PRIVACY POLICY AND PERSONAL DATA TEXT

This Privacy Policy and Personal Data Text (Policy) has been prepared by Diştedavim Technology Services Inc. (Diştedavim or the Company) to inform and educate Users about the terms and conditions regarding the use of data obtained and/or to be obtained from Users through the Platform, and the ways in which such data will be processed within the scope of the Services provided via the Platform.

1. Definitions and General Descriptions

In this Policy:
Individual User; the person accessing the Platform and benefiting from the Services other than Clinics and Suppliers,
Platform: www.dentalprices.com owned by Diştedavim and/or the Dentalprices mobile application,
Law: Law No. 6698 on Protection of Personal Data,

Clinic:

Refers to private healthcare institutions defined in accordance with Article 4 of the Regulation on Private Health Institutions Providing Oral and Dental Health Services, registered on the Platform.

User:

Refers collectively or individually to Individual User, Clinic, and Supplier.

Terms of Use:

Refers to the Terms of Use found on the Platform, which Users consent to and which define the rights and obligations of Diştedavim and the User concerning the Platform and the Services provided through the Platform.

Policy:

Refers to this Privacy Policy and Personal Data Text.

Supplier:

Refers to individuals who will sell Products to other Users through the Platform.

Terms written in uppercase and not defined herein shall have the meanings ascribed to them in the Terms of Use.

Personal data refers to any kind of information related to an identified or identifiable natural person. Therefore, the regulations concerning personal data in this text will apply if the relevant information belongs to a natural person. For information belonging to legal entities, regulations other than those concerning personal data in this Policy apply.

Personal data is processed in accordance with the following fundamental principles as regulated in the Law:

• Compliance with the law and honesty principles,
• Accuracy and being up-to-date when necessary,
• Being processed for specific, explicit, and legitimate purposes,
• Being relevant, limited, and proportionate to the purposes for which they are processed,
• Being retained for the period stipulated by the relevant legislation or necessary for the purpose for which they are processed.

Personal data refers to any kind of information related to an identified or identifiable natural person. Therefore, the regulations concerning personal data in this text will apply if the relevant information belongs to a natural person. For information belonging to legal entities, regulations other than those concerning personal data in this Policy apply.

2. Collection Method and Legal Grounds for Processing Personal Data

Diştedavim is obligated under the Law to inform/educate individuals whose personal data will be processed in accordance with Article 10 of the Law during the acquisition of personal data. The scope of this obligation is as follows:

• The identity of the data controller and, if any, its representative,
• The purposes for which personal data will be processed,
• To whom and for what purposes the processed personal data may be transferred,
• The management of personal data collection and its legal basis,
• The rights of the data subject.

Diştedavim aims to fulfill these information obligations through this Policy.

Diştedavim does not access or process as a data controller any health data provided by Individual Users to Clinics for services to be provided or personal data regarding the content and nature of such services within the scope of the Law.

In addition, during Clinics' provision of services to Users, Clinics may record certain User information on their own behalf and account through the Platform interface. With respect to this personal data and information, Clinics act as data controllers in accordance with the Law. Diştedavim processes these data solely as a data processor on behalf of and for the account of Clinics within the scope of the Law. The obligation to inform about this personal data belongs to the Clinic as the data controller. Individual Users should directly contact the Clinic for any requests regarding this data.

Diştedavim does not have any data controller responsibility for health data processed by Clinics due to Clinics providing services to Users.

3. Collection Method and Legal Grounds for Processing Personal Data

Information sent, shared, or accessible in the form of data by Users to Diştedavim while registering on the Platform, accessing the Platform, or using the Services may fall within the scope of personal data. When you benefit from our Services or access the Platform, we collect information about you and your use of various sources related to the use of our Services as stated below:

• Identity and Contact information: Users' identity information such as name, surname, Turkish ID number, and contact information such as phone and email addresses are processed.
• Service information: Diştedavim processes information about which Services the User benefits from.
• Usage data: Usage data about you is collected when you use the Services or access the Platform. This may include when you visit the Platform, what you click on, when you perform these actions, etc. Additionally, like many websites today, our network servers maintain daily logs; these files record data each time a device accesses them. Log files may include data such as source IP addresses, internet service providers, files viewed on your site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps related to the nature of each access.
• Location information: Diştedavim may collect data related to your location when using the Diştedavim infrastructure.
• Device data: Data is collected from the devices and applications you use to access the Platform, such as your username and password, IP address, operating system version, device type, system and performance information, and browser type.
• Real-time notifications: If you use the Platform, we may occasionally send you real-time notifications through the Platform to provide announcements related to the Services and information about products, services, special offers, and promotions.

a. Methods of Collecting Personal Data

Diştedavim may obtain users' personal data through various stages such as the use of the Platform, establishing a potential relationship with Diştedavim, conducting discussions and negotiations for the establishment of such a relationship, informing users about Diştedavim's products and services, preparing and signing contracts, recording relevant data, performing technical support, renewing contracts, and terminating contracts.

Diştedavim may collect personal data from users through communication channels such as email, mail, and phone, through the Platform, and through cookies used on the Platform, both audibly, electronically, and in writing.

b. Data Categories and Types

c. Legal Basis

Your personal data may be processed for the purposes listed below, with each data category listed for the following purposes:

4. Purposes of Processing Personal Data

Users' personal data is processed for the following purposes in accordance with the above general terms:

5. Personal Data Retention Period

The personal data of users are retained for the duration specified below in accordance with the relevant legislation or for the duration required by the purpose for which they were processed:

Personal data are processed in a manner to comply with the period of legislation.

6. Rights of the Personal Data Subject

As a personal data owner, the rights given below are protected under the Personal Data Protection Act:

Diştedavim is obliged to take all necessary technical and administrative measures to ensure an adequate level of security in order to prevent the unlawful processing of personal data, unauthorized access to such data, and to secure the preservation of personal data with the utmost care. Diştedavim will make every effort to prevent the unlawful processing and unauthorized access of your personal data, ensuring the security and integrity of your personal data. Your IP address, operating system, connection time, and similar information are automatically recorded each time you visit the Platform, and this information may be used anonymously without your permission.

Diştedavim may use the information collected for various purposes, such as providing services, optimizing and developing services, enriching the database, and improving the services provided to individuals accessing the Platform through this database. Diştedavim may use this information for website management, security, research, and analysis.

5. Third-Party Websites and Applications

The Platform may contain links that redirect to other websites whose content is unknown to Diştedavim and over which Diştedavim has no control. These websites may contain different terms and conditions from those of Diştedavim's texts. Diştedavim cannot be held responsible for the information handling practices of these websites. Similarly, Diştedavim assumes no responsibility when links are provided to the Platform from other sites.

7. Transfer of Your Personal Data

Diştedavim retains the personal data it processes in compliance with the relevant legislation for the periods stipulated by the relevant legislation or required by the processing purpose. Diştedavim undertakes to take all necessary technical and administrative measures and to exercise due diligence to ensure the confidentiality, integrity, and security of personal data. In this context, Diştedavim takes the following technical and administrative measures regarding the processed personal data:

Antivirus Application: All computers and servers in Diştedavim's information technology infrastructure have periodically updated antivirus applications installed.

Firewall: Data centers hosting Diştedavim's servers and disaster recovery centers are protected by periodically updated software firewalls that control internet connections of all personnel and provide protection against viruses and similar threats.

User Identification: Access of Diştedavim employees to Diştedavim systems is limited strictly to their job descriptions, and system permissions are updated in case of any changes in responsibilities and duties.

Penetration Testing: Regular penetration testing is conducted on Diştedavim's system servers. Security vulnerabilities identified during these tests are remediated, and verification tests are conducted to confirm the closure of these vulnerabilities.

Training: Regular training sessions are provided to Diştedavim employees to increase awareness of various information security breaches and minimize the impact of human factors in case of data breaches.

Physical Data Security: Personal data in paper format is securely stored in locked cabinets and accessed only by authorized personnel.

Backup: Diştedavim ensures periodic backups of stored data. In addition to using backup facilities provided by cloud infrastructure providers in compliance with relevant legislation and this Policy, Diştedavim also uses its own developed backup solutions when deemed necessary.

Despite taking necessary information security measures, if personal data is compromised or accessed by unauthorized third parties as a result of attacks on the Platform or Diştedavim's systems, Diştedavim immediately notifies Users and, if necessary, the relevant data protection authority, and takes necessary measures.

7. Transfer of Your Personal Data

Your collected personal data may be transferred, processed, and stored on servers within the country or for lawful purposes stated in this text.

Diştedavim may share your personal data with companies providing services (information processing centers, third-party business partners, or customer service centers, etc.) within the scope of contracts concluded between you and Diştedavim, taking into account its legal obligations.

Personal data may be shared with competent public institutions and organizations authorized to request personal data (in cases where there is an obligation to prevent crime, prevent money laundering, prevent financing of terrorism, combat crime, and where there is a legal obligation to inform state and public security threats).

Detailed information about with whom and for what purposes your personal data can be shared is specified below:

8. Cookies

Cookies are small data files stored on your device that we use to identify Users continuously when accessing the Services. Depending on our usage reasons, the lifespan of all cookies ends after a certain period of time. Cookies are used for several reasons:

• To facilitate the use of the Platform: If you use the "Remember Me" feature to speed up your login to your account, we may store your username in a cookie.
• For security reasons: We use cookies to authenticate your identity (or to determine if your session is still open on the Platform, for example).
• To provide personalized content to you: We may store user preferences such as default language in cookies to personalize the content you view.
• To improve our Services: We use cookies to measure your usage of the Platform, track referral data, and sometimes show you different versions of content to develop and improve our services and provide the best content to Users.

TYPES OF COOKIES BY USAGE

Essential Cookies: These cookies are essential for the proper functioning of the Platform. These cookies are necessary for managing the system, preventing fraudulent transactions, and the Platform cannot function properly without them.

Analysis/Performance Cookies: These cookies analyze and help us understand the operation of the Platform and interact with you to improve the Platform. The use of these cookies can be disabled.

Functional Cookies: These cookies are used to provide you with an easier and enhanced user experience. They perform functions such as remembering your previous preferences and providing easy access to certain content on the Platform. The use of these cookies can be disabled.

TYPES OF COOKIES BY STORAGE DURATION:

Persistent Cookies: These cookies persist on a user's computer and smart mobile device until deleted by the user or until a specific date. These cookies are mostly used to measure user preferences and site activities.

Session Cookies: These cookies are used to divide a User's visit into sessions and do not collect data from the User. These cookies are deleted when the User has been inactive on the Platform for a specific period or closes the Platform. Cookies are used both by first-party and third-party to provide services and to enhance the effectiveness of these services. These cookies may remember and visit the web pages and sites visited by the user. When you visit the Platform and use these plugins, the Platform directly connects to the selected social network's server. Then, the content provided by the plugin is transmitted directly from social networks to your web browser and added to the website you are visiting. Thus, the relevant social network can access your data and process it with the relevant social network's account data.

Diştedavim has no control over the data processed by social networks through plugins. To learn more about how social networks will process your personal data, why, and how, you must carefully review the personal data policies published by relevant social networks.

Internet browsers are generally opened with Cookies enabled. However, if you do not wish to use the cookies, you may change the settings of your browser. However, you may need to be aware that the performance of the Web may not be accessed to the right performance level to the Platform. In addition, this document is provided by me by the under reading, matter reading together, carefully to understand me all.setChecked, after be he man, but To services my to on numbers, it.

It should be noted that if you do not make the necessary browser and/or email settings to disable cookies, you will be deemed to have consented to the use of cookies by us.

9. Your Rights as a Data Subject

As the data controller, Diştedavim reserves the right to change the Policy to comply with relevant legislation and to better protect personal data.

This Policy may be revised and updated as new features are added to digital platforms or new suggestions are received from Users. In such cases, we will inform you by publishing the changes on the Platform. In some significant cases, we may also notify you of these changes through additional notifications designed reasonably, such as via email or another noticeable method. Upon being informed of these changes, if you continue to access the Platform and benefit from or do not benefit from the Services offered by Diştedavim after the notification period, you will be deemed to have consented to the changes in the Policy. If you do not agree to the terms of this Policy or an updated privacy policy and personal data text (if any), you have the right to close your membership account at any time or not to respond to surveys. Therefore, we recommend reviewing the Policy each time you access the Platform. This document was last updated on [February 26, 2024]. The provisions of the Policy shall take effect on the date of publication if the Policy is changed.

10. Your Rights as a Data Subject

As data subjects, you can contact Diştedavim via the official email address [email protected] and the official telephone number 02167062122 or by addressing changes, updates, and/or deletion requests to the following information at Diştedavim's Atatürk Mah. Ertuğrul Gazi Sk. 2R Blok No:15 Ataşehir/İstanbul (APY TEKMER) address.

• Name and surname of the applicant,
• If the applicant is a citizen of the Republic of Turkey, their Turkish ID number; if not, their passport number along with their nationality,
• The applicant's residential or business address for notification purposes,
• The applicant's email address, phone number, or fax number for notification purposes,
• The subject of the request,
• Information and documents related to the subject of the request,
• Application methods, and
• If the application is in writing, the signature.

If you submit your requests through the specified methods, Diştedavim will respond to your request free of charge as soon as possible and within a maximum of thirty days, depending on the nature of the request. However, if the process requires an additional cost, Diştedavim may charge the fee required under the relevant legislation.

As data subjects under the legislation on the protection of personal data, you have the following rights:

a. To learn whether personal data is being processed,

b. If personal data is processed, to request information regarding this processing,

c. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

d. To know the third parties to whom personal data is transferred domestically or abroad,

e. If personal data is incomplete or incorrectly processed, to request their correction,

f. To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,

g. To request that the transactions made pursuant to paragraphs (e) and (f) be notified to third parties to whom personal data has been transferred,

h. To object to the occurrence of a result against oneself through analysis of personal data exclusively by automatic systems,

i. In case personal data is processed unlawfully and thus causes damage, to demand the compensation of the damage.

If you believe that we or a person to whom we have transferred your data has violated your rights, you can file a complaint with the data protection authority in your country and other authorized supervisory authorities.

Company Name: Diştedavim Technology Services Anonymous Company

Address: Atatürk Mah. Ertuğrul Gazi Sk. 2R Blok No: 15 Ataşehir / İstanbul (APY TEKMER)

Email: [email protected]

Phone: 02167062122