+90 (850) 259 0 444
I. Data Controller
Pursuant to the Personal Data Protection Law No. 6698 (“Law”), your personal data will be processed by Özel Dentapol Oral and Dental Health Clinic Tunalı Hilmi Branch (“Özel Dentapol Oral and Dental Health Clinic Tunalı Hilmi Branch” or “Company”) within the scope explained below as the data controller.
II. Methods and Legal Grounds for Collecting Personal DataOur company collects personal data directly from you, our patients, through our contractual relationship, our website, mobile applications, social media accounts, email, mail, fax, notifications from administrative and judicial authorities, and other communication channels. This is done in compliance with the conditions for personal data processing specified in the Law and primarily to execute the relationship between us and ensure compliance with legal regulations. These are collected in proportion to the purposes specified below in accordance with the legal grounds set forth in Articles 5 and 6 of the Law:
Processing your personal data is necessary for the establishment of a contractual relationship or the performance of obligations arising directly from the contract (e.g., processing identity, contact, and relevant data during the establishment of a contract).
It is mandatory for the establishment, use, or protection of a right (e.g., managing and planning health insurance processes, ensuring information security, securing legal transactions, tracking and executing legal processes, and retaining personal data that may be required throughout the statute of limitations).
Processing of personal data is explicitly prescribed by law (e.g., maintaining transaction records under the Law and Law No. 5651).
It is mandatory to fulfill our legal obligations (e.g., processing personal data for financial, tax, and similar obligations, and meeting lawful requests under regulatory and supervisory activities).
It is mandatory for our legitimate interests provided that it does not harm your fundamental rights and freedoms (e.g., conducting business operations/audits, ensuring the security of data controller operations, and presenting payment records containing personal data during merger, division, and acquisition processes).
In cases where it is necessary, based on your explicit consent (e.g., transferring your biometric data to SGK).
III. Purpose of Processing Personal DataYour personal data may be processed for purposes such as establishing a contractual relationship with you, managing all phases of this contract, ensuring information security, ensuring the security of legal transactions, and fulfilling our legal obligations, as well as for the following purposes:
Conducting Information Security Processes: Ensuring transaction security in your diagnosis and treatment procedures, maintaining the accuracy and currency of processed data, implementing necessary arrangements, establishing and operating IT infrastructure, ensuring physical and cyber security, ensuring the security of the website, transaction security, and processing IP, MAC address, and similar data and log records [identity, contact, request/complaint/reputation management data, call center records].
Conducting Audit/Ethics Activities: Performing audit activities during your diagnosis and treatment processes, detecting and preventing fraudulent transactions, managing internal control and audit activities [identity data, contact data, financial data, health data, request/complaint/reputation management data].
Conducting Activities in Compliance with Legislation: Ensuring compliance with legal rules in business processes, ensuring activities are conducted in accordance with internal procedures and relevant regulations, and planning and executing activities [identity, contact, financial, request/complaint/reputation management data, health data].
Conducting Finance and Accounting Processes: Conducting finance and accounting processes during your diagnosis and treatment procedures, and tracking accounting and procurement transactions [identity, contact, financial data].
Tracking and Conducting Legal Processes: Following up on contract processes and/or legal affairs and requests, completing alternative dispute resolution methods and litigation processes, managing processes with notaries, judicial, and administrative authorities [judicial incident records, traffic accident records].
Conducting Communication Activities: Contacting you as necessary based on the information you provided, providing information regarding your contract, sending payment reminders, contacting you via SMS, email, and phone as part of contract performance, and planning and/or executing post-sales support activities [identity, contact, call center records, financial data].
Conducting Business Activities/Audits: Performing diagnosis and treatment procedures, auditing business activities, planning internal reporting and business development activities, tracking patient interactions and follow-ups of clinic staff [identity, contact, financial data, request/complaint/reputation management data].
Conducting Goods/Services Sales Processes: Using your personal data in online appointment, technical support, and management processes [identity, contact, financial data, audio, request/complaint/reputation management data].
Conducting Patient Relations Management Processes: Managing relations regarding diagnosis and treatment services provided to you, addressing your requests, and providing feedback [identity, contact data].
Conducting Supply Chain Management Processes: Managing processes regarding diagnosis and treatment procedures with business partners, suppliers, and other stakeholders [identity, contact, financial data].
Providing Information to Authorized Persons, Institutions, and Organizations: Providing information as required by legislation, fulfilling lawful requests from legal authorities [identity, contact, financial, health data].
IV. Transfer of Processed Personal Data
Our company is committed to processing your personal data in accordance with the principles of “need-to-know” and “need-to-use,” ensuring data minimization, and taking necessary technical and administrative security measures. Due to the necessity of continuous data flow with different stakeholders to conduct or audit business activities, maintain business continuity, and operate digital infrastructures, we are obligated to share your personal data with third parties for specific purposes. Additionally, it is crucial that your personal data remains accurate and up-to-date for the company to fully and properly fulfill its contractual and legal obligations. To achieve this, we collaborate with various business partners and service providers.
Your personal data may be transferred to:
Business partners and service providers providing call center services for the delivery of diagnosis and treatment services.
Insurance companies and agents under private health insurance coverage.
Parties involved in the realization of contractual or assignment of receivables transactions, or in the financing of such transactions.
Our business partners, consultants, and service providers related to the management of financial and accounting processes, assessment of risks, prevention of fraud, banks, and financial advisors.
Our e-invoice partner for the electronic delivery of patient invoices; cargo and courier companies for the physical delivery of contracts or invoices.
Tax offices for fulfilling tax obligations; representatives of the Ministry of Finance during tax audits for invoices and collection receipts.
IT infrastructure providers, operators, or service providers; attorneys and other consultants involved in the management of contract processes and legal/collection processes; independent auditors, customs, tax advisors, and other third parties providing consultancy and services; regulatory and supervisory authorities, courts, and enforcement offices for the conduct of processes, and shareholders in all processes; and other public institutions or organizations authorized to request your personal data.
V. Rights of the Data SubjectAs a data subject whose personal data is being processed, you can exercise your rights under Article 11 of the Law regulating the rights of the data subject (learning whether personal data is being processed, requesting information about processing, learning whether processing is in accordance with its purpose, knowing the persons to whom data is transferred, requesting correction of incomplete or incorrect processing, requesting deletion or destruction, requesting notification to third parties of all automated processes, objecting to analysis, requesting compensation for damages) by contacting the Data Controller in accordance with the Procedures and Principles for Applying to the Data Controller. You can use the form available at www.dentapol.com.tr for this purpose.
EXPLICIT CONSENTI hereby accept, declare, and undertake that I have received and read the “Patient Information Text Regarding the Processing of Personal Data of Özel Dentapol Oral and Dental Health Clinic Tunalı Hilmi Branch,” and that I consent to the processing of my health information, which is considered special category personal data, for the purposes of managing private health insurance processes, granting additional benefits to me, planning and executing business processes, as well as to the transfer of such special category personal data to the domestic and foreign recipient groups specified in the Information Text, limited to the specified purposes. Furthermore, I acknowledge that I have been informed that I have the right to withdraw my explicit consent for the processing and/or transfer of my personal data processed based on my explicit consent at any time; that I have been informed about my rights granted to me under Article 11 of the Law regarding the processing and/or transfer of my personal data; and how I can exercise these rights.
Tunalı Hilmi Street No:84 Floor:1 Cankaya / ANKARA TURKEY
info@dentapol.com.tr
+90 (850) 259 0 444
© dentapol. All Rights Reserved.
Designed by entamed GROUP