KVKK - M.Y. DENTAL

Data Controller
In accordance with the Personal Data Protection Law No. 6698 (KVKK), your personal data is processed by Mecnur Yılmaz Sağlık Hizmetleri Limited Şirketi (Clinic), located at Müftü Mah. İbrahim Efe Cad. Ataoğlu Apt. No.48 A Ereğli, as the data controller, within the scope explained below.
This disclosure text has been prepared to inform the Clinic’s patients regarding the processing of personal data in the DentSoft system in accordance with KVKK, for the purpose of informing the patients about the personal data specified in this text.

The terms mentioned in this text are as follows:
Explicit Consent: The approval given, based on being informed and free will, clearly and exclusively for a specific process.
Anonymization: The process of making personal data unidentifiable and unlinkable to any specific or identifiable individual, even when matched with other data.
Data Subject: The natural person whose personal data is processed.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing of Personal Data: Any operation performed on personal data, whether automated or non-automated, such as obtaining, recording, storing, changing, organizing, disclosing, transmitting, acquiring, making available, classifying, or preventing its use.
Data Controller: A real or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. Personal data refers to any information related to an identified or identifiable individual. Therefore, the regulations regarding personal data in this text will apply if the information relates to a natural person.

Your personal data will be processed in accordance with the following fundamental principles set out in KVKK:

Compliance with law and good faith,
Being accurate and, where necessary, up to date,
Being processed for specific, explicit, and legitimate purposes,
Being relevant, limited, and proportionate to the purpose for which they are processed,
Being kept for as long as necessary for the purposes stated or required by relevant legislation.

This Clinic Patient Information Text has been prepared for the purpose of informing you about the following:

The types of personal data collected by the Clinic,
How these personal data are used,
Who the Clinic may share your personal data with,
Your rights regarding your personal data and how you can exercise them,
Your communication options for any requests.

2. Processed Data Types and Data Categories

Patient
- Identity: Full name, TCKN, nationality, date of birth, gender
- Contact: Phone number, email address, address
- Employment: Profession
- Customer Transaction: Patient type, arrival method, recommended doctor, contracted institution, health tourism agency, billing information, appointment date and services received, upcoming appointment, notifications made, last visit, and concerned doctor
- Financial Information: Debt/balance amount, treatment amount, total payment amount and method
- Health Information: Disease information, past illnesses/chronic diseases, medications used, surgeries undergone, blood type, treatment information, x-rays, reports, prescriptions, dental condition, and previous treatments
- Other Information: Mother’s name, father’s name, mother and father’s phone number and email addresses, mother and father’s professions, types of toothbrush and toothpaste, mouthwash and dental floss brand, hobbies

3. Methods of Collecting Personal Data

The clinic collects the personal data mentioned in this notice from its patients through oral communication, completion of written forms, during the services provided, or electronically transmitted by patients, in accordance with the conditions for personal data processing specified in the KVKK (Personal Data Protection Law). The data is processed for purposes including but not limited to conducting business operations, communication activities, and goods/services sales activities.

4. Purposes of Personal Data Processing and Legal Grounds

Identity: Customer transaction
Financial: Business operations/monitoring, continuity of business, legal obligations, finance and accounting, sale and post-sale services, archiving, supply chain management, contract execution, management operations
Communication: Conducting communication activities, sales operations, marketing processes, archiving, product/service sales
Employment: Business operations, management activities, improving business processes, customer relations management
Health Information: Business operations/monitoring, service continuity, legal obligations, sale and post-sale services, archiving, treatment

Legal Grounds for Processing Data
Data is processed where necessary for contract execution, fulfillment of legal obligations, legitimate interest of the clinic, and consent from data subjects.

5. Transfer of Personal Data

The clinic processes your personal data in accordance with the principles of "need to know" and "need to use," ensuring necessary data minimization and taking the required technical and administrative security measures. Due to the nature of processes such as the provision of goods and services and the management of supply chain processes, which require continuous data flow with various stakeholders, we are required to transfer the personal data we process to third parties for specific purposes.
The personal data mentioned above may be transferred domestically or, with your explicit consent, to the following groups abroad for the purpose of fulfilling the processing objectives outlined in this document:

Sharing with suppliers located within or outside the country to ensure the continuation of internal clinic operations,
Sharing with relevant public authorities or institutions to fulfill legal obligations.

6. Rights of the Data Subject

Under the personal data protection legislation, you have the following rights:

To learn whether your personal data is being processed,
To request information regarding the processing of your personal data,
To learn the purpose of processing your personal data and whether it is used for its intended purpose,
To know the third parties, whether domestic or foreign, to whom your personal data has been transferred,
To request the correction of any incomplete or incorrect personal data, or to have them updated,
To request the deletion or destruction of your personal data, as per the conditions specified in the KVKK (Personal Data Protection Law),
To request that the correction, deletion, or destruction of your personal data be notified to third parties to whom your personal data has been transferred,
To object to a result that is generated through the solely automated processing of your data,
To request compensation for damages caused due to unlawful processing of your personal data.

As a data subject, you may exercise your rights by submitting a written request to the following address: Müftü Mah. İbrahim Efe Cad. Ataoğlu Apt. No.48 A Ereğli. Alternatively, you can submit your request through a secure electronic signature or mobile signature by sending it via your registered e-mail address (KEP) to the clinic’s registered e-mail at mecnuryilmaz@gmail.com or use the e-mail address you have previously provided and registered in our systems to send an email to mecnuryilmaz@gmail.com.
In your application to exercise the rights mentioned above, your request should be clear, understandable, related to you personally, or you must be specially authorized to act on behalf of someone else, and this authorization must be documented. The request must also meet the minimum application requirements outlined in the "Procedures and Principles for Applications to the Data Controller" regulation.

If you submit your request using the methods specified above, the clinic will process your request free of charge as soon as possible and no later than 30 days. However, if the process requires additional costs, the clinic will charge a fee according to the tariff determined by the Personal Data Protection Authority.