1. Purpose

The purpose of this privacy and cookie policy is to ensure the confidentiality of personal data and to regulate the procedures and principles regarding the cookies used on our website.

2. Data Processing Subjects

This policy covers personal data belonging to patients, patients’ relatives, patient attendants, patients’ guardians or custodians, employees, job candidates, interns, suppliers, visitors, company managers and family members, third parties providing consultancy services, service providers, business partners, relevant public institutions and organizations, private organization employees, and other third parties.

3. Data Processing Conditions

Personal data/sensitive personal data processed by Gürlek Dental Clinic, through automated or non-automated methods (verbal, written, visual, or electronic media), are processed based on explicit consent or legal reasons specified in Articles 5 or 6 of the Law on Protection of Personal Data (KVKK).

4. Purposes of Data Processing

Our company processes personal data within the scope of its field of activity, under the conditions of Articles 5 and 6 of the Law, for the purposes listed below and retains them for the duration stipulated by the legislation.

• Management of Emergency Processes

• Conduct of Surgical Procedures

• Management of Information Security Processes

• Conduct of Information Technology Activities

• Conduct of Employee Candidate/Intern/Student Selection and Placement Processes

• Conduct of Employee Candidate Application Processes

• Conduct of Employee Satisfaction and Engagement Processes

• Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees

• Conduct of Audit/Ethical Activities

• Conduct of Training Activities

• Management of Access Authorizations

• Conduct of Activities in Compliance with Legislation

• Conduct of Finance and Accounting Transactions

• Conduct of Loyalty Processes for Company/Product/Services

• Management of Physical Space Security Services

• Conduct of Assignment Processes

• Conduct of Patient (Registration/Examination/Treatment/Hospitalization) Processes

• Conduct of Patient Satisfaction Measurement Processes

• Conduct of Legal Affairs

• Conduct of Internal Audit/Investigation Activities

• Conduct of Communication Activities

• Management of Human Resources Processes

• Conduct/Audit of Business Activities

• Receipt and Evaluation of Suggestions for Improving Business Processes

• Conduct of Business Continuity Activities

• Conduct of Occupational Health/Safety Activities

• Conduct of Quality Management Activities

• Protection of Public Health

• Conduct of Preventive Medicine Services

• Conduct of Logistics Activities

• Conduct of Goods/Services Procurement Processes

• Conduct of Goods/Services Sales Processes

• Conduct of Goods/Services Production and Operation Processes

• Management of Customer Relationship Processes

• Conduct of Activities Aimed at Customer Satisfaction

• Organization and Event Management

• Conduct of Advertising/Campaign/Promotion Processes

• Conduct of Risk Management Processes

• Planning and Management of Healthcare Services and Financing

• Conduct of Storage and Archiving Activities

• Conduct of Strategic Planning Activities

• Conduct of Contract Processes

• Conduct of Complaint Tracking/Management Activities

• Conduct of Promotion and Information Activities

• Conduct of Medical Diagnosis, Treatment, and Care Services

• Management of Compensation Policies

• Ensuring the Security of Data Controller Operations

• Providing Information to Authorized Persons, Institutions, and Organizations

• Conduct of Management Activities

• Creation and Tracking of Visitor Records

5. Transfer of Personal Data

Personal data processed in our hospital are shared within the framework of the provisions of Articles 8 and 9 of KVKK with the Ministry of Health and its affiliated institutions, provincial health directorates, family health centers, National Health System, MEDULA, Social Security Institution, General Directorate of Population and Citizenship Affairs, General Directorate of Security and other law enforcement agencies, regulatory and supervisory institutions, authorized public institutions and organizations and legally authorized private institutions, judicial authorities, Turkish Pharmacists’ Association, private insurance companies, private hospitals, public hospitals, laboratories, medical centers, other institutions and organizations providing healthcare services with whom we collaborate for medical diagnosis and treatment services, third parties from whom we receive consultancy services, written or visual media, websites, social media, our suppliers, service providers, business partners. Your personal data are not shared abroad.

6. Personal data processed in our company are subject to deletion, destruction, or anonymization within the framework of the provisions of the Personal Data Retention and Disposal Policy.

7. Confidentiality and Data Security: Personal data processed in our company are stored in compliance with the principle of confidentiality. Only authorized personnel have access to the said data.

As a data controller, our company takes all necessary technical and administrative measures to prevent the unlawful processing and access of personal data and to ensure the preservation of personal data at an appropriate security level.

8. Cookies

We use cookies to make our website easier to use and to customize it according to your interests and needs. By visiting our website, you agree to our cookie policy. If you do not agree to the use of cookies in this way, you need to change your browser settings. This change will affect your user experiences. Users always have the right to change their cookie preferences.

8.1. What is a Cookie?

A cookie is a small piece of text sent to your browser by the website you visit and stored on your computer or mobile device. A cookie helps the website remember information about your visit, making your next visit easier and the site more useful.

Cookies do not contain personal data such as name, gender, or address of visitors. For more detailed information about cookies, you can visit www.aboutcookies.org and www.allaboutcookies.org.

8.2. Types of Cookies

There are two types of cookies used by websites. The first is persistent cookies, and the second is session cookies. Session cookies are active when you log in to the website and expire when you leave the website. Persistent cookies are active when you visit the website, and they expire when deleted or expired.

Mandatory Cookies are necessary for users to navigate the website. Without these cookies, some parts of the website cannot be used. Personal data is not processed with these cookies.

Performance cookies are cookies that collect information about how users use the website. For example, the most visited pages are determined through these cookies. The information collected here is anonymous.

Functionality cookies collect data related to user habits. However, this data is kept anonymously. If data identifying the person (username, password, profile, etc.) is collected, it must comply with the provisions of the Law on Protection of Personal Data No. 6698.

Targeting/Advertising cookies are a type of cookie that identifies user tendencies. They are used to present advertisements according to users’ interests. They are loaded by advertising networks with the website’s permission.

8.3. Why Do We Use Cookies?

Cookies loaded on your computer/mobile device are used to analyze how our website is used, to see what works and what does not on our website, to optimize and improve the system, and to carry out patient processes. Mandatory cookies and performance cookies are used on our website.

8.4. How Can You Manage Cookies?

The use of cookies is allowed during the setup of internet browsers. All internet browsers we use have cookies. However, it is possible to disable or delete them. You can change your cookie usage preferences from the settings section of browsers. The following links will help you with this.

https://tools.google.com/dlpage/gaoptout

https://support.google.com/chrome/answer/95647?hl=en

https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies

https://www.opera.com/tr/privacy/cookies

https://support.apple.com/tr-tr/guide/safari/sfri11471/mac

9. Rights of the Personal Data Owner

Personal data owners have the following rights:

• To learn whether personal data is being processed or not,

• To request information if personal data has been processed,

• To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

• To know the third parties to whom personal data is transferred domestically or abroad,

• To request correction of personal data if it is incomplete or incorrectly processed, and to request notification of the transactions made within this scope to the third parties to whom personal data has been transferred,

• To request deletion or destruction of personal data in case the reasons requiring its processing are eliminated, despite being processed in accordance with the provisions of Law No. 6698 and other relevant laws, and to request notification of the transactions made within this scope to the third parties to whom personal data has been transferred,

• To object to a result arising against the person by analyzing the processed data exclusively through automated systems,

• To demand compensation for the damage arising from the unlawful processing of personal data.

As personal data owners, you can send your requests regarding your rights mentioned above by filling out the ‘KVK Application Form’ to Yurt, 71423. Sk., 01170 Çukurova/Adana address or via a secure electronic signature, mobile signature, or with your email address previously notified to our company, to kvkk@gurlekdis.com, or via KEP address to our company’s gurlekdis@hs03.kep.tr address, or by other methods determined by the KVK Institution.

Your application will be finalized as soon as possible and no later than thirty days, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged.

10. Publication/Update of the Policy

The policy is published in two different ways: with a wet signature and in electronic media, and is made public on the website. The policy is updated as needed.

11. Enforcement and Termination of the Policy

The policy comes into force after being published on our company’s website. If a decision is made to abolish it, the same procedure will be followed.