Text of the Law on the Protection of Personal Data

INFORMATION TEXT REGARDING THE LAW ON THE PROTECTION OF PERSONAL DATA

Inci Group Health Services Inc. and the Polyclinics and practices operating under the Inci brand, namely Inci Dental Bahçeşehir (Bahçeşehir Istanbul Smile Dental Polyclinic and Medical Supplies Foreign Trade Ltd. Co.), Inci Dental Başakşehir (Sermizan Health Services Inc.), Inci Dental Levent (Levent Inci Health Services Inc.), Zeytinburnu (Eshat Araz Practice), may process your personal data as Data Controller within the framework explained in detail below, in accordance with the Law No. 6698 on the Protection of Personal Data (Law) and the European Union General Data Protection Regulation ("GDPR") and related legislation.
Detailed information about the protection, processing, storage, and destruction of your personal data can be found on our website under the "Personal Data Protection and Privacy" section.

1. COLLECTION, PROCESSING AND PURPOSES OF PROCESSING PERSONAL DATA
2. COLLECTION OF PERSONAL DATA
   Inci Group Health Services Inc. and the Polyclinics and practices operating under the Inci brand, namely Inci Dental Bahçeşehir (Bahçeşehir Istanbul Smile Dental Polyclinic and Medical Supplies Foreign Trade Ltd. Co.), Inci Dental Başakşehir (Sermizan Health Services Inc.), Inci Dental Levent (Levent Inci Health Services Inc.), Zeytinburnu (Eshat Araz Practice), may collect data verbally, in writing, or electronically through call centers, websites, social media platforms, SMS channels, mobile applications, and similar means via business/program partners. The company may use cookies to better provide its services and to ensure that the content is tailored to individual needs and interests. Disabling cookies in the browser does not prevent the use of services on the website, but it may lead to some technical problems. Cookies are also used to collect general, statistical information about the user's use of the website. Our detailed cookie policy is available on our website. Personal data may also be collected from digital environments such as company websites, software and applications accessible via computers or certain smart devices, and social media accounts activated by persons authorized to provide services on behalf of the company. Our company records images of visitors through a camera surveillance system at building and facility entrances and within the facilities. The company's security camera surveillance activities aim to improve the quality and reliability of the services provided, ensure the safety of our company, customers, and other individuals, and protect the interests of customers regarding the services they receive. Our detailed information text regarding camera surveillance activities is available on the website.2. PROCESSING OF PERSONAL DATA
   The company may process your personal data, both private and general, including your health data, for the purposes stated below:

• Your identification information: Your name, surname, Turkish Republic Identity Number, passport number or temporary Turkish Republic Identity Number, place and date of birth, marital status, gender, insurance and/or any other identifying data that may identify you;
• Your Contact Information: Your address, telephone number, email address and other contact details, voice recordings of your calls kept by customer representatives or customer service in accordance with call center standards, and personal data obtained when you contact us via email, letter or other means; other personal data you send us through our communication channels,
• Family Members and Close Relatives Information includes the data subject's children, spouses, and identification information.,
• Your Bank Account Information: Your financial data such as your bank account number, IBAN number, credit card slip information, billing and invoice information,
• Physical Security Information: If you use our customer parking lot, your vehicle license plate information, visitor information, entry and exit information, images and audio recordings obtained from continuously recording cameras in common areas will be collected.,
• Legal Transaction Information, information requests from judicial and administrative institutions, data resulting from audits and inspections, your personal data including your resume provided if you apply for a job at the Company, and all personal data related to your employment contract if you are an employee or related employee of the Company, your data relating to private health insurance for the purpose of financing and planning health services, and your Social Security Institution data,
• Marketing information, targeting information that may affect the service, cookie records, customer surveys, thank you and complaint letters, satisfaction results, etc., are all notifications you provide for evaluation purposes.,
• Special Categories of Personal Data include information necessary for the provision of the service or for legal requirements, as well as data relating to race, health and sexual life, data relating to criminal convictions and security measures, and biometric data.

3. PURPOSES OF PROCESSING PERSONAL DATA
   Your personal data that you have shared;

• To enable you and/or the institutions and organizations you represent to benefit from the products and services offered by our company, we will carry out the necessary work, including but not limited to, determining and implementing our company's commercial and business strategies, conducting marketing activities, and performing business development and planning activities.,
  Our company ensures the physical security and control of the locations in use.,
• Establishing relationships with business partners/customers/suppliers (authorized representatives or employees),
  Ensuring contractual compliance and financial reconciliation regarding products and services offered in conjunction with our business partners, suppliers, or other third parties.,
• Monitoring legal and administrative affairs, human resources policies,
• Your personal data may be processed for the purpose of calling our company's call center, using our website, and/or participating in training, seminars, or events organized by our company.

STORAGE OF PERSONAL DATA
a) Your personal data will be stored in electronic and/or physical environments. To ensure that the personal data provided and stored by our company is not subject to unauthorized access, manipulation, loss, or damage in the environments where it is stored, the necessary business process designs and technical security infrastructure improvements are implemented.
b) Your personal data will be processed and stored for the legal retention period, or for the period required by the purpose of processing if no such period is specified, provided that it is not used outside the purposes and scope notified to you, and all necessary information security measures are taken. Upon expiration of this period, your personal data will be removed from our Company's data flows through deletion, destruction, or anonymization methods.
c) The company adheres to the principle of acting in accordance with the law when sharing data with both business and solution partners. Data is shared with business and solution partners only to the extent necessary for the service, with a commitment to data confidentiality, and these parties are required to take measures to ensure data security.
d) In accordance with the Law on the Regulation of Trade and the Regulation on Commercial Communication and Commercial Electronic Messages, electronic messages for advertising purposes may only be sent to individuals who have given their prior consent. The explicit consent of the recipient is a prerequisite. The Company complies with the details of this "consent" as defined in the same legislation. This consent may be obtained in writing in a physical environment or through any electronic communication means.
e) If a contractual relationship has been established with our customers and prospective customers, the collected personal data may be used without the customer's consent. However, this use will be in line with the purpose of the contract. On the other hand, the data provided by our prospective customers is processed to provide them with easier and higher quality service in the future. This data will be deleted upon request if a contractual relationship does not exist.
f) Data received by our company is processed into the system only to the extent necessary. Excess information is not recorded in the system; it is deleted or anonymized. This data may be used for statistical purposes.
g) We hereby inform you, within the scope of the data controller's obligation to inform you, that your personal data mentioned above may be processed in accordance with the provisions of the Basic Law on Health Services No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Institutions, the Private Hospitals Regulation, the Regulation on the Processing of Personal Health Data and the Protection of Privacy, and the regulations of the Ministry of Health and other relevant legislation, and may be transferred to the physical archives and information systems of the HOSPITAL and/or our suppliers, and may be kept under custody in both digital and physical environments.

B. TRANSFER OF PERSONAL DATA

In accordance with Articles 8 and 9 of the Law and additional regulations determined by the Personal Data Protection Board, the company may transfer personal data domestically or internationally if the conditions for the transfer of personal data are met.

Personal data may be transferred domestically to third parties by the company only if at least one of the data processing conditions set forth in Articles 5 and 6 of the Law is met and the fundamental principles regarding data processing conditions are complied with.

Personal data may be transferred abroad to third parties only if the company and the data controller in the relevant country provide a written guarantee of adequate protection, the Personal Data Protection Board authorizes this processing, and at least one of the data processing conditions set forth in Articles 5 and 6 of the Law is met.
You can find the conditions and detailed information regarding the transfer of your personal data in our Personal Data Protection and Processing Policy on our website.