PERSONAL DATA PROCESSING AND PROTECTION POLICY

1.1 Introduction

Prof. Dr. Seyit Ali Gümüştaş Practice  (“Prof. Dr. Seyit Ali Gümüştaş”)  attaches utmost importance to protecting the fundamental rights and freedoms of individuals, especially based on the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. In this context, Prof. Dr.  Seyit Ali Gümüştaş pays attention to the legal protection and processing of personal data in accordance with the Personal Data Protection Law No. 6698  (“KVKK”)  and the European Union General Data Protection Regulation  (“GDPR”) and acts with this understanding in all its planning and activities.

Ensuring the security of people's personal data Prof. Dr. He is one of Seyit Ali Gümüştaş's primary targets. For this reason, in order to securely process people's personal data and prevent any unlawful access or leakage of these data, necessary security measures are taken in accordance with the applicable legislation. Dr. It is taken by Seyit Ali Gümüştaş.

1.2 Purpose of the Policy

The purpose of the Personal Data Protection and Processing Policy  (“Policy”)  is to protect and process personal data that is processed in accordance with the purpose of KVKK and GDPR by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Dr. To inform personal data owners about Seyit Ali Gümüştaş's obligations and the procedures and principles it will comply with. In line with the purpose of the Policy, Prof. Dr. In the protection and processing of personal data activities carried out by Seyit Ali Gümüştaş, it is aimed to ensure full compliance with the legislation and to protect the right to privacy and data security of personal data owners.

1.3 Scope of the Policy

This Policy; It has been prepared for Patients/Clients, Employees, Employee Candidates and Visitors, provided that they are real persons, and will be applied within the scope of these specified persons. Prof. Dr. The purpose of publishing the provisions of this Policy within the clarification text on the website by Seyit Ali Gümüştaş is to inform data owners about the protection and processing of personal data and data security. This Policy will not apply to legal entities in any capacity.

This Policy applies to the above-mentioned Data Owners, for the use of their personal data by fully or partially automated or non-automatic means, provided that it is part of any data recording system. Dr. It will be implemented if processed by Seyit Ali Gümüştaş. If the data is not included in the scope of "Personal Data" within the scope specified below or Prof. Dr. This Policy will not be applied if the personal data processing activity carried out by Seyit Ali Gümüştaş is not done through the means specified above.

1.4 Definitions

The concepts used in the implementation of this Policy have the following meanings:

Explicit Consent	It is consent regarding a certain subject, based on informed consent and expressed with free will.
Lighting Obligation	It is the obligation of the data controller to inform the persons whose personal data it processes, by whom, for what purposes and on what legal grounds these data may be processed, and to whom it may be transferred, and for what purposes.
Related User	Persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.
Destruction	It refers to the deletion, destruction or anonymization of personal data.
Processing of Personal Data	Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. It is any operation performed on data, such as blocking.
KVK Board	It is the Personal Data Protection Board.
Personal Data Owner	It refers to the Patients, Clients, Employees, Employee Candidates and Visitors whose Personal Data (including sensitive personal data) is processed.
Personal Data	It is any information regarding an identified or identifiable natural person.
Institution/Audit Mechanism	It is the Personal Data Protection Authority consisting of the Board and the Presidency.
Automatically Processing Data	Computer, phone, watch, etc. It is a processing activity that takes place automatically, without human intervention, within the scope of pre-prepared algorithms through software or hardware features, carried out by devices with processors.
Special Personal Data	Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data are special quality data.
Record	It is the Data Controllers Registry.
Prof. Dr. Seyit Ali Gümüştaş	Prof. Dr. Seyit Ali Gümüştaş Practice.
Data Processor	It is a natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System	It refers to the recording system in which Personal Data is structured and processed according to certain criteria.
Data Category	It is a class of personal data belonging to a group or groups of data subjects in which personal data is grouped according to their common characteristics.
Data Subject Person Group	It is the relevant person group whose personal data the data controller processes.
Data Controller	It is the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for establishing and managing the data recording system.

1.5 Enforcement of the Policy

Prof. Dr. Policy principles prepared by Seyit Ali Gümüştaş and entered into force on 01.07.2021, Prof. Dr. It is made available to data owners in the content of the KVK information text published on the corporate websites of Seyit Ali Gümüştaş.

2. PROTECTION OF PERSONAL DATA

2.1 Security of Personal Data

Prof. Dr. Seyit Ali Gümüştaş takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data safely and prevent unlawful processing and access of personal data in accordance with KVKK and GDPR. Administrative and technical measures taken regarding the security of personal data, Prof. Dr. It is regulated in detail in Seyit Ali Gümüştaş's Personal Data Storage and Destruction Policy.

2.2 Audit

Prof. Dr. Seyit Ali Gümüştaş carries out the necessary inspections and has them carried out in order to establish the data security described above and to ensure the regularity and continuity of the measures taken.

Prof. Dr. The technical measures taken by Seyit Ali Gümüştaş are supervised by authorized persons in six-month periods a year, and administrative measures are carried out by Prof. Dr. It is inspected by people authorized by Seyit Ali Gümüştaş.

2.3 Privacy

In order for the Data Processor not to disclose the personal data he/she has learned within the scope of his/her duty to anyone else, in violation of KVKK, GDPR and Policy provisions, and not to use it for purposes other than processing. Dr. All necessary administrative and technical measures are taken by Seyit Ali Gümüştaş. In this context, information and training activities are carried out for the Practice employees about KVKK, GDPR and the Policy, and the relevant employees are made to sign confidentiality agreements as part of the recruitment process.

2.4 Unauthorized Disclosure of Personal Data

Prof. Dr. If personal data processed by Seyit Ali Gümüştaş is obtained by others through unlawful means, Prof. Dr. Seyit Ali Gümüştaş carries out the necessary procedures to notify the Data Owner and the KVK Board about this situation within the periods determined by the KVK Board. If deemed necessary by the KVK Board, this situation is announced on the KVK Board's website or by another method deemed appropriate by the KVK Board.

2.5 Observing the Legal Rights of Relevant Persons

Prof. Dr. Seyit Ali Gümüştaş observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

2.6 Protection of Special Personal Data

Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data of special quality is personal data. Prof. Dr. Seyit Ali Gümüştaş is aware that Special Personal Data is data that may cause the Data Owner to be victimized or discriminated against if learned by others, and for this reason, it carefully takes adequate measures determined by the Board to protect such personal data processed in accordance with the law. . In this context; It has a separate policy (Security of Special Personal Data Policy) that is systematic, has clear rules, is manageable and sustainable.

3. PROCESSING AND TRANSFER OF PERSONAL DATA

3.1 General Principles in Processing and Transferring Personal Data

Prof. Dr. Personal Data is processed by Seyit Ali Gümüştaş in accordance with the procedures and principles stipulated in KVKK, GDPR and this Policy. Prof. Dr. Seyit Ali Gümüştaş complies with the following principles when processing personal data.

3.1.1 Compliance with the Law, Rules of Honesty and Transparency

Prof. Dr. Seyit Ali Gümüştaş processes personal data in accordance with the relevant legislation and the requirements of the code of honesty and uses it within these limits. In accordance with the principle of honesty, Prof. Dr. While trying to achieve its goals in data processing, Seyit Ali Gümüştaş takes into account the interests and reasonable expectations of the relevant persons. It acts to prevent the emergence of consequences that the Data Owner does not expect and does not need to expect. In accordance with the principle, it also ensures that such data processing activity is transparent to the data subject; Acts in accordance with its lighting and warning obligations.

3.1.2 Be Accurate and Up-to-Date Where Necessary

Prof. Dr. Seyit Ali Gümüştaş ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights and legitimate interests of data owners. In this context, it carefully takes into account issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated. Prof. Dr. Seyit Ali Gümüştaş always keeps the channels open to ensure that the personal data owner's information is accurate and up-to-date. Keeping personal data accurate and up-to-date, Prof. Dr. It is necessary to protect the interests of Seyit Ali Gümüştaş as well as the fundamental rights and freedoms of the Data Owner.

3.1.3 Processing for Specific, Clear and Legitimate Purposes

Prof. Dr. Seyit Ali Gümüştaş clearly and precisely determines the purpose of data processing and ensures that this purpose complies with the law. The purpose must be legal, Prof. Dr. It means that the personal data processed by Seyit Ali Gümüştaş is related to and necessary for the healthcare service in which it operates. Prof. Dr. Seyit Ali Gümüştaş does not process data for purposes other than these stated purposes. In this respect, it shows sensitivity in complying with the principle of certainty and clarity in legal transactions and texts in which the purposes of personal data processing are explained.

3.1.4 Being Related to the Purpose for which they are Processed, Limited, Proportionate and Necessary

Prof. Dr. Seyit Ali Gümüştaş ensures that the personal data processed are suitable for the achievement of the specified purposes and avoids the processing of data that is not relevant or needed to achieve the purpose. Prof. Dr. Seyit Ali Gümüştaş does not collect or process personal data for purposes that do not exist or are expected to be realized later. It also limits the data processed to only what is necessary to achieve the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the purpose it is intended to achieve.

3.1.5 Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed

Prof. Dr. If there is a period stipulated in the relevant legislation for the storage of data, Seyit Ali Gümüştaş complies with these periods; Otherwise, it retains personal data only for the period necessary for the purpose for which they are processed. Prof. Dr. If there is no valid reason for further storage of personal data by Seyit Ali Gümüştaş, the data in question will be deleted, destroyed or anonymized. Procedures for storage and destruction of personal data Prof. Dr. It is regulated in detail in Seyit Ali Gümüştaş's Personal Data Storage and Destruction Policy.

3.1.6 Compliance with Integrity and Confidentiality Principles

Prof. Dr. Personal data is processed by Seyit Ali Gümüştaş by taking the necessary technical and administrative measures in order to ensure appropriate security against loss, destruction, damage or protection of personal data.

3.1.7 Compliance with the Accountability Principle

Prof. Dr. Seyit Ali Gümüştaş has fulfilled its obligation in accordance with the rules of protection of personal data in its processing activities, and in case of any complaint or ex officio review, it will be able to submit documents proving that these measures have been taken to the auditing institutions.

3.2 Conditions for Processing Personal Data

Prof. Dr. Seyit Ali Gümüştaş does not process personal data without the explicit consent of the Data Owner. Personal data can only be processed without the explicit consent of the Data Owner if one of the following conditions exists:

3.2.1 Explicitly Provided in Laws

Prof. Dr. Seyit Ali Gümüştaş may process personal data without seeking the explicit consent of the Data Owner, in cases clearly provided for by law.

3.2.2 It is Necessary for the Protection of the Life or Physical Integrity of the Person Who Is Unable to Express His Consent Due to Actual Impossibility or whose Consent Is Not Recognized as Legally Valid.

Prof. Dr. Seyit Ali Gümüştaş may process personal data without seeking explicit consent to protect the life or physical integrity of individuals in cases where consent cannot be expressed or is not valid.

3.2.3 It is Necessary to Process Personal Data of the Parties to the Contract, Provided That It is Directly Related to the Establishment or Performance of a Contract

Prof. Dr. Seyit Ali Gümüştaş may process the personal data of the Data Owner without seeking explicit consent, limited to this purpose, as a matter of ordinary course of life, in case it is necessary to process the personal data of the parties to the contract directly related to the establishment or execution of a contract.

3.2.4 It is mandatory to fulfill legal obligations

Prof. Dr. Seyit Ali Gümüştaş, as the Data Controller, may process the personal data of the Data Owner without seeking explicit consent when necessary in order to fulfill its legal obligations.

3.2.5 Being Publicized by the Relevant Person Himself

Prof. Dr. Seyit Ali Gümüştaş; The personal data of the Data Owner, which has been made public by the Data Owner, in other words, has been disclosed to the public in any way, may be processed on a limited basis for the purpose of publicization, as it is accepted that the legal interest to be protected in the processing of such data, which has been made public by the Data Owner and thus become known to everyone, is eliminated.

3.2.6 Data Processing Is Necessary for the Establishment, Exercise or Protection of a Right

Prof. Dr. Seyit Ali Gümüştaş may process the personal data of the Data Owner without seeking explicit consent, in cases where data processing is mandatory for the exercise or protection of a legally legitimate right.

3.2.7 It is mandatory for our practice to process data for its legitimate interests, provided that it does not harm the fundamental rights and freedoms of the relevant persons.

Prof. Dr. Seyit Ali Gümüştaş may process the Data Owner's personal data in cases where processing of personal data is necessary to ensure its legitimate interests, provided that it does not harm the Data Owner's fundamental rights and freedoms protected under KVKK, GDPR and the Policy. Prof. Dr. Seyit Ali Gümüştaş, compliance with the basic principles regarding the protection of personal data and Prof. Dr. It shows the necessary sensitivity regarding the balance of interests of Seyit Ali Gümüştaş and personal data owners. What is meant by legitimate interest; Legitimate is an effective, specific and existing interest that competes with the fundamental rights and freedoms of the Data Owner. Prof. Dr. Seyit Ali Gümüştaş takes additional protective measures to prevent any harm to the rights of the Data Owner. Prof. Dr. A reasonable balance is maintained between the interests of Seyit Ali Gümüştaş and the fundamental rights and freedoms of the person concerned.

3.3 Conditions for Processing of Special Personal Data

Prof. Dr. Seyit Ali Gümüştaş does not process sensitive personal data without the explicit consent of the Data Owner. Special categories of personal data can only be processed without the express consent of the relevant person if one of the following conditions is met:

3.3.1 Explicitly Provided in Laws

Special personal data of the Data Owner, other than his health and sexual life, may be processed without the express consent of the Data Owner in cases clearly provided for by law.

3.3.2 For the Purpose of Protection of Public Health, Preventive Medicine, Medical Diagnosis, Treatment and Care Services, Planning and Management of Health Services and Financing

Data Owner's personal data of special nature regarding his health and sexual life, for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, persons or authorized institutions and organizations who are under the obligation of confidentiality. can be processed by.

3.4 Conditions for Transfer of Personal Data

Prof. Dr. Seyit Ali Gümüştaş may transfer personal data to third parties on a limited basis and based on one or more of the following personal data processing conditions, in accordance with Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR, by taking the necessary security measures:

• The Data Owner has explicit consent,
• There is a clear regulation in the law regarding the transfer of personal data,
• Personal data transfer is mandatory to protect the life or physical integrity of the Data Owner or someone else and the relevant person is unable to express his/her consent due to actual impossibility or his/her consent is not given legal validity,
• It is necessary to transfer personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• Prof. Dr. Personal data transfer is mandatory for Seyit Ali Gümüştaş to fulfill its legal obligations,
• Personal data has been made public by the Data Owner,
• Personal data transfer is mandatory for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the Data Owner, Prof. Dr. Personal data transfer is mandatory for the legitimate interests of Seyit Ali Gümüştaş.

Special personal data can be transferred based on one of the following conditions and provided that adequate precautions are taken:

• The relevant person must have explicit consent,
• If the person concerned has special personal data other than his or her health and sexual life, there is a clear regulation in the law regarding the transfer of this data.
• If the relevant person has special personal data regarding his/her health and sexual life, these data may be used by persons under the obligation of confidentiality or authorized institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing. can be transferred by organizations.

4. PERSONAL DATA CATEGORIES AND DATA SUBJECT PERSON GROUPS

4.1 Personal Data Categories

Personal data Prof. Dr. It is categorized and processed by Seyit Ali Gümüştaş as follows:

Identity	Your name, surname, TR Identity Number and/or Passport Number and/or Temporary TR Identity Number, place and date of birth, marital status, gender, profession, signature and other identification data that can identify you
Communication	Your address (residence, workplace), telephone number (your home/workplace fixed and/or mobile telephone numbers you have declared), your e-mail address, social media accounts and other communication data.
personnel	CV, title information; employment entry-exit document records; social security/retirement information, payroll information and other personal data.
finance	Personal data processed regarding information, documents and records showing the results of any financial relationship our practice has established with personal data owners, as well as your bank account information, credit information, balance sheet information, financial profile, asset and insurance information and other financial information.
Audiovisual Records	Photograph, camera and audio recording data taken outside the scope of physical location security of personal data owners.
Communication Records	Communication data that can be obtained through our practice's communication and information systems: Corporate telephone call records, corporate mail and e-mail records and their contents, etc.
Customer Transaction	Satisfaction information about our practice's patients, Invoice, receipt information, etc.

SPECIAL PERSONAL DATA

Health Information

Your blood type, allergies, chronic diseases, data regarding previous surgeries/operations, medications you constantly use, analysis and imaging results, prescription information, body analysis and measurement information, medical history, skin analysis information, hormonal tests, information about your sexual life. your information, venereal disease information, information regarding Covid-19 disease, medical treatments, anesthesia information and other health data.

4.2 Data Subject Person Groups

Only natural persons can benefit from the protection of this Policy and the Law. Personal data owners in this scope are grouped as follows:

Employee Candidate	They are real persons who have applied for a job at our practice by any means or have made their CV and related information available for review by our practice.
Customer	They are patients or clients who come to our practice.
Worker	Prof. Dr. They are individuals working at Seyit Ali Gümüştaş Practice.
Visitor	All real persons who have entered the physical premises of our practice for various purposes or visited our websites for any purpose.

5. PERSONAL DATA COLLECTION METHOD AND LEGAL REASON

5.1 Personal Data Collection Method

Your Personal Data, Prof. Dr. By real or legal persons authorized by Seyit Ali Gümüştaş in the capacity of " DATA PROCESSOR/PROCESSOR "; It is recorded physically and electronically by taking verbal, written, camera and photo recordings, and is processed by obtaining your explicit consent in cases stipulated by KVKK and GDPR.

• Job application forms,
• Personnel information forms,
• Prof. Dr. Various documents submitted to Seyit Ali Gümüştaş,
• Prof. Dr. Mails and e-mails sent to Seyit Ali Gümüştaş,
• corporate phones,
• Photo/Video recordings,
• Websites,
• Patient Information Forms,
• Analysis Results,
• Viewing Results,
• Health Information Forms,
• Log Recorder (Firewall),
• Service providers whose servers are located abroad (whatsapp/instagram/facebook/messanger/linkedin/youtube/zoomus/Google/Hotmail/yahoo etc.)

5.2 Legal Reason for Collection of Personal Data

Our practice collects personal data based on one of the following legal reasons in accordance with Articles 5 and 6 of the Law and Articles 6 and 9 of the GDPR:

• Explicit consent of the person concerned,
• It is clearly stipulated in the law;
• Personal data has been made public by the relevant person himself,
• It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• If the Data Owner has special personal data regarding his health and sexual life, these data are for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing,
• Prof. Dr. It is mandatory for Seyit Ali Gümüştaş to fulfill his legal obligation,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the persons concerned, Prof. Dr. It is mandatory for Seyit Ali Gümüştaş to process data for its legitimate interests.

6. PURPOSES OF PROCESSING PERSONAL DATA

6.1 Matching of Data Subject Person Groups with the Purposes of Processing Regarding Personal Data Categories

The matching of data subject groups, whose definitions and scopes are given above, with the processing purposes of personal data categories is presented below:

• Employee Candidate

Data Categories :  Identity, Contact, Personnel, Professional Experience,

Purposes of Processing :  Carrying out Emergency Management Processes, Carrying out Information Security Processes, Carrying out Employee Candidate / Intern / Student Selection and Placement Processes, Carrying out the Application Processes of Employee Candidates, Carrying out Communication Activities

• Customer (Patient/Client)

Data Categories :  Identity, Communication, Financial, Customer Transaction, Health Data, Biometric Data

Purposes of Processing :  to create a patient file, to carry out your examination, preventive medicine, medical diagnosis, treatment and care services, to carry out your checks after medical diagnosis and treatment processes, to communicate with you one-on-one, to manage appointment processes, to realize patient satisfaction and demand management, to carry out legal and contractual obligations. To be able to maintain the information regarding your health data that must be kept in accordance with the relevant legislation within the specified periods, to receive consultation from another relevant specialist physician when necessary in order to provide the correct treatment, to fulfill the legal obligations in accordance with the legislation within the scope of health tourism, to be able to fulfill the legal obligations of the patients coming within the scope of health tourism. To be able to plan the transfer and accommodation services of clients, to announce innovations regarding medical treatment and practices, to inform third parties about the applied medical procedure, to plan and manage health services and their financing, to fulfill the responsibilities arising from the legal relationship established between the doctor and the patient, and to fulfill financial and administrative obligations. To ensure technical and commercial security and to fulfill public obligations

• Worker

Data Categories :  Identity, Contact, Personnel, Finance, Visual and Audio Information,

Purposes of Processing :  Execution of Emergency Management Processes, Execution of Information Security Processes, Fulfillment of Employment Contract and Legislation Obligations for Employees, Execution of Fringe Benefits and Benefits Processes for Employees, Execution of Activities in Compliance with the Legislation, Execution / Audit of Business Activities, Organization and Event Management

• Visitor

Data Categories: Legal Action

Purposes of Processing: Execution of Emergency Management Processes, Execution of Information Security Processes,

6.2 Personal Data Processing Activities Performed on the Website

Traffic information of online visitors visiting our website is automatically processed for the purpose of carrying out information security processes. On the other hand, in accordance with Law No. 5651 and other legislation, hosting providers have the obligation to record and store website traffic information.

6.3 Personal Data Processing Activities Performed Through Communication Channels

Phone, email etc. Communications made through channels Prof. Dr. It is inspected and recorded by Seyit Ali Gümüştaş for the purpose of conducting/supervising business activities and tracking requests/complaints.

Data owners must use these channels only within the scope of their business activities.

7. PURPOSES OF TRANSFER OF PERSONAL DATA AND PERSONS/ORGANIZATIONS TO WHICH THEY ARE TRANSFERRED

7.1 Purposes of Transfer of Personal Data

Prof. Dr. Seyit Ali Gümüştaş transfers personal data limited to the following purposes within the framework of the conditions specified in Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR:

• To carry out examination, preventive medicine, medical diagnosis, treatment and care services,
• Managing complication processes,
• Getting a consultation,
• Fulfilling obligations in accordance with the Ministry of Health Legislation,
• Fulfilling obligations in accordance with International Health Tourism Legislation,
• Meeting the transportation, accommodation and translator needs of Health Tourist patients, fulfilling administrative obligations before Provincial Health Directorates and District Health Directorates,
• Providing medical information to third parties regarding the health services provided,
• Carrying out the application processes of employee candidates,
• Fulfillment of Employment Contract and Legislation Obligations for Employees,
• Execution of Fringe Benefits and Benefits Processes for Employees,
• Conducting Activities in Compliance with Legislation,
• Carrying out Finance and Accounting Affairs,
• Execution/Audit of Business Activities,
• Carrying out Business Continuity Ensuring Activities,
• Execution of Risk Management Processes,
• Ensuring and auditing data security,
• Execution of Contract Processes,
• Providing Information to Authorized Persons, Institutions and Organizations

7.2 Persons/Organizations to whom Personal Data is Transferred

Prof. Dr. Seyit Ali Gümüştaş can transfer personal data to the following persons and organizations, limited to the data subject groups and data required by the purpose of transfer:

• To other specialist physicians for consultation,
• Insured Employees,
• To its suppliers,
  • Financial Advisors, Tax and Finance Consultants and Auditors
  • Legal Advisor
  • Database (Server) Providers
  • translators
  • Web Consultant
  • Data Protection Officer
  • IT Consultant
  • Tourism Agencies
• Public Institutions and Organizations authorized within the framework of the law,
• To the Judicial Authorities.

8. DESTRUCTION AND STORAGE PERIOD OF PERSONAL DATA

8.1 Destruction of Personal Data

Without prejudice to the provisions regarding the destruction of personal data in other laws, Prof. Dr. Seyit Ali Gümüştaş deletes, destroys or anonymizes the personal data it has processed in accordance with the provisions of KVKK and other laws, ex officio or upon the request of the relevant person, in accordance with the Personal Data Storage and Destruction Policy, in case the reasons requiring processing are eliminated.

Deletion of personal data refers to the process of making personal data inaccessible and unusable for the relevant users in any way.

Destruction of data; It refers to the process of making personal data inaccessible, irretrievable and unusable by anyone.

Anonymization of data, masking of personal data, variable extraction, generalization, etc. It refers to the process of making it impossible to associate it with an identified or identifiable natural person in any way, even if it is matched with other data using techniques.

8.2 Storage Periods of Personal Data

Prof. Dr. Seyit Ali Gümüştaş stores personal data in accordance with the periods stipulated in the laws and other legislation. If there is no retention period stipulated in laws and other legislation, personal data, Prof. Dr. In accordance with Seyit Ali Gümüştaş's Personal Data Storage and Destruction Policy, that personal data is stored for the period required to achieve the purpose of processing, and is then deleted, destroyed or anonymized within the framework of periodic destruction periods.

9. PERSONAL DATA OWNER'S RIGHTS ACCORDING TO KVKK AND GDPR

9.1 Rights of the Data Subject Under the GDPR

As a Data Owner, your Personal Data is also protected in accordance with the GDPR. In cases where GDPR falls within the jurisdiction (European citizens or residents of Europe), the rights of data owners are as follows;

• Right of Access (GDPR article 15):  The data owner can check whether personal data about him/her is being processed or not. Dr. He/she has the right to confirm by contacting Seyit Ali Gümüştaş and to learn the details in GDPR article 15 in case personal data is processed.
• Right to Rectification (Article 16 GDPR):  Data Owner, Prof. Dr. Seyit Ali Gümüştaş has the right to have any changed personal data belonging to him corrected at any time by contacting us.
• Right to Erasure (Article 17 GDPR):  Data Owner, Prof. Dr. Seyit Ali Gümüştaş has the right to request the deletion of his personal data held by him. If the matters specified in Article 17 of the GDPR occur, Prof. Dr. Your personal data will be deleted by Seyit Ali Gümüştaş without delay.
• Right to Restriction of Processing (Article 18 GDPR):
  • If the Data Owner objects to the up-to-dateness of Personal Data, Prof. Dr. Until the accuracy of the Personal Data is confirmed by Seyit Ali Gümüştaş, the Data Owner has the right to request the restriction of the use of the data.
  • If the Personal Data processing activity is illegal and the Data Owner objects to the deletion of Personal Data, the Data Owner has the right to request the restriction of the use of the data.
  • Prof. Dr. Although Seyit Ali Gümüştaş no longer needs your personal data, if we want to establish and enforce your rights, the Data Owner has the right to request the restriction of the use of the data.
  • Prof. Dr. Until it is verified whether Seyit Ali Gümüştaş's legitimate reasons outweigh the legitimate reasons of the Data Owner, the Data Owner has the right to request the restriction of the use of the data if he objects to the processing activity in accordance with Article 21/1 of the GDPR.
• Right to Data Portability (Article 20 GDPR):  Data Owner, if technically possible, Prof. Dr. Seyit Ali Gümüştaş has the right to request the transfer of his Personal Data held by him to another controller at any time by contacting us. However, you can exercise this right when data processing is based on your consent or when required by contract.
• Right to Object (Article 21 GPDR):
  • The Data Subject has the right to object, on grounds relating to his or her particular situation, to processing of Personal Data, including profiling, pursuant to point (e) or (f) of Article 6(1) of the GDPR. Prof. Dr. Seyit Ali Gümüştaş cannot process your Personal Data unless it can demonstrate a strong legitimate reason, such as overriding the interests, rights and freedoms of the Data Owner or the establishment, exercise or protection of a legal right.
  • The Data Subject has the right to object at any time to processing of Personal Data for marketing purposes, including profiling to the extent that Personal Data is related to such direct marketing.
  • If the Data Owner objects to the processing of Personal Data for direct marketing purposes, the Personal Data will no longer be processed for such purposes.

9.2 Data Owner's Rights According to KVKK

The rights that natural persons whose Personal Data are processed have in accordance with Article 11 of the KVKK are as follows;

• Learning whether personal data is processed or not,
• Requesting information if personal data has been processed,
• Learning the purpose of processing personal data and whether they are used for their intended purpose,
• Knowing the third parties to whom personal data is transferred at home or abroad,
• Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
• Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the provisions of KVKK and other relevant laws, and requesting that the transaction carried out in this context be notified to third parties to whom personal data has been transferred,
• Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
• Request compensation for damages in case of damage due to unlawful processing of personal data.

In case data owners have rights or requests that they want to exercise from the rights listed above; They submit their written applications, in which they clearly and understandably state which of the rights they wish to exercise, stated in Article 11 of the KVKK, with wet signatures and documents proving their identity, to Prof. Dr. They can submit it personally to the address of Seyit Ali Gümüştaş Clinic, send it through a notary public, or send it to Prof. by signing with a secure e-signature. Dr. They can be sent to the corporate e-mail address of Seyit Ali Gümüştaş or via other methods specified in KVKK. In applications, it is mandatory to include name-surname, signature, TR ID number/passport number/temporary ID number, residence or workplace address, e-mail address, telephone and fax number, and the elements subject to the request, in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller" .

Prof. Dr. Seyit Ali Gümüştaş will finalize the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee at the tariff determined by the Personal Data Protection Board will be charged.