On April 7, 2016, Law No. 6698 on the Protection of Personal Data (“Law”) was published in the Official Gazette and entered into force. Within the scope of this law, our company holds the title of Data Controller and is carrying out the necessary compliance efforts to fulfill the obligations required by this role.
Purpose of the Information Notice In accordance with Law No. 6698 on the Protection of Personal Data, we would like to inform you about the ‘Protection of Personal Data’ through this Information Notice.
In accordance with Law No. 6698 on the Protection of Personal Data (KVKK) and related legislation, DEMİRAĞ PRIVATE HEALTH SERVICES INVESTMENT AND PLANNING JOINT STOCK COMPANY (Medipoint), located at Merdivenköy Mah. Şair Arşi Cad. No:6 Göztepe-Kadıköy-İstanbul, acting as the Data Controller, processes and retains all kinds of personal data related to individuals associated with the company, including those who benefit from our products and services, in accordance with Law No. 6698 on the Protection of Personal Data (“KVKK”).
In this context, we fulfill our obligation to inform and enlighten you about the corporate internet service provided by the company at medipoint.com.tr, regarding the purposes and methods of collecting personal data, how this information is used, with whom Medipoint may share this information if necessary, what your rights are regarding the personal data collected/processed/stored by Medipoint, how you can exercise these rights, how you can change your preferences regarding electronic commercial communications, and our obligation to inform and enlighten you about the fundamental principles of Medipoint in these matters.
Definition of Personal Data
Personal data is defined in the KVKK as any kind of information related to an identified or identifiable real person. Accordingly, your name, surname, email address, and phone number that you share with us are referred to as personal data.
Processing of Your Personal Data
According to the law, any operation performed on data, whether fully or partially automated or non-automated, including the collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, takeover, making it obtainable, classification, or prevention of its use, is considered as the ‘processing of personal data.
Legal Basis for Processing Personal Data
Medipoint’s internet service, medipoint.com.tr, collects your personal data to fulfill our legal obligations and keep you informed about campaigns, updates, and developments within our company. This collection is done in compliance with the obligations arising from the Law on Regulation of Publications Made on the Internet and Combating Crimes Committed through These Publications (Law No. 5651), relevant secondary legislation, the Law on Regulation of Electronic Commerce (Law No. 6563) and relevant secondary legislation, the Turkish Penal Code (Law No. 5237), the Law on the Protection of Personal Data (KVKK) (Law No. 6698), and similar laws and regulations.
Purpose of Collecting Your Personal Data
We collect and process your personal information in order to fulfill our legal obligations related to your product and service relationship with Medipoint and to keep you informed about campaigns, updates, and developments within our company. Your personal data may be processed as long as you benefit from the products and services offered by our companies.
Personal data of customers is processed by relevant departments to provide products and services offered by Medipoint, create campaigns for customers, track customer behaviors to identify the target audience, improve the operation of Medipoint’s website according to customer needs, carry out various marketing activities, and manage the necessary business processes for the commercial activities conducted by Medipoint. This processing is carried out within the framework of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law.
Method of Collecting Your Personal Data
Your personal data is collected through various channels, including our corporate website https://medipoint.com.tr, our call center, our sales stores, or through email, SMS, or other means during our business relationship or when commercial contracts are signed. These data can be collected verbally, in writing, or electronically, and may be stored through various methods, including technical communication files called ‘cookies’ (small files placed on your hard drive) that enable our computers to automatically recognize you when you visit our website, physical forms, and various channels.
Explicit Consent for the Processing of Personal Data
Individuals using Medipoint’s internet website (medipoint.com.tr) and other platforms provide their explicit consent for the collection, processing, and domestic/international transfer of their personal and/or special category personal data within the legal framework, by marking the consent box related to the Privacy and Data Protection Policy published on our website.
In this context, you acknowledge that your personal information provided to DEMİRAĞ PRIVATE HEALTH SERVICES INVESTMENT AND PLANNING JOINT STOCK COMPANY will be processed in line with your needs, enabling you to benefit from suitable products, applications, advantages, or campaigns. Your personal information may be processed and used for general information and for all kinds of communication with you.
You further acknowledge that you have the right to reject the transmission of data, sound, image, and other types of messages at any time, entirely or on a product and channel basis, and that you are aware of this right.
In addition to our legal obligations, including our obligations under the Labor Law No. 4857, Turkish Code of Obligations No. 6098, Social Security and General Health Insurance Law No. 5510, and workplace health and safety legislation, our stores are monitored by closed-circuit video systems for security purposes. These records are kept for legal periods in line with the purposes of related services and may be shared with judicial authorities when requested, in accordance with the legal interests arising from DEMİRAĞ PRIVATE HEALTH SERVICES INVESTMENT AND PLANNING JOINT STOCK COMPANY’s status as the data controller and as prescribed by law.
According to Article 5 of the Law on the Protection of Personal Data (KVKK); it is possible to process personal data without the explicit consent of the data subject in cases where it is explicitly prescribed in other laws, where it is impossible to obtain the explicit consent of the data subject due to physical impossibility, where data collection is obligatory for the establishment or performance of a contract, for the fulfillment of a legal obligation by Medipoint, for the data subject to publicize their personal data, for the establishment, exercise, or protection of a right, and for the legitimate interests provided that the fundamental rights and freedoms of the data subject are not harmed.
Cookies are small text files moved to your hard drive by the web server and stored on your computer. They help us better understand customer/user behavior during your visit to our website and the use of our internet application; they provide information related to usage and visit data. In this regard, cookies do not store personal or sensitive personal data and are not shared with other applications or individuals.
Who Can Personal Data be Transferred to and for What Purpose
The personal data collected can be transferred to our business partners, suppliers, company officials, shareholders, legally authorized public institutions and private individuals within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law on the Protection of Personal Data (KVKK). This transfer is for the purpose of conducting the necessary work by our company’s departments to provide you with the products and services offered by Medipoint, customizing the products and services provided by our company according to your preferences, usage habits, and needs, ensuring the legal and commercial security of our company and the individuals in business relations with our company (administrative operations related to communication carried out by our company, ensuring the physical security and control of the company’s locations, business partner/customer/supplier (authorized or employees) evaluation processes, reputation research processes, legal compliance process, audit, financial matters, etc.), determining the commercial and business strategies of our company, and ensuring the implementation of the human resources policies of our company.
How We Store Personal Data
Your personal data shared with our company is stored in compliance with the relevant legal regulations, the provisions of the Law on the Protection of Personal Data (KVKK), and Medipoint standards, on secure servers within the country.
How Long We Keep Personal Data
We keep your personal data in compliance with the KVKK. Your personal data will be deleted, destroyed, or anonymized by us when the purpose requiring processing expires and when the statutory retention periods have expired.
In accordance with the Law on the Regulation of Electronic Commerce (Law No. 6563), records indicating the withdrawal of consent will be kept for 1 year from the date of withdrawal, and all other records related to the content of commercial electronic messages and their transmission will be kept for 3 years, to be submitted to the relevant ministry when necessary. After the expiration of these periods, your personal data will be deleted, destroyed, or anonymized by our company.
Cookies are text files containing small pieces of information loaded by your internet browser, which are stored on your computer, mobile phone, or tablet when you visit medipoint.com.tr or connect via the mobile website.
Medipoint.com.tr website, mobile application, and mobile site use session cookies and persistent cookies. Session identity cookies end when you close your browser, while persistent cookies remain on your hard drive for an extended period. If you wish to reject session cookies and/or persistent cookies, you can follow the instructions provided in your internet browser’s “help” section or visit “www.allaboutcookies.org” or “www.youronlinechoices.eu” to manage these cookies. You can continue to use the website, mobile application, and mobile site if you reject persistent or session cookies; however, your access to certain features may be limited.
How Internet Site Cookies Are Used
Sharing Personal Data with Official Authorities
Medipoint.com.tr may share your personal data related to your visit or membership, as well as your navigation data, such as traffic information, with competent public institutions and organizations authorized by law to request this information in order to fulfill its obligations under the law and ensure your security.
You can transmit your requests on this matter and requests covered by Article 11 of the Personal Data Protection Law to email@example.com.
Your Rights under the Personal Data Protection Law
In accordance with the legislation regarding the personal data processed:
- To learn whether personal data is processed,
- To request information if personal data has been processed,
- To learn the purpose of the processing of personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data is transferred, whether domestically or abroad,
- To request correction if personal data is incomplete or incorrect and deletion or destruction if personal data is unnecessary,
- To request notification of the transactions made in compliance with subparagraphs (d) and (e) to third parties to whom personal data have been transferred,
- To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- To request the compensation of the damage in case of damage due to the unlawful processing of personal data,
You have the rights specified above under the Personal Data Protection Law. In accordance with Article 13 of the Personal Data Protection Law, you can submit your request, including your explanations regarding the rights you request to use, in writing or through other methods designated by the Personal Data Protection Board.
In accordance with Article 11 of the Personal Data Protection Law, your written applications will be processed by the company following the verification of your identity and will be returned to the relevant parties within the legal periods.
Rights Related to Data Processing
In cases where the application is rejected, the response is found to be insufficient, or if a response is not provided to the application within the relevant time frame after the notification of the response, the applicant has the right to complain to the Personal Data Protection Board within thirty days following the response. However, complaints cannot be filed with the Board without exhausting the application process.
Blocking Electronic Communications
You can unsubscribe from electronic mail, SMS, or instant messaging services sent to you for marketing, campaign, or advertising purposes at any time using the methods provided in the messages. In this case, unless otherwise required by law, your personal data in our databases will be deleted, destroyed, or anonymized. Detailed information about these processes is available in our Personal Data Processing and Protection Policy on our website.
Applicable Law, Competent Courts, and Enforcement Offices
This Privacy/Personal Data Protection Policy and Permission for Communication are subject to the laws of the Republic of Turkey. In case of any disputes arising from the application of this Privacy/Personal Data Protection Policy and Permission for Communication, Istanbul Anatolian Courts and Execution Offices are authorized.