Clarification Text on the Protection of Personal Data

CLARIFICATION TEXT ON THE PROTECTION OF PERSONAL DATA

HospitaLine Sağlık Turizm ve Bilişim Hiz. Tic. Ltd. Şti. As HospitaLine ("HospitaLine" or the "Company"), the confidentiality and security of your personal data are among our most important priorities. Dec. In this context, 10 of the Law on the Protection of Personal Data numbered 6698 ("KVKK"). we would like to inform you about your personal data in order to fulfill our obligation to inform arising from this article. Personal data means any kind of information that makes your identity specific or identifiable. Your personal data processed by HospitaLine, the purposes for which they are processed, the groups of recipients to which they may be transferred, the method of collection, the legal reason and your rights regarding such personal data are listed below.

   A- OUR MEMBERS

     1- Which personal data are processed by HospitaLine?

People who log in from the website or the application installed on mobile devices by accepting the membership conditions contained in the HospitaLine platform and follow and/or purchase the products contained in the platform are defined as "Members". If you are a member on the HospitaLine platform, the following personal data may be processed.

* Your Identity Information: your name, surname, gender and age information, Turkish Passport and Passport No (only if you purchase certain product groups, they are processed in accordance with the legislation.)
* Your Contact Information: your mobile phone number, delivery-residence address, e-mail address,
• Customer Transaction Information: your order and billing information, delivery transaction information, transaction history information about your purchases, request and complaint information, information that you personally share with the HospitaLine assistant in case you comment and/or ask questions about the products on the platform, information about the content of conversations with the HospitaLine assistant via chat,
• Your Transaction Security Information: IP address information, password and password information, cookie information,
• Your Legal Action Information: information in correspondence with authorized persons, institutions and organizations, information in case and execution files, your legal information request information,
* Your Audio Recording Information: your audio recording if you contact the call center.

     2- What are the purposes of the processing of your personal data and the collection methods?

Your identity, communication and customer transaction information are collected and processed automatically in electronic environment from you personally, from mobile application or website for the following purposes within the scope of our contractual relationship.

* Execution of the processes for the establishment and execution of the contract,
* Execution and audit of finance and accounting processes,
* Execution and supervision of the company's business activities,
* Execution of billing processes,
* Logistics, booking, appointment, execution of cargo activities and tracking of delivery processes,
* Making purchases through the website / mobile applications and confirming the identity information of the person making the transaction,
• If you have explicit consent, it can be used in various marketing and advertising activities, providing you with a better shopping experience, especially presenting products that match your preferences, and conducting activities to increase your satisfaction,
* To increase customer satisfaction, to be able to recognize our customers who shop from the platform and to be able to use it in customer environment analysis, to carry out activities aimed at developing and improving the products and services offered by our company,
* Execution of strategic analysis studies,
* Execution of communication activities,
* Offering products that you may be interested in taking into account your interests,
• Contacting and providing the necessary information about the terms, current status and updates of the contracts concluded through our platform in accordance with the relevant articles of the Law on distance sales contracts and Consumer Protection,
• Providing you with information about developments, opportunities and innovations at HospitaLine if you have explicit consent,
* Recognition of our customers who shop from the website and/or mobile applications, conducting activities aimed at using them in customer environment analysis, and conducting survey studies in electronic environment and/or physical environment through contracted organizations in this context,
* Evaluation of your requests, complaints and suggestions regarding our products and services,
* Ensuring that you receive information about the products,
* Execution of goods and services after-sales support services,
* Execution of information security processes,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Monitoring and execution of legal affairs,
* Providing information to authorized persons, public institutions and organizations.

Your transaction security information is collected and processed automatically in electronic environment from you personally, from mobile application or website for the following purposes within the scope of our contractual relationship.

* Execution of the processes for the establishment and execution of the contract,
* Execution and supervision of the company's business activities,
* Making purchases through the website / mobile applications and confirming the identity information of the person making the transaction,
• If you have explicit consent, it can be used in various marketing and advertising activities, providing you with a better shopping experience, especially presenting products that match your preferences, and conducting activities to increase your satisfaction,
* To increase customer satisfaction, to be able to recognize our customers who shop from the platform and to be able to use it in customer environment analysis, to carry out activities aimed at developing and improving the products and services offered by our company,
* Execution of information security processes,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Providing information to authorized persons, institutions and organizations.

Your legal transaction information is collected and processed automatically in electronic environment from you personally, mobile application, website for the following purposes within the scope of our contractual relationship.

* Execution of the processes for the establishment and execution of the contract,
* Execution and supervision of the company's business activities,
* Evaluation of your requests, complaints and suggestions regarding our products and services,
* Execution of information security processes,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Monitoring and execution of legal affairs,
* Providing information to authorized persons, institutions and organizations.

Your audio recording information is collected and processed for the following purposes if you contact the call center.

* Execution of the processes for the establishment and execution of the contract,
* Execution of communication activities,
• Conducting campaigns, providing you with a better shopping experience, especially presenting products that match your preferences, and conducting activities aimed at increasing your satisfaction,
* Carrying out activities aimed at the development and improvement of the products and services offered by our company,
* Offering products that you may be interested in taking into account your interests,
• Contacting and providing the necessary information about the terms, current status and updates of the contracts concluded through our platform in accordance with the relevant articles of the Law on distance sales contracts and Consumer Protection,
• Providing you with information about developments, opportunities and innovations at HospitaLine if you have explicit consent,
* Recognition of our customers who shop from the website and/or mobile applications, conducting activities aimed at using them in customer environment analysis, and conducting survey studies in electronic environment and/or physical environment through contracted organizations in this context,
* Evaluation of your requests, complaints and suggestions regarding our products and services,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Monitoring and execution of legal affairs,
* Providing information to authorized persons, institutions and organizations.

3- What is the legal reason for the processing of your personal data?

HospitaLine, "Which of your personal data is processed by HospitaLine?" your personal data contained in the title 5, 8 of the KVKK for the purposes set out above. and 9. it is processed based on the reasons specified in the articles and compliance with the law given below.

• Based on the legal reason that the Law on the Regulation of Electronic Commerce 6563, the Turkish Commercial Code 6102, the Turkish Criminal Code 5237 and the Law on Consumer Protection 6502 are clearly stipulated in the legislation to which our Company is subject, in particular; ensuring the security of operations on the company platform, conducting information security processes, fulfilling our obligations arising from legislation, in particular activities aimed at ensuring that activities are carried out in accordance with the legislation,
* Based on the legal reason that the processing of your personal data is necessary, provided that it is directly related to the establishment or performance of the contract; execution of activities for the establishment of contracts concluded through our platform in accordance with the relevant articles of the Law on Consumer Protection, such as distance sales contracts, execution of activities for the realization of your purchase transactions, execution and supervision of the company's business activities, monitoring of delivery processes, evaluation of your requests, complaints and suggestions related to our products and services, execution and supervision of financial and accounting processes, execution of communication activities,
* Based on the legal reason that it is mandatory for our company to fulfill its legal obligation; Fulfillment of the legal obligations specified in the decisions, guidelines and guides contained in the secondary legislation of our Company and/ or published by the competent authorities, especially the Distance Contracts Regulation and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, providing information to authorized persons, institutions and organizations, ensuring the conduct of activities in accordance with the legislation, monitoring and conducting legal affairs, conducting finance and accounting affairs,
* Based on the legal reason that data processing is mandatory for the establishment, use or protection of a right; execution of legal and litigation affairs,
* Based on the legal reason that data processing is mandatory for the legitimate interests of our company, provided that it does not harm their fundamental rights and freedoms; conducting activities aimed at developing and improving the products and services offered by our company,
* Transfer of personal data abroad based on the legal reason for having your explicit consent.

     4- Who does HospitaLine transfer your personal data to for what reasons?

Our company takes care to process your personal data in accordance with the principles of "need to know" and "need to use", ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Since conducting or supervising business activities, ensuring business continuity, operating digital infrastructures necessitates continuous data flow with different stakeholders, we are obliged to transfer the personal data we process to third parties for certain purposes. In addition, it is very important that your personal data is accurate and up-to-date in order for us to fully and properly fulfill our contractual and legal obligations. For this purpose, we have to work with various business partners and service providers.

Your personal data, execution of the marketplace operation, execution of the performance processes of the services you have made an appointment and purchased, management of your requests for assistance and support for your processes, execution of activities to increase your experience and satisfaction, execution of activities to improve and improve the products and services offered by our company, provision of a better shopping experience for you and execution of activities to increase your satisfaction, ensuring business continuity, ensuring information security, to the extent necessary, in particular for the purposes of fulfilling legal obligations and limited to the purposes specified in the second article of this clarification text:

Based on the legal reasons that it is clearly stipulated in the legislation to which our company is subject and that it is mandatory for the fulfillment of its legal obligations, it is necessary for the establishment or execution of the contract;

• With the seller of the product and the service provider for the purpose of carrying out the purchase processes,
• Information about the person to whom the service / product will be performed / delivered on behalf of you and/or the service / product with the service provider / seller of the purchased product for the purpose of conducting logistics activities and tracking the performance processes of the service / product,
• For the purpose of carrying out billing processes, our business partners, the seller of the purchased product / service, our consultants and service providers, banks, financial advisors,
• With business partners and other service providers who offer call center services for the provision of goods and services sales and after-sales support services,
• With business partners and service providers offering services in the field of quality control, complaint management and risk analysis of services,
• Management of financial and accounting processes, detection and evaluation of risks, prevention of fraud with our relevant business partners, consultants and service providers, banks, financial advisors,
• With an e-invoice business partner for sending an e-invoice to the customer electronically; with cargo and courier companies for the purpose of physical contract or invoice delivery, with our business partners offering special integrator, independent audit, customs, financial consultant / accounting services,
• T of invoices and collection receipts during tax audits with tax authorities for the fulfillment of tax obligations.C. With the officials of the Ministry of Treasury and Finance,
• With our business partners and service providers who provide, operate or provide services to our IT infrastructure,
• With our business partners providing services in the field of risk management and execution of financial reporting processes,

Based on the legal reasons that data processing is mandatory for the establishment, use or protection of a right, that it is clearly stipulated in the legislation to which our company is subject, and that it is mandatory for it to fulfill its legal obligation;

• Within the scope of fulfilling legal obligations, lawyers, auditors, forensic IT specialists, cyber security consultants, tax consultants, as well as other third parties and business partners from whom we receive consulting and services,
* With authorized public institutions and organizations such as regulatory and supervisory institutions and court and enforcement directorates,
• It may be shared with other public institutions or organizations authorized to request your personal data, our domestic and/or foreign subsidiaries, suppliers, business partners, banks with which we have agreements and third parties from whom we receive products or services.

B- OUR GUEST MEMBERS

    1- Which personal data are processed by HospitaLine?

People who follow and/or buy products on the platform without being a member of the HospitaLine platform are defined as “Guest Members”. During your use of the HospitaLine platform as a guest member and making purchases, your personal data listed below is processed.

* Your Credentials: first name, last name,
• Your Contact Information: your mobile phone number, delivery address, e-mail address,
• Your Customer Transaction Information: order and information, billing information, delivery transaction information, transaction history information about your purchases, request and complaint information,
• Your Transaction Security Information: IP address information, cookie information,
• Your Legal Transaction Information: information in correspondence with authorized persons, institutions and organizations, information in case and execution files, your legal information request information,
* Your Audio Recording Information: Please provide an audio recording if you contact the call center.

    2- What are the purposes of the processing of your personal data and the collection methods?

Your identity, communication and customer transaction information are collected and processed automatically from you personally, via mobile application or website in electronic environment for the following purposes.

* Execution of the processes for the establishment and execution of the contract,
* Execution and audit of finance and accounting processes,
* Execution and supervision of the company's business activities,
* Carrying out logistics, booking, appointment activities and tracking of delivery processes,
* Making purchases through the website / mobile applications and confirming the identity information of the person making the transaction,
* Carrying out activities aimed at the development and improvement of the products and services offered by our company,
* Execution of strategic analysis studies,
* Execution of communication activities,
• Contacting and making the necessary information about the terms, current status and updates of the contracts concluded through our platform on the basis of the relevant articles of the distance sales contract and the Law on Consumer Protection, establishing a membership agreement,
* Evaluation of requests, complaints and suggestions related to our products and services,
* Execution of goods and services after-sales support services,
* Execution of information security processes,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Monitoring and execution of legal affairs,
* Providing information to authorized persons, institutions and organizations.

Your transaction security information is collected and processed automatically in electronic environment from you personally, mobile application or website for the following purposes.

* Execution of the processes for the establishment and execution of the contract,
* Execution and supervision of the company's business activities,
* Making purchases through the website / mobile applications and confirming the identity information of the person making the transaction,
* Carrying out activities aimed at the development and improvement of the products and services offered by our company,
* Execution of information security processes,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Providing information to authorized persons, institutions and organizations.

Your legal transaction information is collected and processed automatically from you personally, the mobile application, the website in electronic environment for the following purposes.

* Execution of the processes for the establishment and execution of the contract,
* Execution and supervision of the company's business activities,
* Carrying out activities aimed at the development and improvement of the products and services offered by our company,
* Evaluation of your requests, complaints and suggestions regarding our products and services,
* Execution of information security processes,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Monitoring and execution of legal affairs,
* Providing information to authorized persons, institutions and organizations.

Your audio recording information is collected and processed for the following purposes if you contact the call center.

* Execution of the processes for the establishment and execution of the contract,
* Execution of communication activities,
* Carrying out activities aimed at the development and improvement of the products and services offered by our company,
• Contacting and providing the necessary information about the terms, current status and updates of the contracts concluded through our platform in accordance with the relevant articles of the Law on distance sales contracts and Consumer Protection,
* Evaluation of your requests, complaints and suggestions regarding our products and services,
* Ensuring the safety of operations in relation to the HospitaLine platform,
* Ensuring that the activities are carried out in accordance with the legislation,
* Monitoring and execution of legal affairs,
* Providing information to authorized persons, institutions and organizations.

3- What is the legal reason for the processing of your personal data ?

HospitaLine, “Which of your personal data is processed by HospitaLine?" your personal data contained in the title 5, 8 of the KVKK for the purposes set out above. and 9. it is processed based on the reasons specified in the articles and compliance with the law given below.

• Based on the legal reason that the Law on the Regulation of Electronic Commerce 6563, the Turkish Commercial Code 6102, the Turkish Criminal Code 5237 and the Law on Consumer Protection 6502 are clearly stipulated in the legislation to which our Company is subject, in particular; ensuring the security of operations on the company platform, conducting information security processes, fulfilling our obligations arising from legislation, in particular activities aimed at ensuring that activities are carried out in accordance with the legislation,,
* Based on the legal reason that the processing of your personal data is necessary, provided that it is directly related to the establishment or performance of the contract; execution of activities for the establishment of contracts concluded through our platform in accordance with the relevant articles of the Law on Consumer Protection, such as distance sales contracts, execution of activities for the realization of your purchase transactions, execution and supervision of the company's business activities, monitoring of delivery processes, evaluation of your requests, complaints and suggestions related to our products and services, execution and supervision of financial and accounting processes, execution of communication activities,
* Based on the legal reason that it is mandatory for our company to fulfill its legal obligation; Fulfillment of the legal obligations specified in the decisions, guidelines and guides contained in the secondary legislation of our Company and/ or published by the competent authorities, especially the Distance Contracts Regulation and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, providing information to authorized persons, institutions and organizations, ensuring the conduct of activities in accordance with the legislation, monitoring and conducting legal affairs, conducting finance and accounting affairs,
* Based on the legal reason that data processing is mandatory for the establishment, use or protection of a right; execution of legal and litigation affairs,
* Based on the legal reason that data processing is mandatory for the legitimate interests of our company, provided that it does not harm their fundamental rights and freedoms; conducting activities aimed at developing and improving the products and services offered by our company,
* Transfer of personal data abroad based on the legal reason for having your explicit consent.

    4- Who does HospitaLine transfer your personal data to for what reasons?

Our company takes care to process your personal data in accordance with the principles of “need to know” and “need to use”, ensuring the necessary data minimization and taking the necessary technical and administrative security measures. Since conducting or supervising business activities, ensuring business continuity, operating digital infrastructures necessitates continuous data flow with different stakeholders, we are obliged to transfer the personal data we process to third parties for certain purposes. In addition, it is very important that your personal data is accurate and up-to-date in order for us to fully and properly fulfill our contractual and legal obligations. For this purpose, we have to work with various business partners and service providers.

Your personal data, execution of the marketplace operation, execution of the performance processes of the services you have made an appointment and purchased, management of your requests for assistance and support for your processes, execution of activities to increase your experience and satisfaction, execution of activities to improve and improve the products and services offered by our company, provision of a better shopping experience for you and execution of activities to increase your satisfaction, ensuring business continuity, ensuring information security, to the extent necessary, in particular for the purposes of fulfilling legal obligations and limited to the purposes specified in the second article of this clarification text:

Based on the legal reasons that it is clearly stipulated in the legislation to which our company is subject and that it is mandatory for the fulfillment of its legal obligations, it is necessary for the establishment or execution of the contract;

• With the seller of the product and the service provider for the purpose of conducting the purchase processes,
• Information about the person to whom the service / product will be performed / delivered on behalf of you and/or the service / product with the service provider / seller of the purchased product for the purpose of conducting logistics activities and tracking the performance processes of the service / product,
• For the purpose of carrying out billing processes, our business partners, the seller of the purchased product / service, our consultants and service providers, banks, financial advisors,
• With business partners and other service providers who offer call center services for the provision of goods and services sales and after-sales support services,
• With business partners and service providers offering services in the field of quality control, complaint management and risk analysis of services,
• Management of financial and accounting processes, detection and evaluation of risks, prevention of fraud with our relevant business partners, consultants and service providers, banks, financial advisors,
• With an e-invoice business partner for sending an e-invoice to the customer electronically; with cargo and courier companies for the purpose of physical contract or invoice delivery, with our business partners who offer special integrator, independent audit, customs, financial consultant / accounting services,
• T of invoices and collection receipts during tax audits with tax authorities for the fulfillment of tax obligations.C. With the officials of the Ministry of Treasury and Finance,
• With our business partners and service providers who provide, operate or provide services to our IT infrastructure,
• With our business partners providing services in the field of risk management and execution of financial reporting processes,

Based on the legal reasons that data processing is mandatory for the establishment, use or protection of a right, that it is clearly stipulated in the legislation to which our company is subject, and that it is mandatory for it to fulfill its legal obligation;

• Within the scope of fulfilling legal obligations, lawyers, auditors, forensic IT specialists, cyber security consultants, tax consultants, as well as other third parties and business partners from whom we receive consulting and services,
* With authorized public institutions and organizations such as regulatory and supervisory institutions and court and enforcement directorates,
• It may be shared with other public institutions or organizations authorized to request your personal data, our domestic and/or foreign subsidiaries, suppliers, business partners, banks with which we have agreements and third parties from whom we receive products or services.

HOW DOES HOSPITALINE PROTECT YOUR PERSONAL DATA?

The personal data shared with HospitaLine is under the supervision and control of HospitaLine. HospitaLine has assumed responsibility as a data controller for establishing the necessary organization and taking and adapting technical measures in order to protect the confidentiality and integrity of information in accordance with the provisions of the relevant legislation in force. Aware of our obligation in this regard, we;

* Penetration tests are carried out at December intervals in accordance with international and national technical standards related to data privacy.
• Your personal data that you transmit to HOSPITALINE via the website, mobile site and mobile application is protected using SSL Certificate, Firewall Software, Firewall Device, DDoS Decoy, CloudLinux (Inter-Site Wall), 60-Day Backup Storage technology.
* Risk analyses are carried out regularly regarding personal data processing activities and actions are taken to reduce the risks.
* Access and authorization controls are applied to prevent unauthorized access to personal data.
• In this context, we inform you that we are always updating our data processing policies.

YOUR RIGHTS TO THE PROTECTION OF YOUR PERSONAL DATA

By applying to our Company using the methods listed in the "Communication for Your Rights and Requests" section of this Lighting Text,

* To learn whether your personal data has been processed or not,
• If it has been processed, do not request information about it,
* To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
* To know the third parties to whom it is transferred domestically or abroad,
* Request correction of personal data in case of incomplete or incorrect processing,
* Requesting the deletion or destruction of your personal data within the framework of the conditions stipulated in the KVKK,
* To request that the transactions made in accordance with your rights in the form of correction, deletion and destruction mentioned above be notified to the third parties to whom the personal data are transferred,
* Objecting to the occurrence of a result against you by analyzing your processed personal data exclusively with automatic systems,
• If you suffer damage due to the processing of your personal data in violation of the relevant legislation, you have the right to request compensation for your damage.

CONTACT US FOR YOUR RIGHTS AND REQUESTS

Send your questions and requests about your personal data to the Data Controller with a petition organized in accordance with the conditions set out in the Communiqué on Application Procedures and Principles, or from "HospitaLine Sağlık Turizm ve Bilişim Hiz. Tic. Ltd. Şti. You can submit the Application Form" with the following methods. You can access the application form here.

Application Method

The Address where the Application will be Made

Personally Written Application

Notary

Registered E-Mail by Signing with a Secure Electronic Signature or Mobile Signature (KEP)

From your e-mail address previously notified to our company and registered in the system

* It is mandatory for the Relevant Persons who will apply for the "Personal Written Application" route to submit documents confirming their identity. In this context, Oruçreis Mh. Tekstilkent Cd. For personal written applications to the address A Blok No:12 B/013 Esenler/ Istanbul, we kindly request that only the front side of the ID copy (blood type and religion number are not visible) be submitted along with the application form

** We request that "Relevant Person Request of the Personal Data Protection Law" be written on the notification envelope of the application form or in the subject part of the e-mail.

As the personal data owners, if you submit your requests regarding your rights to HOSPITALINE, HOSPITALINE will finalize your request free of charge within 30 (thirty) days at the latest. However, if the response to your application requires a cost in accordance with the legislation, HOSPITALINE may charge the fee in the tariff determined by the Personal Data Protection Board.

ABOUT THE ILLUMINATION TEXT

HospitaLine reserves the right to update this Disclosure text about the Protection of Personal Data at any time within the framework of changes that may be made in the applicable legislation.

Updated Date : 05.07.2023