Text of the Personal Data Protection Law

  • Homepage
  • Text of the Personal Data Protection Law

DR. ECE ÖGE WEBSITE DISCLOSURE TEXT ON THE LAW ON THE PROTECTION OF PERSONAL DATA

DR. ECE ÖGE (hereinafter referred to as the Company) may process your personal data as Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data (the Law) and the European Union General Data Protection Regulation (‘GDPR’) and related legislation, within the framework we explain in detail below.

You can find detailed information about the protection, processing, storage and destruction of your personal data under the heading ‘Protection and Privacy of Personal Data’ on our website.

A. COLLECTION, PROCESSING AND PROCESSING PURPOSES OF PERSONAL DATA

1. COLLECTION OF PERSONAL DATA

The Company may use cookies to better provide its services and to adapt the content to individual needs and interests. Disabling cookies in the browser does not prevent the use of services on the website, but may cause some technical problems. Cookies are also used to collect general, statistical information about the user's use of the website. Our detailed cookie policy is available on our website.

Personal data can also be collected from digital media such as company websites, software and applications offered for use via computers or some smart devices, social media accounts activated by persons authorised to provide services on behalf of the company.

2. PROCESSING OF PERSONAL DATA

The Company may process your personal data of private and general nature, especially your health data, for the specified purposes:

  • Your identity information: Your name, surname, Turkish ID number, passport number or temporary Turkish ID number, place and date of birth, marital status, gender, insurance and/or any other identification data that can identify you;
  • Your Contact Data: Your address, telephone number, e-mail address and other contact data, your voice call records kept by customer representatives or customer services in accordance with call centre standards, and your personal data obtained when you contact us via e-mail, letter or other means; other personal data you send to us through our communication channels,
  • Family Members and Relatives Information, children, spouses and identity information of the data subject,
  • Your Bank Account Information: Your financial data such as your bank account number, IBAN number, credit card information only on the slip, invoicing and billing information,
  • Physical Space Security Information, If you use the car park belonging to our customers, your vehicle registration plate information, visit information, entry and exit information, your images obtained from camera recordings that are constantly recorded in common areas, your voice recording,
  • Legal Action Information, information requests from judicial and administrative institutions, data resulting from audits and inspections, your other personal data, including your CV provided in this regard if you apply for a job to the Company, and any personal data related to your service contract if you are a company employee or related employee, your data regarding private health insurance for the purpose of financing and planning of health services and your data from the Social Security Institution,
  • Marketing Information, targeting information that may affect the service, cookie records, surveys filled out by our Customers, thank you and complaint letters, satisfaction results, etc. notifications you make to evaluate,
  • Personal Data of Special Nature, data on race, health and sexual life, data on criminal convictions and security measures, biometric data, especially the information required to be obtained in accordance with the service provided or legal legislation.

3. PURPOSES OF PROCESSING PERSONAL DATA

Your personal data shared by you;

  • Carrying out the necessary work, including but not limited to determining and implementing the commercial and business strategies of our Company, carrying out marketing activities, carrying out business development and planning activities, in order to benefit you and/or the institutions and organisations you represent from the products and services offered by our Company,
  • Ensuring the physical security and supervision of the locations in use by our company,
  • Establishment of business partner/customer/supplier (authorised or employees) relations,
  • Ensuring the contractual requirements and financial reconciliation regarding the products and services offered together with our business partners, suppliers or other third parties,
  • Follow-up of legal and administrative affairs, human resources policies,
  • It may be processed for the purpose of calling our Company's call centre or using the website and/or participating in the trainings, seminars or organisations organised by our Company.

4. STORAGE OF PERSONAL DATA

  • Your personal data will be stored in electronic and/or physical environments. In order to ensure that your personal data provided and stored by our Company are not subject to unauthorised access, manipulation, loss and damage in the environments where they are stored, the design of the necessary business processes and technical security infrastructure developments are implemented.
  • Your personal data will be processed by taking all necessary information security measures, provided that they are not used outside the purposes and scope notified to you, and will be stored and processed for the legal retention period or, if no such period is stipulated, for the period required by the purpose of processing. When this period expires, your personal data will be removed from our Company's data streams by deletion, destruction or anonymisation methods.
  • The Company adopts the principle of acting in accordance with the law when sharing data with both business and solution partners. Data is shared with business and solution partners with a commitment to data confidentiality and only as much data as required by the service and these parties are obliged to take measures to ensure data security.
  • Law on the Regulation of Trade. Law and the Regulation on Commercial Communication and Commercial Electronic Messages. In accordance with the Regulation on Commercial Communication and Commercial Electronic Messages, electronic messages for advertising purposes may only be sent to persons whose prior consent has been obtained. The consent of the person to whom the advertisement will be sent must be explicitly available. The Company complies with the details of the ‘consent’ determined in accordance with the same legislation. This approval may be obtained in writing in physical environment or by any electronic communication tool.
  • If a contractual relationship has been established with our customers and prospective customers, the personal data collected may be used without the consent of the customer. However, this use is realised in line with the purpose of the contract. On the other hand, the data left to us by our prospective customers (prospective customers) are processed in order to provide them with easier and higher quality service afterwards. These data will be deleted upon request, unless a contractual relationship exists.
  • The data received by our company are processed in the system only to the extent necessary. Excess information is not recorded in the system, deleted or anonymised. This data can be used for statistical purposes.

B. TRANSFER OF PERSONAL DATA

  • The Company may transfer personal data domestically or abroad in accordance with the additional regulations listed in Articles 8 and 9 of the Law and determined by the Personal Data Protection Board; in case the conditions for the transfer of personal data exist.
  • Transfer of personal data to third parties in the country, your personal data may be transferred by the company in the presence of at least one of the data processing conditions specified in Articles 5 and 6 of the Law and provided that the basic principles regarding the data processing conditions are complied with.
  • Transfer of personal data to third parties abroad, upon the written commitment of the company and the data controller in the relevant country to adequate protection, personal data may be transferred to third parties abroad in the presence of at least one of the data processing conditions specified in Articles 5 and 6 of the Law, provided that the Personal Data Board authorises this processing.

C. DESTRUCTION OF YOUR PERSONAL DATA

Although it has been processed in accordance with the provisions of the relevant law, it may delete or destroy personal data based on its own decision or upon the request of the personal data owner in the event that the reasons requiring its processing disappear.

The deletion or destruction techniques used by us are physical destruction, secure deletion from software, secure deletion by an expert.

The Company may anonymise personal data when the reasons requiring the processing of personal data processed in accordance with the law disappear. Anonymisation of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

In accordance with Article 28 of the KVK Law; anonymised personal data may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of the PDP Law and the explicit consent of the personal data owner will not be sought. Personal data processed by anonymisation are outside the scope of the PDP Law. The most commonly used anonymisation techniques used by the Company are masking, aggregation, data derivation, data mixing.

D. CASES WHERE DATA MAY BE PROCESSED WITHOUT EXPLICIT CONSENT IN ACCORDANCE WITH THE LAW ON THE PROTECTION OF PERSONAL DATA

Pursuant to Article 5 of the KVK Law, your personal data specified below may be processed without seeking your explicit consent in the following cases:

  1. It is clearly stipulated in the laws.
  2. It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.
  3. It is necessary to process personal data belonging to the parties to a contract, provided that it is directly related to the establishment or performance of a contract.
  4. It is mandatory for the data controller to fulfil its legal obligation.
  5. It has been made public by the data subject himself/herself.
  6. Data processing is mandatory for the establishment, exercise or protection of a right.
  7. Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

E. DATA SECURITY

As a company; we attach importance to protecting your personal data. For this reason, we inform you that we protect your personal data against possible risks within our technical and administrative capabilities in accordance with information security standards and procedures.

F. YOUR RIGHTS REGARDING THE PROTECTION OF YOUR PERSONAL DATA

Pursuant to Article 11 of the Personal Data Protection Law, you can send an e-mail to our e-mail address on our website in accordance with the relevant legislation of your personal data;

  1. To learn whether it is processed or not; if processed, to request information about it and to learn the purpose of processing and whether it is used in accordance with this purpose,
  2. To know the third parties to whom personal data are transferred domestically or abroad,
  3. To request correction in case of incomplete or incorrect processing,
  4. In case your personal data is incomplete or incorrectly processed, to request that third parties to whom personal data is transferred be notified of the transactions regarding the correction of these and / or deletion or destruction of personal data,
  5. To request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,
  6. To object to unfavourable consequences that may arise as a result of processing through automated systems,
  7. We hereby inform you that you have the right to demand from us the compensation of the damage in case of damage due to processing contrary to the law and the relevant legislation.

Your right to learn whether personal data has been processed or not, your right to request information if personal data has been processed;  if you exercise your right to learn the purpose of processing personal data and whether they are used in accordance with their purpose or your right to know the third parties to whom personal data are transferred domestically or abroad, the relevant information will be notified to you as soon as possible and within thirty days at the latest, depending on the nature of your request, in writing or electronically, in a clear and understandable manner, free of charge, through the contact information provided by you, but if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

During the evaluation of the applications, the Company first determines whether the person making the request is the real right holder. However, the company may request detailed and additional information for a better understanding of the request when deemed necessary.

Responses to data subject applications by the Company are notified to data subjects in writing or electronically. If the application is rejected, the reasons for rejection will be explained to the data subject with justification.