PERSONAL DATA PROCESSING AND PROTECTION POLICY

1.1 Introduction

Op. Dr. Emre Gönen (“Op. Dr. Emre Gönen”)  attaches utmost importance to protecting the fundamental rights and freedoms of individuals, especially based on the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. In this context, Op. Dr.  Emre Gönen pays attention to the legal protection and processing of personal data in accordance with the Personal Data Protection Law No. 6698  (“KVKK”)  and the European Union General Data Protection Regulation  (“GDPR”) and acts with this understanding in all its planning and activities.

Ensuring the security of people’s personal data Op. Dr. He is one of Emre Gönen’s primary targets. For this reason, in order to securely process people’s personal data and prevent any unlawful access or leakage of these data, necessary security measures are taken in accordance with the applicable legislation. Dr. It is taken by Emre Gönen.

1.2 Purpose of the Policy

The purpose of the Personal Data Protection and Processing Policy  (“Policy”)  is to protect and process personal data that is processed in accordance with the purpose of KVKK and GDPR by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Dr. To inform personal data owners about Emre Gönen’s obligations and the procedures and principles it will comply with. In line with the purpose of the Policy, Op. Dr. In the protection and processing of personal data activities carried out by Emre Gönen, it is aimed to ensure full compliance with the legislation and to protect the right to privacy and data security of personal data owners.

1.3 Scope of the Policy

This Policy; It has been prepared for Patients/Clients, Employees, Employee Candidates and Visitors, provided that they are real persons, and will be applied within the scope of these specified persons. Op. Dr. The purpose of publishing the provisions of this Policy within the clarification text on the website by Emre Gönen is to inform data owners about the protection and processing of personal data and data security. This Policy will not apply to legal entities in any capacity.

This Policy applies to the above-mentioned Data Owners, for the use of their personal data by fully or partially automated or non-automatic means, provided that it is part of any data recording system. Dr. It will be implemented if processed by Emre Gönen. If the data is not included in the scope of “Personal Data” within the scope specified below or Op. Dr. This Policy will not be applied if the personal data processing activity carried out by Emre Gönen is not done through the means specified above.

1.4 Definitions

The concepts used in the implementation of this Policy have the following meanings:

Explicit Consent	It is consent regarding a certain subject, based on informed consent and expressed with free will.
Lighting Obligation	It is the obligation of the data controller to inform the persons whose personal data it processes, by whom, for what purposes and on what legal grounds these data may be processed, and to whom it may be transferred, and for what purposes.
Related User	Persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.
Destruction	It refers to the deletion, destruction or anonymization of personal data.
Processing of Personal Data	Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. It is any operation performed on data, such as blocking.
KVK Board	It is the Personal Data Protection Board.
Personal Data Owner	It refers to the Patients, Clients, Employees, Employee Candidates and Visitors whose Personal Data (including sensitive personal data) is processed.
Personal Data	It is any information regarding an identified or identifiable natural person.
Institution/Audit Mechanism	It is the Personal Data Protection Authority consisting of the Board and the Presidency.
Automatically Processing Data	Computer, phone, watch, etc. It is a processing activity that takes place automatically, without human intervention, within the scope of pre-prepared algorithms through software or hardware features, carried out by devices with processors.
Special Personal Data	Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data are special quality data.
Record	It is the Data Controllers Registry.
Op. Dr. Emre Gönen	Op. Dr. Emre Gönen.
Data Processor	It is a natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System	It refers to the recording system in which Personal Data is structured and processed according to certain criteria.
Data Category	It is a class of personal data belonging to a group or groups of data subjects in which personal data is grouped according to their common characteristics.
Data Subject Person Group	It is the relevant person group whose personal data the data controller processes.
Data Controller	It is the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for establishing and managing the data recording system.

1.5 Enforcement of the Policy

Op. Dr. Policy principles prepared by Emre Gönen and entered into force on 01.07.2021, Op. Dr. It is made available to data owners in the content of the KVK information text published on the corporate websites of Emre Gönen.

2. PROTECTION OF PERSONAL DATA

2.1 Security of Personal Data

Op. Dr. Emre Gönen takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data safely and prevent unlawful processing and access of personal data in accordance with KVKK and GDPR. Administrative and technical measures taken regarding the security of personal data, Op. Dr. It is regulated in detail in Emre Gönen’s Personal Data Storage and Destruction Policy.

2.2 Audit

Op. Dr. Emre Gönen carries out the necessary inspections and has them carried out in order to establish the data security described above and to ensure the regularity and continuity of the measures taken.

Op. Dr. The technical measures taken by Emre Gönen are supervised by authorized persons in six-month periods a year, and administrative measures are carried out by Op. Dr. It is inspected by people authorized by Emre Gönen.

2.3 Privacy

In order for the Data Processor not to disclose the personal data he/she has learned within the scope of his/her duty to anyone else, in violation of KVKK, GDPR and Policy provisions, and not to use it for purposes other than processing. Dr. All necessary administrative and technical measures are taken by Emre Gönen. In this context, information and training activities are carried out for the Practice employees about KVKK, GDPR and the Policy, and the relevant employees are made to sign confidentiality agreements as part of the recruitment process.

2.4 Unauthorized Disclosure of Personal Data

Op. Dr. If personal data processed by Emre Gönen is obtained by others through unlawful means, Op. Dr. Emre Gönen carries out the necessary procedures to notify the Data Owner and the KVK Board about this situation within the periods determined by the KVK Board. If deemed necessary by the KVK Board, this situation is announced on the KVK Board’s website or by another method deemed appropriate by the KVK Board.

2.5 Observing the Legal Rights of Relevant Persons

Op. Dr. Emre Gönen observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

2.6 Protection of Special Personal Data

Data regarding individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data of special quality is personal data. Op. Dr. Emre Gönen is aware that Special Personal Data is data that may cause the Data Owner to be victimized or discriminated against if learned by others, and for this reason, it carefully takes adequate measures determined by the Board to protect such personal data processed in accordance with the law. . In this context; It has a separate policy (Security of Special Personal Data Policy) that is systematic, has clear rules, is manageable and sustainable.

3. PROCESSING AND TRANSFER OF PERSONAL DATA

3.1 General Principles in Processing and Transferring Personal Data

Op. Dr. Personal Data is processed by Emre Gönen in accordance with the procedures and principles stipulated in KVKK, GDPR and this Policy. Op. Dr. Emre Gönen complies with the following principles when processing personal data.

3.1.1 Compliance with the Law, Rules of Honesty and Transparency

Op. Dr. Emre Gönen processes personal data in accordance with the relevant legislation and the requirements of the code of honesty and uses it within these limits. In accordance with the principle of honesty, Op. Dr. While trying to achieve its goals in data processing, Emre Gönen takes into account the interests and reasonable expectations of the relevant persons. It acts to prevent the emergence of consequences that the Data Owner does not expect and does not need to expect. In accordance with the principle, it also ensures that such data processing activity is transparent to the data subject; Acts in accordance with its lighting and warning obligations.

3.1.2 Be Accurate and Up-to-Date Where Necessary

Op. Dr. Emre Gönen ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights and legitimate interests of data owners. In this context, it carefully takes into account issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated. Op. Dr. Emre Gönen always keeps the channels open to ensure that the personal data owner’s information is accurate and up-to-date. Keeping personal data accurate and up-to-date, Op. Dr. It is necessary to protect the interests of Emre Gönen as well as the fundamental rights and freedoms of the Data Owner.

3.1.3 Processing for Specific, Clear and Legitimate Purposes

Op. Dr. Emre Gönen clearly and precisely determines the purpose of data processing and ensures that this purpose complies with the law. The purpose must be legal, Op. Dr. It means that the personal data processed by Emre Gönen is related to and necessary for the healthcare service in which it operates. Op. Dr. Emre Gönen does not process data for purposes other than these stated purposes. In this respect, it shows sensitivity in complying with the principle of certainty and clarity in legal transactions and texts in which the purposes of personal data processing are explained.

3.1.4 Being Related to the Purpose for which they are Processed, Limited, Proportionate and Necessary

Op. Dr. Emre Gönen ensures that the personal data processed are suitable for the achievement of the specified purposes and avoids the processing of data that is not relevant or needed to achieve the purpose. Op. Dr. Emre Gönen does not collect or process personal data for purposes that do not exist or are expected to be realized later. It also limits the data processed to only what is necessary to achieve the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the purpose it is intended to achieve.

3.1.5 Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed

Op. Dr. If there is a period stipulated in the relevant legislation for the storage of data, Emre Gönen complies with these periods; Otherwise, it retains personal data only for the period necessary for the purpose for which they are processed. Op. Dr. If there is no valid reason for further storage of personal data by Emre Gönen, the data in question will be deleted, destroyed or anonymized. Procedures for storage and destruction of personal data Op. Dr. It is regulated in detail in Emre Gönen’s Personal Data Storage and Destruction Policy.

3.1.6 Compliance with Integrity and Confidentiality Principles

Op. Dr. Personal data is processed by Emre Gönen by taking the necessary technical and administrative measures in order to ensure appropriate security against loss, destruction, damage or protection of personal data.

3.1.7 Compliance with the Accountability Principle

Op. Dr. Emre Gönen has fulfilled its obligation in accordance with the rules of protection of personal data in its processing activities, and in case of any complaint or ex officio review, it will be able to submit documents proving that these measures have been taken to the auditing institutions.

3.2 Conditions for Processing Personal Data

Op. Dr. Emre Gönen does not process personal data without the explicit consent of the Data Owner. Personal data can only be processed without the explicit consent of the Data Owner if one of the following conditions exists:

3.2.1 Explicitly Provided in Laws

Op. Dr. Emre Gönen may process personal data without seeking the explicit consent of the Data Owner, in cases clearly provided for by law.

3.2.2 It is Necessary for the Protection of the Life or Physical Integrity of the Person Who Is Unable to Express His Consent Due to Actual Impossibility or whose Consent Is Not Recognized as Legally Valid.

Op. Dr. Emre Gönen may process personal data without seeking explicit consent to protect the life or physical integrity of individuals in cases where consent cannot be expressed or is not valid.

3.2.3 It is Necessary to Process Personal Data of the Parties to the Contract, Provided That It is Directly Related to the Establishment or Performance of a Contract

Op. Dr. Emre Gönen may process the personal data of the Data Owner without seeking explicit consent, limited to this purpose, as a matter of ordinary course of life, in case it is necessary to process the personal data of the parties to the contract directly related to the establishment or execution of a contract.

3.2.4 It is mandatory to fulfill legal obligations

Op. Dr. Emre Gönen, as the Data Controller, may process the personal data of the Data Owner without seeking explicit consent when necessary in order to fulfill its legal obligations.

3.2.5 Being Publicized by the Relevant Person Himself

Op. Dr. Emre Gönen; The personal data of the Data Owner, which has been made public by the Data Owner, in other words, has been disclosed to the public in any way, may be processed on a limited basis for the purpose of publicization, as it is accepted that the legal interest to be protected in the processing of such data, which has been made public by the Data Owner and thus become known to everyone, is eliminated.

3.2.6 Data Processing Is Necessary for the Establishment, Exercise or Protection of a Right

Op. Dr. Emre Gönen may process the personal data of the Data Owner without seeking explicit consent, in cases where data processing is mandatory for the exercise or protection of a legally legitimate right.

3.2.7 It is mandatory for our practice to process data for its legitimate interests, provided that it does not harm the fundamental rights and freedoms of the relevant persons.

Op. Dr. Emre Gönen may process the Data Owner’s personal data in cases where processing of personal data is necessary to ensure its legitimate interests, provided that it does not harm the Data Owner’s fundamental rights and freedoms protected under KVKK, GDPR and the Policy. Op. Dr. Emre Gönen, compliance with the basic principles regarding the protection of personal data and Op. Dr. It shows the necessary sensitivity regarding the balance of interests of Emre Gönen and personal data owners. What is meant by legitimate interest; Legitimate is an effective, specific and existing interest that competes with the fundamental rights and freedoms of the Data Owner. Op. Dr. Emre Gönen takes additional protective measures to prevent any harm to the rights of the Data Owner. Op. Dr. A reasonable balance is maintained between the interests of Emre Gönen and the fundamental rights and freedoms of the person concerned.

3.3 Conditions for Processing of Special Personal Data

Op. Dr. Emre Gönen does not process sensitive personal data without the explicit consent of the Data Owner. Special categories of personal data can only be processed without the express consent of the relevant person if one of the following conditions is met:

3.3.1 Explicitly Provided in Laws

Special personal data of the Data Owner, other than his health and sexual life, may be processed without the express consent of the Data Owner in cases clearly provided for by law.

3.3.2 For the Purpose of Protection of Public Health, Preventive Medicine, Medical Diagnosis, Treatment and Care Services, Planning and Management of Health Services and Financing

Data Owner’s personal data of special nature regarding his health and sexual life, for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, persons or authorized institutions and organizations who are under the obligation of confidentiality. can be processed by.

3.4 Conditions for Transfer of Personal Data

Op. Dr. Emre Gönen may transfer personal data to third parties on a limited basis and based on one or more of the following personal data processing conditions, in accordance with Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR, by taking the necessary security measures:

• The Data Owner has explicit consent,
• There is a clear regulation in the law regarding the transfer of personal data,
• Personal data transfer is mandatory to protect the life or physical integrity of the Data Owner or someone else and the relevant person is unable to express his/her consent due to actual impossibility or his/her consent is not given legal validity,
• It is necessary to transfer personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• Op. Dr. Personal data transfer is mandatory for Emre Gönen to fulfill its legal obligations,
• Personal data has been made public by the Data Owner,
• Personal data transfer is mandatory for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the Data Owner, Op. Dr. Personal data transfer is mandatory for the legitimate interests of Emre Gönen.

Special personal data can be transferred based on one of the following conditions and provided that adequate precautions are taken:

• The relevant person must have explicit consent,
• If the person concerned has special personal data other than his or her health and sexual life, there is a clear regulation in the law regarding the transfer of this data.
• If the relevant person has special personal data regarding his/her health and sexual life, these data may be used by persons under the obligation of confidentiality or authorized institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing. can be transferred by organizations.

4. PERSONAL DATA CATEGORIES AND DATA SUBJECT PERSON GROUPS

4.1 Personal Data Categories

Personal data Op. Dr. It is categorized and processed by Emre Gönen as follows:

Identity	Your name, surname, TR Identity Number and/or Passport Number and/or Temporary TR Identity Number, place and date of birth, marital status, gender, profession, signature and other identification data that can identify you
Communication	Your address (residence, workplace), telephone number (your home/workplace fixed and/or mobile telephone numbers you have declared), your e-mail address, social media accounts and other communication data.
personnel	CV, title information; employment entry-exit document records; social security/retirement information, payroll information and other personal data.
finance	Personal data processed regarding information, documents and records showing the results of any financial relationship our practice has established with personal data owners, as well as your bank account information, credit information, balance sheet information, financial profile, asset and insurance information and other financial information.
Audiovisual Records	Photograph, camera and audio recording data taken outside the scope of physical location security of personal data owners.
Communication Records	Communication data that can be obtained through our practice’s communication and information systems: Corporate telephone call records, corporate mail and e-mail records and their contents, etc.
Customer Transaction	Satisfaction information about our practice’s patients, Invoice, receipt information, etc.

SPECIAL PERSONAL DATA

Health Information

Your blood type, allergies, chronic diseases, data regarding previous surgeries/operations, medications you constantly use, analysis and imaging results, prescription information, body analysis and measurement information, medical history, skin analysis information, hormonal tests, information about your sexual life. your information, venereal disease information, information regarding Covid-19 disease, medical treatments, anesthesia information and other health data.

4.2 Data Subject Person Groups

Only natural persons can benefit from the protection of this Policy and the Law. Personal data owners in this scope are grouped as follows:

Employee Candidate	They are real persons who have applied for a job at our practice by any means or have made their CV and related information available for review by our practice.
Customer	They are patients or clients who come to our practice.
Worker	Op. Dr. They are individuals working at Emre Gönen.
Visitor	All real persons who have entered the physical premises of our practice for various purposes or visited our websites for any purpose.

5. PERSONAL DATA COLLECTION METHOD AND LEGAL REASON

5.1 Personal Data Collection Method

Your Personal Data, Op. Dr. By real or legal persons authorized by Emre Gönen in the capacity of ” DATA PROCESSOR/PROCESSOR “; It is recorded physically and electronically by taking verbal, written, camera and photo recordings, and is processed by obtaining your explicit consent in cases stipulated by KVKK and GDPR.

• Job application forms,
• Personnel information forms,
• Op. Dr. Various documents submitted to Emre Gönen,
• Op. Dr. Mails and e-mails sent to Emre Gönen,
• corporate phones,
• Photo/Video recordings,
• Websites,
• Patient Information Forms,
• Analysis Results,
• Viewing Results,
• Health Information Forms,
• Log Recorder (Firewall),
• Service providers whose servers are located abroad (whatsapp/instagram/facebook/messanger/linkedin/youtube/zoomus/Google/Hotmail/yahoo etc.)

5.2 Legal Reason for Collection of Personal Data

Our practice collects personal data based on one of the following legal reasons in accordance with Articles 5 and 6 of the Law and Articles 6 and 9 of the GDPR:

• Explicit consent of the person concerned,
• It is clearly stipulated in the law;
• Personal data has been made public by the relevant person himself,
• It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• If the Data Owner has special personal data regarding his health and sexual life, these data are for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing,
• Op. Dr. It is mandatory for Emre Gönen to fulfill his legal obligation,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the persons concerned, Op. Dr. It is mandatory for Emre Gönen to process data for its legitimate interests.

6. PURPOSES OF PROCESSING PERSONAL DATA

6.1 Matching of Data Subject Person Groups with the Purposes of Processing Regarding Personal Data Categories

The matching of data subject groups, whose definitions and scopes are given above, with the processing purposes of personal data categories is presented below:

• Employee Candidate

Data Categories :  Identity, Contact, Personnel, Professional Experience,

Purposes of Processing :  Carrying out Emergency Management Processes, Carrying out Information Security Processes, Carrying out Employee Candidate / Intern / Student Selection and Placement Processes, Carrying out the Application Processes of Employee Candidates, Carrying out Communication Activities

• Customer (Patient/Client)

Data Categories :  Identity, Communication, Financial, Customer Transaction, Health Data, Biometric Data

Purposes of Processing :  to create a patient file, to carry out your examination, preventive medicine, medical diagnosis, treatment and care services, to carry out your checks after medical diagnosis and treatment processes, to communicate with you one-on-one, to manage appointment processes, to realize patient satisfaction and demand management, to carry out legal and contractual obligations. To be able to maintain the information regarding your health data that must be kept in accordance with the relevant legislation within the specified periods, to receive consultation from another relevant specialist physician when necessary in order to provide the correct treatment, to fulfill the legal obligations in accordance with the legislation within the scope of health tourism, to be able to fulfill the legal obligations of the patients coming within the scope of health tourism. To be able to plan the transfer and accommodation services of clients, to announce innovations regarding medical treatment and practices, to inform third parties about the applied medical procedure, to plan and manage health services and their financing, to fulfill the responsibilities arising from the legal relationship established between the doctor and the patient, and to fulfill financial and administrative obligations. To ensure technical and commercial security and to fulfill public obligations

• Worker

Data Categories :  Identity, Contact, Personnel, Finance, Visual and Audio Information,

Purposes of Processing :  Execution of Emergency Management Processes, Execution of Information Security Processes, Fulfillment of Employment Contract and Legislation Obligations for Employees, Execution of Fringe Benefits and Benefits Processes for Employees, Execution of Activities in Compliance with the Legislation, Execution / Audit of Business Activities, Organization and Event Management

• Visitor

Data Categories: Legal Action

Purposes of Processing: Execution of Emergency Management Processes, Execution of Information Security Processes,

6.2 Personal Data Processing Activities Performed on the Website

Traffic information of online visitors visiting our website is automatically processed for the purpose of carrying out information security processes. On the other hand, in accordance with Law No. 5651 and other legislation, hosting providers have the obligation to record and store website traffic information.

6.3 Personal Data Processing Activities Performed Through Communication Channels

Phone, email etc. Communications made through channels Op. Dr. It is inspected and recorded by Emre Gönen for the purpose of conducting/supervising business activities and tracking requests/complaints.

Data owners must use these channels only within the scope of their business activities.

7. PURPOSES OF TRANSFER OF PERSONAL DATA AND PERSONS/ORGANIZATIONS TO WHICH THEY ARE TRANSFERRED

7.1 Purposes of Transfer of Personal Data

Op. Dr. Emre Gönen transfers personal data limited to the following purposes within the framework of the conditions specified in Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR:

• To carry out examination, preventive medicine, medical diagnosis, treatment and care services,
• Managing complication processes,
• Getting a consultation,
• Fulfilling obligations in accordance with the Ministry of Health Legislation,
• Fulfilling obligations in accordance with International Health Tourism Legislation,
• Meeting the transportation, accommodation and translator needs of Health Tourist patients, fulfilling administrative obligations before Provincial Health Directorates and District Health Directorates,
• Providing medical information to third parties regarding the health services provided,
• Carrying out the application processes of employee candidates,
• Fulfillment of Employment Contract and Legislation Obligations for Employees,
• Execution of Fringe Benefits and Benefits Processes for Employees,
• Conducting Activities in Compliance with Legislation,
• Carrying out Finance and Accounting Affairs,
• Execution/Audit of Business Activities,
• Carrying out Business Continuity Ensuring Activities,
• Execution of Risk Management Processes,
• Ensuring and auditing data security,
• Execution of Contract Processes,
• Providing Information to Authorized Persons, Institutions and Organizations

7.2 Persons/Organizations to whom Personal Data is Transferred

Op. Dr. Emre Gönen can transfer personal data to the following persons and organizations, limited to the data subject groups and data required by the purpose of transfer:

• To other specialist physicians for consultation,
• Insured Employees,
• To its suppliers,
  • Financial Advisors, Tax and Finance Consultants and Auditors
  • Legal Advisor
  • Database (Server) Providers
  • translators
  • Web Consultant
  • Data Protection Officer
  • IT Consultant
  • Tourism Agencies
• Public Institutions and Organizations authorized within the framework of the law,
• To the Judicial Authorities.

8. DESTRUCTION AND STORAGE PERIOD OF PERSONAL DATA

8.1 Destruction of Personal Data

Without prejudice to the provisions regarding the destruction of personal data in other laws, Op. Dr. Emre Gönen deletes, destroys or anonymizes the personal data it has processed in accordance with the provisions of KVKK and other laws, ex officio or upon the request of the relevant person, in accordance with the Personal Data Storage and Destruction Policy, in case the reasons requiring processing are eliminated.

Deletion of personal data refers to the process of making personal data inaccessible and unusable for the relevant users in any way.

Destruction of data; It refers to the process of making personal data inaccessible, irretrievable and unusable by anyone.

Anonymization of data, masking of personal data, variable extraction, generalization, etc. It refers to the process of making it impossible to associate it with an identified or identifiable natural person in any way, even if it is matched with other data using techniques.

8.2 Storage Periods of Personal Data

Op. Dr. Emre Gönen stores personal data in accordance with the periods stipulated in the laws and other legislation. If there is no retention period stipulated in laws and other legislation, personal data, Op. Dr. In accordance with Emre Gönen’s Personal Data Storage and Destruction Policy, that personal data is stored for the period required to achieve the purpose of processing, and is then deleted, destroyed or anonymized within the framework of periodic destruction periods.

9. PERSONAL DATA OWNER’S RIGHTS ACCORDING TO KVKK AND GDPR

9.1 Rights of the Data Subject Under the GDPR

As a Data Owner, your Personal Data is also protected in accordance with the GDPR. In cases where GDPR falls within the jurisdiction (European citizens or residents of Europe), the rights of data owners are as follows;

• Right of Access (GDPR article 15):  The data owner can check whether personal data about him/her is being processed or not. Dr. He/she has the right to confirm by contacting Emre Gönen and to learn the details in GDPR article 15 in case personal data is processed.
• Right to Rectification (Article 16 GDPR):  Data Owner, Op. Dr. Emre Gönen has the right to have any changed personal data belonging to him corrected at any time by contacting us.
• Right to Erasure (Article 17 GDPR):  Data Owner, Op. Dr. Emre Gönen has the right to request the deletion of his personal data held by him. If the matters specified in Article 17 of the GDPR occur, Op. Dr. Your personal data will be deleted by Emre Gönen without delay.
• Right to Restriction of Processing (Article 18 GDPR):
  • If the Data Owner objects to the up-to-dateness of Personal Data, Op. Dr. Until the accuracy of the Personal Data is confirmed by Emre Gönen, the Data Owner has the right to request the restriction of the use of the data.
  • If the Personal Data processing activity is illegal and the Data Owner objects to the deletion of Personal Data, the Data Owner has the right to request the restriction of the use of the data.
  • Op. Dr. Although Emre Gönen no longer needs your personal data, if we want to establish and enforce your rights, the Data Owner has the right to request the restriction of the use of the data.
  • Op. Dr. Until it is verified whether Emre Gönen’s legitimate reasons outweigh the legitimate reasons of the Data Owner, the Data Owner has the right to request the restriction of the use of the data if he objects to the processing activity in accordance with Article 21/1 of the GDPR.
• Right to Data Portability (Article 20 GDPR):  Data Owner, if technically possible, Op. Dr. Emre Gönen has the right to request the transfer of his Personal Data held by him to another controller at any time by contacting us. However, you can exercise this right when data processing is based on your consent or when required by contract.
• Right to Object (Article 21 GPDR):
  • The Data Subject has the right to object, on grounds relating to his or her particular situation, to processing of Personal Data, including profiling, pursuant to point (e) or (f) of Article 6(1) of the GDPR. Op. Dr. Emre Gönen cannot process your Personal Data unless it can demonstrate a strong legitimate reason, such as overriding the interests, rights and freedoms of the Data Owner or the establishment, exercise or protection of a legal right.
  • The Data Subject has the right to object at any time to processing of Personal Data for marketing purposes, including profiling to the extent that Personal Data is related to such direct marketing.
  • If the Data Owner objects to the processing of Personal Data for direct marketing purposes, the Personal Data will no longer be processed for such purposes.

9.2 Data Owner’s Rights According to KVKK

The rights that natural persons whose Personal Data are processed have in accordance with Article 11 of the KVKK are as follows;

• Learning whether personal data is processed or not,
• Requesting information if personal data has been processed,
• Learning the purpose of processing personal data and whether they are used for their intended purpose,
• Knowing the third parties to whom personal data is transferred at home or abroad,
• Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
• Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the provisions of KVKK and other relevant laws, and requesting that the transaction carried out in this context be notified to third parties to whom personal data has been transferred,
• Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
• Request compensation for damages in case of damage due to unlawful processing of personal data.

In case data owners have rights or requests that they want to exercise from the rights listed above; They submit their written applications, in which they clearly and understandably state which of the rights they wish to exercise, stated in Article 11 of the KVKK, with wet signatures and documents proving their identity, to Op. Dr. They can submit it personally to the address of Emre Gönen Clinic, send it through a notary public, or send it to Op. by signing with a secure e-signature. Dr. They can be sent to the corporate e-mail address of Emre Gönen or via other methods specified in KVKK. In applications, it is mandatory to include name-surname, signature, TR ID number/passport number/temporary ID number, residence or workplace address, e-mail address, telephone and fax number, and the elements subject to the request, in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller” .

Op. Dr. Emre Gönen will finalize the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee at the tariff determined by the Personal Data Protection Board will be charged.