Personal Data Processing and Protection Notice & Privacy Policy

At the address “Kurtuluş Mah. Ramazanoğlu Cad. No:6 İş Apt. Kat:2 No:8 Seyhan/Adana,” registered with Ziyapaşa/Adana Tax Office under tax number 2170197366, Prof. Dr. Can Alper Çağıcı, Ear, Nose and Throat Specialist (“data controller”), acts in accordance with the Law on the Protection of Personal Data No. 6698 and attaches great importance to the lawful processing of personal data belonging to patients/visitors, employees, and third parties. This Personal Data Processing and Protection Notice (“Notice”) aims to ensure compliance with both national and international regulations—primarily the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and the European Union General Data Protection Regulation (GDPR).

We store personal data securely and take necessary precautions to prevent unauthorized access or data breaches. Data is shared only with reliable business partners, suppliers, authorized individuals, institutions, and organizations, and always at the minimum level required by law.

Our goal is, in accordance with Article 10 of the Law on the Protection of Personal Data, to provide you with clear and transparent information regarding the collection, purposes of processing, legal grounds, recipients, and your rights regarding your personal data.

I. STORAGE OF PERSONAL DATA

Our clinic has established a Data Retention and Destruction Policy. All storage anddeletion activities concerning personal data are carried out in line with this policy.

Accordingly, if a specific retention period is stipulated under the KVKK or other applicable laws, the relevant personal data must be stored for at least that duration. Statutes of limitation related to the legal obligations of data processing are also taken into account.

If the purpose of processing no longer exists and there is no other legal basis or justification for retaining the data, personal data will be periodically deleted, destroyed, or anonymized

II. PRINCIPLES OF PERSONAL DATA PROCESSING

When processing personal data, the following principles are strictly observed:

– Compliance with law and rules of good faith

– Accuracy and keeping data up to date

– Processing for specific, explicit, and legitimate purposes

– Processing limited to what is relevant and necessary for the stated purposes

– Retaining data only for as long as required by applicable legislation or for the intended purpose

III. USE OF COOKIES

Our website may use cookies and similar technologies to improve your browsing experience, ensure functionality, analyze usage, and personalize content. Cookies are stored only with your consent, unless strictly necessary for the operation of the site.

You may manage or disable cookies through your browser settings. However, some functions of the website may not work properly if certain cookies are disabled.

IV. USE OF DIGITAL PLATFORMS

During your use of digital platforms, your personal data may be processed for the purposes of operating and managing the website and application, improving and enhancing the user experience, monitoring how the site is used, enabling and supporting location-based tools, managing your online accounts (if any), and providing you with information about the services available in your location. If you wish to benefit from the products or services offered through the application, your personal data will be processed solely for the purpose of enabling you to access and use such products or services.

V. RIGHTS OF DATA SUBJECTS

Pursuant to Article 11 of the Law, data subjects have the following rights vis-à-vis the data controller:

1. To learn whether personal data is being processed concerning them,

2.To request information if their personal data has been processed,

3.To learn the purpose of processing and whether the data is being used for its intended purpose,

4.To learn the third parties to whom their personal data has been transferred domestically or abroad,

5.To request correction of incomplete or inaccurate personal data,

6.To request deletion or destruction of personal data within the framework of conditions set forth in the applicable legislation,

7.To request notification of correction, deletion, or destruction to third parties to whom personal data has been transferred,

8.To object to results arising against them from analysis of data exclusively through automated systems,

9.To request compensation for damages suffered due to unlawful processing of personal data.

VI. EXERCISE OF RIGHTS BY DATA SUBJECTS

In accordance with Article 13(1) of the KVKK, as a personal data subject you may submit your requests relating to your rights to our clinic in writing or through other methods determined by the Personal Data Protection Board. You may obtain the application information text and the application form, which set out the channels and procedures for submitting your request, from us.

If the personal data subject duly submits a request regarding their rights, our clinic will finalize such request free of charge as soon as possible and within no later than thirty (30) days, depending on the nature of the request. However, if the process requires an additional cost, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board. In the event the application is rejected, the response is deemed insufficient, or the application is not answered within the time limit, you may file a complaint with the Personal Data Protection Board within thirty days from the date you learn of our response, and in any case within sixty days from the date of your application.

VII. DATA SECURITY

We take reasonable technical and administrative measures to ensure the security of your personal data and to prevent unauthorized access, accidental data loss, deliberate deletion, or damage.

We ensure data security by using software and hardware including virus protection systems, firewalls, and intrusion prevention systems. Data loss prevention software is also employed.

Within the workplace, access to personal data is granted based on unit/role/application authorization in line with the nature of the data, and in a controlled manner.

Pursuant to Article 12 of the Law, we ensure the necessary audits are conducted to guarantee compliance with the provisions of the Law.

We implement internal workplace policies and procedures to ensure compliance of data processing activities with the Law.

Access to special categories of personal data is subject to stricter safeguards.

If personal data is accessed from outside the workplace (e.g., via outsourcing), we obtain undertakings from the external service provider to ensure compliance with the Law.

We take the necessary measures to raise awareness of all our employees, especially those authorized to access personal data, regarding their duties and responsibilities under the Law.

We conclude confidentiality undertakings to protect the security of your personal data transferred in line with legal obligations or legitimate interests.

We ensure the security of environments containing personal data and make efforts to minimize the use and retention of personal data as much as possible.