data Protection Law (Law) No. 6698 and the European Union General Data Protection Regulation (“GDPR”) and relevant legislation.
You can find detailed information on the protection, processing, storage and destruction of your personal data on our website under the heading “Personal Data Protection Law (PDPL)”.
A. COLLECTION, PROCESSING AND PURPOSE OF PROCESSING PERSONAL DATA
1. Collection of Personal Data
Your personal data that you share with our company through automatic or non-automatic methods, offices, agencies, branches (Sultangazi, Esenler, Beylikdüzü, Topkapı, Skyland) call center, website, social media channels, sms channels, mobile applications and business / program partner-like ways, verbally, in writing or electronically.
Personal data can also be collected from digital media such as company websites, software and applications made available on computers or some smart devices, and social media accounts activated by persons authorized to serve on behalf of the company.
Video recordings of our visitors are taken in our company’s building, at the facility entrances and within the facility with a camera monitoring system. The company, within the scope of monitoring with security cameras; It aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of our company, our customers and other people, and to protect the interests of the customers regarding the service they receive. Our detailed lighting text about the camera monitoring activity is available on the site.
2. Processing of Personal Data
The Company may process your private and general personal data, especially your health data, for the following purposes:
- Your Identity Information: Your name, surname, T.C. Your identity number, passport number or temporary Turkish identity number, place and date of birth, marital status, gender, insurance and/or other identification information that can identify you
- Your Contact Information: Your address, telephone number, e-mail address and other contact data, your voice call records kept by customer representatives or customer services in accordance with call center standards, and your personal data obtained when you contact us via e-mail, letter or other means; your other personal data that you send to us through our communication channels, family members and close information of the data subject, children, spouses and identity information,
- Your Bank Account Information: Your financial data such as your bank account number, IBAN number, only credit card information on the slip, invoice and billing information,
- Physical Space Security Information, If you are using the parking lot belonging to our customers, your license plate information, visit information, entry and exit information, images obtained from continuously recorded camera records in common areas, your sound recording,
- Legal Transaction Information, information requests from judicial and administrative institutions, data produced as a result of audits and inspections, your other personal data, including the CV provided in case you apply for a job with the Company, and your service contract if you are a company employee or a related employee. All your personal data, private health insurance data for the financing and planning of health services, and SGK data,
- Marketing Information, targeting information that may affect the service, cookie records, surveys completed by our customers, letters of thanks and complaints, satisfaction results, etc. notifications you make to evaluate,
- Special Quality Personal Data, data on race, health and sexual life, data on criminal convictions and security measures, information that is mandatory to be obtained in accordance with the service or legal legislation, especially biometric data.
3. Purpose of Processing Personal Data
Your personal data shared by you;
- Benefiting you and/or the institutions and organizations you represent from the products and services offered by our company constitutes the basis of our company’s commercial and business strategies.
- Conducting necessary studies, including but not limited to the development and implementation of marketing activities, business development and planning activities
- Ensuring the physical security and control of the locations used by our company
- Establishing business partner/customer/supplier (authorized or employee) relations
- Ensuring contractual requirements and financial reconciliation regarding the products and services offered with our business partners, suppliers or other third parties
- Follow-up of legal and administrative affairs, human resources policies
- It may be processed for the purpose of calling our company’s call center or using the website and/or participating in training, seminars or organizations organized by our company.
4. Storage of Personal Data
- Your personal data will be stored in electronic and/or physical media. Necessary business processes are designed and technical security infrastructure improvements are implemented so that your personal data provided and stored by our company are not exposed to unauthorized access, manipulation, loss or damage in the environments where they are stored.
- Your personal data will be processed by taking all necessary information security measures, provided that it is not used outside of the purposes and scope notified to you, and will be stored and processed during the legal retention period or if such a period is not foreseen. , for as long as required by the processing purpose. When this period expires, your personal data will be removed from our Company’s data streams by deletion, destruction or anonymization methods.
- The company adopts the principle of acting in accordance with the law in data sharing with both business and solution partners. With the commitment of data confidentiality and as much as the service requires, data is shared with business and solution partners and these parties are obliged to take measures to ensure data security.
- In accordance with the regulation, e-mails for advertising purposes can only be sent to people with prior approval. The express consent of the person to whom the advertisement is sent is required. The company complies with the “approval” details determined in accordance with the same legislation. This approval can be obtained in writing, in the physical environment or by any means of electronic communication.
- In the event of a contractual relationship with our customers and potential customers, the collected personal data can be used without the customer’s consent. However, this use takes place in line with the purpose of the contract. On the other hand, the data left to us by our prospective customers (candidates) are processed in order to provide them with an easier and higher quality service afterwards. These data are deleted upon request if there is no contractual relationship.
- The data that reaches our company is processed into the system only as much as necessary. Unnecessary information is not recorded in the system, deleted or anonymized. These data can be used for statistical purposes.
- Your personal data mentioned above, Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Hospitals, Regulation on the Processing of Personal Health Data and Protection of Privacy and Ministry of Health legislation and other legislation provisions. We inform you that within the scope of the disclosure obligation of the data controller, it can be processed within the framework of the HOSPITAL and/or transferred to the physical archives and information systems of our suppliers and stored in both digital and physical environments. environment.
B. TRANSFERRING PERSONAL DATA
- In accordance with the additional regulations listed in Articles 8 and 9 of the Law and determined by the Personal Data Protection Board; If there are conditions regarding the transfer of personal data, it may transfer personal data within the country or abroad.
- In case of existence of at least one of the data processing conditions in Articles 5 and 6 of the Law and on condition that the basic principles regarding data processing conditions are complied with, the transfer of personal data to third parties in the country may be transferred by the company.
- The transfer of personal data to third parties abroad, the company and the data controller in the relevant country to undertake in writing that they will allow the processing of personal data by the Board, and the existence of at least one of the data processing conditions specified in the Law. Articles 5 and 6 of the Law. Personal data may be transferred to third parties abroad.
You can find the conditions and detailed information regarding the transfer of your personal data from the Personal Data Protection and Processing Policy on our website.
C. DISPOSAL OF YOUR PERSONAL DATA
- Despite the fact that it has been processed in accordance with the provisions of the relevant law, it may delete or destroy personal data at its own discretion or upon the request of the personal data owner, in case the reasons requiring processing are eliminated.
- The erasure or destruction techniques used by us are physical destruction, soft wipe, secure erase by an expert.
- The Company may anonymize personal data if the reasons requiring the legal processing of personal data disappear. Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data.
- Pursuant to Article 28 of the PDPL Law; Anonymized personal data may be processed for purposes such as research, planning and statistics. Such transactions are outside the scope of the PDPL Law and the explicit consent of the personal data owner will not be sought. Personal data processed by anonymization are outside the scope of PDPL Law. The most used anonymization techniques by the company are masking, aggregation and data derivation.
- You can find detailed information on the methods of destruction of personal data from the “Personal Data Storage and Destruction Policy” on our website.
D. SITUATIONS WHERE DATA MAY BE PROCESSED WITHOUT EXPRESS CONSENT UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA
Pursuant to Article 5 of the PDPL Law, your personal data below may be processed without your explicit consent in the following cases:
- It is clearly stated in the law.
- A person who cannot explain his or her consent due to actual impossibility or whose consent is not legally valid is obligatory for the protection of himself or someone else’s life or bodily integrity.
- It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
- It is obligatory for the data controller to fulfill its legal obligations.
- The person concerned has been made public by herself/himself.
- Data processing is mandatory for the establishment, exercise or protection of a right.
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.
E. DATA SECURITY
As a company; We attach importance to the protection of your personal data. For this reason, we present to your information that we provide protection against possible risks within our technical and administrative possibilities in accordance with information security standards and procedures.
F. YOUR RIGHTS TO PROTECT YOUR PERSONAL DATA
Law on the Protection of Personal Data M.11, you can fill in the “Data Owner Application Form” on our website and deliver it to the address of the workplace with wet signature, by hand, via a notary public, by sending it to our Company’s caps, from your registered e-mail address as firstname.lastname@example.org or in accordance with the relevant legislation https://www..esnan.com.tr/with electronic signature with an electronic signature or a secure extension via “PDF”.
- Learning whether it has been processed; if it is processed, to request information about it and to learn whether it is used in accordance with the purpose of processing,
- Knowing the third parties to whom personal data is transferred at home or abroad,
- Requesting correction of these in case of incomplete or incorrect processing,
- Requesting notification of the correction and/or deletion or destruction of your personal data to the third parties to which the personal data has been transferred,
- Requesting correction of your personal data in case of incomplete or incorrect processing and notifying the third parties to whom your personal data has been transferred,
- Objecting to adverse results that may arise as a result of processing through automated systems,
- Compensation for damage in case of loss due to processing in violation of the law and relevant legislation
We inform you that you have the right to demand from us.
Your right to learn whether your personal data is being processed and to request information about it if your personal data has been processed; If you use your right to learn the purpose of processing personal data and whether they are used in accordance with its purpose, or to know the third parties to whom personal data is transferred, at home or abroad, the relevant information will be sent to you. as soon as possible and within thirty days at the latest, depending on the nature of your request. You will be informed in writing or electronically through the contact information you have provided, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.
In the evaluation of the applications, the company first determines whether the person making the request is the real right holder. However, the company may request detailed and additional information in order to better understand the demand when it deems necessary.
Responses to the related person’s applications are notified by the company in writing or electronically. If the application is rejected, the reasons for the rejection are explained to the data owner with justification.