PROTECTION OF PERSONAL DATA AND PRIVACY PRINCIPLES

1.  PURPOSE AND SCOPE

These Personal Data Protection and Privacy Principles (“Principles”), as the data controller Fizyoclinic Private Wellness Center and Health Services Limited Company (“Company” or “Data Controller”) regulates the principles it accepts regarding the protection of personal data and follows the personal data processing principles regarding the processing of personal data of Customer, Supplier/Business Partner Officer, Employee Candidate, Online Visitor (“People Groups”). and aims to enlighten the groups of people in question.

2.  PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

As a Data Controller, we process your personal data within the framework of the following principles.

2.1 Hukuka ve Dürüstlük Kuralına Uygun İşleme
Kişisel verilerinizin işlenmesinde hukuksal düzenlemelerle getirilen ilkeler ile genel güven ve dürüstlük kuralına uygun hareket edilmektedir.

2.2 Ensuring Personal Data Are Accurate and Up-to-Date When Necessary
Taking into account your legitimate interests, periodic controls and updates are made to ensure that the processed data is accurate and up-to-date, and necessary measures are taken accordingly. In this context, systems for checking the accuracy of personal data and making necessary corrections are established within the Company.

2.3 Processing for Specific, Explicit and Legitimate Purposes
Your personal data is processed based on clear, specific and legitimate data processing purposes.

  1. 2.4 Relevance, Limitation, and Responsibility for the Purpose for which they are Processed
    Your personal data is processed in a measured, purpose-related and limited manner in order to achieve the foreseen purpose/purposes, and the processing of personal data that is not relevant or needed for the realization of the purpose is avoided.

    2.5 Retention for the Time Required for the Purpose of Processing or Envisioned in the Relevant Legislation
    Your personal data is retained only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context, first of all, it is determined whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, this period is acted upon. Your personal data is deleted, destroyed or anonymized in accordance with the relevant legislation, unless the period expires or the reasons requiring its processing are eliminated, unless there is a legal reason allowing them to be processed for a longer period of time.

    3.   CONDITIONS FOR PROCESSING PERSONAL DATA

    Your personal data is processed by the Company within the framework of the following conditions.

    3.1 Explicitly Provided in Laws
    Your personal data may be processed in cases where the laws expressly stipulate the processing of personal data.

    3.2 Failure to Obtain Explicit Consent of the Related Person Due to Actual Impossibility
    Your personal data may be processed if it is necessary to protect the life or bodily integrity of the person or another person, who is unable to express his or her consent due to actual impossibility or whose consent cannot be validated.

    3.3 Direct Concern with the Establishment or Performance of the Contract
    Provided that it is directly related to the establishment or performance of the contract, your personal data may be processed if it is necessary to process the personal data of the parties to the contract.

    3.4 Fulfilling the Company’s Legal Obligation
    Your personal data may be processed if it is necessary to fulfill legal obligations as a data controller.

    3.5 Making Personal Data Public
    If your personal data has been made public by you, it may be processed.

    3.6 Requirement of Data Processing for the Establishment or Protection of a Right
    Your personal data may be processed if data processing is necessary for the establishment, exercise or protection of a right.

    3.7 Processing of Data Based on Legitimate Interest
    Your personal data may be processed if data processing is necessary for the legitimate interests of the Company.

    3.8 Consent-Based Processing
    In cases where your personal data cannot be processed based on any of the conditions specified in these Principles, it is processed based on express consent.

    4. CATEGORIZATION OF PERSONAL DATA

Data Owner

Data Category

Customer

Identity

Communication

Auditory Information

Customer Transaction Information

finance

Transaction Security

Employee Candidate

Identity

Communication

Professional experience

Resume

Transaction Security

Third Party

Identity

Communication

Visual and Audio Information

Legal action

İşlem Güvenliği

Supplier / Business Partner Representative

Identity

Communication

finance

Transaction Security

Online Visitor

Identity

Communication

Transaction Security

  1. Within the personal data processing conditions specified in Articles 5 and 6 of the Law No. 6698, personal data can be processed for the following purposes, according to the relevant person group.

    5.1 CUSTOMER
    Customer personal data, subject to disclosure of your personal data to us, within the personal data processing conditions specified in Articles 5 and 6 of the Law No. 6698; Execution of goods and services after-sales support services, execution of goods and services sales processes, execution of production and operation processes of goods and services, execution of audit / ethical activities, execution of activities in accordance with the legislation, execution of finance and accounting works, follow-up and execution of legal affairs, internal audit / conducting investigation / intelligence activities, following up on requests and complaints, conducting and auditing business activities, receiving and evaluating suggestions for improvement of business processes, conducting business continuity activities, conducting customer relationship management processes, carrying out activities for customer satisfaction, advertising / campaigns / promotions It is processed for the purposes of executing processes, executing contract processes, executing communication activities.

    5.2 EMPLOYEE CANDIDATES
    Employee Candidate personal data is processed for the purposes of executing personnel procurement processes, planning and executing human resources processes, executing the application processes of employee candidates and carrying out activities in accordance with the legislation, within the personal data processing conditions specified in Articles 5 and 6 of the Law No. 6698.

    5.3 THIRD PARTY
    Third Party personal data, within the scope of personal data processing conditions specified in Articles 5 and 6 of Law No. 6698, execution of personnel procurement processes, execution of service sales processes, execution of activities in accordance with the legislation, follow-up and execution of legal affairs, execution of contract processes, request and It is processed for the purposes of tracking complaints, executing and auditing business activities, ensuring business continuity, executing customer relations management processes, executing advertising / campaign / promotion processes and communication activities.

     

    5.4 SUPPLIER / BUSINESS PARTNER AUTHORITY
    The personal data of the Supplier / Business Partner official, in accordance with the personal data processing conditions specified in the 5th and 6th articles of the Law No. 6698, the execution of the procurement of goods and services, the execution of the activities in accordance with the legislation, the execution of the finance and accounting works, the execution and audit of the business activities. are processed for the purposes of executing contract processes, executing communication activities and informing authorized persons, institutions and organizations.

    5.5 ONLINE VISITOR
    Online Visitor personal data, within the personal data processing conditions specified in Articles 5 and 6 of Law No. 6698, conducting marketing analysis studies, conducting advertising / campaign / promotion processes, conducting communication activities, developing products and services, fulfilling legal obligations. may be processed for the purposes of

     

    6.    TRANSFER OF PERSONAL DATA
    Your personal data; Our business partners, suppliers, legally authorized public institutions and private individuals residing in Turkey and abroad, with the principles and purposes set forth in Articles 3 and 5 of this Privacy and Personal Data Protection Principles, and 8 and 9 of Law No. 6698. It can be transferred in a limited manner within the framework of the personal data processing conditions and purposes specified in the articles.

    7.    METHOD OF COLLECTING PERSONAL DATA AND LEGAL REASON

    Your personal data transmitted to the Company electronically are processed as follows according to the relevant person groups.

    7.1 CUSTOMER
    Customer personal data is defined in Article 5 of the Law No. 6698 as “obtaining the explicit consent of the relevant person”, “explicitly stipulated in the laws”, “necessary for the fulfillment of the legal obligation of the data controller”, “data processing for the establishment and protection of a right”. legal grounds”, “provided that it is directly related to the conclusion or performance of a contract, it is necessary to process the personal data of the parties to the contract,” and “the data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”. It is processed in physical and electronic media, by written or verbal data transfer tools, by being received from the person or third party as part of the data recording system, fully or partially automatically, or by non-automatic means provided that it is a part of any data recording system.

    7.2 EMPLOYEE CANDIDATES
    Employee Candidate personal data is defined in Article 5 of Law No. 6698 as “obligatory for the data controller to fulfill its legal obligation”, “provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract” and “ Provided that it does not harm the fundamental rights and freedoms of the data subject, data processing is mandatory for the legitimate interests of the data controller, in whole or in part, by being obtained from the person or third party, in physical and electronic media, written or verbal data transfer tools and as part of the data recording system. It is processed automatically or non-automatically, provided that it is a part of any data recording system.

    7.3 THIRD PARTY
    Third Party personal data is defined in Article 5 of the Law No. 6698 as “obtaining the explicit consent of the data subject”, “necessary for the fulfillment of the legal obligation of the data controller”, “data processing is mandatory for the establishment, exercise and protection of a right” and “ Provided that it does not harm the fundamental rights and freedoms of the data subject, data processing is mandatory for the legitimate interests of the data controller, in physical and electronic environments, by written or verbal data transfer tools and as part of the data recording system, by being taken from the person or third party completely or It is processed by partially automatic or non-automatic means provided that it is part of any data recording system.

    7.4 SUPPLIER / BUSINESS PARTNER AUTHORITY
    Provided that the personal data of the Supplier / Business Partner official is directly related to the conclusion or performance of a contract, “obtaining the express consent of the relevant person”, “obligatory for the data controller to fulfill its legal obligation” and “included in Article 5 of the Law No. 6698, It is necessary to process the personal data of the parties to the contract, based on legal reasons, in physical and electronic media, written or verbal data transfer tools and as part of the data recording system, fully or partially automated or part of any data recording system. processed by non-automatic means.

    7.5 ONLINE VISITOR
    Online Visitor personal data is used for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, which is included in the Law No. It is processed automatically based on the legal reasons that data processing is mandatory” and “obligatory for the data controller to fulfill its legal obligation”.

    8.  SECURITY OF PERSONAL DATA
    In order to ensure the security of personal data and to prevent unlawful processing, the Company takes reasonable precautions to prevent unauthorized access risks, accidental data loss, deliberate deletion of data or damage to data.
    All necessary technical and physical measures are taken in order to prevent others from accessing personal data from those who are authorized to access it. In this context, the authorization system is designed in such a way that it is not possible for individuals and systems to access more personal data than necessary.
    The company carries out and has the necessary inspections made in its own institution or organization in order to ensure the implementation of the provisions of the Law No. 6698.

  1. COMMITMENTS REGARDING THIRD PARTY PERSONAL DATA

    Personal information about third parties transmitted by the Person Groups, to be processed by the Company, is accepted by the Person Group and consent is given. The Related Person Group also undertakes to provide the necessary information and obtain permissions in accordance with the Law on the Protection of Personal Data No. 6698 for the transmitted persons and their information. Otherwise, the losses will remain with the related Person Group.

  1. APPLICATION PROCEDURES AND PRINCIPLES

    As the relevant person, you can submit your requests regarding your rights in Article 11 of the Law No. 6698.

    https://www.fizyoclinic.com.tr/ Filling the relevant form in line with the procedures and principles in the Relevant Person Application Form available on our website, and in any case meeting the minimum conditions stipulated by the Communiqué on Application Procedures and Principles to the Data Controller; fizyoclinic@hs01.kep.tr KEP with your message to  info@fizyoclinic.com.tr with your e-mail address registered in our system or with a secure e-signed message to our e-mail address or Değirmiçem Mah. Mithat Enç Cad. Kanat Konutları Sitesi A Blok Apt. No:5 B Şehitkamil / Gaziantep You can apply in writing to our address in person or through a notary public. As the Company, we will finalize your application free of charge as soon as possible and within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by the Company. In this context, you have the following rights as the relevant person;
  • Learning whether personal data is processed or not,
  • If personal data has been processed, requesting information about it,
  • Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data in case of incomplete or incorrect processing,
  • Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,
  • Requesting notification of third parties to whom personal data has been transferred,
  • Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems, and
  • To request the compensation of the damage in case of loss due to unlawful processing of personal data.