loader
 Results    

Personal Data Processing Policy

  1. Home
  2. Personal Data Processing Policy
  • THE IMPORTANCE OF PROTECTING PERSONAL DATA IS ……………………………………………………………………………………… .. 3
  • THE PURPOSE OF THE POLICY IS TO……………………………………………………………………………………………………………. 4
    1. THE IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION …………………………………………………………………………………… .. 4
    2. THE DAY AND THE DAY OF RECKONING…………………………………………………………………………………………………………………………………………………………… .. 4
    THE PROCESSING OF PERSONAL DATA IS ……………………………………………………………………………………………………………… 4
    1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES FORESEEN IN THE LEGISLATION…… 5
      1. The principles of the processing of personal data are ……………………………………………………………………………………………… 5
      2. General rules for the processing of personal data of a general nature…………………………………………………………………… . 5
      3. The rules for the processing of personal data of special quality are …………………………………………………………………… .. 6
      4. To inform and inform the people involved in the data……………………………………………………………………………………………………….... 6
    2. PERSONAL DATA IS …………………………………………………………………………………………………………. 6
      1. Data transfers of personal data are ………………………………………………………………………………………………………… .. 7
      2. Personal data of special quality is transferred……………………………………………………………………………………………… 7
      3. Transfer of personal data abroad…………………………………………………………………………… . 7
      4. The purpose of the transfer of personal data and the categories of persons transferred…………………………………………………………….. 8
    THE LEGAL PURPOSES AND PURPOSES OF THE PROCESSING OF PERSONAL DATA ARE……………………………………………………………………………………………….... 13
    1. THE LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA IS ……………………………………………………………………… .. 13
      1. The common principles are ……………………………………………………………………………………………………………. .. 13
      2. Reasons for compliance with the law………………………………………………………………………………………………………… 13
      3. The processing of personal data of special quality and reasons for compliance with the law………………………………… .. 14
    2. THE PURPOSE OF PERSONAL DATA PROCESSING IS …………………………………………………………………………………………… . 14
    STORING, DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA . 16
    1. THE RETENTION AND RETENTION OF PERSONAL DATA IS ……………………………………………………………………… 16
    THE RIGHTS OF THE DATA OWNER ARE ……………………………………………………………………………………………………………………………………… . 18 THE SECURITY OF PERSONAL DATA IS ………………………………………………………….. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
    1. TECHNIQUES AND EXERCISES TAKEN TO ENSURE THAT PERSONAL DATA IS PROCESSED IN ACCORDANCE WITH THE LAW
    2. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN IN THE PROCESSING OF SPECIAL-QUALITY DATA…………………………………………… . ….20
    3. TECHNICAL AND ADMINISTRATIVE DATA OBTAINED TO PREVENT ACCESS TO THE LAW PRECAUTIONS.21
      1. Technical measures taken to prevent the unlawful access of Personal Data……………………… . . . . . .21
      2. Administrative measures taken to prevent the illegal access of Personal Data……………………………… ….23
    1. Increasing the awareness of Business units about the Protection and processing of Personal Data…… …………………………………………………………………………………………………………………………………………………………………………… …..24
    2. Increasing the awareness and supervision of Business Partners and suppliers about the Protection and processing of Personal Data…………………………………………………………………………………………………………………………………………………………………………………………… .. ...24
    3. Security measures for the protection of personal data………………………………………. . ...25
    INTRODUCTION

    I. THE IMPORTANCE OF PERSONAL DATA PROTECTION

    The protection of personal data is a constitutional right and is within the scope of the priorities of our Company. As a matter of fact, for this purpose, it is aimed to establish a continuously updated system in our Company and this policy has been established. Within the scope of the Law on the Protection of Personal Data numbered 6698, as a Data Controller, “ENTO EAR NOSE AND THROAT SPECIAL HEALTH SERVICES A.Ş.” (see below for short ” ENTOKBB ” olarak anılacaktır ), KAZIM DİRİK MAH 364/1 SOK. NO: 36/a Bornova – İZMIR address to fulfill the general lighting obligation and to determine the basic principles of our company’s personal data processing rules, this Policy is made and in this context, our customers, potential customers, employees, employee candidates, intern, the basic principles for the protection of personal data of supplier/sub-employer employees and officials, company shareholders, company partners, visitors and other third parties whose data we process are regulated. The necessary procedures for the application of the issues mentioned in this Policy are organized within the Company, specific to the categories of persons Personal Data processing Inventory lighting texts are created in accordance with, personal data protection and confidentiality agreements are made with company employees and third parties who have access to personal data, duty definitions are revised, for the protection of personal data ENTO KBB the necessary administrative and technical measures are taken by and necessary inspections are carried out or made in this context. Personal Data Protection is also owned by senior management and a special committee is formed ( ENTO KBBB KVKK Ekip Listesi Ref: LS.01) the processes of protection of personal data are managed.

    II. PURPOSE OF THE POLICY

    The main purpose of this policy is, ENTO KBB” to establish the principles for the protection of personal data processing activity and personal data carried out by the law in accordance with the law, in this context, to provide transparency by enlightening and informing the people whose personal data are processed by our company.

    III. SCOPE

    This Policy; “our customers, potential customers, employees, candidates, interns, supplier/sub-employer employees and officials, our company shareholders, company partners, visitors and other third parties whose data we process” refers to all personal data of those we categorize under the headings of “automated or non-automated means, provided that we are part of any data recording system.

    IV IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION

    The relevant legal regulations in force regarding the processing and protection of personal data will first be applied. In the event of incompatibility between the applicable legislation and the Policy, our Company acknowledges that the applicable legislation will find an area of application.

    V. ACCESS AND UPDATE

    On our policy company website www.entokbb.com it is published and made available to the relevant persons at the request of the personal data owners and updated as necessary.

    PROCESSING OF PERSONAL DATA

    • Ento KBB, in accordance with Article 20 of the Constitution and Article 4 of Law No. 6698 of the GDPR, regarding the processing of personal data; in accordance with the law and the rules of honesty, correct and timely as necessary; for specific, clear and legitimate purposes; it may engage in personal data processing in a limited and measured manner linked to the purpose. Ento KBB retains personal data for as long as required by law or for the purpose of processing personal data.
    • Ento KBB, pursuant to Articles 5 of the Law no. 20 and 6698 of the Constitution, processes personal data on the basis of one or more of the conditions in Article 5 of the Law no. 6698 on the processing of personal data.
    • In accordance with Article 419 of the Code of obligations, the Ento KBB processes the personal data of the employees and the candidates of employees based on the purposes of employment aptitude and performance of the employment contract, without prejudice to the Law of KVK No. 6698.
    • Ento KBB, in accordance with Articles 10 of Law no. 20 and 6698 of the Constitution, illuminates the personal data owners and provides the necessary information in case the personal data owners request information and apply to exercise their rights arising from the law, responds to the applications within the legal period.
    • Ento KBB acts in accordance with Article 6 of the Law No. 6698 of the KVK in accordance with the regulations provided for in terms of the processing of personal data of special quality.
    • In accordance with Articles 8 and 9 of Law no. 6698, Ento KVK complies with the rules stipulated in the law on the transfer of personal data and implements it by taking into account the decisions taken by the KVK Board and the published notifications and the lists of safe countries.

    I. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES FORESEEN IN THE LEGISLATION

    1 PRINCIPLES OF PROCESSING PERSONAL DATA

    A) CONDUCT IN ACCORDANCE WITH THE LAW AND THE RULE OF HONESTY

    Ento KBB; in the processing of personal data, it acts in accordance with the principles introduced by legal regulations and the rule of honesty. In this context, Ento KBB performs processing by determining the legal bases that will require the processing of personal data, takes into account the requirements of metrics, does not use personal data outside the required for the purpose, does not process activities outside the knowledge of the people.

    B) ENSURE THAT PERSONAL DATA IS ACCURATE AND UP-TO-DATE WHEN NECESSARY

    Ento KBB; it ensures that the personal data processed by taking into account the basic rights of the personal data owners and their own legitimate interests is accurate and up to date and takes the necessary measures in this direction. In this context, data on all categories of people are tried to be kept up to date. In particular, customer and potential customer data are updated with care, and e-mails and offers for marketing and promotional purposes are not sent to people contrary to their consent.

    C) PROCESSING FOR SPECIFIC, CLEAR AND LEGITIMATE PURPOSES

    Ento KBB clearly and definitively determines the legitimate and lawful purpose of personal data processing. Ento KBB processes personal data in connection with the service it offers and as necessary for them. The purpose for which the personal data will be processed by Ento KBB is determined before the processing activity and Personal Data Inventory" nor is it performed.

    (B) BE LIMITED AND MEASURED FOR THE PURPOSE FOR WHICH THEY OPERATE

    Ento KBB processes personal data in a manner that is conducive to the realization of the specified purposes and avoids the processing of personal data that is not related to the achievement of the purpose or is not needed. In this context, processes are constantly being reviewed, data minimanisation and reduction of personal data.” the principle is to try to survive.
    1. Ento KBB retains personal data only for the period necessary for the purpose for which they are foreseen or processed in the relevant legislation. In this context, Ento KBB first determines whether a period is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, takes into account the legal and criminal timeout periods in this context and stores personal data for the period necessary for the purpose for which they are processed. In the event that the reasons for expiration or processing are eliminated, the personal data is deleted, destroyed or anonymized in accordance with the “DESTRUCTION procedure” (Ref: BGYS PR.13) under Ento KVKK-PO-02 deletion destruction Policy

    2 RULES FOR PROCESSING OF GENERAL PERSONAL DATA

    The protection of personal data is a right defined in the Constitution, and fundamental rights and freedoms may be limited only by law and only by the reasons specified in the relevant articles of the Constitution, without being touched on their essence. In accordance with the third paragraph of Article 20 of the Constitution, personal data may only be processed in the cases provided for by law or with the express consent of the person. In the processing of personal data by our company, but if the following conditions exist, personal data is processed without seeking the explicit consent of the person concerned;
    1. Clearly foreseen in the law,
    2. A person who is unable to explain his consent due to actual impossibility or whose consent is not granted legal validity is obligated to protect the life or body integrity of himself or another person,
    3. The processing of personal data belonging to the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract,
    4. It is mandatory for the data controller to be able to fulfill its legal obligation,
    5. The person concerned has been publicly identified by himself,
    6. Data processing is mandatory for the establishment, use or protection of a right,
    7. Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned
    In the absence of the above conditions, our Company applies to the express, free will and informational consent of the person concerned. Especially in the field of Human resources and Labor Relations, taking into account the dependency relationship of the employee, it is based on the reasons of compliance with the law outside of consent, but in case these reasons are not in question, explicit consent is applied. In contrast, in activities such as marketing, processing activity is carried out on the basis of the consent of the interested person. But in all cases where personal data is processed, people must be. Employee Lighting statement “the data processing activity is being carried out.

    3.RULES FOR PROCESSING OF PERSONAL DATA OF SPECIAL QUALITY

    By Ento KBB, with KVK Law No. 6698 custom qualified “In the processing of personal data determined as “, the regulations stipulated in the KVK Law No. 669 are treated in accordance with. In Article 6 of the Law No. 6698, a number of personal data that carries the risk of causing victimization or discrimination of persons when processed in violation of the law has been determined as “special quality” and attention and sensitivity should be shown in the processing of these data. These are; race, ethnicity, political thought, philosophical belief, religion, denominations or other beliefs are data on disguise and clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures, and biometric and genetic data. By our company in accordance with the Law of KVK numbered 6698; Special Personal Data is processed in the following cases provided that the necessary measures are taken: (Ref: KVKK-PO-03 Special Personal Data Policy)
    • Personal data of special nature other than the health and sexual life of the personal data owner, in the cases provided for by law or based on this if the personal data owner has the express consent,
    • Special personal data relating to the health and sexual life of the personal data subject is only for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, it is processed by persons or competent institutions and organizations under the obligation to keep secrets or with the express consent of the personal data owner.
    • For whatever reason, the general data processing principles are always taken into account in the processing processes and compliance with these principles is ensured (Article 4 of the KVK Law).
    Regarding the protection of special quality data, “KVKK-PO-03 Special quality Personal Data Policy” has been put into effect in our company and the necessary measures are taken in accordance with the provisions of this policy in our business units.

    4.LIGHTING AND INFORMING THE PERSONS CONCERNED

    Ento KBB, in accordance with Article 10 of Law No. 6698 of the KVK, illuminates the owners of personal data during the acquisition of personal data. In this context, it is clarified to the person whose data is processed for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and the legal reason and the rights of the person whose personal data is processed. In Article 11 of the Law on the KVK numbered 6698, “requesting information” is considered among the rights of the person concerned whose personal data is processed, and in this context, the necessary information is provided if the person concerned whose personal data is processed requests information in accordance with Articles 11 of the Law on the KVK numbered 20 and 6698 of the Constitution, on this topic, the KBB and the Internet https://entokbb.com/ ‘de “The application form. with is being treated.

    2.EXECUTION OF PERSONAL DATA

    By taking the necessary security measures for the purposes of personal data processing in accordance with the law, Ento KBB can transfer the personal data of the person whose personal data is processed and special personal data to third parties. In this respect, Ento KBB acts in accordance with the regulations provided for in Article 8 of Law No. 6698 of the KVK.

    1.PRINCIPLES FOR THE EXECUTION OF PERSONAL DATA

    For legitimate and lawful personal data processing purposes, Ento KBB may transfer personal data to third parties based on one or more of the personal data processing conditions specified in Article 5 of the Law below and on a limited basis: The person whose personal data has been processed has the explicit consent of the person concerned, and based on this; or
    • If there is a clear regulation in the law that personal data will be transferred,
    • If the personal data subject or someone else is required to protect the life or body integrity and the personal data subject is unable to express his or her consent due to the actual impossibility, or if his/her consent is not granted legal validity;
    • If it is necessary to transfer personal data of the parties to the contract, directly related to the establishment or performance of a contract,
    • If the transfer of personal data is mandatory for our company to fulfill its legal obligation,
    • If the personal data is made public by the person concerned,
    • If the transfer of personal data is necessary for the establishment, use or protection of a right,
    • provided that the personal data is not prejudiced to the fundamental rights and freedoms of the person concerned, the transfer of personal data is mandatory for the legitimate interests of our Company.
    Whatever the reason, general data processing principles are always taken into account in the transfer processes and compliance with these principles is ensured (KVK Law MD. 4).

    2.TRANSFER OF PERSONAL DATA OF SPECIAL QUALITY

    Ento KBB, taking the necessary security measures and taking the technical and administrative adequate measures prescribed by the KVK Board; for legitimate and lawful personal data processing purposes, the personal data of the person whose personal data is processed may be transferred to third parties in the following cases.
    • the person concerned has an explicit consent, or
    • if the person concerned has no explicit consent;
    • Personal data of special quality other than the health and sexual life of the person concerned (race, ethnicity, political thought, philosophical belief, religion, denominations or other beliefs, disguise and clothing, association, foundation or union membership, criminal conviction and security measures, and biometric and genetic data), where provided for by law,
    • Private personal data relating to the health and sexual life of the person concerned may only be processed by persons under the obligation of keeping secrets or competent institutions and organizations for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
    For whatever reason, general data processing principles are always taken into account in the transfer processes and compliance with these principles is ensured (Article 4 of the KVK Law).

    3.HANDLING OF PERSONAL DATA

    Ento KBB may transfer the personal data it processes to third parties by taking necessary security measures for the purposes of legal personal data processing. Personal data by Ento KBB; To countries that have been provided by the KVK Board in accordance with the GDPR, to foreign countries declared to have adequate protection (“Foreign country with adequate protection”) or to foreign countries where data controllers in Turkey and in the relevant foreign country have committed an adequate protection in writing and where the KVK Board has permission (“Foreign country where Data Controller committed to adequate Protection”) is transferred. In this respect, Ento KBB acts in accordance with the regulations provided for in Article 9 of Law No. 6698 of the KVK. Ento KBB, if the person concerned whose personal data is processed for legitimate and lawful personal data processing purposes has explicit consent or if the person concerned whose personal data is processed does not have explicit consent, the personal data is provided in one of the following cases “to foreign countries where there is a Data Controller who has adequate protection or who has committed to adequate protection” and “GDPR” “it can be used in countries that are suitable for:
    • If there is a clear regulation in the law that personal data will be transferred,
    • If the personal data is necessary for the protection of the life or body integrity of the person or other person concerned, and the person concerned whose personal data is processed is unable to explain his/her consent due to the actual impossibility or his/her consent is not granted legal validity;
    • If it is necessary to transfer personal data of the parties to the contract, directly related to the establishment or performance of a contract,
    • If the transfer of personal data is mandatory for Ento KBB to fulfill its legal obligation,
    • If the personal data is made public by the person concerned,
    • If the transfer of personal data is necessary for the establishment, use or protection of a right,
    • Personal data transfer is mandatory for the legitimate interests of Ento KBB, provided that it does not harm the fundamental rights and freedoms of the personal data owner

    4.THE PURPOSES OF THE PROCESSING OF PERSONAL DATA BY OUR COMPANY AND THE CATEGORIES OF PERSONS TRANSFERRED

    A) DATA TRANSFER PURPOSES

    To ensure the fulfilment of Ento KBB’s activities and establishment purposes, to ensure that the services that Ento KBB outsourced from the supplier and Ento KBB’s business activities are provided to Ento KBB, to ensure that Ento KBB’s human resources and employment policies are carried out, data transfer is carried out for purposes such as fulfilling the obligations within the scope of occupational health and safety of Ento KBB and ensuring the necessary measures are taken.

    (B) THE PERSONS TO WHOM THE DATA IS APPLIED

    In accordance with Articles 8 and 9 of KVK Law No. 6698 personal data it can be exported to the following categories of contacts:
    Authorized Government agencies Public institutions and organizations authorized to obtain information and documents from Ento KBB According to the relevant legislation, data sharing is done.
    Authorized Private legal persons Private legal persons authorized to obtain information and documents from the Ento KBB Data sharing is limited to the purpose requested by the relevant private law persons within their legal authority.
    Partners Parties to which Ento has partnered for the purposes of selling, promoting and marketing of the products and services of Ento KBB, after-sales support and carrying out joint customer loyalty programs while carrying out the business activities of Ento KBB Data sharing is limited in order to ensure that the purposes of establishing the partnership are fulfilled.
    Suppliers Parties that provide services to our Company or are served by our Company while carrying out the business activities of Ento KBB Data sharing is limited in order to ensure that the services provided by Ento KBB are outsourced from the supplier and necessary to carry out the business activities of our Company are provided by Ento KBB or Ento KBB.
    Transfers carried out by Ento KBB are carried out in accordance with the principles and rules set out in this Policy. PERSONAL DATA CATALOGUES The persons whose data are processed in Ento KBB and the data processed in this context are categorized as follows;

    CONTACT CATEGORIZATION

    Employee candidate Real persons who have applied for a job with Ento KBB in any way or who have opened their resume and related information to the examination of Ento KBB
    Employee Real people who work at the KBB
    Lead Natural persons who have requested or interested in using our products and services, or who have been assessed in accordance with the rules of business practice and honesty that they may have this interest in
    Supplier employee Real persons working in the organizations in which Ento KBB has all kinds of business relationships (such as, but not limited to, business partners, suppliers
    Supplier Authority The shareholders and authorities of the institutions in which Ento KBB is in business are real persons
    Customer Natural persons who use or use the products and services offered by Ento KBB, regardless of whether Ento has any contractual relationship
    Visitor Real persons who have entered the physical premises owned by Ento KBB for various purposes or who have visited our websites
    OTHER Third-party natural persons associated with Ento KBB to ensure the security of the transaction between the parties mentioned above or to protect the rights and interests of such persons (e.g. Family members and relatives)
    DATA CATEGORIZATION
    ID data Clearly belonging to an identified or identifiable natural person; partially or fully processed automatically or in a non-automatic manner as part of the data logging system; Driving license, population Wallet, Residence, Passport, Attorney ID, information contained in documents such as marriage Wallet
    Contact Data Clearly belonging to an identified or identifiable natural person; partially or fully processed automatically or in a non-automatic manner as part of the data logging system; information such as phone number, address, e-mail
    Location data Clearly belonging to an identified or identifiable natural person; partially or fully processed automatically or in a non-automatic manner as part of the data logging system; Information that determines where the personal data owner is located during the use of our products and services or when the employees of the institutions with whom we cooperate are using the tools of Ento KBB
    Privacy Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; Any personal data processed to obtain information that will be the basis for the creation of the personal rights of our employees or real persons in working relationship with Ento KBB
    Legal Action and Compliance Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; your personal data processed within the scope of determining our legal receivables and rights, monitoring and performance of our debts and compliance with our legal obligations and policies
    Customer transaction Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; information such as records for the use of our products and services, and instructions and requests required by the customer for the use of products and services
    Physical Space Security Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; personal data regarding records and documents received during the stay in the physical space at the entrance
    Transaction Security Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; personal data processed to ensure technical, administrative, legal and commercial security while carrying out activities.
    Risk Management Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; personal data processed by means of methods used in accordance with the generally accepted legal, commercial and integrity rules in these areas in order to manage our commercial, technical and administrative risks
    Financial data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; personal data processed regarding all kinds of financial results, documents and records that are created according to the type of legal relationship our company has established with the personal data owner
    Performance and career Development Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; Personal data processed for the purpose of measuring the performance of our employees or real people in a working relationship with our Company and planning and conducting career developments within the scope of our company’s human resources policy
    Marketing Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; personal data processed for the customization and marketing of our products and services in accordance with the usage habits, likes and needs of the personal data owner and the reports and evaluations created as a result of this processing
    Audio and Visual Data Clearly belonging to an identified or identifiable natural person; personal data that is processed in part or completely automatically, or in a non-automatic manner as part of the data logging system; E.g. photo and camera recordings (except records entered under physical Space Security information), voice recordings and data in documents that contain personal data
    Private Data (Health, Sex life) Data on health and sexual life, race, ethnicity, political thought, philosophical belief, data on religion, sect or other faiths, disguise and clothing, association, foundation or union membership, criminal conviction and security measures, and biometric and genetic data

    LEGAL ASPECTS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA

    I. LEGAL ASPECTS OF THE PROCESSING OF PERSONAL DATA

    1.GENERAL PRINCIPLES

    Although the legal bases for processing personal data by Ento KBB differ, all kinds of personal data processing activities are carried out in accordance with the general principles in Article 4 of Law No. 6698 of the KVK. Accordingly; for all types of data processing
    1. Do not comply with the rules of law and honesty,
    2. Be truthful and timely.
    3. Processing for specific, clear and legitimate purposes,
    4. Not to be limited, limited and measured for the purpose for which they are processed,
    5. The general principles of preservation are taken into account until the time required for the purpose for which they are foreseen or processed in the relevant legislation.

    2 REASONS FOR LEGAL COMPLIANCE

    A) FINDING THE CLEAR CONSENT OF THE PERSONAL DATA OWNER

    One of the conditions of processing personal data is the explicit consent of the owner. The express consent of the personal data owner should be disclosed on a specific topic, on an informed basis and with free will.

    B) CLEARLY FORESHADOWED BY THE LAW

    The personal data of the data owner may be processed in accordance with the law if expressly stipulated in the law. For example, in accordance with the Identification Regulations, the identification of our employees is communicated to the competent authorities.

    (C) NOT TO OBTAIN THE EXPLICIT CONSENT OF THE PERSON CONCERNED DUE TO ACTUAL IMPOTENCE

    Personal data of the data owner may be processed if it is necessary to process personal data to protect the life or body integrity of the person who is unable to explain his or her consent due to actual impossibility or whose consent cannot be validated. For example, sharing the health information of the employee who has an epileptic seizure with the physician.

    D) THE ESTABLISHMENT OF THE CONTRACT OR DIRECT INTEREST IN THE DISCLOSURE

    provided that it is directly related to the establishment or performance of a contract, it is possible to process personal data of the parties to the contract if it is necessary to process personal data. For example, to obtain a CV from the candidate for the establishment of a service (work) contract, to obtain an address for notification under the contract.

    (B) THE COMPANY SHALL FULFIL ITS LEGAL OBLIGATIONS

    If processing is mandatory for Ento KBB to fulfill its legal obligations as a data controller, the personal data of the data owner may be processed. For example, the processing of family information to which the employee is obliged to care in order to benefit from the minimum subsistence deduction.

    F) THE PERSONAL DATA OF THE OWNER

    The relevant personal data may be processed if the data owner has made his personal data public by himself. For example, if our company presents complaints, requests or suggestions of its customers on an open platform on the internet, these customers will have made their information public. In this case Ento KBB it is possible to process data by the authority, limited to the purpose of responding to complaints, requests or suggestions.

    G) DATA PROCESSING IS MANDATORY FOR THE ESTABLISHMENT OR PROTECTION OF A RIGHT

    In the event that data processing is mandatory for the establishment, use or protection of a right, the personal data of the data subject may be processed. For example, the retention of data that is proof (sales contract, invoice) and the use of it when necessary.

    H) DATA PROCESSING IS MANDATORY FOR THE LEGITIMATE INTEREST OF OUR COMPANY

    provided that the basic rights and freedoms of the personal data owner are not prejudiced, the personal data of the data owner may be processed if it is necessary to process the data for the legitimate interests of Ento KBB. For example, Ento KBB monitoring of critical points against theft or for occupational safety purposes with a security camera belonging to.

    3.PROCESSING OF PERSONAL DATA OF SPECIAL QUALITY AND REASONS FOR COMPLIANCE WITH THE LAW

    Personal data of special quality by Ento KBB can only be processed if the personal data owner does not have explicit consent, provided that adequate measures are taken to be determined by the KVK Board. Private personal data relating to the health and sexual life of the personal data subject may only be processed by persons under the obligation of keeping secrets or competent institutions and organizations for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. For whatever reason, the general data processing principles are always taken into account in the processing processes and compliance with these principles is ensured (Article 4 of the KVK Law).

    2. PURPOSES OF PROCESSING PERSONAL DATA

    Ento KBB processing personal data limited to the purposes and conditions within the personal data processing conditions specified in Article 5, paragraph 2 and Article 6, paragraph 3 of Law no. 6698. In the process of data processing, the above mentioned legal bases are taken into consideration, if there are no other reasons for compliance with the law, the consent of the concerned person is requested. Here, too, under Article 4, a general principles audit is carried out and, above all, it is sought that the data processing activity is generally consistent with the principles of compliance with the law. The consent of the interested person is taken “in an open, informative and free-will manner”. The processing of personal data is also for our company. Personal Data Inventory “it is also indicated. In Ento KBB, personal data is processed specifically for the following purposes;
    • The personal data of the employees must be processed in order to fulfill the mutual obligations arising from the employment contract as the employer. Personal data of employees; in accordance with the law and the rules of honesty, correct and timely as necessary; for specific, clear and legitimate purposes; it is processed and stored in a limited and measured manner. In this context, in line with the purposes necessary for the employees to be employed in accordance with the law, the establishment, performance and termination of the employment contract are carried out in accordance with the law, the legitimate interests of Ento KBB on condition that they are not contrary to the fundamental rights and freedoms, the conditions clearly stipulated in the law, the fulfillment of legal obligations related to employee employment, in cases of legal follow-up, where data processing is mandatory for the establishment, use and protection of the right and in cases other than these, the explicit, informational-based consent to be requested from the employees and the free will of the employees constitute the legal basis of the personal data processing.
    • Within the scope of the activities required by the Ento KBB’s business subject, the legitimate interests of the employer make it necessary to process the personal data of the employees. As a matter of fact, for reasons such as prevention of abuses, prevention of theft, general safety or occupational health and safety, the personal data of employees can be processed. However, in this case, great care is taken not to harm the fundamental rights and freedoms of the employees.
    • The vast majority of the personal data of the employees being processed is obtained from the information provided to Ento KBB by the employees. In some cases, the personal data of the employees may also come to Ento KBB from internal sources such as Ento KBB managers or from the references of employees or from the data in the systems established by public institutions and organizations due to their working life requirements.
    • The personal data of the employees being processed consists of information such as application forms and references of the employees, employment contracts and changes, contact information of the employees, information necessary for payroll, family or close information such as people to be contacted in emergency situations, training records of the employees, performance evaluation records, discipline records, camera records.
    • Regarding the processing of personal information of employees, there are rules in the policies and procedures found in Ento KBB. In this regard, in particular, the “Protection and processing Policy of Personal Data” on the website of Ento KBB can be examined. Again, the mentioned document, which is also available from Ento KBB’s own intranet system, can also be obtained from the Human resources Unit in the paper/hard copy environment.
    • The health information of the employees is also among the personal data processed. Information about the health and sex lives of employees is generally processed by persons under the obligation of keeping secrets or competent institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health services and financing. In this context, the health data of the employees and the details related to them are found in the workplace physician and health unit as a rule.
    • If the employee becomes a member of the union after the status of “employee” (not requested in the category of employee candidacy), union membership can also be processed in accordance with the explicit provisions of the law in order to make the requirements of the legal legislation. Other than that, employees, race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, disguise and clothing, and biometric and genetic data as a rule are not included among the personal data processed unless clearly stipulated in the law, and if an exceptional application is to be applied, the requirements are carefully evaluated before the personal data is processed.
    • Ento KBB has controls and surveillance on information communication tools (telephone, mobile phones, computers and the internet). Law No. 5651 and the legitimate interests of Ento KBB constitute the legal basis of the said practices.
    • Vehicle tracking system can be implemented on the grounds of “safety, more effective management of vehicles and personnel” in the vehicles belonging to Ento KBB. The activity in question is based on the legitimate interests of Ento KBB and is carried out on the condition that it does not harm the fundamental rights and freedoms of the employees.
    • In line with the purpose of ensuring the execution of the human resources policies of Ento KBB; Provision of personnel suitable for open positions in accordance with Ento KBB human resources policies, conducting human resources operations in accordance with Ento KBB human resources policies, selection of employee candidates, management of self-employment jobs, determination of training and career plans, in the context of occupational health and safety, the fulfillment of the obligations and the taking of the necessary measures constitute the purposes of processing personal data.
    • Personal data of supplier/sub-employer employees may also be processed by our Company. As a matter of fact, in the Law No. 6331, documents and information that should be checked in relation to employees coming from another workplace in relation to occupational health and safety are specified to the main employer. In the same way, in the Labor Law No. 4857 and the Social Insurance and General Health Insurance Law No. 5510, obligations have been brought to the main employer regarding sub-employer workers and temporary workers and the issues that should be checked in this context are stated. Accordingly, depending on the supplier and other employer, the processing of the personal data of the workers working in our workplace is based on the legitimate interests of our business, especially the legal corrections in question.
    • Personal data, as well as:
    • The implementation of emergency management processes,
    • Conducting information security processes,
    • Conduct auditing/ethical activities,
    • Conduct of educational activities,
    • Exercise of access powers,
    • The conduct of the activities in accordance with the regulations,
    • Conduct financial and accounting business,
    • To carry out the loyalty processes of the company/ products/ services,
    • The security of physical space,
    • The conduct of the assignment process,
    • The conduct and conduct of the law,
    • Conduct internal audit/investigation/intelligence activities,
    • Conduct of communication activities,
    • Carrying out goods/services/production and operation processes,
    • The execution of customer relations processes,
    • Carrying out activities aimed at customer satisfaction,
    • Organization and event management,
    • Conducting marketing analysis studies,
    • Conducting performance assessment processes,
    • Conduct of advertising/campaign/promotion processes,
    • Conducting risk management processes,
    • To carry out storage and archive activities,
    • Carrying out social responsibility and civil society activities,
    • The execution of the contract processes,
    • Conducting sponsorship activities,
    • Carrying out strategic planning activities,
    • The complaint/complaint,
    • The security of the goods and resources being transported,
    • Managing the supply chain,
    • Conduct the marketing processes of products/services,
    • Ensuring the security of data controller operations,
    • Foreign personnel work and residence permit procedures,
    • Conducting the investment process,
    • To provide information to the competent persons, institutions and organizations,
    • Conduct of management activities,
    • It is processed in our related units for the purpose of creating and tracking visitor records.
    For occupational health and safety, general safety, product security purposes, camera monitoring in the workplace is carried out on the condition that it does not harm the fundamental rights and freedoms of our visitors, the people whose data is processed in this context and especially the employees, taking into account the legitimate interests of the company.

    STORAGE, DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

    Although Ento KBB has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Law on KVK numbered 6698, in case the reasons for its processing are eliminated, personal data is deleted, destroyed or anonymized in accordance with Ento KBB’s own decision or upon the request of the personal data owner.

    I. RETENTION AND RETENTION OF PERSONAL DATA

    In case Ento KBB is stipulated in the relevant laws and legislation, it stores personal data for the period specified in the relevant legislation. If the legislation on how long the personal data should be kept for is not regulated for a period of time, the personal data is processed for a period of time that requires processing in accordance with the practices of Ento KBB and the practices of commercial life, depending on the services offered by our company while processing that data, it can be stored for the purpose of providing evidence in legal disputes or for the purpose of asserting the relevant right related to personal data or establishing a defense. In spite of the expiration periods and the expiration periods for the assertion of the right mentioned in the establishment of these periods, the retention periods are determined on the basis of the examples in the requests directed to Ento KBB on the same issues before. In this case, the stored personal data is not accessed for any other purpose and only access to the relevant personal data is provided when it must be used in the relevant legal dispute. After the said period has ended, personal data is deleted, destroyed or anonymized.

    II.DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

    Although it has been processed in accordance with the provisions of the relevant law as laid down in Article 138 of the Turkish Penal Code and Article 7 of the Law on KVK numbered 6698, personal data is deleted, destroyed or anonymized in case the reasons for its processing are eliminated, pursuant to Ento KBB’s own decision or upon the request of the personal data owner. In this context, Ento KBB fulfills its obligation regarding the subject with the methods described in this section.

    1.DELETION OF PERSONAL DATA

    A) THE DELETION OF PERSONAL DATA

    Although Ento KBB has been processed in accordance with the provisions of the relevant law, in case the reasons for its processing are eliminated, it may delete the personal data according to its own decision or at the request of the personal data owner. Deletion of personal data, personal data for interested users it cannot be accessed in any way and can be made unusable again. All kinds of technical and administrative measures are taken to ensure that the personal data deleted in Ento KBB is inaccessible and unusable again for the relevant users.

    B) THE PROCESS OF DELETION OF PERSONAL DATA

    The process for deleting personal data must be followed as follows:
    • Personal data that will be subject to deletion
    • Identifying the relevant users for each personal data using the access authorization and control matrix or a similar system
    • Determining the rights and methods of access, retrieval, reuse of the relevant users
    • closure and elimination of access, retrieval, reuse and authorization and methods under the personal data of the relevant users.

    C) METHODS OF DELETION OF PERSONAL DATA

    Since personal data can be stored in various recording media, it is deleted with methods suitable for recording media.

    2 DESTRUCTION OF PERSONAL DATA

    A) THE DESTRUCTION OF PERSONAL DATA

    Although Ento KBB has been processed in accordance with the provisions of the relevant law, it may destroy personal data on its own decision or at the request of the personal data owner if the reasons for its processing are eliminated. Destruction of personal data, the process of making personal data inaccessible, unretrievable and unusable by anyone . Ento KBB takes all necessary technical and administrative measures related to the destruction of personal data.

    B) METHODS OF DESTRUCTION OF PERSONAL DATA

    In order to destroy personal data, all copies containing the data are detected and the systems where the data are located are destroyed one by one.

    3 ANONYMITY OF PERSONAL DATA

    A) PROCESS OF ANONYMIZATION OF PERSONAL DATA

    Anonymization of personal data means that the personal data cannot be linked to an identified or identifiable real person under any circumstances, even by matching it with other data. Our company can anonymize the personal data when the reasons for processing the personal data processed in accordance with the law are eliminated. The personal data is anonymized by being returned by the data controller or groups of recipients and/or by making it unidentifiable to an identified or identifiable natural person, even through the use of appropriate techniques for the recording environment and related field of activity, such as matching the data with other data. Ento KBB takes all kinds of technical and administrative measures necessary to anonymize personal data. Personal data anonymized in accordance with Article 28 of the Law on the KVK numbered 6698 may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of Law No. 6698 of the KVK and the express consent of the personal data owner will not be sought.

    B) METHODS OF ANONYMIZATION OF PERSONAL DATA

    Anonymization is the removal or modification of all direct and/or indirect identifiers in a data set, preventing the identification of the person concerned from being identified, or losing the ability to be distinguished in a group or crowd in a way that cannot be associated with a real person. Data that does not point to a particular person as a result of blocking or loss of these features is considered anonymised data. The purpose of anonymization is to break the link between the data and the person it identifies with. All of the bonding operations performed by automated or non-automated grouping, masking, derivation, generalization, arbitration methods applied to the records in the data recording system where the personal data is kept are called anonymization methods. The data obtained as a result of the application of these methods should not be able to identify a specific person.

    RIGHTS OF INTERESTED PERSONS

    1. THE SCOPE OF THE RIGHTS OF THE PERSONS CONCERNED AND THE EXERCISE OF THESE RIGHTS
      1. Rights of interested persons
    The persons whose personal data is processed at Ento KBB have the following rights:
    • Find out if personal data is processed,
    • If personal data is processed, do not request information about it,
    • Learn about the purpose of processing personal data and whether it is used in accordance with its purpose,
    • Knowing third parties to whom personal data is transferred at home or abroad,
    • If the personal data is incomplete or incorrectly processed, request that they be corrected and request that the transaction made in this context be notified to third parties to whom the personal data is transferred,
    • Although it has been processed in accordance with the provisions of KVK Law and other relevant law, in case the reasons for its processing are eliminated, to request the deletion or destruction of personal data and to request that the transaction made in this context be notified to third parties to whom the personal data is transferred,
    • Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
    • Request that the damage be remedied in case of damage caused by the processing of personal data against the law

    2.USE OF RIGHTS OF PERSONS CONCERNED

    It is necessary and sufficient for the interested persons to communicate their requests regarding the exercise of the rights mentioned above in accordance with Article 1 of Article 13 of the Law on the KVK numbered 6698 to our Company by the following methods;
    Application method Address to apply Information to be specified in the submission of the application
    Applying in person ENTO EAR NOSE AND THROAT SPECIAL HEALTH SERVICES A.Ş. KAZIMDIRIK MAH. 364/1nd Street: 36/a Borneo
    (The applicant On the envelope, personal
    Come in person Data Protection Law
    Refute their identity Request for information within the scope.”
    With the issuing document To be written.
    Application)
    Notarized ENTO EAR NOSE AND THROAT SPECIAL HEALTH SERVICES A.Ş. KAZIMDIRIK MAH. 364/1nd Street: 36/a Borneo The notice envelope will be written “information request under the Law on Protection of Personal Data
    ento@hs01.kep.tr
    “Secure electronic signature.” The subject of the email
    By signing with “Protection of personal data
    Recorded Electronics Law of information.”
    Posta (KEP) To be written.
    Via
    The application; If the name, surname and application is written, signature, T.C. ID number for T.C. citizens, nationality, passport number or ID number for foreigners, address of the place of residence or place of work, if applicable, the principal e-mail address, telephone and fax number, subject of request, must be found. Information and documents related to the subject are also attached to the application. It is not possible to make a request by third parties on behalf of the personal data owners. Arranged by the personal data subject on behalf of the person to apply for a request by someone other than the personal data subject private power of attorney must be found. In the application that you have as a personal data owner and which you will make to exercise your rights as set out above and which you have requested to exercise; the matter you request is clear and understandable, the matter you request is relevant to your person or if you are acting on behalf of someone else, you must be specifically authorized in this matter and your authority must be documented, the application must contain identity and address information and documents confirming your identity must be added to the application. It is not possible to make a request by third parties on behalf of the personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person who will apply. The application form for the data subjects is available on the website of Ento KBB ( https://www.entokbb.com ) is present.

    3 RESPONSES TO APPLICATIONS

    If the personal data owner sends his request to Ento KBB in accordance with the prescribed procedure, Ento KBB will conclude the request free of charge as soon as possible and no later than thirty days according to the nature of the request. However, in case the transaction requires a further cost, the fee determined by the KVK Board will be charged by Ento KBB from the applicant. Ento KBB may request information from the person concerned to determine whether the applicant has personal data. In order to clarify the issues contained in the application of the personal data owner, Ento KBB may ask the personal data owner about his application. The applicants. Contact contact “I think it’s under the command of the KBB.

    ENSURING THE SECURITY OF PERSONAL DATA

    I. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO ENSURE THE LAWFUL PROCESSING OF PERSONAL DATA

    Ento takes all necessary technical and administrative measures to ensure that personal data is processed in accordance with the law in the scope of the BGYS. In this circle, Within our company VERBİS compatible with Data Inventory Data Mapping, where law and purpose compliance audits are carried out.
    • Ento KBB’s “Lighting (information) statement” has been put into effect in order to fulfill the lighting obligation of the relevant persons in a complete and correct manner.
    • Employees are required to comply with the law on the protection of personal data and to process personal data in accordance with the law
    • All the activities carried out by Ento KBB are analyzed in detail for all business units and personal data processing activities are revealed in the context of the activities carried out by the relevant business units as a result of this analysis.
    • Personal data processing activities carried out by the business units of Ento KBB; The requirements to be fulfilled in order to ensure compliance with the personal data processing conditions sought by KVK Law No. 6698 for each business unit and the details it carries out are specific to the activity
    • In the contracts and documents governing the legal relationship between Ento KBB and the employees, except for the instructions of Ento KBB and the exceptions brought by law, records are put which impose the obligation not to process, disclose and use personal data and awareness of the employees is created and audits are carried out.
    • To the contracts and documents governing the legal relationship between Ento KBB and third parties processing the data to which Ento KBB is responsible, except for the instructions of Ento KBB and the exceptions brought by law, not to process personal data, records that impose the obligation not to disclose and not to use are put in place and “Supplier and Contractor Privacy Agreement” has been put into effect in this regard.

    2.TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN IN THE PROCESSING OF SPECIAL QUALITY DATA

    With the Law of the KVK numbered 6698, special importance has been attributed to a number of personal data due to the risk of causing victimization or discrimination of persons when processed in violation of the law. This data; race, ethnicity, political thought, philosophical belief, religion, denominations or other beliefs are data on disguise and clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures, and biometric and genetic data. Ento KBB is treated with sensitivity in the protection of special quality personal data, which is determined as “special quality” by Law No. 6698 and processed in accordance with the law. In this context, the technical and administrative measures taken by Ento KBB for the protection of personal data are carefully implemented in terms of special personal data and necessary controls are provided. In this circle;
    • Regarding the security and processing principles of special personal data, “Special quality Personal Data Policy” has also been prepared.
    • For employees involved in the processing of special-quality personal data, regular trainings are given on the subject of Law and related regulations and special-quality personal data security, confidentiality agreements are made, users with access to data, their scope and duration of authority are clearly defined, authority controls are carried out, employees with a change of duty or leaving the job are immediately removed from their authority in this area and in this context, the inventory allocated to them by the data controller is taken as a return.
    • The environments in which special personal data are processed, stored and/or accessed, and the electronic environment, the data are stored using cryptographic methods. Cryptographic keys are kept in secure and different environments, transaction records of all movements performed on the data are securely logged, security updates of the data environments are monitored and necessary security tests are performed, test results are recorded.
    • If the data is accessed through a software, user authorizations are made for this software, security tests of these software are performed regularly, test results are recorded. If remote access to data is required, at least two-tier authentication systems are provided.
    • Environments in which special personal data are processed, maintained and/or accessed, if the physical environment, adequate security measures are taken according to the nature of the environment in which special personal data are located (against electrical leakage, fire, flooding, theft etc.), and the physical security of these environments is ensured and unauthorized entry exits are provided
    • If special personal data is to be transferred, if the data needs to be transferred via email, it is ensured that it is transmitted in encrypted form with a corporate email address or using a registered Electronic Mail (KEP) account.
    • If private data needs to be transferred via media such as Memory, CD, DVD, etc., it is encrypted by cryptographic methods and the cryptographic key is kept in different environment.
    • If private data is transferred between servers in different physical environments, data is transferred between servers by installing a VPN or by SFTP method. If private data needs to be transferred via paper media, necessary measures are taken against the risks such as theft, loss or being seen by unauthorized persons.
    • In addition to the measures mentioned above, technical and administrative measures are taken to ensure the appropriate level of security specified in the Personal Data Security Guide published on the website of the Personal Data Protection Authority.

    TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO PREVENT ACCESS TO THE LAW OF PERSONAL DATA

    Ento KBB takes technical and administrative measures in the scope of the ISMS to prevent disclosure, access, transfer or all unlawful access to personal data in any other form.

    1.TECHNICAL MEASURES TAKEN TO PREVENT THE ACCESS OF PERSONAL DATA TO THE LAW

    The main technical measures taken by Ento KBB to prevent unlawful access to personal data are listed below:

    A) ENSURING CYBERSECURITY

    To ensure personal data security, cyber security products are primarily used, but the measures are not limited to this, and measures such as firewalls and gateway are taken under the scope of the ISMS. Unused software and services are removed from the devices.

    B) YAZILIM GÜNCELLEMELERİ

    Patch management and software updates ensure that software and hardware are working properly and that the security measures taken for systems are adequate.

    C) ACCESS RESTRICTIONS

    Access to systems containing personal data is also restricted. In this context, employees are granted access to the extent necessary for their work and tasks and their authority and responsibilities, and access to the related systems is provided by using user name and password. When creating these passwords and passwords, it is ensured that combinations consisting of upper case letters, numbers and symbols are preferred instead of numbers or letters that are easily guessed and related to personal information. Accordingly, the access authority and control matrix is created within the scope of ISMS.

    D) ŞİFRELEME

    In addition to the use of strong passwords and passwords, access is limited by methods such as limiting the number of password entry attempts, ensuring that passwords and passwords are changed at regular intervals, opening the administrator account and admin authority to be used only when necessary, and deleting the account or closing the entries without losing time for employees who are disassociated with the data controller.

    E) ANTİ VİRUS YAZILIMLARI

    In order to protect against malware, products such as antivirus, antispam, which regularly scan the information system network and detect dangers are used, and these are kept up-to-date and necessary files are scanned regularly. If personal data is to be obtained from different websites and/or mobile application channels, it is ensured that the connections are made via SSL or a more secure way.

    F) FOLLOW-UP OF PERSONAL DATA SECURITY

    • Checking which software and services are running in the information networks,
    • Determining whether there is any movement in the information networks that should or should not be infiltrated,
    • Keeping a regular record of all users' transaction activity (such as log records),
    • Reporting security issues as quickly as possible
    A formal reporting procedure under ISMS is being established for employees to report security vulnerabilities in systems and services or threats that use them. Evidence is collected and stored securely in unsolicited incidents such as information system crashes, malware, decommissioning attack, incomplete or incorrect data entry, privacy and integrity violations, it system misuse.

    G) ENSURING THE SECURITY OF PERSONAL DATA-CONTAINING ENVIRONMENTS

    If personal data is stored on devices or paper media located in the Ento KBB sites of data controllers, physical security measures are taken against threats such as theft or loss of these devices and papers. The physical environments in which personal data are located are protected against external risks (fire, flood, etc.) with appropriate methods and the entrances/exits to these environments are controlled. If the personal data is in electronic environment, access between the network components can be limited or the separation of components is ensured to prevent a personal data security breach. The same level of measures are also taken for paper media, electronic media and devices (laptop, mobile phone, flash memory) located outside the Ento KBB campus and containing personal data belonging to Ento KBB. Personal data to be transferred by e-mail or post is also sent carefully and with adequate precautions. In case employees gain access to the information system network with their personal electronic devices, adequate security measures are taken for them. Access control authorization and/or encryption methods are used to prevent the loss or theft of devices containing personal data. In this context, the password key is stored in an environment accessible only to authorized persons and unauthorized access is prevented. Documents in the paper environment containing personal data are also stored in a locked manner and in environments accessible only to authorized persons, and unauthorized access to the documents is prevented.

    H) STORAGE OF PERSONAL DATA IN THE CLOUD

    The storage of personal data in the cloud can also be applied when necessary. In this case, Ento KBB should evaluate whether the security measures taken by the cloud storage service provider are adequate and appropriate. In this context, the measures specified in the guidance and recommendations of the KVK Board are taken into consideration.

    I) SUPPLY, DEVELOPMENT AND MAINTENANCE OF INFORMATION TECHNOLOGY SYSTEMS

    Safety requirements are taken into account when determining the needs for the supply, development or improvement of existing systems within the scope of the ISMS by Ento KBB.

    (I) WITHHOLDING PERSONAL DATA

    In cases where personal data is damaged, destroyed, stolen or lost for any reason, the company ensures to be operational as soon as possible by using the backed up data. Backed up personal data is only accessible by the system administrator, and dataset backups are kept outside the network.

    2.ADMINISTRATIVE MEASURES TAKEN TO PREVENT THE ACCESS OF PERSONAL DATA TO THE LAW

    The main administrative measures taken by Ento KBB to prevent unlawful access to personal data are listed below:
    • Employees are informed and trained on the technical measures to be taken to prevent unlawful access to personal data.
    • Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of Law No. 6698 of the KVK and cannot use it outside of the purpose of processing and that this obligation will continue after their departure from office and necessary commitments are taken from them in this direction.
    • Personal Data Security policies and procedures within the scope of ISMS are determined, checks are made regularly, checks are documented and the issues that need to be improved are determined. Again, the risks that may arise for each category of personal data and how to manage security breaches are also clear
    • Reducing personal data as much as possible: Personal data must be accurate and up-to-date, and maintained for as long as is necessary for the purpose for which they are processed or provided for in the relevant legislation. However, it is evaluated whether there is still a need for data that is inaccurate, outdated and does not serve any purpose, and the personal data that is not needed is deleted, destroyed or anonymized with the personal data retention and destruction policy
    • Management of relationships with Data Processors: When Ento KBB receives services from the data processors to meet the it need, it is processed by ensuring that the level of security provided by the data processors in question is provided at least by them. In this context, protective arrangements regarding the protection of personal data are introduced in the contracts signed with the data processor.

    4.STORAGE OF PERSONAL DATA IN SECURE ENVIRONMENTS

    Ento KBB takes the necessary technical and administrative measures according to the technological facilities and the cost of implementation in order to prevent the storage of personal data in secure environments and the destruction, loss or alteration of it for illegal purposes.

    1.TECHNICAL MEASURES TAKEN TO KEEP PERSONAL DATA IN SECURE ENVIRONMENTS

    The main technical measures taken by Ento KBB for the storage of personal data in secure environments are listed below:
    • Systems suitable for technological developments are used to store personal data in secure environments.
    • Technical security systems for storage areas are established, the technical measures taken are periodically audited by the audit mechanism determined by Ento KBB, and the necessary technological solution is produced by re-evaluating the issues that pose risks.
    • All necessary in accordance with the law to ensure the secure storage of personal data
    substitutes are used.

    2.ADMINISTRATIVE MEASURES TAKEN TO KEEP PERSONAL DATA IN SECURE ENVIRONMENTS

    The main administrative measures taken by Ento KBB for the storage of personal data in secure environments are listed below:
    • Employees are informed about ensuring that personal data is stored securely.
    • In case of an external service being received by Ento KBB due to technical requirements regarding the storage of personal data, contracts with the relevant companies where the personal data is transferred in accordance with the law; The provisions concerning the persons to whom the personal data is transferred will take the necessary security measures for the protection of the personal data and ensure compliance with these measures in their own organizations are included and in this regard, Ento is acting in accordance with the provisions of the procedures in the scope of the BGYS.

    V. TRAINING

    • Ento KBB, employees in the scope of BGYS, KVK policies and KVKK Regulations necessary training in the field of personal data protection
    • In the trainings, the definitions and practices for the protection of Special qualified personal data are especially mentioned.
    • If the employee of Ento KBB accesses personal data physically or in a computer environment, Ento KBB will provide training to the relevant employee on these accesses (for example, the computer program accessed)

    VI. DENETİM

    1.INCREASING THE AWARENESS AND CONTROL OF THE BUSINESS UNITS ABOUT THE PROTECTION AND PROCESSING OF PERSONAL DATA

    Ento KBB ensures that the necessary notifications are made to the business units in order to increase awareness about the processing of personal data unlawfully, preventing access to the data unlawfully and ensuring the protection of the data.

    2 INCREASING AWARENESS AND SUPERVISION OF BUSINESS PARTNERS AND SUPPLIERS ABOUT THE PROTECTION AND PROCESSING OF PERSONAL DATA

    Ento KBB provides necessary information to business partners in order to prevent the unlawful processing of personal data, prevent access to data unlawfully and increase awareness to ensure the protection of data.

    3.CONTROL OF THE MEASURES TAKEN ON THE PROTECTION OF PERSONAL DATA

    Ento KBB has the right to inspect the compliance of all employees, departments and contractors of Ento KBB with this Policy and GDPR Regulations at all times and without any prior notice on a regular basis, and carries out or performs the necessary routine inspections within this scope. The results of this audit are evaluated within the scope of the internal operation of Ento KBB and necessary actions are carried out to improve the measures taken. Measures to be taken in the event of unauthorized disclosure of Personal Data Ento KBB, in accordance with Article 12 of Law No. 6698 of KVK, if the personal data processed by others by unlawful means, carries out the system that ensures that this situation is reported to the relevant personal data owner and the KVK Board as soon as possible.
    PREPARED BY APPROVER
    Compute Manager HONOURABLE GENERAL GUARD KENAN KILIÇ
    CONTENTS
    1. THE IMPORTANCE OF PROTECTING PERSONAL DATA IS ……………………………………………………………………………………… .. 3
    2. THE PURPOSE OF THE POLICY IS TO……………………………………………………………………………………………………………. 4
    1. THE IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION …………………………………………………………………………………… .. 4
    2. THE DAY AND THE DAY OF RECKONING…………………………………………………………………………………………………………………………………………………………… .. 4
    THE PROCESSING OF PERSONAL DATA IS ……………………………………………………………………………………………………………… 4
    1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES FORESEEN IN THE LEGISLATION…… 5
      1. The principles of the processing of personal data are ……………………………………………………………………………………………… 5
      2. General rules for the processing of personal data of a general nature…………………………………………………………………… . 5
      3. The rules for the processing of personal data of special quality are …………………………………………………………………… .. 6
      4. To inform and inform the people involved in the data……………………………………………………………………………………………………….... 6
    2. PERSONAL DATA IS …………………………………………………………………………………………………………. 6
      1. Data transfers of personal data are ………………………………………………………………………………………………………… .. 7
      2. Personal data of special quality is transferred……………………………………………………………………………………………… 7
      3. Transfer of personal data abroad…………………………………………………………………………… . 7
      4. The purpose of the transfer of personal data and the categories of persons transferred…………………………………………………………….. 8
    THE LEGAL PURPOSES AND PURPOSES OF THE PROCESSING OF PERSONAL DATA ARE……………………………………………………………………………………………….... 13
    1. THE LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA IS ……………………………………………………………………… .. 13
      1. The common principles are ……………………………………………………………………………………………………………. .. 13
      2. Reasons for compliance with the law………………………………………………………………………………………………………… 13
      3. The processing of personal data of special quality and reasons for compliance with the law………………………………… .. 14
    2. THE PURPOSE OF PERSONAL DATA PROCESSING IS …………………………………………………………………………………………… . 14
    STORING, DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA . 16
    1. THE RETENTION AND RETENTION OF PERSONAL DATA IS ……………………………………………………………………… 16
    THE RIGHTS OF THE DATA OWNER ARE ……………………………………………………………………………………………………………………………………… . 18 THE SECURITY OF PERSONAL DATA IS ………………………………………………………….. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
    1. TECHNIQUES AND EXERCISES TAKEN TO ENSURE THAT PERSONAL DATA IS PROCESSED IN ACCORDANCE WITH THE LAW
    2. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN IN THE PROCESSING OF SPECIAL-QUALITY DATA…………………………………………… . ….20
    3. TECHNICAL AND ADMINISTRATIVE DATA OBTAINED TO PREVENT ACCESS TO THE LAW PRECAUTIONS.21
      1. Technical measures taken to prevent the unlawful access of Personal Data……………………… . . . . . .21
      2. Administrative measures taken to prevent the illegal access of Personal Data……………………………… ….23
    1. Increasing the awareness of Business units about the Protection and processing of Personal Data…… …………………………………………………………………………………………………………………………………………………………………………… …..24
    2. Increasing the awareness and supervision of Business Partners and suppliers about the Protection and processing of Personal Data…………………………………………………………………………………………………………………………………………………………………………………………… .. ...24
    3. Security measures for the protection of personal data………………………………………. . ...25
    INTRODUCTION
    I. THE IMPORTANCE OF PERSONAL DATA PROTECTION
    The protection of personal data is a constitutional right and is within the scope of the priorities of our Company. As a matter of fact, for this purpose, it is aimed to establish a continuously updated system in our Company and this policy has been established. Within the scope of the Law on the Protection of Personal Data numbered 6698, as a Data Controller, “ENTO EAR NOSE AND THROAT SPECIAL HEALTH SERVICES A.Ş.” (see below for short ” ENTOKBB ” olarak anılacaktır ), KAZIM DİRİK MAH 364/1 SOK. NO: 36/a Bornova – İZMIR address to fulfill the general lighting obligation and to determine the basic principles of our company’s personal data processing rules, this Policy is made and in this context, our customers, potential customers, employees, employee candidates, intern, the basic principles for the protection of personal data of supplier/sub-employer employees and officials, company shareholders, company partners, visitors and other third parties whose data we process are regulated. The necessary procedures for the application of the issues mentioned in this Policy are organized within the Company, specific to the categories of persons Personal Data processing Inventory lighting texts are created in accordance with, personal data protection and confidentiality agreements are made with company employees and third parties who have access to personal data, duty definitions are revised, for the protection of personal data ENTO KBB the necessary administrative and technical measures are taken by and necessary inspections are carried out or made in this context. Personal Data Protection is also owned by senior management and a special committee is formed ( ENTO KBBB KVKK Ekip Listesi Ref: LS.01) the processes of protection of personal data are managed.
    II. POLİTİKANIN AMACI
    The main purpose of this policy is, ENTO KBB” to establish the principles for the protection of personal data processing activity and personal data carried out by the law in accordance with the law, in this context, to provide transparency by enlightening and informing the people whose personal data are processed by our company.
    III. SCOPE
    This Policy; “our customers, potential customers, employees, candidates, interns, supplier/sub-employer employees and officials, our company shareholders, company partners, visitors and other third parties whose data we process” refers to all personal data of those we categorize under the headings of “automated or non-automated means, provided that we are part of any data recording system.
    IV IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION
    The relevant legal regulations in force regarding the processing and protection of personal data will first be applied. In the event of incompatibility between the applicable legislation and the Policy, our Company acknowledges that the applicable legislation will find an area of application.
    V. ACCESS AND UPDATE
    On our policy company website www.entokbb.com it is published and made available to the relevant persons at the request of the personal data owners and updated as necessary.
    PROCESSING OF PERSONAL DATA
    • Ento KBB, in accordance with Article 20 of the Constitution and Article 4 of Law No. 6698 of the GDPR, regarding the processing of personal data; in accordance with the law and the rules of honesty, correct and timely as necessary; for specific, clear and legitimate purposes; it may engage in personal data processing in a limited and measured manner linked to the purpose. Ento KBB retains personal data for as long as required by law or for the purpose of processing personal data.
    • Ento KBB, pursuant to Articles 5 of the Law no. 20 and 6698 of the Constitution, processes personal data on the basis of one or more of the conditions in Article 5 of the Law no. 6698 on the processing of personal data.
    • In accordance with Article 419 of the Code of obligations, the Ento KBB processes the personal data of the employees and the candidates of employees based on the purposes of employment aptitude and performance of the employment contract, without prejudice to the Law of KVK No. 6698.
    • Ento KBB, in accordance with Articles 10 of Law no. 20 and 6698 of the Constitution, illuminates the personal data owners and provides the necessary information in case the personal data owners request information and apply to exercise their rights arising from the law, responds to the applications within the legal period.
    • Ento KBB acts in accordance with Article 6 of the Law No. 6698 of the KVK in accordance with the regulations provided for in terms of the processing of personal data of special quality.
    • In accordance with Articles 8 and 9 of Law no. 6698, Ento KVK complies with the rules stipulated in the law on the transfer of personal data and implements it by taking into account the decisions taken by the KVK Board and the published notifications and the lists of safe countries.
    I. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES FORESEEN IN THE LEGISLATION
    1 PRINCIPLES OF PROCESSING PERSONAL DATA
    A) CONDUCT IN ACCORDANCE WITH THE LAW AND THE RULE OF HONESTY
    Ento KBB; in the processing of personal data, it acts in accordance with the principles introduced by legal regulations and the rule of honesty. In this context, Ento KBB performs processing by determining the legal bases that will require the processing of personal data, takes into account the requirements of metrics, does not use personal data outside the required for the purpose, does not process activities outside the knowledge of the people.
    B) ENSURE THAT PERSONAL DATA IS ACCURATE AND UP-TO-DATE WHEN NECESSARY
    Ento KBB; it ensures that the personal data processed by taking into account the basic rights of the personal data owners and their own legitimate interests is accurate and up to date and takes the necessary measures in this direction. In this context, data on all categories of people are tried to be kept up to date. In particular, customer and potential customer data are updated with care, and e-mails and offers for marketing and promotional purposes are not sent to people contrary to their consent.
    C) PROCESSING FOR SPECIFIC, CLEAR AND LEGITIMATE PURPOSES
    Ento KBB clearly and definitively determines the legitimate and lawful purpose of personal data processing. Ento KBB processes personal data in connection with the service it offers and as necessary for them. The purpose for which the personal data will be processed by Ento KBB is determined before the processing activity and Personal Data Inventory" nor is it performed.
    (B) BE LIMITED AND MEASURED FOR THE PURPOSE FOR WHICH THEY OPERATE
    Ento KBB processes personal data in a manner that is conducive to the realization of the specified purposes and avoids the processing of personal data that is not related to the achievement of the purpose or is not needed. In this context, processes are constantly being reviewed, data minimanisation and reduction of personal data.” the principle is to try to survive.
    1. Ento KBB retains personal data only for the period necessary for the purpose for which they are foreseen or processed in the relevant legislation. In this context, Ento KBB first determines whether a period is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, takes into account the legal and criminal timeout periods in this context and stores personal data for the period necessary for the purpose for which they are processed. In the event that the reasons for expiration or processing are eliminated, the personal data is deleted, destroyed or anonymized in accordance with the “DESTRUCTION procedure” (Ref: BGYS PR.13) under Ento KVKK-PO-02 deletion destruction Policy
    2. GENERAL RULES FOR THE PROCESSING OF PERSONAL DATA
    The protection of personal data is a right defined in the Constitution, and fundamental rights and freedoms may be limited only by law and only by the reasons specified in the relevant articles of the Constitution, without being touched on their essence. In accordance with the third paragraph of Article 20 of the Constitution, personal data may only be processed in the cases provided for by law or with the express consent of the person. In the processing of personal data by our company, but if the following conditions exist, personal data is processed without seeking the explicit consent of the person concerned;
    1. Clearly foreseen in the law,
    2. A person who is unable to explain his consent due to actual impossibility or whose consent is not granted legal validity is obligated to protect the life or body integrity of himself or another person,
    3. The processing of personal data belonging to the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract,
    4. It is mandatory for the data controller to be able to fulfill its legal obligation,
    5. The person concerned has been publicly identified by himself,
    6. Data processing is mandatory for the establishment, use or protection of a right,
    7. Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned
    In the absence of the above conditions, our Company applies to the express, free will and informational consent of the person concerned. Especially in the field of Human resources and Labor Relations, taking into account the dependency relationship of the employee, it is based on the reasons of compliance with the law outside of consent, but in case these reasons are not in question, explicit consent is applied. In contrast, in activities such as marketing, processing activity is carried out on the basis of the consent of the interested person. But in all cases where personal data is processed, people must be. Employee Lighting statement “the data processing activity is being carried out.
    3.RULES FOR PROCESSING OF PERSONAL DATA OF SPECIAL QUALITY
    By Ento KBB, with KVK Law No. 6698 custom qualified “In the processing of personal data determined as “, the regulations stipulated in the KVK Law No. 669 are treated in accordance with. In Article 6 of the Law No. 6698, a number of personal data that carries the risk of causing victimization or discrimination of persons when processed in violation of the law has been determined as “special quality” and attention and sensitivity should be shown in the processing of these data. These are; race, ethnicity, political thought, philosophical belief, religion, denominations or other beliefs are data on disguise and clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures, and biometric and genetic data. By our company in accordance with the Law of KVK numbered 6698; Special Personal Data is processed in the following cases provided that the necessary measures are taken: (Ref: KVKK-PO-03 Special Personal Data Policy)
    • Personal data of special nature other than the health and sexual life of the personal data owner, in the cases provided for by law or based on this if the personal data owner has the express consent,
    • Special personal data relating to the health and sexual life of the personal data subject is only for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, it is processed by persons or competent institutions and organizations under the obligation to keep secrets or with the express consent of the personal data owner.
    • For whatever reason, the general data processing principles are always taken into account in the processing processes and compliance with these principles is ensured (Article 4 of the KVK Law).
    Regarding the protection of special quality data, “KVKK-PO-03 Special quality Personal Data Policy” has been put into effect in our company and the necessary measures are taken in accordance with the provisions of this policy in our business units.
    4.LIGHTING AND INFORMING THE PERSONS CONCERNED
    Ento KBB, in accordance with Article 10 of Law No. 6698 of the KVK, illuminates the owners of personal data during the acquisition of personal data. In this context, it is clarified to the person whose data is processed for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and the legal reason and the rights of the person whose personal data is processed. In Article 11 of the Law on the KVK numbered 6698, “requesting information” is considered among the rights of the person concerned whose personal data is processed, and in this context, the necessary information is provided if the person concerned whose personal data is processed requests information in accordance with Articles 11 of the Law on the KVK numbered 20 and 6698 of the Constitution, on this topic, the KBB and the Internet https://entokbb.com/ ‘de “The application form. with is being treated.
    2.EXECUTION OF PERSONAL DATA
    By taking the necessary security measures for the purposes of personal data processing in accordance with the law, Ento KBB can transfer the personal data of the person whose personal data is processed and special personal data to third parties. In this respect, Ento KBB acts in accordance with the regulations provided for in Article 8 of Law No. 6698 of the KVK.
    1.PRINCIPLES FOR THE EXECUTION OF PERSONAL DATA
    For legitimate and lawful personal data processing purposes, Ento KBB may transfer personal data to third parties based on one or more of the personal data processing conditions specified in Article 5 of the Law below and on a limited basis: The person whose personal data has been processed has the explicit consent of the person concerned, and based on this; or
    • If there is a clear regulation in the law that personal data will be transferred,
    • If the personal data subject or someone else is required to protect the life or body integrity and the personal data subject is unable to express his or her consent due to the actual impossibility, or if his/her consent is not granted legal validity;
    • If it is necessary to transfer personal data of the parties to the contract, directly related to the establishment or performance of a contract,
    • If the transfer of personal data is mandatory for our company to fulfill its legal obligation,
    • If the personal data is made public by the person concerned,
    • If the transfer of personal data is necessary for the establishment, use or protection of a right,
    • provided that the personal data is not prejudiced to the fundamental rights and freedoms of the person concerned, the transfer of personal data is mandatory for the legitimate interests of our Company.
    Whatever the reason, general data processing principles are always taken into account in the transfer processes and compliance with these principles is ensured (KVK Law MD. 4).
    2.TRANSFER OF PERSONAL DATA OF SPECIAL QUALITY
    Ento KBB, taking the necessary security measures and taking the technical and administrative adequate measures prescribed by the KVK Board; for legitimate and lawful personal data processing purposes, the personal data of the person whose personal data is processed may be transferred to third parties in the following cases.
    • the person concerned has an explicit consent, or
    • if the person concerned has no explicit consent;
    • Personal data of special quality other than the health and sexual life of the person concerned (race, ethnicity, political thought, philosophical belief, religion, denominations or other beliefs, disguise and clothing, association, foundation or union membership, criminal conviction and security measures, and biometric and genetic data), where provided for by law,
    • Private personal data relating to the health and sexual life of the person concerned may only be processed by persons under the obligation of keeping secrets or competent institutions and organizations for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
    For whatever reason, general data processing principles are always taken into account in the transfer processes and compliance with these principles is ensured (Article 4 of the KVK Law).
    3.HANDLING OF PERSONAL DATA
    Ento KBB may transfer the personal data it processes to third parties by taking necessary security measures for the purposes of legal personal data processing. Personal data by Ento KBB; To countries that have been provided by the KVK Board in accordance with the GDPR, to foreign countries declared to have adequate protection (“Foreign country with adequate protection”) or to foreign countries where data controllers in Turkey and in the relevant foreign country have committed an adequate protection in writing and where the KVK Board has permission (“Foreign country where Data Controller committed to adequate Protection”) is transferred. In this respect, Ento KBB acts in accordance with the regulations provided for in Article 9 of Law No. 6698 of the KVK. Ento KBB, if the person concerned whose personal data is processed for legitimate and lawful personal data processing purposes has explicit consent or if the person concerned whose personal data is processed does not have explicit consent, the personal data is provided in one of the following cases “to foreign countries where there is a Data Controller who has adequate protection or who has committed to adequate protection” and “GDPR” “it can be used in countries that are suitable for:
    • If there is a clear regulation in the law that personal data will be transferred,
    • If the personal data is necessary for the protection of the life or body integrity of the person or other person concerned, and the person concerned whose personal data is processed is unable to explain his/her consent due to the actual impossibility or his/her consent is not granted legal validity;
    • If it is necessary to transfer personal data of the parties to the contract, directly related to the establishment or performance of a contract,
    • If the transfer of personal data is mandatory for Ento KBB to fulfill its legal obligation,
    • If the personal data is made public by the person concerned,
    • If the transfer of personal data is necessary for the establishment, use or protection of a right,
    • Personal data transfer is mandatory for the legitimate interests of Ento KBB, provided that it does not harm the fundamental rights and freedoms of the personal data owner
    4.THE PURPOSES OF THE PROCESSING OF PERSONAL DATA BY OUR COMPANY AND THE CATEGORIES OF PERSONS TRANSFERRED
    A) DATA TRANSFER PURPOSES
    To ensure the fulfilment of Ento KBB’s activities and establishment purposes, to ensure that the services that Ento KBB outsourced from the supplier and Ento KBB’s business activities are provided to Ento KBB, to ensure that Ento KBB’s human resources and employment policies are carried out, data transfer is carried out for purposes such as fulfilling the obligations within the scope of occupational health and safety of Ento KBB and ensuring the necessary measures are taken.
    (B) THE PERSONS TO WHOM THE DATA IS APPLIED
    In accordance with Articles 8 and 9 of KVK Law No. 6698 personal data it can be exported to the following categories of contacts:
    Authorized Government agencies Public institutions and organizations authorized to obtain information and documents from Ento KBB According to the relevant legislation, data sharing is done.
    Authorized Private legal persons Private legal persons authorized to obtain information and documents from the Ento KBB Data sharing is limited to the purpose requested by the relevant private law persons within their legal authority.
    Partners Parties to which Ento has partnered for the purposes of selling, promoting and marketing of the products and services of Ento KBB, after-sales support and carrying out joint customer loyalty programs while carrying out the business activities of Ento KBB Data sharing is limited in order to ensure that the purposes of establishing the partnership are fulfilled.
    Suppliers Parties that provide services to our Company or are served by our Company while carrying out the business activities of Ento KBB Data sharing is limited in order to ensure that the services provided by Ento KBB are outsourced from the supplier and necessary to carry out the business activities of our Company are provided by Ento KBB or Ento KBB.
    Transfers carried out by Ento KBB are carried out in accordance with the principles and rules set out in this Policy. PERSONAL DATA CATALOGUES The persons whose data are processed in Ento KBB and the data processed in this context are categorized as follows;

    CONTACT CATEGORIZATION

    Employee candidate Real persons who have applied for a job with Ento KBB in any way or who have opened their resume and related information to the examination of Ento KBB
    Employee Real people who work at the KBB
    Lead Natural persons who have requested or interested in using our products and services, or who have been assessed in accordance with the rules of business practice and honesty that they may have this interest in
    Supplier employee Real persons working in the organizations in which Ento KBB has all kinds of business relationships (such as, but not limited to, business partners, suppliers
    Supplier Authority The shareholders and authorities of the institutions in which Ento KBB is in business are real persons
    Customer Natural persons who use or use the products and services offered by Ento KBB, regardless of whether Ento has any contractual relationship
    Visitor Real persons who have entered the physical premises owned by Ento KBB for various purposes or who have visited our websites
    OTHER Third-party natural persons associated with Ento KBB to ensure the security of the transaction between the parties mentioned above or to protect the rights and interests of such persons (e.g. Family members and relatives)
    DATA CATEGORIZATION
    Kimlik Verileri Clearly belonging to an identified or identifiable natural person; partially or fully processed automatically or in a non-automatic manner as part of the data logging system; Driving license, population Wallet, Residence, Passport, Attorney ID, information contained in documents such as marriage Wallet
    Contact Data Clearly belonging to an identified or identifiable natural person; partially or fully processed automatically or in a non-automatic manner as part of the data logging system; information such as phone number, address, e-mail
    Location data Clearly belonging to an identified or identifiable natural person; partially or fully processed automatically or in a non-automatic manner as part of the data logging system; Information that determines where the personal data owner is located during the use of our products and services or when the employees of the institutions with whom we cooperate are using the tools of Ento KBB
    Privacy Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; Any personal data processed to obtain information that will be the basis for the creation of the personal rights of our employees or real persons in working relationship with Ento KBB
    Legal Action and Compliance Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; your personal data processed within the scope of determining our legal receivables and rights, monitoring and performance of our debts and compliance with our legal obligations and policies
    Customer transaction Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; information such as records for the use of our products and services, and instructions and requests required by the customer for the use of products and services
    Physical Space Security Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; personal data regarding records and documents received during the stay in the physical space at the entrance
    Transaction Security Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; personal data processed to ensure technical, administrative, legal and commercial security while carrying out activities.
    Risk Management Data Is clearly belonging to an identified or identifiable natural person and is included in the data logging system; personal data processed by means of methods used in accordance with the generally accepted legal, commercial and integrity rules in these areas in order to manage our commercial, technical and administrative risks
    Financial data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; personal data processed regarding all kinds of financial results, documents and records that are created according to the type of legal relationship our company has established with the personal data owner
    Performance and career Development Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; Personal data processed for the purpose of measuring the performance of our employees or real people in a working relationship with our Company and planning and conducting career developments within the scope of our company’s human resources policy
    Marketing Data Processed partially or fully automatically or non-automatically as part of the data logging system, which is clearly belonging to an identified or identifiable natural person; personal data processed for the customization and marketing of our products and services in accordance with the usage habits, likes and needs of the personal data owner and the reports and evaluations created as a result of this processing
    Audio and Visual Data Clearly belonging to an identified or identifiable natural person; personal data that is processed in part or completely automatically, or in a non-automatic manner as part of the data logging system; E.g. photo and camera recordings (except records entered under physical Space Security information), voice recordings and data in documents that contain personal data
    Private Data (Health, Sex life) Data on health and sexual life, race, ethnicity, political thought, philosophical belief, data on religion, sect or other faiths, disguise and clothing, association, foundation or union membership, criminal conviction and security measures, and biometric and genetic data
    LEGAL ASPECTS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA
    I. LEGAL ASPECTS OF THE PROCESSING OF PERSONAL DATA
    1.GENERAL PRINCIPLES
    Although the legal bases for processing personal data by Ento KBB differ, all kinds of personal data processing activities are carried out in accordance with the general principles in Article 4 of Law No. 6698 of the KVK. Accordingly; for all types of data processing
    1. Do not comply with the rules of law and honesty,
    2. Be truthful and timely.
    3. Processing for specific, clear and legitimate purposes,
    4. Not to be limited, limited and measured for the purpose for which they are processed,
    5. The general principles of preservation are taken into account until the time required for the purpose for which they are foreseen or processed in the relevant legislation.
    2 REASONS FOR LEGAL COMPLIANCE
    A) FINDING THE CLEAR CONSENT OF THE PERSONAL DATA OWNER
    One of the conditions of processing personal data is the explicit consent of the owner. The express consent of the personal data owner should be disclosed on a specific topic, on an informed basis and with free will.
    B) CLEARLY FORESHADOWED BY THE LAW
    The personal data of the data owner may be processed in accordance with the law if expressly stipulated in the law. For example, in accordance with the Identification Regulations, the identification of our employees is communicated to the competent authorities.
    (C) NOT TO OBTAIN THE EXPLICIT CONSENT OF THE PERSON CONCERNED DUE TO ACTUAL IMPOTENCE
    Personal data of the data owner may be processed if it is necessary to process personal data to protect the life or body integrity of the person who is unable to explain his or her consent due to actual impossibility or whose consent cannot be validated. For example, sharing the health information of the employee who has an epileptic seizure with the physician.
    D) THE ESTABLISHMENT OF THE CONTRACT OR DIRECT INTEREST IN THE DISCLOSURE
    provided that it is directly related to the establishment or performance of a contract, it is possible to process personal data of the parties to the contract if it is necessary to process personal data. For example, to obtain a CV from the candidate for the establishment of a service (work) contract, to obtain an address for notification under the contract.
    (B) THE COMPANY SHALL FULFIL ITS LEGAL OBLIGATIONS
    If processing is mandatory for Ento KBB to fulfill its legal obligations as a data controller, the personal data of the data owner may be processed. For example, the processing of family information to which the employee is obliged to care in order to benefit from the minimum subsistence deduction.
    F) THE PERSONAL DATA OF THE OWNER
    The relevant personal data may be processed if the data owner has made his personal data public by himself. For example, if our company presents complaints, requests or suggestions of its customers on an open platform on the internet, these customers will have made their information public. In this case Ento KBB it is possible to process data by the authority, limited to the purpose of responding to complaints, requests or suggestions.
    G) DATA PROCESSING IS MANDATORY FOR THE ESTABLISHMENT OR PROTECTION OF A RIGHT
    In the event that data processing is mandatory for the establishment, use or protection of a right, the personal data of the data subject may be processed. For example, the retention of data that is proof (sales contract, invoice) and the use of it when necessary.
    H) DATA PROCESSING IS MANDATORY FOR THE LEGITIMATE INTEREST OF OUR COMPANY
    provided that the basic rights and freedoms of the personal data owner are not prejudiced, the personal data of the data owner may be processed if it is necessary to process the data for the legitimate interests of Ento KBB. For example, Ento KBB monitoring of critical points against theft or for occupational safety purposes with a security camera belonging to.
    3.PROCESSING OF PERSONAL DATA OF SPECIAL QUALITY AND REASONS FOR COMPLIANCE WITH THE LAW
    Personal data of special quality by Ento KBB can only be processed if the personal data owner does not have explicit consent, provided that adequate measures are taken to be determined by the KVK Board. Private personal data relating to the health and sexual life of the personal data subject may only be processed by persons under the obligation of keeping secrets or competent institutions and organizations for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. For whatever reason, the general data processing principles are always taken into account in the processing processes and compliance with these principles is ensured (Article 4 of the KVK Law).
    2. PURPOSES OF PROCESSING PERSONAL DATA
    Ento KBB processing personal data limited to the purposes and conditions within the personal data processing conditions specified in Article 5, paragraph 2 and Article 6, paragraph 3 of Law no. 6698. In the process of data processing, the above mentioned legal bases are taken into consideration, if there are no other reasons for compliance with the law, the consent of the concerned person is requested. Here, too, under Article 4, a general principles audit is carried out and, above all, it is sought that the data processing activity is generally consistent with the principles of compliance with the law. The consent of the interested person is taken “in an open, informative and free-will manner”. The processing of personal data is also for our company. Personal Data Inventory “it is also indicated. In Ento KBB, personal data is processed specifically for the following purposes;
    • The personal data of the employees must be processed in order to fulfill the mutual obligations arising from the employment contract as the employer. Personal data of employees; in accordance with the law and the rules of honesty, correct and timely as necessary; for specific, clear and legitimate purposes; it is processed and stored in a limited and measured manner. In this context, in line with the purposes necessary for the employees to be employed in accordance with the law, the establishment, performance and termination of the employment contract are carried out in accordance with the law, the legitimate interests of Ento KBB on condition that they are not contrary to the fundamental rights and freedoms, the conditions clearly stipulated in the law, the fulfillment of legal obligations related to employee employment, in cases of legal follow-up, where data processing is mandatory for the establishment, use and protection of the right and in cases other than these, the explicit, informational-based consent to be requested from the employees and the free will of the employees constitute the legal basis of the personal data processing.
    • Within the scope of the activities required by the Ento KBB’s business subject, the legitimate interests of the employer make it necessary to process the personal data of the employees. As a matter of fact, for reasons such as prevention of abuses, prevention of theft, general safety or occupational health and safety, the personal data of employees can be processed. However, in this case, great care is taken not to harm the fundamental rights and freedoms of the employees.
    • The vast majority of the personal data of the employees being processed is obtained from the information provided to Ento KBB by the employees. In some cases, the personal data of the employees may also come to Ento KBB from internal sources such as Ento KBB managers or from the references of employees or from the data in the systems established by public institutions and organizations due to their working life requirements.
    • The personal data of the employees being processed consists of information such as application forms and references of the employees, employment contracts and changes, contact information of the employees, information necessary for payroll, family or close information such as people to be contacted in emergency situations, training records of the employees, performance evaluation records, discipline records, camera records.
    • Regarding the processing of personal information of employees, there are rules in the policies and procedures found in Ento KBB. In this regard, in particular, the “Protection and processing Policy of Personal Data” on the website of Ento KBB can be examined. Again, the mentioned document, which is also available from Ento KBB’s own intranet system, can also be obtained from the Human resources Unit in the paper/hard copy environment.
    • The health information of the employees is also among the personal data processed. Information about the health and sex lives of employees is generally processed by persons under the obligation of keeping secrets or competent institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health services and financing. In this context, the health data of the employees and the details related to them are found in the workplace physician and health unit as a rule.
    • If the employee becomes a member of the union after the status of “employee” (not requested in the category of employee candidacy), union membership can also be processed in accordance with the explicit provisions of the law in order to make the requirements of the legal legislation. Other than that, employees, race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, disguise and clothing, and biometric and genetic data as a rule are not included among the personal data processed unless clearly stipulated in the law, and if an exceptional application is to be applied, the requirements are carefully evaluated before the personal data is processed.
    • Ento KBB has controls and surveillance on information communication tools (telephone, mobile phones, computers and the internet). Law No. 5651 and the legitimate interests of Ento KBB constitute the legal basis of the said practices.
    • Vehicle tracking system can be implemented on the grounds of “safety, more effective management of vehicles and personnel” in the vehicles belonging to Ento KBB. The activity in question is based on the legitimate interests of Ento KBB and is carried out on the condition that it does not harm the fundamental rights and freedoms of the employees.
    • In line with the purpose of ensuring the execution of the human resources policies of Ento KBB; Provision of personnel suitable for open positions in accordance with Ento KBB human resources policies, conducting human resources operations in accordance with Ento KBB human resources policies, selection of employee candidates, management of self-employment jobs, determination of training and career plans, in the context of occupational health and safety, the fulfillment of the obligations and the taking of the necessary measures constitute the purposes of processing personal data.
    • Personal data of supplier/sub-employer employees may also be processed by our Company. As a matter of fact, in the Law No. 6331, documents and information that should be checked in relation to employees coming from another workplace in relation to occupational health and safety are specified to the main employer. In the same way, in the Labor Law No. 4857 and the Social Insurance and General Health Insurance Law No. 5510, obligations have been brought to the main employer regarding sub-employer workers and temporary workers and the issues that should be checked in this context are stated. Accordingly, depending on the supplier and other employer, the processing of the personal data of the workers working in our workplace is based on the legitimate interests of our business, especially the legal corrections in question.
    • Personal data, as well as:
    • The implementation of emergency management processes,
    • Conducting information security processes,
    • Conduct auditing/ethical activities,
    • Conduct of educational activities,
    • Exercise of access powers,
    • The conduct of the activities in accordance with the regulations,
    • Conduct financial and accounting business,
    • To carry out the loyalty processes of the company/ products/ services,
    • The security of physical space,
    • The conduct of the assignment process,
    • The conduct and conduct of the law,
    • Conduct internal audit/investigation/intelligence activities,
    • Conduct of communication activities,
    • Carrying out goods/services/production and operation processes,
    • The execution of customer relations processes,
    • Carrying out activities aimed at customer satisfaction,
    • Organization and event management,
    • Conducting marketing analysis studies,
    • Conducting performance assessment processes,
    • Conduct of advertising/campaign/promotion processes,
    • Conducting risk management processes,
    • To carry out storage and archive activities,
    • Carrying out social responsibility and civil society activities,
    • The execution of the contract processes,
    • Conducting sponsorship activities,
    • Carrying out strategic planning activities,
    • The complaint/complaint,
    • The security of the goods and resources being transported,
    • Managing the supply chain,
    • Conduct the marketing processes of products/services,
    • Ensuring the security of data controller operations,
    • Foreign personnel work and residence permit procedures,
    • Conducting the investment process,
    • To provide information to the competent persons, institutions and organizations,
    • Conduct of management activities,
    • It is processed in our related units for the purpose of creating and tracking visitor records.
    For occupational health and safety, general safety, product security purposes, camera monitoring in the workplace is carried out on the condition that it does not harm the fundamental rights and freedoms of our visitors, the people whose data is processed in this context and especially the employees, taking into account the legitimate interests of the company.
    STORAGE, DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
    Although Ento KBB has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Law on KVK numbered 6698, in case the reasons for its processing are eliminated, personal data is deleted, destroyed or anonymized in accordance with Ento KBB’s own decision or upon the request of the personal data owner.
    I. RETENTION AND RETENTION PERIODS OF PERSONAL DATA
    In case Ento KBB is stipulated in the relevant laws and legislation, it stores personal data for the period specified in the relevant legislation. If the legislation on how long the personal data should be kept for is not regulated for a period of time, the personal data is processed for a period of time that requires processing in accordance with the practices of Ento KBB and the practices of commercial life, depending on the services offered by our company while processing that data, it can be stored for the purpose of providing evidence in legal disputes or for the purpose of asserting the relevant right related to personal data or establishing a defense. In spite of the expiration periods and the expiration periods for the assertion of the right mentioned in the establishment of these periods, the retention periods are determined on the basis of the examples in the requests directed to Ento KBB on the same issues before. In this case, the stored personal data is not accessed for any other purpose and only access to the relevant personal data is provided when it must be used in the relevant legal dispute. After the said period has ended, personal data is deleted, destroyed or anonymized.
    II.DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
    Although it has been processed in accordance with the provisions of the relevant law as laid down in Article 138 of the Turkish Penal Code and Article 7 of the Law on KVK numbered 6698, personal data is deleted, destroyed or anonymized in case the reasons for its processing are eliminated, pursuant to Ento KBB’s own decision or upon the request of the personal data owner. In this context, Ento KBB fulfills its obligation regarding the subject with the methods described in this section.
    1.DELETION OF PERSONAL DATA
    A) THE DELETION OF PERSONAL DATA
    Although Ento KBB has been processed in accordance with the provisions of the relevant law, in case the reasons for its processing are eliminated, it may delete the personal data according to its own decision or at the request of the personal data owner. Deletion of personal data, personal data for interested users it cannot be accessed in any way and can be made unusable again. All kinds of technical and administrative measures are taken to ensure that the personal data deleted in Ento KBB is inaccessible and unusable again for the relevant users.
    B) THE PROCESS OF DELETION OF PERSONAL DATA
    The process for deleting personal data must be followed as follows:
    • Personal data that will be subject to deletion
    • Identifying the relevant users for each personal data using the access authorization and control matrix or a similar system
    • Determining the rights and methods of access, retrieval, reuse of the relevant users
    • closure and elimination of access, retrieval, reuse and authorization and methods under the personal data of the relevant users.
    C) METHODS OF DELETION OF PERSONAL DATA
    Since personal data can be stored in various recording media, it is deleted with methods suitable for recording media.
    2 DESTRUCTION OF PERSONAL DATA
    A) THE DESTRUCTION OF PERSONAL DATA
    Although Ento KBB has been processed in accordance with the provisions of the relevant law, it may destroy personal data on its own decision or at the request of the personal data owner if the reasons for its processing are eliminated. Destruction of personal data, the process of making personal data inaccessible, unretrievable and unusable by anyone . Ento KBB takes all necessary technical and administrative measures related to the destruction of personal data.
    B) METHODS OF DESTRUCTION OF PERSONAL DATA
    In order to destroy personal data, all copies containing the data are detected and the systems where the data are located are destroyed one by one.
    3. ANONYMITY OF PERSONAL DATA
    A) PROCESS OF ANONYMIZATION OF PERSONAL DATA
    Anonymization of personal data means that the personal data cannot be linked to an identified or identifiable real person under any circumstances, even by matching it with other data. Our company can anonymize the personal data when the reasons for processing the personal data processed in accordance with the law are eliminated. The personal data is anonymized by being returned by the data controller or groups of recipients and/or by making it unidentifiable to an identified or identifiable natural person, even through the use of appropriate techniques for the recording environment and related field of activity, such as matching the data with other data. Ento KBB takes all kinds of technical and administrative measures necessary to anonymize personal data. Personal data anonymized in accordance with Article 28 of the Law on the KVK numbered 6698 may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of Law No. 6698 of the KVK and the express consent of the personal data owner will not be sought.
    B) METHODS OF ANONYMIZATION OF PERSONAL DATA
    Anonymization is the removal or modification of all direct and/or indirect identifiers in a data set, preventing the identification of the person concerned from being identified, or losing the ability to be distinguished in a group or crowd in a way that cannot be associated with a real person. Data that does not point to a particular person as a result of blocking or loss of these features is considered anonymised data. The purpose of anonymization is to break the link between the data and the person it identifies with. All of the bonding operations performed by automated or non-automated grouping, masking, derivation, generalization, arbitration methods applied to the records in the data recording system where the personal data is kept are called anonymization methods. The data obtained as a result of the application of these methods should not be able to identify a specific person.
    RIGHTS OF INTERESTED PERSONS
    1. THE SCOPE OF THE RIGHTS OF THE PERSONS CONCERNED AND THE EXERCISE OF THESE RIGHTS
      1. Rights of interested persons
    The persons whose personal data is processed at Ento KBB have the following rights:
    • Find out if personal data is processed,
    • If personal data is processed, do not request information about it,
    • Learn about the purpose of processing personal data and whether it is used in accordance with its purpose,
    • Knowing third parties to whom personal data is transferred at home or abroad,
    • If the personal data is incomplete or incorrectly processed, request that they be corrected and request that the transaction made in this context be notified to third parties to whom the personal data is transferred,
    • Although it has been processed in accordance with the provisions of KVK Law and other relevant law, in case the reasons for its processing are eliminated, to request the deletion or destruction of personal data and to request that the transaction made in this context be notified to third parties to whom the personal data is transferred,
    • Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
    • Request that the damage be remedied in case of damage caused by the processing of personal data against the law
    2.USE OF RIGHTS OF PERSONS CONCERNED
    It is necessary and sufficient for the interested persons to communicate their requests regarding the exercise of the rights mentioned above in accordance with Article 1 of Article 13 of the Law on the KVK numbered 6698 to our Company by the following methods;
    Application method Address to apply Information to be specified in the submission of the application
    Applying in person ENTO EAR NOSE AND THROAT SPECIAL HEALTH SERVICES A.Ş. KAZIMDIRIK MAH. 364/1nd Street: 36/a Borneo
    (The applicant On the envelope, personal
    Come in person Data Protection Law
    Refute their identity Request for information within the scope.”
    With the issuing document To be written.
    Application)
    Notarized ENTO EAR NOSE AND THROAT SPECIAL HEALTH SERVICES A.Ş. KAZIMDIRIK MAH. 364/1nd Street: 36/a Borneo The notice envelope will be written “information request under the Law on Protection of Personal Data
    ento@hs01.kep.tr
    “Secure electronic signature.” The subject of the email
    By signing with “Protection of personal data
    Recorded Electronics Law of information.”
    Posta (KEP) To be written.
    Via
    The application; If the name, surname and application is written, signature, T.C. ID number for T.C. citizens, nationality, passport number or ID number for foreigners, address of the place of residence or place of work, if applicable, the principal e-mail address, telephone and fax number, subject of request, must be found. Information and documents related to the subject are also attached to the application. It is not possible to make a request by third parties on behalf of the personal data owners. Arranged by the personal data subject on behalf of the person to apply for a request by someone other than the personal data subject private power of attorney must be found. In the application that you have as a personal data owner and which you will make to exercise your rights as set out above and which you have requested to exercise; the matter you request is clear and understandable, the matter you request is relevant to your person or if you are acting on behalf of someone else, you must be specifically authorized in this matter and your authority must be documented, the application must contain identity and address information and documents confirming your identity must be added to the application. It is not possible to make a request by third parties on behalf of the personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person who will apply. The application form for the data subjects is available on the website of Ento KBB ( https://www.entokbb.com ) is present.
    3 RESPONSES TO APPLICATIONS
    If the personal data owner sends his request to Ento KBB in accordance with the prescribed procedure, Ento KBB will conclude the request free of charge as soon as possible and no later than thirty days according to the nature of the request. However, in case the transaction requires a further cost, the fee determined by the KVK Board will be charged by Ento KBB from the applicant. Ento KBB may request information from the person concerned to determine whether the applicant has personal data. In order to clarify the issues contained in the application of the personal data owner, Ento KBB may ask the personal data owner about his application. The applicants. Contact contact “I think it’s under the command of the KBB.
    ENSURING THE SECURITY OF PERSONAL DATA
    I. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO ENSURE THE LAWFUL PROCESSING OF PERSONAL DATA
    Ento takes all necessary technical and administrative measures to ensure that personal data is processed in accordance with the law in the scope of the BGYS. In this circle, Within our company VERBİS compatible with Data Inventory Data Mapping, where law and purpose compliance audits are carried out.
    • Ento KBB’s “Lighting (information) statement” has been put into effect in order to fulfill the lighting obligation of the relevant persons in a complete and correct manner.
    • Employees are required to comply with the law on the protection of personal data and to process personal data in accordance with the law
    • All the activities carried out by Ento KBB are analyzed in detail for all business units and personal data processing activities are revealed in the context of the activities carried out by the relevant business units as a result of this analysis.
    • Personal data processing activities carried out by the business units of Ento KBB; The requirements to be fulfilled in order to ensure compliance with the personal data processing conditions sought by KVK Law No. 6698 for each business unit and the details it carries out are specific to the activity
    • In the contracts and documents governing the legal relationship between Ento KBB and the employees, except for the instructions of Ento KBB and the exceptions brought by law, records are put which impose the obligation not to process, disclose and use personal data and awareness of the employees is created and audits are carried out.
    • To the contracts and documents governing the legal relationship between Ento KBB and third parties processing the data to which Ento KBB is responsible, except for the instructions of Ento KBB and the exceptions brought by law, not to process personal data, records that impose the obligation not to disclose and not to use are put in place and “Supplier and Contractor Privacy Agreement” has been put into effect in this regard.
    2.TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN IN THE PROCESSING OF SPECIAL QUALITY DATA
    With the Law of the KVK numbered 6698, special importance has been attributed to a number of personal data due to the risk of causing victimization or discrimination of persons when processed in violation of the law. This data; race, ethnicity, political thought, philosophical belief, religion, denominations or other beliefs are data on disguise and clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures, and biometric and genetic data. Ento KBB is treated with sensitivity in the protection of special quality personal data, which is determined as “special quality” by Law No. 6698 and processed in accordance with the law. In this context, the technical and administrative measures taken by Ento KBB for the protection of personal data are carefully implemented in terms of special personal data and necessary controls are provided. In this circle;
    • Regarding the security and processing principles of special personal data, “Special quality Personal Data Policy” has also been prepared.
    • For employees involved in the processing of special-quality personal data, regular trainings are given on the subject of Law and related regulations and special-quality personal data security, confidentiality agreements are made, users with access to data, their scope and duration of authority are clearly defined, authority controls are carried out, employees with a change of duty or leaving the job are immediately removed from their authority in this area and in this context, the inventory allocated to them by the data controller is taken as a return.
    • The environments in which special personal data are processed, stored and/or accessed, and the electronic environment, the data are stored using cryptographic methods. Cryptographic keys are kept in secure and different environments, transaction records of all movements performed on the data are securely logged, security updates of the data environments are monitored and necessary security tests are performed, test results are recorded.
    • If the data is accessed through a software, user authorizations are made for this software, security tests of these software are performed regularly, test results are recorded. If remote access to data is required, at least two-tier authentication systems are provided.
    • Environments in which special personal data are processed, maintained and/or accessed, if the physical environment, adequate security measures are taken according to the nature of the environment in which special personal data are located (against electrical leakage, fire, flooding, theft etc.), and the physical security of these environments is ensured and unauthorized entry exits are provided
    • If special personal data is to be transferred, if the data needs to be transferred via email, it is ensured that it is transmitted in encrypted form with a corporate email address or using a registered Electronic Mail (KEP) account.
    • If private data needs to be transferred via media such as Memory, CD, DVD, etc., it is encrypted by cryptographic methods and the cryptographic key is kept in different environment.
    • If private data is transferred between servers in different physical environments, data is transferred between servers by installing a VPN or by SFTP method. If private data needs to be transferred via paper media, necessary measures are taken against the risks such as theft, loss or being seen by unauthorized persons.
    • In addition to the measures mentioned above, technical and administrative measures are taken to ensure the appropriate level of security specified in the Personal Data Security Guide published on the website of the Personal Data Protection Authority.
    TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO PREVENT ACCESS TO THE LAW OF PERSONAL DATA
    Ento KBB takes technical and administrative measures in the scope of the ISMS to prevent disclosure, access, transfer or all unlawful access to personal data in any other form.
    1.TECHNICAL MEASURES TAKEN TO PREVENT THE ACCESS OF PERSONAL DATA TO THE LAW
    The main technical measures taken by Ento KBB to prevent unlawful access to personal data are listed below:
    A) ENSURING CYBERSECURITY
    To ensure personal data security, cyber security products are primarily used, but the measures are not limited to this, and measures such as firewalls and gateway are taken under the scope of the ISMS. Unused software and services are removed from the devices.
    B) YAZILIM GÜNCELLEMELERİ
    Patch management and software updates ensure that software and hardware are working properly and that the security measures taken for systems are adequate.
    C) ACCESS RESTRICTIONS
    Access to systems containing personal data is also restricted. In this context, employees are granted access to the extent necessary for their work and tasks and their authority and responsibilities, and access to the related systems is provided by using user name and password. When creating these passwords and passwords, it is ensured that combinations consisting of upper case letters, numbers and symbols are preferred instead of numbers or letters that are easily guessed and related to personal information. Accordingly, the access authority and control matrix is created within the scope of ISMS.
    D) ŞİFRELEME
    In addition to the use of strong passwords and passwords, access is limited by methods such as limiting the number of password entry attempts, ensuring that passwords and passwords are changed at regular intervals, opening the administrator account and admin authority to be used only when necessary, and deleting the account or closing the entries without losing time for employees who are disassociated with the data controller.
    E) ANTİ VİRUS YAZILIMLARI
    In order to protect against malware, products such as antivirus, antispam, which regularly scan the information system network and detect dangers are used, and these are kept up-to-date and necessary files are scanned regularly. If personal data is to be obtained from different websites and/or mobile application channels, it is ensured that the connections are made via SSL or a more secure way.
    F) FOLLOW-UP OF PERSONAL DATA SECURITY
    • Checking which software and services are running in the information networks,
    • Determining whether there is any movement in the information networks that should or should not be infiltrated,
    • Keeping a regular record of all users' transaction activity (such as log records),
    • Reporting security issues as quickly as possible
    A formal reporting procedure under ISMS is being established for employees to report security vulnerabilities in systems and services or threats that use them. Evidence is collected and stored securely in unsolicited incidents such as information system crashes, malware, decommissioning attack, incomplete or incorrect data entry, privacy and integrity violations, it system misuse.
    G) ENSURING THE SECURITY OF PERSONAL DATA-CONTAINING ENVIRONMENTS
    If personal data is stored on devices or paper media located in the Ento KBB sites of data controllers, physical security measures are taken against threats such as theft or loss of these devices and papers. The physical environments in which personal data are located are protected against external risks (fire, flood, etc.) with appropriate methods and the entrances/exits to these environments are controlled. If the personal data is in electronic environment, access between the network components can be limited or the separation of components is ensured to prevent a personal data security breach. The same level of measures are also taken for paper media, electronic media and devices (laptop, mobile phone, flash memory) located outside the Ento KBB campus and containing personal data belonging to Ento KBB. Personal data to be transferred by e-mail or post is also sent carefully and with adequate precautions. In case employees gain access to the information system network with their personal electronic devices, adequate security measures are taken for them. Access control authorization and/or encryption methods are used to prevent the loss or theft of devices containing personal data. In this context, the password key is stored in an environment accessible only to authorized persons and unauthorized access is prevented. Documents in the paper environment containing personal data are also stored in a locked manner and in environments accessible only to authorized persons, and unauthorized access to the documents is prevented.
    H) STORAGE OF PERSONAL DATA IN THE CLOUD
    The storage of personal data in the cloud can also be applied when necessary. In this case, Ento KBB should evaluate whether the security measures taken by the cloud storage service provider are adequate and appropriate. In this context, the measures specified in the guidance and recommendations of the KVK Board are taken into consideration.
    I) SUPPLY, DEVELOPMENT AND MAINTENANCE OF INFORMATION TECHNOLOGY SYSTEMS
    Safety requirements are taken into account when determining the needs for the supply, development or improvement of existing systems within the scope of the ISMS by Ento KBB.
    (I) WITHHOLDING PERSONAL DATA
    In cases where personal data is damaged, destroyed, stolen or lost for any reason, the company ensures to be operational as soon as possible by using the backed up data. Backed up personal data is only accessible by the system administrator, and dataset backups are kept outside the network.
    2.ADMINISTRATIVE MEASURES TAKEN TO PREVENT THE ACCESS OF PERSONAL DATA TO THE LAW
    The main administrative measures taken by Ento KBB to prevent unlawful access to personal data are listed below:
    • Employees are informed and trained on the technical measures to be taken to prevent unlawful access to personal data.
    • Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of Law No. 6698 of the KVK and cannot use it outside of the purpose of processing and that this obligation will continue after their departure from office and necessary commitments are taken from them in this direction.
    • Personal Data Security policies and procedures within the scope of ISMS are determined, checks are made regularly, checks are documented and the issues that need to be improved are determined. Again, the risks that may arise for each category of personal data and how to manage security breaches are also clear
    • Reducing personal data as much as possible: Personal data must be accurate and up-to-date, and maintained for as long as is necessary for the purpose for which they are processed or provided for in the relevant legislation. However, it is evaluated whether there is still a need for data that is inaccurate, outdated and does not serve any purpose, and the personal data that is not needed is deleted, destroyed or anonymized with the personal data retention and destruction policy
    • Management of relationships with Data Processors: When Ento KBB receives services from the data processors to meet the it need, it is processed by ensuring that the level of security provided by the data processors in question is provided at least by them. In this context, protective arrangements regarding the protection of personal data are introduced in the contracts signed with the data processor.

    IV. STORING PERSONAL DATA IN SECURE ENVIRONMENTS

    Ento KBB takes the necessary technical and administrative measures according to the technological facilities and the cost of implementation in order to prevent the storage of personal data in secure environments and the destruction, loss or alteration of it for illegal purposes.
    1.TECHNICAL MEASURES TAKEN TO KEEP PERSONAL DATA IN SECURE ENVIRONMENTS
    The main technical measures taken by Ento KBB for the storage of personal data in secure environments are listed below:
    • Systems suitable for technological developments are used to store personal data in secure environments.
    • Technical security systems for storage areas are established, the technical measures taken are periodically audited by the audit mechanism determined by Ento KBB, and the necessary technological solution is produced by re-evaluating the issues that pose risks.
    • All necessary in accordance with the law to ensure the secure storage of personal data
    substitutes are used.
    2.ADMINISTRATIVE MEASURES TAKEN TO KEEP PERSONAL DATA IN SECURE ENVIRONMENTS
    The main administrative measures taken by Ento KBB for the storage of personal data in secure environments are listed below:
    • Employees are informed about ensuring that personal data is stored securely.
    • In case of an external service being received by Ento KBB due to technical requirements regarding the storage of personal data, contracts with the relevant companies where the personal data is transferred in accordance with the law; The provisions concerning the persons to whom the personal data is transferred will take the necessary security measures for the protection of the personal data and ensure compliance with these measures in their own organizations are included and in this regard, Ento is acting in accordance with the provisions of the procedures in the scope of the BGYS.

    V. TRAINING

    • Ento KBB, employees in the scope of BGYS, KVK policies and KVKK Regulations necessary training in the field of personal data protection
    • In the trainings, the definitions and practices for the protection of Special qualified personal data are especially mentioned.
    • If the employee of Ento KBB accesses personal data physically or in a computer environment, Ento KBB will provide training to the relevant employee on these accesses (for example, the computer program accessed)

    VI. DENETİM

    1.INCREASING THE AWARENESS AND CONTROL OF THE BUSINESS UNITS ABOUT THE PROTECTION AND PROCESSING OF PERSONAL DATA
    Ento KBB ensures that the necessary notifications are made to the business units in order to increase awareness about the processing of personal data unlawfully, preventing access to the data unlawfully and ensuring the protection of the data.
    2. INCREASING AND CONTROLLING THE AWARENESS OF PARTNERS AND SUPPLIERS ABOUT THE PROTECTION AND PROCESSING OF PERSONAL DATA
    Ento KBB provides necessary information to business partners in order to prevent the unlawful processing of personal data, prevent access to data unlawfully and increase awareness to ensure the protection of data.
    3. CONTROL OF THE MEASURES TAKEN ON THE PROTECTION OF PERSONAL DATA
    Ento KBB has the right to inspect the compliance of all employees, departments and contractors of Ento KBB with this Policy and GDPR Regulations at all times and without any prior notice on a regular basis, and carries out or performs the necessary routine inspections within this scope. The results of this audit are evaluated within the scope of the internal operation of Ento KBB and necessary actions are carried out to improve the measures taken. Measures to be taken in the event of unauthorized disclosure of Personal Data Ento KBB, in accordance with Article 12 of Law No. 6698 of KVK, if the personal data processed by others by unlawful means, carries out the system that ensures that this situation is reported to the relevant personal data owner and the KVK Board as soon as possible.
    PREPARED BY APPROVER
    Compute Manager HONOURABLE GENERAL GUARD KENAN KILIÇ
    footer_logo

    Established in Izmir in 2001, ENTO Surgical Medical Center provides healthcare services to its patients with its expert and experienced physicians in many specialties such as Ear Nose Throat, Rhinoplasty, Dental, Chest Polyclinic, Sleep Problems, Sleep Apnea, Snoring, Hearing Tests with its advanced technologies.

    Contact Information

    img

    Links

    img

    Other

    img
    © Private Ento Surgical Medical Center 2025 - Design and SEO: Kepler Media
    WhatsApp
    Hemen Ara
    Randevu Al