Personal Data Protection and Processing Policy - DEVADENTS International Dental Clinic & International Health Tourism

Personal Data Protection and Processing Policy

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ TİC.LTD.ŞTİ.

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Target Audience: DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. All natural persons whose personal data are processed by

Prepared by: DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. Personal Data Protection Committee

Version: 1.0

Approved by : Fatih KAFAOĞLU.

CONTENTS

INTRODUCTION 3

1.1. Objective 3

1.2. Scope 3

1.3 . support 3

1.4. Definitions 3

PERSONAL DATA PROTECTION ISSUES 5

2.1. Ensuring the Security of Personal Data 5

2.2. Protection of Private Personal Data 5

2.3. Developing Awareness on Protection and Processing of Personal Data 5

PROCESSING PERSONAL DATA 5

3.1. Processing of Personal Data in Compliance with the Legislation 5

3.2. Terms of Processing Personal Data 6

3.3. Processing of Private Personal Data 7

3.4. Disclosure of Personal Data Owner 7

3.5. Transfer of Personal Data 7

PERSONAL DATA INVENTORY PARAMETERS 8
MEASURES TO PROTECT PERSONAL DATA 9
STORAGE AND DISPOSAL OF PERSONAL DATA 9
RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS 9

7.1. Rights of Personal Data Owner 9

7.2. Exercise of Personal Data Owner’s Rights 9

7.3. Responding to Applications 10

7.4. Rejection of Personal Data Owner’s Application 10

7.5. Personal Data Owner’s Right to Complain to the KVK Board 10

EXECUTION 10
EFFECT AND ANNOUNCEMENT 11

APPENDIX 1- Data Categories and Personal Data 12

APPENDIX 2- Categorical Personal Data Processing Purposes 14

APPENDIX 3 – Persons to whom Personal Data are Transferred and Purposes of Transfer 15

CONTINUE HEALTH SERVICES TİC.LTD.ŞTİ.

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

ENTRANCE

Continue Health Services Tic.Ltd.Şti. As (“DEVA ORAL AND DENTAL HEALTH POLYCLINIC”) , Fatih KAFAOĞLU attaches importance to the protection of personal data in its activities and considers it among its priorities in business and transactions. Continue Health Services Tic.Ltd.Şti. Personal Data Protection and Processing Policy (“Policy”), Personal Data Processing Procedures and Principles determined by the Personal Data Protection Law No. 6698 (“Law”), Continue Sağlık Hizmetleri Tic.Ltd.Şti. It is the basic arrangement for the harmony of organization and business processes. Continue Health Services Tic.Ltd.Şti. In line with the principles of this Policy, it processes and protects personal data with a high level of responsibility and awareness, and provides the necessary transparency by informing the personal data owners.

Aim

The purpose of this Policy, the procedures and principles stipulated by the Law and other relevant legislation, continue Sağlık Hizmetleri Tic.Ltd.Şti. is to ensure that it is implemented effectively in its activities by harmonizing it with its organization and processes. DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. With this Policy, it takes all kinds of administrative and technical measures for the processing and protection of personal data, establishes necessary internal procedures, raises awareness, and provides all necessary trainings to raise awareness. All necessary measures are taken and appropriate and effective audit mechanisms are established for the compliance of shareholders, officials, employees and business partners with the Law processes.

1.2. Scope

Policy, DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. It covers all personal data obtained automatically in business processes or by non-automatic means provided that it is a part of any data recording system.

. Rest

REGULATION ON PRIVATE HEALTH INSTITUTIONS OFFERING ORAL AND DENTAL HEALTH SERVICES; ARTICLE 3 – (1) This Regulation; To the provisions of the Law No. 1219 dated 11/4/1928 on the Execution of the Style of Medicine and Medical Arts, subparagraph (c) of the Basic Law of Healthcare Services dated 7/5/1987 and numbered 3359, and Supplementary Article 11 and 11/10 Prepared on the basis of Article 40 of the Decree Law on the Organization and Duties of the Ministry of Health and its Affiliates, dated 2011 and numbered 663. It is processed to fulfill the legal obligations arising from the Social Insurance and General Health Insurance Law No. 5510, the Unemployment Insurance Law No. 4447, the Turkish Commercial Code No. 6102, the Tax Procedure Law No. 213 and other relevant legislation.

In cases where there is inconsistency between the current legislation and the Policy, the current legislation is applied.

1.4. Definitions

express consent	It refers to the consent on a particular subject, based on information and expressed with free will.
Application form	The application form for the applications to be made by the data subject (Personal Data Owner) to the data controller, prepared in accordance with the Law on the Protection of Personal Data No.
Related user	Except for the person or unit responsible for technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller.
Destruction	Deletion, destruction or anonymization of personal data.
recording media	Any environment where personal data is processed wholly or partially automatically or by non-automatic means provided that it is a part of any data recording system.
Personal data	Any information relating to an identified or identifiable natural person.
Processing of personal data	Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on the data, such as blocking.
Anonymization of personal data	Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Personal data owner	Personal data continue Health Services Tic.Ltd.Şti. natural person processed by or on behalf of.
Deletion of personal data	Deletion of personal data; make personal data inaccessible and non-reusable for Relevant Users in any way. bringing in.
Destruction of personal data	The process of making personal data inaccessible, irretrievable and unusable by anyone in any way.
Board	Personal Data Protection Board
Organisation	Personal Data Protection Authority
Special categories of personal data	Data on people’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures. biometric and genetic data.
periodic destruction	The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all of the personal data processing conditions in the Law are eliminated.
Data Processor	A natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System	The registration system in which personal data is processed and structured according to certain criteria.
Data subject / Contact person	The natural person whose personal data is processed.
data controller	The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Representative	The natural person appointed to fulfill the duties of the Data Controller within the scope of the relevant laws in accordance with the Law.
regulation	Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on October 28, 2017

PERSONAL DATA PROTECTION ISSUES
- Ensuring the Security of Personal Data

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. , takes the necessary measures stipulated in Article 12 of the Law, depending on the nature of the personal data, in order to prevent the unlawful disclosure, access, transfer or security problems that may arise in other ways. DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. takes measures and performs audits to ensure the required level of personal data security in accordance with the guidelines published by the Personal Data Protection Authority.

Protection of Private Personal Data

Personal data regarding race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, HEALTH, sexual life, criminal conviction, security measures, and biometric data of a private nature. and the precautions taken for the protection of genetic data are carefully implemented and necessary inspections are carried out.

Developing Awareness on Protection and Processing of Personal Data

Merve GEÇKİN provides the necessary training to the persons concerned in order to legally process and access personal data, to preserve data and to raise awareness about exercising rights.

In order to increase the awareness of the employees to protect their personal data, continue Sağlık Hizmetleri Tic.Ltd.Şti. creates the necessary business processes, receives support from consultants if needed. The deficiencies encountered in practice and the result of the trainings DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. evaluated by management. In case of need, new trainings are organized depending on the changes in the legislation related to these evaluations.

3. PROCESSING PERSONAL DATA

3.1. Processing of Personal Data in Compliance with the Legislation

Personal data is processed in accordance with the legislation in line with the principles listed below.

Processing in Compliance with Law and Integrity

Personal data is processed to the extent required by business processes, limited to these, without harming the fundamental rights and freedoms of individuals, in accordance with the law and honesty.

Ensuring Personal Data is Up-to-Date and Accurate

Necessary measures are taken to keep the processed personal data up-to-date and accurate, and work is planned and programmed.

Processing for Specific, Explicit, and Legitimate Purposes

Personal data is processed depending on the legitimate purposes determined and explained in the business processes.

Being Related to the Purpose for which they are Processed, Limited and Measured

Personal data is collected in the quality and extent required by the business processes, and is processed in a limited manner depending on the determined purposes.

Conservation for the Time Required _ _

Personal data is kept for the minimum period required for the purpose of processing personal data and stipulated in the relevant legislation. First of all, if a period of time is foreseen for the storage of personal data in the relevant legislation, personal data is kept for the period required for the purpose for which they are processed. At the end of the storage period, personal data is destroyed by appropriate methods (deletion, destruction or anonymization) in accordance with the periodic destruction periods or the application of the data owner.

3.2. Personal Data Processing Conditions

Personal data is processed based on the explicit consent of the owner or one or more of the following conditions.

Finding the Explicit Consent of the Personal Data Owner

The processing of personal data is done with the explicit consent of the data owner. Explicit consent of the personal data owner: It is realized by being informed about a certain subject and by obtaining his free will.

Lack of Explicit Consent of the Personal Data Owner

In case of any of the conditions listed below, personal data may be processed without the need for the explicit consent of the data owner.

Explicit Regulation in Laws

In case there is a clear regulation regarding the processing of personal data in the laws, personal data may be processed without the consent of the data owner.

Failure to Obtain the Explicit Consent of the Person Related to the Cause of Actual Impossibility

The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent or whose consent cannot be validated due to actual impossibility, in order to protect the life or physical integrity of himself or another person.

Direct Concern with the Establishment or Performance of the Contract

If the processing of personal data is directly related to the establishment or performance of a contract to which the data owner is a party, the personal data of the data owner may be processed.

Fulfillment of Legal Obligation

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. While fulfilling legal obligations, personal data of the data owner may be processed if personal data processing is mandatory.

Making Personal Data Public by Personal Data Owner

Personal data belonging to data owners who make their personal data public may be processed, limited to the purpose of making their personal data public.

Mandatory Data Processing for the Establishment or Protection of a Right

If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.

Mandatory Data Processing for Legitimate Interest

On the condition that it does not harm the fundamental rights and freedoms of the personal data owner, Yavaş Sağlık Hizmetleri Tic.Ltd.Şti. Personal data of the data subject may be processed if data processing is necessary for their legitimate interests.

3.3. Processing of Private Personal Data

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. processes personal data of special nature, in accordance with the principles set forth in the Law and Policy, by taking all necessary administrative and technical measures with the methods determined by the Board, with the following procedures and principles:

Special categories of personal data other than HEALTH and sexual life may be processed without seeking the explicit consent of the data owner, if there is an explicit provision in the law regarding their processing. In cases not expressly stipulated in the law, the explicit consent of the data owner is obtained.
Special quality personal data related to health and sexual life is collected by persons or authorized institutions and organizations that are under the obligation of confidentiality: for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care SERVICES, planning and management of HEALTH SERVICES and financing. may be processed without his express consent. Otherwise, the explicit consent of the data owner is obtained.

3.4. Disclosure of Personal Data Owner

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. , informs the personal data owners about the purposes for which their personal data is processed, with whom it is shared, with what methods it is collected, the legal reason and the rights of the data owners in the processing of their personal data in accordance with the relevant legislation. In this respect, the protection of personal data is carried out in accordance with other policy documents and clarification texts prepared within the framework of the principles in the Policy.

3.5. Transfer of Personal Data

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. may transfer personal data and sensitive personal data to third parties (third party companies, group companies, third real persons) in accordance with the law, in line with the purposes of personal data processing, by taking the necessary security measures. DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. carries out the transfer transactions in accordance with the regulations stipulated in Article 8 of the Law.

Transfer of Personal Data

Although the explicit consent of the personal data owner is required for the transfer of personal data, personal data can be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, based on one or more of the following conditions.

clearly stipulated in the law,
It is directly related to and necessary for the establishment or performance of a contract,
DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. It is mandatory for the company to fulfill its legal obligation,
Limited for the purpose of making the personal data public, provided that the personal data has been made public by the data owner,
DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. It is compulsory for the establishment, use or protection of the rights of the data owner or third parties,
On the condition that it does not harm the fundamental rights and freedoms of the data owner, continue Sağlık Hizmetleri Tic.Ltd.Şti. it is necessary for the realization of its legitimate interests,
The person who is unable to express his consent due to actual impossibility or whose consent is not given legal validity is compulsory for the protection of himself or someone else’s life or physical integrity.

Personal data related to any of the above-mentioned situations can be transferred to foreign countries that are determined to have adequate protection and declared as ” Foreign Country with Sufficient Protection ” by the Board. Personal data can be transferred according to the conditions stipulated in the legislation to those who are in the status of ” Foreign Country with Data Controller Undertaking Sufficient Protection ” , who do not have sufficient protection, who undertake in writing an adequate protection of data controllers in Turkey and abroad and where the Board’s permission is available .

Transfer of Private Personal Data

Special categories of personal data can be transferred in accordance with the principles set forth in the Policy, by taking all necessary administrative and technical measures, including the methods to be determined by the Board , under the following conditions :

Special categories of personal data other than health and sexual life, without seeking the explicit consent of the data owner if there is an explicit provision in the law regarding the processing of personal data, otherwise, if the explicit consent of the data owner is obtained.
Special quality personal data related to health and sexual life , protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of HEALTH SERVICES and its financing, without seeking the express consent of persons under the obligation of keeping secrets or authorized institutions and organizations. otherwise, if the explicit consent of the data subject is obtained.

Personal data can be transferred to those in the status of ” Foreign Country with Sufficient Protection ” , in case of any of the above conditions, and in case of lack of sufficient protection, to those in the status of “Foreign Country with Data Controller Undertaking Sufficient Protection” in accordance with the data transfer conditions regulated in the legislation .

4. PERSONAL DATA INVENTORY PARAMETERS

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. management, human resources, administrative affairs, financial affairs (accounting-finance), information processing, purchasing business processes, employee candidate, employee, shareholder/partner, potential product or service buyer, trainee, supplier representative, product or service buyer, parent The data categories and personal data of the personal data owners consisting of /guardian/representative, visitors (Annex-1) are processed depending on the personal data processing purposes (Annex-2) . Details of data subject groups and processing purposes according to data categories Continue Sağlık Hizmetleri Tic.Ltd.Şti. It is reported in the field of https://verbis.kvkk.gov.tr/.

Pursuant to the personal data categories of the personal data processing purposes, to inform the relevant persons in accordance with Article 10 of the Law and other legislation, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, the Law on the processing of personal data. It is processed according to the determined purposes in order to perform in accordance with the general principles specified in the Law, especially the principles specified in Article 4 of the Law.

Personal data Policy “3.5. Transfer of Personal Data” section: Real persons or private law legal entities, shareholders, business partners, affiliates and subsidiaries, suppliers, authorized public institutions and organizations, private insurance companies, auditors, consultants, contracted services, cooperation, domestic It can be shared with internal organizations for the purposes determined (Annex 3) . There is no transfer of personal information with foreign countries.

5. MEASURES RELATED TO THE PROTECTION OF PERSONAL DATA

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. , takes the necessary technical and administrative measures to protect the personal data it processes in accordance with the procedures and principles determined in the law, carries out the necessary audits in this context, and carries out awareness raising and training activities.

In the event that the processed personal data is captured by third parties by unlawful means, despite all the technical and administrative precautions, continue Sağlık Hizmetleri Tic.Ltd.Şti. informs the relevant persons and units of this situation as soon as possible.

6. STORAGE AND DISPOSAL OF PERSONAL DATA

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. , retains the personal data for the minimum period stipulated in the relevant legislation for the period required for the purpose of processing. DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. First of all, if a period has been determined in the relevant legislation, it is suitable for this period; If a legal period is not foreseen, it stores personal data for the period necessary for the purpose of processing personal data. Personal data is destroyed by the specified method (deletion, destruction or anonymization) at the end of the specified storage periods, in accordance with the periodic destruction periods or the application of the data owner.

7. RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS

7.1. Rights of Personal Data Owner

Personal data owners have the following rights arising from the Law:

Learning whether personal data is processed or not,
If personal data has been processed, requesting information about it,

Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and requesting that the transaction carried out within this scope be notified to the third parties to whom the personal data has been transferred,

Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To request the compensation of the damage in case of loss due to unlawful processing of personal data.

7.2. Exercise of Personal Data Owner’s Rights

Personal data owners 6.1. The requests regarding the rights enumerated in the article are handled by the methods determined by the Board, Ağır Hizmetleri Tic.Ltd.Şti. can forward it to . Personal data owners and those who have the right to apply on their behalf, fill out the “Data Owner Application Form” (Annex-4), and DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. can refer to.

7.3. Responding to Applications

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. , finalizes the applications made by the personal data owner in accordance with the Law and other legislation. In accordance with the procedure, DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. Requests submitted to . However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.

7.4. Rejection of Personal Data Owner’s Application

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. , may reject the request of the applicant by explaining the reason in the following cases:

Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,

Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,

Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings,
Personal data processing is necessary for the prevention of crime or for criminal investigation,
Processing of personal data made public by the personal data owner,

Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
Personal data processing is necessary for the protection of the economic and financial interests of the State with regard to budget, tax and financial matters,

If the request of the personal data owner is likely to prevent the rights and freedoms of other persons,
Making demands that require disproportionate effort,
The requested information is publicly available.

7.5. Right of Personal Data Owner to Complain to KVK Board

In cases where the application is rejected in accordance with Article 14 of the Law, the answer given is insufficient or the application is not answered in due time; DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. may file a complaint to the Board within thirty days from the date on which he learned of the reply of .

Information that can be requested from the Applicant Personal Data Owner

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. may request information from the person concerned in order to determine whether the applicant is the owner of personal data. DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. may ask questions about the personal data owner’s application in order to clarify the issues in the personal data owner’s application.

8. EXECUTION

The policy has been approved and put into effect by the Board of Directors. The technical implementation of the Policy is provided by the “Personal Data Retention and Disposal Policy” (Annex-5).

Execution of the Policy in business processes, before the parties ” Customer Information Text for Processing Personal Data ” (Annex-6), ” Confidentiality and Personal Data Protection Agreement of Supplier” (Annex-7) “Employee Personal Data Processing Clarification Text” (Annex-8), ” Employee Candidate Clarification Text ” (Annex-9), “Internet Site Cookie Clarification Text” (Annex-10), “Camera Recording Systems Illumination Text” (Annex-11) .

The Board of Directors is responsible for the execution and, if necessary, updating of the Law and Policy, and the follow-up, coordination and supervision of all works and transactions within this scope. The Personal Data Protection Committee is responsible.

9. EFFECT AND ANNOUNCEMENT

The policy has entered into force as of the date of its publication. Changes to occur in the Policy Continue Sağlık Hizmetleri Tic.Ltd.Şti. ‘s website (https://devadis.com/) and made available to personal data owners and relevant persons. Policy changes come into effect on the date they are announced.

ATTACHMENTS

Appendix 1- Data Categories and Personal Data

Annex 2- Purposes of Personal Data Processing

Appendix 3- Persons and Purposes of Transfer of Personal Data

Annex 4- Data Owner Application Form

Annex 5- Personal Data Retention and Disposal Policy

Annex 6- Customer Clarification Text for Processing Personal Data

Annex 7- Supplier Confidentiality and Personal Data Protection Agreement

Annex 8- Clarification Text for Processing Personal Data of Employees

Appendix 9- Candidate Disclosure Text

Appendix 10- Website Cookie Clarification Text

Appendix 11- Illumination Text of Camera Recording Systems

APPENDIX 1- Data Categories and Personal Data

Data Categories	Personal Data
Identity	Name surname
	Mother-Father Name
	Date of birth
	Place of birth
	Marital Status
	Identity Card Serial Number
	TC Identification number
	Temporary TR Identity Number
	Gender Information
	TR Identity Card
Communication	Address
	E-mail address
	Contact address
	Registered E-Mail Address (KEP)
	Phone number
Location	Location information, etc.
Personnel	Payroll Information
	Disciplinary Investigation
	Employment Entry-Exit Document Records
	CV Information
	Performance Evaluation Reports
Legal action	Information in correspondence with judicial authorities, information in the case file, etc.
Customer Transaction	Invoice
	Bill
	Check Information
	Entry-Exit Information
	Order Information
	Appointment Information
Physical Space Security	Entry and Exit Registration Information of Employees and Visitors
Physical Space Security	Camera Recordings
Transaction Security	Transaction Security (such as IP address information, website login and exit information, password and password information)
	IP Address Information
	Website Entry and Exit Information
	Password and Password Information
Risk management	such as information processed for the management of commercial, technical, administrative risks.
finance	Bank Account Number
finance	IBAN number
Professional experience	Diploma Information
	Courses Attended
	Vocational Education Information
	Certificates
Audio and Audio Recordings	Closed Circuit Camera System Image, Audio Recording
Apparel And Attire	Information on dress and attire
HEALTH INFORMATION	Disability Information
	Blood Group Information
	Personal HEALTH Information
	Device Used and Prosthesis Information
	Laboratory and Imaging Results
	Test results
	Inspection Data
	Prescription Information
Family Information	Number of children
	Family registry
	Co-Working Information
	Child Education and Age Information
Study Data	department
	Way of Working
	Job
	References
	Last worked company information
Signature	Wet or electronic signatures, fingerprints, special marks on documents that have the characteristics of personal data
Request/Complaint Management Information	Survey Data
Request/Complaint Management Information	Personal data regarding the receipt and evaluation of any request or complaint directed to the Company.
Incident Management Information	Personal data processed in order to take necessary legal, technical and administrative measures against the developing events in order to protect the commercial rights and interests of the Company and the rights and interests of its customers.
Insurance	Private Insurance Data
Insurance	Social Security Institution Data
Compliance Information	Personal data processed within the scope of compliance
Audit and Inspection Information	Personal data processed during internal or external audit activities

APPENDIX 2- Categorical Personal Data Processing Purposes

Execution of Employee Candidate / Intern / Student Selection and Placement Processes

Execution of Application Processes of Employee Candidates

Fulfillment of Employment Contract and Legislative Obligations for Employees

Execution of Benefits and Benefits Processes for Employees

Execution of Access Authorizations

Execution of Finance and Accounting Affairs

Providing Physical Space Security

Follow-up and Execution of Legal Affairs

Execution of Communication Activities

Execution / Supervision of Business Activities

Execution of Occupational Health / Safety Activities

Execution of Goods / Services Procurement Processes

Execution of Storage and Archive Activities

Execution of Supply Chain Management Processes

Ensuring the Security of Data Controller Operations

Providing Information to Authorized Persons, Institutions and Organizations

Execution of Emergency Management Processes

Execution of Contract Processes

Organization and Event Management

Conducting Educational Activities

Execution of Customer Relationship Management Processes

Execution of Activities for Customer Satisfaction

Follow-up of Requests / Complaints

Execution of Information Security Processes

Execution of Occupational Health / Safety Activities

Receiving and Evaluating Suggestions for Improvement of Business Processes

APPENDIX 3 – Persons and Purposes of Transfer of Personal Data

DEVAM SAĞLIK HİZMETLERİ TİC.LTD.ŞTİ Tic.Ltd.Şti. In accordance with Articles 8 and 9 of the Law, the participant may transfer the personal data of its customers and employees to the following categories of persons:

Persons to whom Data Transfer can be made	definition _	Data Transfer Purpose and Scope
Authorized Public Institutions and Organizations	Social Security Institution, Tax Offices etc. According to the provisions of the relevant legislation, Ağır Sağlık Hizmetleri Tic.Ltd.Şti. Public institutions and organizations authorized to receive information and documents from	Limited to the purpose requested by the relevant public institutions and organizations depending on the legal authority
Legally Authorized Private Law Persons	Institutions or organizations that have been established in accordance with certain conditions in accordance with the provisions of the relevant legislation and continue their activities within this framework.	Limited limitations on the subjects that fall within their field of activity.
Private Insurance Companies	Private HEALTH, pension, BES applications	Limited in scope by private insurance records and notifications
Lawyer	Lawyers with legal authority in accordance with the relevant legislation	The company is limited to matters that may have legal consequences in its activities and employee transactions.
consultants	Experts and those who benefit from their experience	Experts and those who benefit from their experience