Within the scope of this Personal Data Processing and Protection Policy (“Policy”), the fundamental principles adopted by Istanbul Smile Medical Clinic Inc. in conducting personal data processing activities are explained. This Policy also outlines the compliance of Istanbul Smile Medical Clinic Inc. with the regulations stipulated in the Personal Data Protection Law No. 6698 (“Law”) and informs personal data owners about the principles and legal provisions adopted by our clinic.

With full awareness of our responsibility, your personal data is processed within the framework of this Policy and is reasonably protected.

The primary purpose of this Policy is to establish the principles for the lawful processing of personal data by Istanbul Smile Medical Clinic Inc., ensuring transparency by informing and enlightening individuals whose personal data is processed by our clinic.

This Policy applies to the personal data processed by Istanbul Smile Medical Clinic Inc., including:

• Principles of processing personal and health-related data,
• Purposes and conditions for processing such data,
• Transfer of data within the country and abroad,
• Deletion and disposal of personal data,
• Rights of individuals over their processed data.

The relevant procedures and principles regarding these matters are outlined below.

This Policy is published on our clinic’s official website and is made available to data subjects upon request. Updates are made when necessary.

(According to Article 4 of the Personal Data Protection Law No. 6698, the personal data we collect and process must be accurate and up-to-date when necessary. Therefore, in the event of any changes to your personal data, you may update your information using the methods described in the Clarification Text available on our website.)

Our clinic reserves the right to amend this Policy in accordance with legal regulations.In the event of any contradiction between the provisions of the Law and the regulations stated in this Policy, the provisions of the Law shall prevail.

The definitions used in this Policy are listed below:

At Istanbul Smile Medical Clinic Inc., in line with its legitimate and lawful personal data processing purposes, personal data is processed in compliance with one or more of the data processing conditions specified in Article 5 of the Personal Data Protection Law (KVK Law). This is done in accordance with the general principles outlined in Article 4 of the KVK Law, along with all other legal obligations set forth in the KVK Law. The processing applies to personal data owners covered under this Policy, including but not limited to:

• Patients and Service Recipients,
• Potential Service Recipients,
• Employees and Job Candidates,
• Visitors,
• Supplier Employees and Representatives,
• Shareholders/Partners,
• Parents/Guardians/Legal Representatives,
• Employee Relatives,
• Job Candidate Relatives,
• Emergency Contacts,
• Witnesses, Interpreters, Consultants, and Reference Persons.

• Fulfill the necessary requirements for the services we provide and enable individuals to benefit from these services.
• Comply with legal obligations under the Personal Data Protection Law, Fundamental Law on Health Services, Regulation on Personal Health Data, Regulation on Private Healthcare Institutions Providing Outpatient Diagnosis and Treatment, Patient Rights Regulation, and other related regulations.
• Protect public health, carry out preventive medicine, conduct medical diagnosis, treatment, and care services, and plan and manage healthcare services and their financing.
• Respond to any questions or complaints related to the healthcare services received.
• Measure, improve, and research patient satisfaction.
• Verify identity (including biometric signatures within the scope of explicit consent) and facilitate communication with affiliated institutions regarding healthcare services.
• Ensure billing and financial reconciliation.
• Provide information regarding the services received, additional services, and new services.
• Notify individuals of appointments when a booking is made.
• Conduct necessary examinations and evaluations related to healthcare services.
• Fulfill legal obligations regarding information sharing, reporting, and notifications as required by government authorities.
• Store documents and information as required by applicable legal regulations.
• Educate and inform other patients and the public, conduct promotional activities, expand service volume, and engage in scientific research and training, based on explicit consent.
• Monitor the security of patients, visitors, employees, and related third parties via a closed-circuit camera recording system, ensuring legal, technical, and commercial security, preventing criminal activities by third parties, and maintaining the physical security of the company’s buildings and surroundings.

In addition to the above, personal data will be processed in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

Istanbul Smile Medical Clinic Inc. has created a personal data inventory in accordance with the Regulation on the Data Controllers Registry, issued by the Personal Data Protection Authority. This inventory includes:

• Data categories,
• Data sources,
• Purposes of data processing,
• Data processing methods,
• Recipient groups to which data is transferred,
• Retention periods of the data.

Within this scope, Istanbul Smile Medical Clinic Inc. processes the following categories of personal data, without being limited to these types:

Our clinic conducts personal data processing activities in compliance with the Constitution, the KVK Law, and relevant legislation, adhering to the principles of legality and good faith. In this regard, our clinic identifies the legal grounds for processing personal data, ensures proportionality, does not use personal data beyond its intended purpose, and does not process data without the knowledge of the individuals concerned.

Our clinic ensures that the personal data it processes remains accurate and up-to-date, taking into account the fundamental rights of data subjects and the legitimate interests of our clinic. All necessary administrative and technical measures are taken to maintain the accuracy and currency of personal data across all categories.

Our clinic processes personal data only for legitimate and explicitly defined purposes. No personal data is processed for purposes outside the scope of these predefined objectives. The purpose of personal data processing is determined before the processing begins and is recorded in the Personal Data Inventory.

Personal data is processed only to the extent necessary for achieving the stated purposes. Our clinic does not engage in data processing activities based on the assumption that the data may be needed in the future. Data processing procedures are continuously reviewed, and efforts are made to minimize the amount of processed personal data.

Our clinic retains personal data only for the period specified in relevant legislation or as long as necessary for the purpose of processing. In this context, our clinic first determines whether there is a legally prescribed retention period for personal data. If such a period exists, it is adhered to, taking into account civil and criminal statute of limitations. Once the retention period expires, or if the purpose of data processing ceases to exist, the personal data is deleted, destroyed, or anonymized in accordance with our Data Disposal Policy.

Personal data can only be collected, processed, or used based on one of the legal grounds specified below.

According to Article 3 of the KVK Law, explicit consent is defined as “consent given freely and based on informed decision-making regarding a specific matter.” Additionally, Article 20(3) of the Constitution states that personal data may only be processed in cases provided by law or with the explicit consent of the individual.

Explicit consent serves as the primary legal basis for processing both general and sensitive personal data under Law No. 6698. The relevant legal provisions include:

• Article 5(1): “Personal data cannot be processed without the explicit consent of the data subject.”
• Article 6(2): “Processing of sensitive personal data is prohibited without the explicit consent of the data subject.”
• Article 8(1): “Personal data cannot be transferred without the explicit consent of the data subject.”
• Article 9(1): “Personal data cannot be transferred abroad without the explicit consent of the data subject.”

In this regard, our clinic ensures that explicit consent is freely given, verifiable, and documented (either in written, electronic, or recorded verbal form) before processing personal data. If sensitive personal data is involved, explicit consent will be obtained in written form when necessary.

Process managers responsible for data processing must verify the existence and validity of explicit consent before collecting personal data. If explicit consent is not obtained (except in the exceptions listed below), data processing will not take place.

Personal data may be processed without explicit consent if one of the following conditions is met:

• Explicitly required by law.
• Necessary for the protection of the life or physical integrity of a person who is unable to express consent due to factual impossibility or whose consent is not legally valid.
• Required for the performance or conclusion of a contract, provided that the data processing is directly related to the contractual parties.
• Mandatory for the data controller to fulfill a legal obligation.
• The personal data has been made public by the data subject.
• Required for the establishment, exercise, or protection of a legal right.
• Necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Our clinic pays special attention to the processing of sensitive personal data, as such data is considered to require higher protection. In this context, sufficient precautions determined by the Personal Data Protection Board must be taken before processing sensitive personal data.

Sensitive personal data cannot be processed without explicit consent, except in the following cases:

• For data other than health and sexual life: Sensitive personal data may be processed without explicit consent if required by law.
• For health and sexual life data: Such data may be processed without explicit consent only if adequate precautions are taken and if one of the following conditions applies:
  • Protection of public health,
  • Preventive medicine,
  • Medical diagnosis,
  • Execution of treatment and care services,
  • Planning and management of healthcare services and financing.

In all cases where the processing of sensitive personal data is required, the KVKK Committee will be informed.

Istanbul Smile Medical Clinic Inc. may transfer personal data of data subjects to third parties and institutions within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Personal Data Protection Law No. 6698 (KVK Law) and within the purposes stated in this Policy, ensuring compliance with Articles 8 and 9 of the KVK Law.Personal data may be transferred to our business partners, shareholders, consultants, or solution partners, suppliers, insurance companies, notaries, banks and financial institutions, law firms, financial consultancy and tax advisory firms, legally authorized public institutions and private persons, as well as service providers from whom we receive support in the areas of storage, archiving, IT support (server, hosting, software, cloud computing, etc.) both domestically and internationally, in accordance with Articles 8 and 9 of the KVK Law and the purposes outlined above.

According to Article 8 of the KVK Law, the transfer of personal data within Turkey is possible only if one of the conditions specified in Section 8 (“Conditions for Processing Personal Data”) of this Policy is met.

According to Article 9 of the KVK Law, personal data may be transferred abroad without explicit consent only if the conditions for domestic transfers are met and one of the following conditions is also fulfilled:

• The destination country is among the countries deemed to have adequate protection by the Personal Data Protection Board, or
• If the destination country does not provide adequate protection, the data controllers in Turkey and the relevant foreign country must provide a written commitment ensuring adequate protection, and the approval of the Board must be obtained.

Our clinic may transfer special categories of personal data of the data subject to foreign countries with adequate protection or those that have committed to providing adequate protection, provided that the necessary security measures and the precautions prescribed by the KVK Board are taken.

Special categories of personal data may be transferred under the following conditions:

• If the data subject has provided explicit consent, OR
• If the data subject has not provided explicit consent, the data may still be transferred in the following cases:
  • (a) For personal data other than health and sexual life (such as race, ethnicity, political opinions, philosophical beliefs, religion, sect or other beliefs, dress and appearance, association, foundation or union membership, criminal conviction and security measures, biometric and genetic data), provided that it is explicitly stipulated by law.
  • (b) For personal data related to health and sexual life, the transfer is permitted only for the purposes of protecting public health, preventive medicine, medical diagnosis, execution of treatment and care services, and planning and management of healthcare services and financing, provided that it is processed by persons or institutions under confidentiality obligations.

The employee responsible for the transfer is accountable for ensuring compliance with the obligations regarding the transfer of special categories of personal data.

• To learn whether personal data is being processed,
• To request information regarding processed personal data,
• To learn the purpose of personal data processing and whether the data is used in accordance with this purpose,
• To know the third parties to whom personal data has been transferred, domestically or abroad,
• To request the correction of personal data if it has been processed incompletely or incorrectly, and to request notification of this correction to third parties to whom the data has been transferred,
• To request the deletion or destruction of personal data if the conditions for processing are no longer met, despite processing in compliance with the KVK Law and other relevant laws, and to request notification of this deletion or destruction to third parties to whom the data has been transferred,
• To object to any adverse outcome that arises exclusively from the analysis of processed data through automated systems,
• To claim compensation if they suffer damage due to unlawful processing of personal data.

Data subjects may submit their requests regarding the rights listed above by providing information and documents confirming their identity, either by using the KVKK application form available on the website or through other methods determined by the Personal Data Protection Board.

All personal data processed within Istanbul Smile Medical Clinic Inc. is considered confidential. In accordance with Article 12 of the Personal Data Protection Law (KVK Law), the clinic takes all necessary technical and administrative measures to ensure an appropriate level of security for the following purposes:

a) Preventing unlawful processing of personal data,
b) Preventing unauthorized access to personal data,
c) Ensuring the secure storage of personal data.

Istanbul Smile Medical Clinic Inc. has implemented all necessary technical and technological security measures to protect personal data and mitigate potential risks. Examples of these measures include:

• Network security and application security measures are implemented.
• Security precautions are taken during IT system procurement, development, and maintenance.
• Security of personal data stored in the cloud is ensured.
• Access logs are regularly maintained.
• Access rights of employees who change roles or leave the company are revoked.
• Firewalls are used for data protection.
• Physical security measures are taken to control entry and exit to areas containing personal data.
• Security measures are implemented to protect physical environments containing personal data from external risks (fire, flood, etc.).
• Personal data is regularly backed up, and the security of backed-up data is ensured.
• A user account management and authorization control system is in place, and these activities are monitored.
• Intrusion detection and prevention systems are used.
• Cybersecurity measures are implemented and continuously monitored.
• Encryption is applied, and access to systems containing personal data is secured through username and password authentication.

To establish and manage an information security framework, our clinic has implemented the following administrative measures:

a) A KVKK Committee and a Data Protection Officer have been appointed, with clearly defined roles and responsibilities.
b) Application channels for KVKK-related requests have been determined.
c) Workflows for handling data breaches, requests, and complaints have been established.

The main principles, policies, and procedures for processing and protecting personal data have been defined, including:

a) The Data Processing and Retention Policy has been established.
b) The Personal Data Processing and Protection Policy has been established.
c) A policy for securing sensitive personal data has been implemented.

• Risks and threats related to the processing of personal data have been identified.
• Training programs and awareness campaigns for employees regarding personal data security have been conducted.
• Employees and contractors are informed of their responsibilities regarding data security, and their compliance is ensured.
• A disciplinary process is in place for employees who fail to comply with security policies and procedures.
• Confidentiality agreements have been signed with employees, patients, and suppliers.
• A privacy notice has been published for employees, patients, and suppliers.
• Processes requiring explicit consent have been identified and implemented.
• Regular and random internal audits are conducted to detect and address confidentiality and security vulnerabilities.
• Personal data is reviewed periodically, and unnecessary data is minimized.
• Employees are trained on reporting data breaches, and in case of unauthorized data acquisition, the breach is reported to the affected individual and the relevant authorities as soon as possible.

In the event that personal data is unlawfully obtained by third parties, our clinic will immediately notify the affected data subject and the Data Protection Board within a maximum of 72 hours.

1. For security purposes and other objectives outlined in this Policy, Istanbul Smile Medical Clinic Inc. provides internet access to visitors upon request, and log records of this access are maintained.
2. To ensure security, our clinic monitors visitor entry and exit through surveillance cameras. No monitoring is conducted in areas where privacy is highly sensitive.
3. When collecting the identity information of visitors entering the premises, Istanbul Smile Medical Clinic Inc. informs them about data processing through written notices displayed within the clinic or through other means of communication.
4. Personal data collected for tracking visitor entry and exit is used solely for this purpose and stored in physical and electronic records in accordance with legitimate interest principles.
5. To comply with legal regulations and protect public health, the following measures are implemented in response to the COVID-19 pandemic:
   • All employees and visitors undergo temperature checks upon entry to the clinic.
   • Individuals with a high temperature are directed to the workplace physician.
   • Visitors are required to present their HES (Health Code) during entry procedures.
6. All surveillance and data processing activities are carried out in full compliance with relevant legal provisions.

According to Article 138 of the Turkish Penal Code, Article 7 of the KVK Law, and the Regulation on the Deletion, Destruction, and Anonymization of Personal Data issued by the Data Protection Authority, personal data must be deleted, destroyed, or anonymized if the reasons requiring its processing cease to exist.

Istanbul Smile Medical Clinic Inc. deletes, destroys, or anonymizes personal data either at its own discretion or upon request by the data subject, in accordance with the provisions of the Regulation.

To comply with this regulation, Istanbul Smile Medical Clinic Inc. has established a policy for data destruction, which outlines:

• The procedures for data deletion based on the nature of the data.
• A schedule for periodic data destruction at predetermined intervals.

A deletion and destruction schedule has been implemented to ensure compliance with the obligation of periodic data disposal.

A management structure has been established by Istanbul Smile Medical Clinic Inc. to ensure compliance with the regulations of the Personal Data Protection Law (KVK Law) and to enforce this Policy.

This Policy came into effect on March 25, 2021.

I explicitly consent to the processing of my biometric digital signature, which I will sign on the screen, tablet, or other devices provided by the clinic in the presence of clinic staff, into the clinic system for better service and identity verification purposes. I also agree that this signature may be used to verify signatures in future transactions at the clinic, in accordance with Law No. 6698 and relevant legislation.

I have read and understood. Handwritten signature.

PATIENT OR REPRESENTATIVE SIGNATURE

I provide explicit consent for the processing of my personal data within the scope of the Information Notice shared below.
I consent to receiving promotional materials, updates, campaigns, newsletters, and announcements related to the products and services of Istanbul Smile Medical Clinic Inc. (DentSpa) through any electronic communication channels I have provided (email, phone, SMS, etc.).

By signing this patient form, I acknowledge that I am sharing my personal data with Istanbul Smile Medical Clinic Inc. (DentSpa).

I explicitly and voluntarily consent to the processing of my personal and health-related data as well as my biometric signature, as outlined in Law No. 6698 on the Protection of Personal Data. This processing is done to:

• Inform me about the healthcare services provided,
• Facilitate appointment scheduling and service delivery,
• Ensure I can benefit from the services provided,
• Transfer my data, as necessary, to service providers inside and outside the country, including those providing cloud computing, hosting, software, suppliers, and consultants.

Istanbul Smile Medical Clinic Inc. (hereinafter referred to as “DentSpa”) provides healthcare services and, in this process, collects and processes your personal data. In accordance with Article 10 of Law No. 6698 on the Protection of Personal Data (KVKK), we would like to inform and enlighten you regarding the processing of your personal data.

We place the highest priority on the confidentiality and security of your personal data and have implemented all necessary technical and administrative security measures to protect it.

As the Data Controller, DentSpa processes your personal data for the purposes outlined below in a manner that is lawful, fair, and transparent. We may record, store, classify, update, and, where permitted by law and limited to the purposes for which it is processed, share or transfer your data to third parties.

• Identity Information: Name, surname, Turkish ID number, passport number or temporary Turkish ID number, place and date of birth, gender, insurance or patient number, and other identity-related data.
• Contact Information: Address, phone number, email address, and other contact details.
• Financial Information: Bank account number, IBAN number, credit card information, billing details, and other financial data.
• Health Information: Examination records, diagnosis and surgical details, personal and family medical history, laboratory results, medical imaging results, test results, appointment details, information about diseases (such as heart conditions, diabetes, hypertension, sinusitis, etc.), medication details, smoking and alcohol consumption, pre- and post-operative photographs, 3D visual data, clinical monitoring videos, pre-examination consultations, digital communications with doctors (via email, SMS, social media, and other digital messaging platforms), and any other personal data collected during the provision of services.
• Website Navigation Data: IP address, browser information, submitted medical documents, survey responses, and form data.
• Biometric Data: Your biometric signature may be processed with your explicit consent for identity verification and monitoring purposes.

Identity Information: Name, surname, Turkish ID number, passport number or temporary Turkish ID number, place and date of birth, gender, insurance or patient number, and other identity-related data.

Your personal data is processed based on your explicit consent and/or other processing conditions stipulated in Article 5/2 of the Personal Data Protection Law (KVKK), as well as other legal regulations to which we are subject. Considering the services provided by DentSpa, your personal data is processed for the following purposes:

• Ensuring that the necessary procedures related to the services we provide are carried out and that individuals benefit from these services.
• Complying with our legal obligations under the Personal Data Protection Law, the Fundamental Law on Health Services, the Regulation on Personal Health Data, the Regulation on Private Health Institutions Providing Outpatient Diagnosis and Treatment, the Patient Rights Regulation, and other relevant regulations.
• Protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of healthcare services and their financing.
• Responding to any questions or complaints regarding the healthcare services you receive.
• Measuring, enhancing, and researching patient satisfaction.
• Verifying your identity (via biometric signature with explicit consent) and ensuring communication with contracted institutions regarding the provided healthcare services.
• Processing billing and financial reconciliation.
• Informing you about the services you receive, additional services, and new services.
• Notifying you about your appointment if you have scheduled one.
• Conducting necessary examinations and evaluations related to the provided healthcare services.
• Complying with information-sharing, reporting, and notification obligations required by public institutions and authorities when requested under relevant regulations.
• Fulfilling legal obligations regarding the retention of information and documents.
• With your explicit consent, educating and informing other patients and the public, conducting promotions, capacity expansion, scientific research, and educational activities.
• Ensuring the security of patients, visitors, employees, and relevant third parties through a closed-circuit camera recording system, ensuring legal, technical, and commercial security, preventing potentially criminal acts by third parties, and protecting the physical security of company buildings, premises, and surrounding areas.

Your personal data will be processed within the conditions and purposes set out in Articles 5 and 6 of Law No. 6698.

Your personal data is collected by DentSpa in accordance with the above-mentioned purposes through various verbal, written, and electronic means, including physical documents, contracts, printed forms, corporate websites, emails, company software, images, and call center voice recording systems.

Your personal data collected through the methods listed above may be processed under the following conditions, even in cases where you have not given explicit consent:

• If the processing is required by Turkish laws and regulations (such as the **Code of Obligations, Commercial Code, Labor Law, Fundamental Law on Health Services No. 3359, Decree-Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Health Institutions Providing Outpatient Diagnosis and Treatment, Regulation on the Processing and Protection of Personal Health Data, etc.).
• If it is necessary to protect your life or physical integrity or that of another person in cases where you are unable to express consent due to actual impossibility.
• If the processing is necessary for the execution of a contract that you have entered into with us.
• If the processing is necessary to fulfill our legal obligations.
• If the personal data has been publicly disclosed by you.
• If the processing is necessary for the establishment, exercise, or protection of our legal or contractual rights.
• If the processing is necessary for our legitimate interests, provided that it does not violate your fundamental rights and freedoms.

Your special category personal data is collected, stored, and processed based on the following legal grounds:

Planning and managing the financing of the healthcare services you receive

• With your explicit consent (e.g., your shared health information and biometric signature, as well as IT support services with servers located abroad).
• If explicit consent is not required, as provided for by law, for special category personal data other than health and sexual life data.
• Your health and sexual life data may be processed by DentSpa without explicit consent, only for the purposes of:
• Protecting public health
• Preventive medicine
• Medical diagnosis
• Carrying out treatment and care services

Your personal data may be transferred to the Ministry of Health and its affiliated units, the Social Security Institution, private insurance companies, law enforcement agencies, judicial authorities, representatives authorized by you, regulatory and supervisory institutions, business partners with whom we cooperate, group companies, suppliers, contracted insurance companies, notaries, banks, financial institutions, law firms, tax consultants, and other consultancy firms providing support in similar fields. Additionally, your personal data may be shared with public institutions authorized by law, as well as domestic and/or foreign service providers supporting our company in areas such as data storage, archiving, IT support (servers, hosting, software, cloud computing, etc.), under the conditions specified in Articles 8 and 9 of the Personal Data Protection Law No. 6698 and for the purposes stated above.
Your personal data will be protected as a professional secret and kept confidential in accordance with Law No. 6698 on the Protection of Personal Data and relevant regulations.

As the owner of personal data, you have the following rights under Article 11 of the Law:

• To learn whether your personal data is being processed.
• To request information if your personal data has been processed.
• To learn the purpose of processing personal data and whether it is used in accordance with this purpose.
• To know the third parties to whom personal data is transferred domestically or abroad.
• To request the correction of personal data if it has been incompletely or incorrectly processed.
• To request the deletion or destruction of personal data.
• To request that the correction, deletion, or destruction of personal data be notified to the third parties to whom the data has been transferred.
• To object to any result arising against you through the exclusive analysis of processed data by automated systems.

Under Article 4 of Law No. 6698, the personal data we collect and process must be accurate and up to date when necessary. Therefore, if there is any change in your personal data, you can notify us using the methods specified below.

If submitting a request in writing: You can send a wet-signed copy of the “KVKK Application Form” available on our website (https://www.dentspa.com) along with a document confirming your identity in person or through a notary to the following address: Teşvikiye Mah. Hakkı Yeten Cad. Terrace Fulya Center-1 No: 11 K: M4 Şişli-Fulya, Istanbul
Alternatively, if you are applying on behalf of someone else, you must provide a notarized power of attorney proving your authorization.

If submitting a request electronically:

You may sign the KVKK Application Form with a secure electronic signature defined under Law No. 5070 on Electronic Signatures and send it via:

• Our Registered Electronic Mail (KEP) address.
• The email address previously provided to our company and registered in our systems.
• The following email address: [email protected]

Your requests will be reviewed based on their nature and will be responded to in writing or electronically as soon as possible, but no later than 30 days.
İSTANBUL SMILE MEDICAL CLINIC INC.

The website “https://www.dentspa.com.tr/” (“Website”) is operated by İSTANBUL SMILE MEDICAL CLINIC INC. (hereinafter referred to as DentSpa) located at Teşvikiye Mah. Hakkı Yeten Cad. Terrace Fulya Center-1 No: 11 K: M4 Şişli-Fulya, Istanbul. DentSpa, as the data controller, is responsible for determining the purposes and means of processing personal data, as well as for establishing and managing the data recording system.In compliance with the Personal Data Protection Law No. 6698 (“Law”), we would like to inform you about the collection, storage, and transfer of personal data obtained in connection with your use of the Website, as well as the procedures and principles regarding this processing under Article 3 (“Definitions”) of the Law.

According to Article 3 (“Definitions”) of the Law, personal data refers to “any information related to an identified or identifiable real person.” This may include your name, address, email address, or phone number. Additionally, data collected through cookies that do not directly identify you (such as information about how you use the Website, which sections you visit) may be considered personal data if assigned a unique identifier and processed in an individualized manner.

We process the personal data of internet users and visitors using the Website through cookies to facilitate the use of the Website, customize it according to users’ and visitors’ interests and needs, and collect anonymous and aggregated statistical data to analyze how visitors interact with the Website. These data are used to improve the Website’s structure and content and do not contain any information that can personally identify you.

The personal data collected may be shared with legally authorized institutions to fulfill our legal obligations as DentSpa, in accordance with Articles 8 and 9 of the Law. These data will be transferred only to the extent necessary and upon request from authorized authorities.

Personal data regarding current and potential internet users and visitors is collected by DentSpa through the placement of cookies on the Website. This collection is based on the legal justification of DentSpa’s legitimate interests, provided that it does not harm the fundamental rights and freedoms of data subjects.

When you visit the Website, your browser is set to automatically transmit the following data to our internet server, where it is then stored in the data logs:

• Date of access
• Time of access
• URL of the referring website
• Retrieved files
• Amount of data transmitted
• Browser type and version
• Operating system
• IP address
• Domain name of your internet service provider

Cookies are small text files placed on your hard drive by a web server. Through this method, we automatically obtain certain data such as your IP address, the browser you use, your computer’s operating system, and your internet connection details.

This Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to help analyze how users interact with the Website. The information generated by the cookies regarding your Website usage (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your use of the Website, compile reports on Website activity, and provide other services related to Website traffic and internet usage.

Some cookies require the explicit consent of users before they can be used to collect data. This means that cookies cannot be set when the webpage is first loaded. The cookie can only be activated and used after obtaining user consent. Users can manage these cookies through the cookie settings on the website or their browser settings.

The following types of cookies require user consent:

• Social plug-in tracking cookies: These are cookies used for behavioral advertising, analytics, and market research.
• Third-party cookies for behavioral advertising: These cookies are used to deliver personalized advertisements based on the user’s online activity and require explicit consent before activation.

Note:If the user does not grant consent for these types of cookies, no tracking data will be collected, and personalized advertisements will not be shown. However, this may impact certain website features and user experience.

Mandatory, Functional, and Analytical Cookies Used on Our Website

• Essential cookies are necessary to ensure that the Website interface and its features function properly.
• Functional cookies help speed up activities during future visits.
• Analytical cookies assist us in understanding how visitors use the Website, enabling us to compile statistical data and improve content accordingly.
• These cookies do not collect, store, or process any data that could personally identify you and do not qualify as personal data.

İSTANBUL SMİLE TIP POLİKLİNİĞİ A.Ş.

KVKK APPLICATION FORM

Personal Data Protection Application Form

With this patient form, I have shared my personal data with İstanbul Smile Tıp Polikliniği A.Ş. (DentSpa).
I explicitly give my free consent for my personal and health-related special category personal data shared through this form to be processed in accordance with the provisions of Law No. 6698 on the Protection of Personal Data for the purposes of informing about healthcare services provided, appointment processing, and benefiting from the offered services. I also consent to the transfer of these data to service providers located domestically and/or abroad, including those considered as international data transfers, for support services such as server hosting, software, cloud computing, suppliers, consultants, etc., for the execution of these activities.

With this consent form, I approve the sending of commercial electronic messages by İstanbul Smile Tıp Polikliniği A.Ş. for purposes such as direct or indirect marketing, promotions, advertising, sales, customer satisfaction surveys, questionnaire studies, introduction, celebration, wishes, obtaining approvals, and similar purposes. These messages may be sent via SMS, MMS (multimedia messages), email, call center, mail, phone, newsletters, automated calls, WhatsApp, social media, and similar internet applications.
I also consent to the storage of these communications in the service provider’s information system located domestically and/or abroad for the execution of these activities, in accordance with Law No. 6563 on the Regulation of Electronic Commerce.

• Mersis No.: 0481097702200001
• Tax Identification Number: 4810977022
• Phone: 0850 255 88 88
• Address: TEŞVİKİYE MAHALLESİ HAKKI YETEN CADDE NO: 11/4 ŞİŞLİ, İSTANBUL

To unsubscribe from email, SMS, or call permissions free of charge, you can send an email to: [email protected].