Personal Data Protection and Processing Policy

tr en de esp

DR. MEHMET CÖMERT

PERSONAL DATA PROTECTION AND PROCESSING POLICY

1. Purpose and Scope

DR. MEHMET CÖMERTIt makes every effort to comply with all applicable legislation regarding the processing and protection of personal data.

herebyPolitics within the framework ofDr. Mehmet ComertThe principles adopted in the execution of personal data processing activities carried out by A.Ş. are explained.

With politics,Dr. Mehmet Cömert's It is aimed to ensure the sustainability of the principle of carrying out professional activities in transparency. In this contextClinicdata processing activities in the Personal Data Protection Law No. 6698 (“KVK Law""), the basic principles adopted in terms of compliance with the regulations are determined andClinicThe practices implemented by are explained.

PoliticsDr. Mehmet ComertAlthough it is carried out by automatic or non-automatic means provided that it is part of any data recording system, it is directed to real persons whose personal data is processed. Issues regarding the protection of personal data of employees is also regulated.

2. Policy Principles

2.1. General Principles

The policy is made accessible to personal data owners.Dr. Mehmet Comert'on the website ofdrmehmetcomert.com It is published at. In parallel with the changes and innovations to be made in the legislation, the changes to be made in the Policy will be made accessible in a way that data owners can easily access.

In case of conflict between the legislation in force regarding the protection and processing of personal data and this Policy,ClinicIt accepts that the legislation in force will find its application area.

2.2. Person Groups Covered by the Policy

within the scope of the policy andDr. Mehmet ComertThe data subject groups whose personal data are processed by are as follows:

Employee Candidates
Dr. Mehmet ComertPersons who have not established a service contract with, but are being considered for establishment.

Business Partners Officials, Employees
Dr. Mehmet ComertNatural person officials, shareholders and employees of the organizations with which we have commercial relations.
visitors
Dr. Mehmet Comert's office orDr. Mehmet ComertNatural persons who visit websites operated by .
Other Real Persons
Dr. Mehmet Comert All natural persons who are not covered by the Personal Data Protection and Processing Policy.

3. Disclosure of Personal Data Owners

Dr. Mehmet Comert,In accordance with Article 10 of the KVK Law, it carries out the necessary processes to ensure that data owners are informed during the acquisition of personal data. In this context, the following information is included in the information texts provided to data owners by:

(1) Mehmet Cömert's title,
(2) Dr. Mehmet ComertFor what purpose the personal data of data owners will be processed by,
(3) To whom and for what purpose the processed personal data can be transferred,
(4) Method and legal reason for collecting personal data,
(5) The rights of the data owner;
- Learning whether personal data is being processed or not,
- Requesting information if personal data has been processed,
- Learning the purpose of processing personal data and whether they are used for their intended purpose,
- Knowing the third parties to whom personal data is transferred at home or abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing and requesting that the transaction be notified to third parties to whom personal data has been transferred,
- Requesting the deletion or destruction of personal data within the framework of the stipulated conditions and requesting that the transaction be notified to third parties to whom personal data has been transferred,
- Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
- Request compensation for damages in case of damage due to unlawful processing of personal data.

4. Finalization of Requests of Personal Data Owners

Data owners' requests regarding their personal data are addressed to Dr. In case they convey it to Mehmet Cömert in writing, As the data controller, it carries out the necessary processes in accordance with Article 13 of the KVK Law to ensure that the request is concluded as soon as possible and within thirty (30) days at the latest, depending on its nature.

Dr. Mehmet ComertWithin the scope of ensuring data security, may request information to determine whether the applicant is the owner of the personal data subject to the application. Dr. Mehmet Cömert may also ask questions to the personal data owner regarding his application in order to ensure that the application of the personal data owner is finalized in accordance with the request. Application of the data owner; In cases such as there is a possibility of hindering the rights and freedoms of other people, it requires disproportionate effort, the information is public information,Dr. Mehmet ComertThe request may be rejected by explaining the reason.

4.1. Rights of Personal Data Owners

In accordance with Article 11 of the KVK Law,drmehmetcomert.com Dr. via the form available at. You can contact Mehmet Cömert and request the following issues:

(1) Learning whether your personal data is being processed or not,
(2) Requesting information if your personal data has been processed,
(3) Learning the purpose of processing your personal data and whether they are used in accordance with their purpose,
(4) Learning the third parties to whom your personal data is transferred domestically or abroad,
(5) Requesting correction of your personal data if it has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom your personal data has been transferred,
(6) To request that your personal data be deleted, destroyed or anonymized in case the reasons requiring processing are eliminated, even though it has been processed in accordance with the provisions of the Personal Data Protection Law and other relevant laws, and to request that the transaction carried out in this context be notified to third parties to whom your personal data has been transferred,
(7) Object to the emergence of a result against you by analyzing your processed data exclusively through automatic systems,
(8) Request compensation in case you suffer damage due to unlawful processing of your personal data.

4.2. Situations Excluded from the Rights of Personal Data Owners According to the Legislation

In accordance with Article 28 of the KVK Law, personal data owners will not be able to assert their rights on the following issues, since the following situations are not within the scope of the KVK Law:

(1) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
(2) Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
(3) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public security, public order or economic security.
(4) Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings.

In accordance with Article 28/2 of the KVK Law; Personal data owners will not be able to assert their rights, except for requesting compensation for damages in the cases listed below:

(1) Processing personal data is necessary for the prevention of crime or criminal investigation.
(2) Processing of personal data made public by the personal data owner.
(3) Personal data processing is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law.
(4) Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters.

5. Ensuring the Security and Confidentiality of Personal Data

Dr. Mehmet ComertIn order to prevent unlawful disclosure, access, transfer of personal data or security deficiencies that may occur in other ways, all necessary precautions are taken, within the scope of possibility, depending on the nature of the data to be protected.

In this contextClinicAll necessary (i) administrative and (ii) technical measures are taken by the company, (iii) an audit system is established within the clinic, and (iv) in case of illegal disclosure of personal data, it acts in accordance with the measures stipulated in the Personal Data Protection Law.

(1) To Ensure Lawful Processing of Personal Data and Prevent Unlawful Access to Personal DataClinic Administrative Measures Taken by

Dr. Mehmet Comert,It trains its employees regarding personal data protection law and ensures their awareness.
In cases where personal data is subject to transfer,Dr. Mehmet ComertIt is ensured that records are added to the contracts concluded with the persons to whom personal data is transferred, stating that the party to which personal data is transferred will fulfill its obligations to ensure data security.
Dr. Mehmet ComertPersonal data processing activities carried out by the Company are examined in detail, and in this context, the steps that need to be taken to ensure compliance with the personal data processing conditions stipulated in the Personal Data Protection Law are determined.
Dr. Mehmet Comert, determines the practices that need to be implemented to ensure compliance with the KVK Law and regulates these practices with internal policies.

(2) To Ensure Lawful Processing of Personal Data and to Prevent Unlawful Access to Personal Data, Dr. Technical Measures Taken by Mehmet Cömert

Dr. Mehmet ComertRegarding the protection of personal data, technical measures are taken to the extent technology allows, and the measures taken are updated and improved in parallel with the developments.
In technical matters, expert personnel are employed.
Inspections are carried out at regular intervals regarding the implementation of the measures taken.
Software and systems are installed to ensure security.
Dr. Mehmet ComertThe access authority to personal data being processed within the company is limited to the relevant employees in line with the determined processing purpose.

(3) Dr. Mehmet ComertCarrying out Audit Activities Regarding the Protection of Personal Data by

Dr. Mehmet ComertThe functioning of the technical and administrative measures taken within the scope of protecting and ensuring the security of personal data is inspected and practices are carried out to ensure the continuation of the operation. The results of the audit activities carried out in this context,Dr. Mehmet ComertIt is reported to the relevant department within the company. In line with the audit results, activities are carried out to ensure the development and improvement of the measures taken regarding the protection of data.

(4) Measures to be Taken in Case of Illegal Disclosure of Personal Data

Dr. Mehmet ComertWithin the scope of the personal data processing activity carried out by the Company, in case personal data is obtained by unauthorized persons unlawfully, the situation will be reported to the KVK Board and the relevant data owners without delay.

6. Identification of the Unit Responsible for the Protection and Processing of Personal Data

Dr. Mehmet ComertThe responsible person who will ensure the necessary coordination within the clinic within the scope of ensuring, preserving and maintaining compliance with the personal data protection legislation has been determined. The responsible person is responsible for the execution and improvement of the systems established to ensure that the activities carried out comply with the personal data protection legislation.

In this context, the main duties of the relevant responsible person are stated below:

To prepare and put into effect basic policies regarding the protection and processing of personal data,
To decide how the implementation and supervision of policies regarding the protection and processing of personal data will be carried out, and to assign and ensure coordination within this framework,
To determine the matters that need to be done to ensure compliance with the KVK Law and relevant legislation; overseeing and coordinating its implementation,
To raise awareness within the workplace and among the institutions we cooperate with regarding the protection and processing of personal data,
Dr. To identify the risks that may occur in Mehmet Cömert's personal data processing activities and to ensure that the necessary precautions are taken; to offer improvement suggestions,
Designing and ensuring the execution of trainings on the protection of personal data and implementation of policies,
To decide on the applications of personal data owners at the highest level,
Personal data owners; Dr. To coordinate the execution of information and training activities to ensure that Mehmet Cömert is informed about his personal data processing activities and legal rights,
To prepare and put into effect changes in basic policies regarding the protection and processing of personal data,
To follow the developments and regulations regarding the protection of personal data; In accordance with these developments and regulations, Dr. To advise the senior management on what needs to be done in Mehmet Cömert operations,
To manage the relations with the KVK Board and the KVK Institution,
Dr. To perform other duties assigned by Mehmet Cömert's workplace management regarding the protection of personal data.

7. Purposes of Processing Personal Data and Personal Data Groups Subject to Data Processing

7.1. Personal Data Categories

Dr. Mehmet ComertPersonal data in the following groups are processed partially or fully automatically or non-automatically as part of the data recording system.

PERSONAL DATA CATEGORIES	EXPLANATION
Identity Information/Family and Relatives Data	Personal data containing information regarding the identity of the person; name surname, T.R. Documents such as driver's license, identity card and passport containing information such as identity number, nationality information, mother's name-father's name, place of birth, date of birth, gender, as well as tax number, SSI number, signature information, Marriage Certificate, etc. informations.
Communication information	Contact information; Personal data such as telephone number, address, e-mail address, fax number.
Physical Space Security Information	Personal data regarding records and documents taken upon entering the physical location and during the stay in the physical location; camera records, and records taken at security points, etc.
Transaction Security Information	Dr. Mehmet Cömert's professional While carrying out its activities, both the data owner and Dr. Personal data processed to ensure the technical, administrative, legal and commercial security of Mehmet Cömert.
Risk Management Information	Personal data processed through methods used in accordance with generally accepted legal, commercial customs and honesty rules in these fields to manage commercial, technical, professional and administrative risks.
Financial Information	Dr. Mehmet ComertPersonal data processed regarding information, documents and records showing all kinds of financial results created within the scope of the legal relationship between the data owner and the data owner, and personal data such as bank account number, IBAN number, credit card information.
Legal Action and Compliance Information	Dr. Mehmet Cömert'sdetermination and pursuit of legal receivables and rights, fulfillment of debts and legal obligations andClinic Personal data processed within the scope of compliance with policies.
Audit and Inspection Information	Dr. Mehmet Cömert'sPersonal data processed within the scope of compliance with legal obligations and workplace policies.
Special Personal Data	Data specified in Article 6 of the Personal Data Protection Law (e.g. health data including blood type, religious information, etc.)
Request/Complaint Management Information	Dr. To Mehmet CömertPersonal data regarding the receipt and evaluation of any requests or complaints made.
Reputation Management Information	Associated with the person and Dr. Mehmet Comert's professional,Personal data collected for the purpose of protecting commercial reputation (for example;Dr. Mehmet Comertposts about)

7.2. Purposes of Processing Personal Data

Personal data for the purposes listed below in accordance with the data processing conditions and principlesDr. Mehmet ComertIt is processed by. The existence of the purposes listed below may vary for each personal data owner.

Personal data obtained,Dr. Mehmet Comertis processed in accordance with the processing conditions of personal data specified in Articles 5 and 6 of the KVK Law.

Follow-up of Finance and/or Accounting Affairs
Planning and Execution of Business Activities
Follow-up of Legal Affairs
Recruitment / Employment
Planning Human Resources Processes
Conducting Personnel Recruitment Processes
Planning and Execution of Sales Processes of Products and/or Services
Planning and Execution of Customer Relationship Management Processes
Planning and Execution of Marketing Processes of Products and/or Services
Planning and/or Execution of Effectiveness/Efficiency and/or Suitability Analyzes of Business Activities
Planning Information Security Processes
Planning and/or Execution of Business Continuity Ensuring Activities
Dr. Planning and/or Execution of the Processes of Establishing and/or Increasing Loyalty to the Services Offered by Mehmet Cömert
Business Administration Application
Planning and/or Execution of Post-Service Support Services Activities
Planning and Execution of Production and/or Operation Processes
Management of Relationships with Business Partners and/or Suppliers
Follow-up of Contract Processes and/or Legal Requests
Dr. Planning and Execution of Operational Activities Necessary to Ensure Mehmet Cömert Activities Are Conducted in Compliance with Professional Procedures and/or Relevant Legislation
Planning and/or Execution of Patient Satisfaction Activities
Planning and Execution of Corporate Communication Activities
Ensuring that the data is accurate and up-to-date
Planning and Execution of Market Research Activities for Sales and Marketing of Services
Planning and Execution of Access Authorizations to Information Systems of Business Partners and/or Suppliers
Creating and Tracking Visitor Records
Providing Information Based on Legislation to Authorized Institutions
Planning and Execution of Workplace Inspection Activities
Planning and/or Execution of In-Workplace Training Activities.
Dr. Mehmet ComertWork and/or events, organizations, training activities deemed appropriate/assigned by
Carrying out client, patient (product or service buyer) or patient candidate (potential product or service buyer) relationship management processes
Receiving appointment requests, planning and executing appointment processes
Client, Patient (product or service buyer) or patient candidate (potential product or service buyer) updating information
Dr. Carrying out the necessary work by business units and carrying out the relevant business processes in order to benefit the relevant people from the services offered by Mehmet Cömert.
Conducting satisfaction research and communications through surveys and similar methods
Carrying out the necessary work to meet requests, suggestions and complaints.

7.3. Shared Party Categories

Dr. Mehmet ComertIn accordance with the principles in the KVK Law and, in particular, Articles 8 and 9 of the KVK Law, the personal data of data owners within the scope of the Policy (See Section 5.2.) may be transferred to the person groups listed below for the specified purposes:

Dr. Mehmet Comertto its suppliers,
Authorized public institutions and organizations and authorized private law persons,
To other third parties in accordance with the data transfer conditions

The scope of the above-mentioned persons to whom the transfer is made and possible data transfer purposes are stated below.

PERSONS TO WHICH DATA CAN BE TRANSFERRED	CHEAP	PURPOSE OF DATA TRANSFER
Supplier	Dr. Mehmet Cömert'swithin the scope of carrying out commercial and professional activities,Dr. Mehmet Cömert'sin accordance with orders and instructions and on a contract basisDr. To Mehmet Cömertservice providers	Dr. Mehmet Cömert outsourced from the supplier and Dr. The services required to carry out Mehmet Cömert's commercial/professional activities are provided by Dr. limited to ensure that it is presented to Mehmet Cömert.
Legally Authorized Public Institutions and Organizations	According to the relevant legislation provisions, Dr. Public institutions and organizations authorized to receive information and documents from Mehmet Cömert	Limited to the purpose requested by the relevant public institutions and organizations within their legal authority
Legally Authorized Private Legal Persons	According to the relevant legislation provisions, Dr. Private legal persons authorized to receive information and documents from Mehmet Cömert	Limited to the purpose requested by the relevant private law persons within their legal authority

8. Definitions

Definitions of the terms used in the Policy are given below:

Explicit Consent	:	Consent regarding a specific issue, based on informed consent and expressed with free will.
Anonymization	:	Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Regulation on the Processing of Personal Health Data	:	Regulation on the Processing and Ensuring the Privacy of Personal Health Data, published in the Official Gazette dated 20 October 2016 and numbered 29863.
Personal Health Data	:	Any health information regarding an identified or identifiable natural person.
Personal Data	:	Any information regarding an identified or identifiable natural person.
Personal Data Owner	:	The real person whose personal data is processed. For example; patient/prospective patients and employees.
Processing of Personal Data	:	Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking.
KVK Law	:	Personal Data Protection Law No. 6698, dated 24 March 2016, published in the Official Gazette No. 29677, dated 7 April 2016.
KVK Board	:	Personal Data Protection Board
KVK Institution	:	Personal Data Protection Authority
Special Personal Data	:	Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
Politics	:	Dr. Mehmet ComertPersonal Data Protection and Processing Policy
Clinic	:	Dr. Workplace belonging to Mehmet Cömert
Dr. Mehmet ComertSuppliers	:	On contract basisDr. To Mehmet Cömert service providers.
Constitution of the Republic of Türkiye	:	Published in the Official Gazette dated 9 November 1982 and numbered 17863; Constitution of the Republic of Turkey dated 7 November 1982 and numbered 2709.
Turkish Penal Code	:	Published in the Official Gazette dated 12 October 2004 and numbered 25611; Turkish Penal Code No. 5237 dated 26 September 2004.
Data Processor	:	It is a real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Controller	:	The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept.