Personal Data Processing Policy

CONTENTS

LOGIN

I. IMPORTANCE OF PROTECTION OF PERSONAL DATA

Protection of personal data is a constitutional right and is within the scope of our Company’s priorities. As a matter of fact, for this purpose, it is aimed to establish a system that is constantly updated in our Company and this policy has been established. Within the scope of the Personal Data Protection Law No. 6698, as the Data Controller, “ENTO KULAK BURUN BOĞAZ ÖZEL SAĞLIK HİZMETLERİ A.Ş.” ( briefly “ENTOCBB” below) will be referred to as ), KAZIM DIRIK MAH 364/1 SOK. NO:36/A Bornova – İZMİR, this Policy is made in order to fulfill the general disclosure obligation and to determine the basic principles of our Company’s personal data processing rules, and within this scope, our customers, potential customers, employees, employee candidates, interns, supplier/subcontractor employees and officials. The basic principles regarding the protection of personal data of our company shareholders, company partners, visitors and third parties whose data we process are regulated.

Necessary procedures are organized within the company for the implementation of the subjects specified in this Policy, clarification texts are prepared in accordance with the Personal Data Processing Inventory specific to the categories of persons , personal data protection and confidentiality agreements are made with the company employees and third parties who have access to personal data, and job descriptions are revised, Necessary administrative and technical measures are taken by “ ENTO KBB ” for the protection of personal data , and necessary inspections are made or made to be done in this context. The issue of Protection of Personal Data is also embraced by the senior management, and a special committee should be formed on this subject ( ENTO KBBB KVKK Team List Ref: LS.01), personal data protection processes are managed.

II. PURPOSE OF THE POLICY

The main purpose of this Policy is to set forth the principles of personal data processing and the protection of personal data, carried out in accordance with the law by “ ENTO KBB” , and to ensure transparency by enlightening and informing the persons whose personal data are processed by our company.

III. SCOPE

This Policy; The persons we have categorized under the headings of “our customers, potential customers, employees, employee candidates, interns, supplier/subcontractor employees and officials, our company shareholders, company partners, visitors and other third parties whose data we process” are automated or part of any data recording system. regarding all personal data we process by non-automatic means, provided that

IV. IMPLEMENTATION OF POLICY AND RELEVANT LEGISLATION

Relevant legal regulations in force on the processing and protection of personal data will find application first. In case of inconsistency between the current legislation and the Policy, our Company accepts that the applicable legislation will find an area of application.

V. ACCESS AND UPDATE

The Policy is published on the website of our Company at www.entokbb.com and is made available to the relevant persons upon the request of the personal data owners and is updated when necessary.

PROCESSING PERSONAL DATA

Ento KBB, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law No. 6698, regarding the processing of personal data; in accordance with the law and the rules of honesty, accurate and up-to-date when necessary; for specific, explicit and legitimate purposes; may engage in personal data processing activities in a limited and measured manner in connection with the purpose. Ento KBB retains personal data for as long as required by law or for the purpose of processing personal data.
Ento KBB processes personal data based on one or more of the conditions in Article 5 of the KVK Law No. 6698, in accordance with Article 20 of the Constitution and Article 5 of the KVK Law No. 6698.
Ento KBB processes the personal data of employees and employee candidates based on the purposes of work inclination and performance of the employment contract, in accordance with Article 419 of the Code of Obligations, without prejudice to the KVK Law No. 6698.
Ento KBB informs the personal data owners in accordance with Article 20 of the Constitution and Article 10 of the KVK Law No. 6698, and provides the necessary information in case the personal data owners request information and apply to exercise their rights arising from the law, and responds to the applications within the legal time limit. .
Ento KBB acts in accordance with the regulations stipulated for the processing of special quality personal data in accordance with Article 6 of the KVK Law No. 6698.
Ento KBB complies with the rules stipulated in the law regarding the transfer of personal data in accordance with the 8th and 9th articles of the KVK Law No. 6698 and takes into account the decisions taken by the KVK Board and the communiqués published and the safe country lists.

I. PROCESSING PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES AND RULES OFFERED IN THE LEGISLATION

1. PRINCIPLES OF PROCESSING PERSONAL DATA

A) PROCESSING IN COMPLIANCE WITH LAW AND INTEGRITY

Ento ENT; acts in accordance with the principles brought by legal regulations and the rule of honesty in the processing of personal data. In this context, Ento KBB takes action by determining the legal grounds that will require the processing of personal data, takes into account the proportionality requirements, does not use personal data outside of what is required for the purpose, and does not perform any processing activities without the knowledge of individuals.

B) ENSURING PERSONAL DATA ARE ACCURATE AND UP-TO-DATE WHEN NECESSARY

Ento ENT; It ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legitimate interests, and takes the necessary measures in this direction. In this context, we try to keep the data on all categories of people up to date. In particular, customer and potential customer data are carefully updated, and marketing and promotional e-mails and offers are not sent to individuals against their consent.

C) PROCESSING FOR SPECIFIC, EXPLICIT AND LEGITIMATE PURPOSES

Ento KBB clearly and precisely determines the legitimate and lawful purpose of processing personal data. Ento KBB processes personal data as much as necessary and in connection with the service it offers. The purpose for which personal data will be processed by Ento KBB is determined before the processing activity and is also processed in the ” Personal Data Inventory” .

D) BEING RELATED TO THE PURPOSE FOR WHICH THEY ARE PROCESSED, LIMITED AND PROPORTIONATE

Ento KBB processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not relevant or needed for the realization of the purpose. In this context, processes are constantly reviewed and the principle of ” data minimanisation/reduction of personal data” is tried to be implemented.

Retention of Personal Data for the Time Provided in the Relevant Legislation or Required for the Purpose for which they are Processed Ento KBB only retains personal data for as long as specified in the relevant legislation or required for the purpose for which they are processed. In this context, Ento KBB first determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period, in this context, it takes into account the legal and criminal statute of limitations and stores personal data for the period required for the purpose for which they are processed. In case of expiration of the period or the disappearance of the reasons requiring its processing, the personal data is “DISTORAGE Procedure” within the scope of Ento KBB ISMS.(Ref: BGYS PR.13) as well as being deleted, destroyed or anonymized according to the KVKK-PO-02 Deletion and Destruction Policy.

2. RULES FOR THE PROCESSING OF GENERAL PERSONAL DATA

The protection of personal data is a right defined in the Constitution, and fundamental rights and freedoms can only be limited by law, without affecting their essence, depending on the reasons specified in the relevant articles of the Constitution. Pursuant to the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by the law or with the explicit consent of the person. Our company processes personal data without seeking the explicit consent of the person concerned, only if the following conditions are met;

clearly stipulated in the law,
It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,
It is mandatory for the data controller to fulfill its legal obligation,
The person concerned has been made public by himself,
Data processing is mandatory for the establishment, exercise or protection of a right,
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

In the absence of the above conditions, our Company applies the explicit, free will and informed consent of the person concerned. Especially in the field of Human Resources and labor relations, taking into account the dependency relationship of the employee, it is essential that the data be based primarily on legal reasons other than consent, but in the absence of these reasons, explicit consent is applied. On the other hand, in activities such as marketing, processing is carried out based on the consent of the person concerned. However, in any case, in all cases where personal data is processed , data processing activities based on “ Employee Disclosure Statement ” are carried out.

3. RULES FOR THE PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

By Ento KBB, with the KVK Law No. 6698, ” special qualityIn the processing of personal data determined as ”, the regulations stipulated in the KVK Law No. 669 are complied with. In Article 6 of the KVK Law No. 6698, a number of personal data that carry the risk of causing victimization or discrimination when processed unlawfully are designated as “special quality” and care and sensitivity should be shown in the processing of these data. These; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. By our Company in accordance with the KVK Law No. 6698; Special categories of personal data are processed in the following cases, provided that necessary precautions are taken: (Ref:

Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws or based on the express consent of the personal data owner,
Special categories of personal data related to the health and sexual life of the personal data owner, on the other hand, are only for the purposes of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, or persons or authorized institutions and organizations that are under the obligation of confidentiality. or with the express consent of the personal data owner.
Regardless of the reason, general data processing principles are always taken into account in the processing processes and compliance with these principles is ensured (Article 4 of the KVK Law).

Regarding the protection of sensitive data, “KVKK-PO-03 Special Quality Personal Data Policy” has been put into effect in our company, and our business units act in accordance with the provisions of this policy and necessary measures are taken.

4. CLARIFICATION AND INFORMING OF RELEVANT PERSONS WHOSE DATA IS PROCESSED

Ento KBB enlightens the personal data owners during the acquisition of personal data in accordance with Article 10 of the KVK Law No. 6698. In this context, information is provided to the person whose data is processed, for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data and the rights of the person whose personal data is processed due to legal reasons. In Article 11 of the KVK Law No. 6698, “Requesting Information” is also listed among the rights of the data subject whose personal data is processed, and within this scope, Ento KBB, whose personal data is processed in accordance with Article 20 of the Constitution and Article 11 of the KVK Law No. 6698. If the person concerned requests information, necessary information is provided, and Ento ENT and our website https://entokbb.com/Transactions are made with the ” Application form” in .

II. TRANSFERRING PERSONAL DATA

Ento KBB can transfer the personal data and sensitive personal data of the person whose personal data is processed to third parties by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. In this direction, Ento KBB acts in accordance with the regulations stipulated in Article 8 of the KVK Law No. 6698.

1. PRINCIPLES OF TRANSFER OF PERSONAL DATA

Ento KBB may transfer personal data to third parties based on one or more of the personal data processing conditions specified in Article 5 of the Law listed below for legitimate and lawful personal data processing purposes and in a limited manner:

If there is express consent of the person whose personal data is processed, based on this; or

If there is a clear regulation in the law regarding the transfer of personal data,
If it is necessary for the protection of the life or physical integrity of the personal data owner or someone else, and the personal data owner is unable to express his consent due to actual impossibility or if his consent is not legally valid;
If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is mandatory for our company to fulfill its legal obligation,
If the personal data has been made public by the person concerned,
If personal data transfer is necessary for the establishment, exercise or protection of a right,
Provided that it does not harm the fundamental rights and freedoms of the person whose personal data is processed, personal data is transferred if it is necessary for the legitimate interests of our Company.

Regardless of the reason, general data processing principles are always taken into account in the transfer processes and compliance with these principles is ensured (Article 4 of the KVK Law).

2. TRANSFER OF PRIVATE PERSONAL DATA

Ento KBB by showing due diligence, taking the necessary security measures and taking the technical and administrative adequate measures prescribed by the KVK Board; In accordance with the legitimate and lawful personal data processing purposes, it can transfer the sensitive data of the person whose personal data is processed to third parties in the following cases.

on the basis of the express consent of the person concerned, or
if the person concerned does not have express consent;
Sensitive personal data other than the health and sexual life of the personal data subject (race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, criminal conviction and data on security measures) and biometric and genetic data), in cases stipulated by law,
Private personal data regarding the health and sexual life of the person concerned can only be collected by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. can be processed.

Regardless of the reason, general data processing principles are always taken into account in the transfer processes and compliance with these principles is ensured (Article 4 of the KVK Law).

3. TRANSFER OF PERSONAL DATA ABROAD

Ento KBB can transfer the personal data and sensitive personal data it processes to third parties by taking the necessary security measures in line with the legal personal data processing purposes. Personal data by Ento KBB; The data controllers in Turkey and in the relevant foreign country undertake in writing to provide adequate protection to the countries that are compliant with GDPR by the KVK Board, to foreign countries that are declared to have adequate protection (“Foreign Country with Sufficient Protection”), or in the absence of sufficient protection, and It is transferred to foreign countries where the permission of the Board of Directors (“Foreign Country Where the Data Controller Undertaking Adequate Protection Is Located”). In this direction, Ento KBB acts in accordance with the regulations stipulated in Article 9 of the KVK Law No. 6698.

Ento KBB, in line with the legitimate and lawful personal data processing purposes, if there is an explicit consent of the person whose personal data is processed or there is no explicit consent of the person whose personal data is processed, in case of existence of one of the following situations, the personal data is “A Data Controller Who Has Sufficient Protection or Who Commits Adequate Protection”. It can transfer to “Foreign Countries” and “GDPR” complied countries:

If there is a clear regulation in the law regarding the transfer of personal data,
If it is necessary for the protection of the life or bodily integrity of the person whose personal data is processed or someone else, and if the person whose personal data is processed is unable to express his/her consent due to actual impossibility or if his/her consent is not legally valid;
If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is mandatory for Ento KBB to fulfill its legal obligation,
If the personal data has been made public by the person concerned,
If personal data transfer is necessary for the establishment, exercise or protection of a right,
Personal data transfer is mandatory for the legitimate interests of Ento KBB, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

4. PURPOSES OF TRANSFER OF PERSONAL DATA BY OUR COMPANY AND CATEGORIES OF PERSONS TRANSFERRED TO

A) DATA TRANSFER PURPOSES

Ensuring the fulfillment of Ento KBB’s activities and establishment purposes, Ento KBB outsourced services from the supplier and necessary to carry out Ento KBB’s commercial activities are provided to Ento KBB, Ento KBB’s human resources and employment policies are carried out, Ento KBB Data transfer is carried out for the purposes such as fulfilling the obligations of the KBB within the framework of occupational health and safety and ensuring that the necessary measures are taken.

B) PERSONS TO WHOM DATA IS TRANSFERRED

Ento KBB Personal data may be transferred to the following categories of persons in accordance with Articles 8 and 9 of the KVK Law No. 6698 :

Authorized Public Institutions	Public institutions and organizations authorized to receive information and documents from Ento KBB	Data sharing is carried out in accordance with the provisions of the relevant legislation.
Authorized Private Law Persons	Private law persons authorized to receive information and documents from Ento KBB	Data sharing is limited to the purpose requested by the relevant private legal persons within their legal authority.
Work partners	Parties with whom Ento KBB has established business partnerships for purposes such as sales, promotion and marketing of Ento KBB’s products and services, after-sales support, and execution of joint customer loyalty programs	Limited data sharing is made in order to ensure that the purposes of the establishment of the business partnership are fulfilled.
suppliers	Parties that provide services to or are served by our Company while carrying out the commercial activities of Ento KBB	Data sharing is limited in order to ensure that the services that Ento KBB outsources from the supplier and that are necessary to carry out the commercial activities of our Company are provided to Ento KBB or by Ento KBB.

Transfers made by Ento KBB are in accordance with the principles and rules set forth in this Policy.

PERSONAL DATA CATEGORIZATIONS

The persons whose data are processed in Ento KBB and the data processed in this context are categorized as follows;

PERSON CATEGORY

Employee Candidate	Natural persons who have applied for a job to Ento KBB by any means or have opened their CV and related information to Ento KBB’s review.
Worker	Natural persons working at Ento KBB
Potential Customer	Real persons who have requested or been interested in using our products and services, or who have been evaluated in accordance with the rules of commercial practice and honesty that they may have
Supplier Employee	Natural persons working in institutions (such as but not limited to business partners, suppliers) with which Ento KBB has any business relationship
Supplier Official	Shareholders and officials of institutions with which Ento KBB has business relations are natural persons
Customer	Real persons who use or have used the products and services offered by Ento KBB, regardless of whether Ento KBB has any contractual relationship or not.
Visitor	Real persons who have entered the physical campuses owned by Ento KBB for various purposes or visited our websites
OTHER	Third-party real persons (e.g. Family Members and relatives) who are related to Ento KBB in order to ensure the security of commercial transactions between the above-mentioned parties or to protect the rights of the said persons and to obtain benefits.

DATA CATEGORY

Identity Data	Clearly belonging to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; Information contained in documents such as Driver’s License, Identity Card, Residence, Passport, Attorney’s Identity, Marriage Certificate
Contact Data	Clearly belonging to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; information such as phone number, address, e-mail
Location Data	Clearly belonging to an identified or identifiable natural person; processed partially or fully automatically or non-automatically as part of the data recording system; Information that determines the location of the personal data owner during the use of our products and services or the employees of the institutions we cooperate with our employees while using the vehicles of Ento KBB
Personnel Data	Clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; All kinds of personal data processed for the purpose of obtaining the information that will form the basis of the personal rights of our employees or real persons who have a working relationship with Ento KBB
Legal Transaction and Compliance Data	Clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; Your personal data processed within the scope of determination, follow-up and performance of our legal receivables and rights, and compliance with our legal obligations and our company’s policies
Customer transaction Data	Clearly belonging to an identified or identifiable natural person and included in the data recording system; Information such as records for the use of our products and services and the customer’s instructions and requests for the use of products and services
Physical Space Security Data	Clearly belonging to an identified or identifiable natural person and included in the data recording system; Personal data regarding the records and documents taken at the entrance to the physical space, during the stay in the physical space
Transaction Security Data	Clearly belonging to an identified or identifiable natural person and included in the data recording system; Personal data processed to provide technical, administrative, legal and commercial security while carrying out activities.
Risk Management Data	Clearly belonging to an identified or identifiable natural person and included in the data recording system; Personal data processed through methods used in accordance with generally accepted legal, commercial practice and good faith in these areas so that we can manage our commercial, technical and administrative risks.
Financial Data	Clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the personal data owner
Performance and Career Development Data	Clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; Personal data processed for the purpose of measuring the performance of our employees or real persons who have a working relationship with our Company, and planning and carrying out their career developments within the scope of our company’s human resources policy
Marketing Data	Clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; Personal data processed for the marketing of our products and services by customizing them in line with the usage habits, tastes and needs of the personal data owner, and the reports and evaluations created as a result of these processing results
Visual and Audio Data	Clearly belonging to an identified or identifiable natural person; is personal data that is partially or fully processed automatically or non-automatically as part of a data recording system; For example: data contained in photographs and camera recordings (excluding the recordings included within the scope of Physical Space Security Information), audio recordings and documents that are copies of documents containing personal data
Private Data (Health, Sexual Life)	Data on health and sexual life, Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership in associations, foundations or unions, criminal convictions and security measures, and biometric and genetic data

LEGAL BASIS AND OBJECTIVES OF PROCESSING PERSONAL DATA

I. LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

1. GENERAL PRINCIPLES

Although the legal grounds for the processing of personal data by Ento KBB differ, all personal data processing activities are carried out in accordance with the general principles in Article 4 of the KVK Law No. 6698. According to this; in any data processing

Compliance with the law and the rules of honesty,
Being accurate and up-to-date when necessary,
Processing for specific, explicit and legitimate purposes,
Being connected, limited and restrained with the purpose for which they are processed,
The general principles of storage for the period required for the purpose for which they are processed or stipulated in the relevant legislation are taken into consideration.

2. REASONS FOR COMPLIANCE WITH LAW

A) EXPLICIT CONSENT OF THE PERSONAL DATA OWNER

One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will.

B) EXPLICITLY ESTABLISHED IN LAWS

The personal data of the data owner can be processed in accordance with the law, if it is expressly stipulated in the law.

For example, reporting the identities of our Employees to the competent authorities in accordance with the Identity Reporting Legislation.

C) FAILURE TO OBTAIN THE EXPLICIT CONSENT OF THE RELATED PERSON DUE TO ACTUAL IMPOSSIBILITY

The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility, or whose consent cannot be validated, in order to protect the life or physical integrity of himself or another person. For example, sharing the health information of the employee with epilepsy with the physician.

D) BEING DIRECTLY RELATED TO THE ESTABLISHMENT OR PERFORMANCE OF THE CONTRACT

It is possible to process personal data if it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract. For example, obtaining a CV from the candidate for the establishment of a Service (Business) contract, obtaining an address for notification within the scope of the contract.

E) FULFILLING THE LEGAL OBLIGATION OF THE COMPANY

Personal data of the data owner may be processed if processing is necessary for Ento KBB to fulfill its legal obligations as data controller. For example, processing family information of dependents to benefit the Employee from the Minimum Living Allowance.

F) PUBLICIZING THE PERSONAL DATA OF THE PERSONAL DATA OWNER

If the data owner has made his personal data public by himself, the relevant personal data may be processed. For example, if the customers of our Company present their complaints, requests or suggestions on a public platform on the internet, these customers will make their relevant information public. In this case , it is possible to process the data by the Ento ENT officer, limited to responding to complaints, requests or suggestions.

G) MANDATORY DATA PROCESSING FOR THE ESTABLISHMENT OR PROTECTION OF A RIGHT

If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed. For example, the storage of evidential data (sales contract, invoice) and their use when necessary.

H) OBLIGATORY DATA PROCESSING FOR THE LEGITIMATE INTEREST OF OUR COMPANY

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if it is necessary to process the data for the legitimate interests of Ento KBB. For example, monitoring critical points against theft or for occupational safety with the security camera of Ento KBB .

3. PROCESSING OF PRIVATE PERSONAL DATA AND REASONS FOR COMPLIANCE WITH LAW

Special categories of personal data can be processed by Ento KBB only if the personal data owner does not have express consent, provided that adequate measures to be determined by the KVK Board are taken, only in cases stipulated by the laws. Persons or authorized institutions and organizations that are under the obligation to keep confidential, only for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. can be processed by Regardless of the reason, general data processing principles are always taken into account in the processing processes and compliance with these principles is ensured (Article 4 of the KVK Law).

II. PURPOSE OF PROCESSING PERSONAL DATA

Ento KBB processes personal data limited to the purposes and conditions within the personal data processing conditions specified in paragraph 2 of Article 5 of the KVK Law No. 6698 and paragraph 3 of Article 6. In the data processing process, the above-mentioned legal bases are taken into account, and if there are no other legal compliance reasons, the consent of the person concerned is requested. Here, too, general principles control is carried out within the scope of Article 4, and above all, it is sought that the data processing activity is generally compatible with the principles of legality. The consent of the person concerned is obtained “in an open, informed and free-willed manner”. The purposes of processing personal data are also stated in our Company’s ” Personal Data Inventory “.

In Ento KBB, personal data is processed especially for the following purposes;

In order to fulfill the mutual obligations arising from the employment contract as the employer, the personal data of the employees must be processed. Personal data of employees; in accordance with the law and the rules of honesty, accurate and up-to-date when necessary; for specific, explicit and legitimate purposes; It is processed and stored in a limited and measured way in connection with the purpose. In this context, the legal interests of Ento KBB, the conditions clearly stipulated in the law, the employment of employees, provided that the processes of establishment, performance and termination of the employment contract are carried out in accordance with the law, in line with the purposes necessary for the employees to be employed in accordance with the law. fulfillment of legal obligations, establishment of the right in cases of legal proceedings,
Within the scope of the activities required by Ento KBB’s field of activity, the legitimate interests of the employer require the processing of personal data of the employees. As a matter of fact, it is possible to process personal data of employees for reasons such as preventing abuse, preventing theft, ensuring general safety or occupational health and safety. However, in this case, great care is taken not to harm the fundamental rights and freedoms of the employees.
The majority of the personal data of the employees being processed is obtained from the information given to Ento KBB by the employees. Again, in some cases, personal data of employees may come to Ento KBB from internal sources such as Ento ORL managers or from the references of employees or from data in systems established by public institutions and organizations due to work life requirements.
Personal data of employees being processed, application forms and references of employees, employment contracts and changes, employee contact information, information required for payroll, family or close information such as people to be contacted in case of emergency, employee training records, performance evaluation records, disciplinary records, camera information such as records.
There are rules in the policies and procedures in Ento KBB regarding the processing of personal information of employees. In this regard, the “Personal Data Protection and Processing Policy” on Ento KBB’s website can be examined. The aforementioned document, which is also available on Ento KBB’s own intranet system, can also be obtained from the Human Resources Unit in a paper/hard copy environment.
Employee health information is also among the personal data processed. As a rule, information regarding the health and sexual lives of employees is processed by persons or authorized institutions and organizations under the obligation of keeping confidentiality, for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. In this context, the health data of the employees and the details about them are available at the workplace doctor and the health unit as a rule.

In the event that the employee becomes a member of a union after the status of “employee” (which is not requested in the employee candidacy category), union membership can also be processed in accordance with the clear provisions of the law in order to fulfill the requirements of the legal legislation. Apart from this, race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, and biometric and genetic data of employees are not included in the processed personal data as a rule, unless clearly stipulated in the law. , requirements are carefully evaluated before personal data is processed.
Ento KBB has control and surveillance over information communication tools (telephone, mobile phones, computers and internet). Law No. 5651 and the legitimate interests of Ento KBB constitute the legal basis of these practices.
Vehicle tracking system can be applied in vehicles belonging to Ento KBB for the reasons of “security, more effective management of vehicles and personnel”. The said activity is also based on the legitimate interests of Ento KBB, and is carried out on the condition that it does not harm the fundamental rights and freedoms of the employees.
In line with the aim of ensuring the execution of the human resources policies of Ento KBB; Recruitment of suitable personnel for vacant positions in accordance with Ento KBB human resources policies, execution of human resources operations in accordance with Ento KBB’s human resources policies, selection of employee candidates, management of personnel affairs, determination of training and career plans, fulfillment of obligations within the framework of occupational health and safety, and Taking the necessary measures constitutes the purposes of processing personal data.
Personal data of supplier / subcontractor employees can also be processed by our Institution. As a matter of fact, in the Law No. 6331, the documents and information that should be checked regarding the employees coming from another workplace regarding occupational health and safety have been specified to the main employer. Likewise, in the Labor Law No. 4857 and the Social Insurance and General Health Insurance Law No. 5510, obligations regarding sub-employer workers and temporary workers have been introduced to the main employer, and the issues to be controlled within this scope have been specified. Accordingly, the processing of the personal data of the workers working in our workplace depending on the supplier and other employer is based on the legitimate interests of our business, especially the legal amendments in question.
Personal data, also:
Execution of emergency management processes,
Execution of information security processes,
Conducting audit/ethics activities,
Carrying out educational activities,
Execution of access authorizations,
Execution of activities in accordance with the legislation,
Execution of finance and accounting works,
Execution of company/product/service commitment processes,
Ensuring physical space security,
Execution of assignment processes,
Follow-up and execution of legal affairs,
Carrying out internal audit/investigation/intelligence activities,
Conducting communication activities,
Execution of goods/services/production and operation processes,

Execution of customer relations processes,
Carrying out activities for customer satisfaction,
Organization and event management,
Conducting marketing analysis studies,
Execution of performance evaluation processes,
Execution of advertisement/campaign/promotion processes,
Execution of risk management processes,
Carrying out storage and archiving activities,
Conducting social responsibility and civil society activities,
Execution of contract processes,
Carrying out sponsorship activities,
Carrying out strategic planning activities,
Follow-up of requests / complaints,
Ensuring the security of movable property and resources,
Execution of supply chain management processes,
Execution of marketing processes of products/services,
Ensuring the security of data controller operations,
Foreign personnel work and residence permit procedures,
Execution of investment processes,
Providing information to authorized persons, institutions and organizations,
Execution of management activities,
It is processed in our Relevant Units for the purpose of creating and tracking visitor records.

For the purposes of occupational health and safety, general security, product safety, camera monitoring at the workplace is carried out by taking into account the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of our visitors, the persons whose data is processed in this context, and especially the employees.

STORAGE, DELETING, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

Although Ento KBB has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law No. 6698, in the event that the reasons requiring its processing are eliminated, Ento KBB’s own decision or upon the request of the personal data owner. personal data is deleted, destroyed or anonymized.

I. STORAGE OF PERSONAL DATA AND DURATION OF STORAGE

Ento KBB keeps personal data for the period specified in the relevant legislation, if it is stipulated in the relevant laws and legislation. If a period of time is not regulated in the legislation regarding how long personal data should be stored, personal data is processed for the period that requires it to be processed in accordance with the practices of Ento KBB and the practices of its commercial life, depending on the services provided by our company while processing that data. It can be kept for the purpose of asserting the right or establishing the defense. Despite the expiry of the statute of limitations and the statute of limitations for the right to assert the aforementioned right in the establishment of the periods herein, the storage periods are determined on the basis of the examples previously submitted to Ento KBB on the same issues. In this case, the stored personal data is not accessed for any other purpose and access is provided only when it is required to be used in the relevant legal dispute. Here, too, personal data is deleted, destroyed or anonymized after the aforementioned period expires.

II. DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA

Personal data is processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law No. 6698, in case the reasons requiring processing are eliminated, at the discretion of Ento KBB or upon the request of the personal data owner. deleted, destroyed or anonymized. In this context, Ento KBB fulfills its obligations with the methods described in this section.

1. DELETION OF PERSONAL DATA

A) DELETION OF PERSONAL DATA

Although Ento KBB has been processed in accordance with the provisions of the relevant law, it may delete personal data upon its own decision or upon the request of the personal data owner, in case the reasons requiring processing are eliminated. Deletion of personal data is the process of making personal data inaccessible and non-reusable for relevant users . All necessary technical and administrative measures are taken to ensure that the personal data deleted in Ento KBB is not accessible and reusable for the relevant users.

B) PROCESS OF DELETION OF PERSONAL DATA

The process to be followed in the deletion of personal data is as follows:

Personal data that will be the subject of deletion
Identifying relevant users for each personal data using an access authorization and control matrix or a similar system.
Determining the authorizations and methods of the relevant users such as access, retrieval, reuse
Closing and eliminating the access, retrieval, reuse authorization and methods of the relevant users within the scope of personal data.

C) METHODS OF DELETION OF PERSONAL DATA

Since personal data can be stored in various recording media, they are deleted by methods suitable for recording media.

2. DESTRUCTION OF PERSONAL DATA

A) DESTRUCTION OF PERSONAL DATA

Although Ento KBB has been processed in accordance with the provisions of the relevant law, it may destroy personal data at its own discretion or upon the request of the personal data owner, in the event that the reasons requiring its processing are eliminated. Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way . Ento KBB takes all necessary technical and administrative measures regarding the destruction of personal data.

B) METHODS OF DESTRUCTION OF PERSONAL DATA

In order to destroy personal data, all copies of the data are detected and the systems with the data are destroyed one by one.

3. ANONYMIZATION OF PERSONAL DATA

A) ANONYMIZATION OF PERSONAL DATA

Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data. Our company can anonymize personal data when the reasons that require the processing of personal data processed in accordance with the law are eliminated. Personal data is anonymized by making it impossible to associate with an identified or identifiable natural person, even by using appropriate techniques for the recording medium and the relevant field of activity, such as returning it by the data controller or recipient groups and/or matching the data with other data. Ento KBB takes all necessary technical and administrative measures to anonymize personal data.

Personal data that has been anonymized in accordance with Article 28 of the KVK Law No. 6698 may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of the KVK Law No. 6698, and the explicit consent of the personal data owner will not be sought.

B) METHODS OF ANONYMIZATION OF PERSONAL DATA

Anonymization is the removal or alteration of all direct and/or indirect identifiers in a data set, preventing the identification of the data subject from being identified, or losing its distinctiveness in a group or crowd in a way that cannot be associated with a natural person. Data that does not point to a specific person as a result of blocking or losing these features is considered anonymized data. The purpose of anonymization is to break the link between the data and the person identified by this data. All of the bond breaking processes carried out by methods such as automatic or non-automatic grouping, masking, derivation, generalization, randomization applied to the records in the data recording system where personal data is kept are called anonymization methods.

RIGHTS OF RELATED PERSONS

THE SCOPE OF THE RIGHTS OF RELATED PERSONS AND THE USE OF THESE RIGHTS
1. Rights of Relevant Persons

Persons whose personal data are processed in Ento KBB have the following rights:

Learning whether personal data is processed or not,
If personal data has been processed, requesting information about it,
Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing have disappeared, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and requesting that the transaction carried out within this scope be notified to the third parties to whom the personal data has been transferred,
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
In case of loss due to unlawful processing of personal data, requesting the compensation of the damage

2. EXERCISE OF RIGHTS OF RELEVANT PERSONS

It is necessary and sufficient for the Relevant Persons to submit their requests regarding the exercise of the above-mentioned rights in accordance with the 1st paragraph of the 13th article of the KVK Law No. 6698 to our Company by the following methods;

Application Method	Address to apply	Information to be Specified in the Application Submission
Personal Application	ENTO EAR NOSE THROAT SPECIAL HEALTH HIZMETLERI INC. KazimDirik mah. 364/1 street no:36/ A Bornova / IZMIR
(The applicant’s		“Personal” on the envelope
Coming in person		Data Protection Law
Proof of identity		Information Request within the Scope”
with the document		It will be written.
to apply)
Notification via Notary Public	ENTO EAR NOSE THROAT SPECIAL HEALTH HIZMETLERI INC. KazimDirik mah. 364/1 street no:36/ A Bornova / IZMIR	“Information Request Under the Law on Protection of Personal Data” will be written in the notification envelope.
	ento@hs01.kep.tr
“Secure Electronic signature”		In the subject of the e-mail
By signing with		“Protection of Personal Data
Registered Electronics		Law Information Request”
Mail (KEP)		It will be written.
By

In the application;

Name, surname and signature if the application is written, TR Identity Number for Turkish citizens, nationality, passport number or identification number, if any, settlement or workplace address for notification, e-mail address, telephone and fax number, if any, subject to notification, subject of request. , is mandatory. Information and documents related to the subject are also attached to the application.

It is not possible to make a request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person to apply . In the application containing your explanations regarding the right you have as the personal data owner and you will make and request to use the above-mentioned rights; The subject you request must be clear and understandable, the subject you request is related to yourself or if you are acting on behalf of someone else, you must be specifically authorized in this regard and document your authority, the application must contain your identity and address information, and documents confirming your identity must be attached to the application.

It is not possible to make a request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make a request, there must be a special power of attorney issued by the personal data owner on behalf of the person to apply.

The application form for the data owners is available on the website of Ento KBB ( https://www.entokbb.com ).

3. RESPONDING TO APPLICATIONS

If the personal data owner submits his request to Ento KBB in accordance with the prescribed procedure, Ento KBB will conclude the relevant request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost, Ento KBB will charge the applicant the fee in the tariff determined by the KVK Board. Ento KBB may request information from the person concerned in order to determine whether the applicant is the owner of personal data. Ento KBB may ask questions about the personal data owner’s application in order to clarify the issues in the personal data owner’s application. Applications are managed within Ento ENT according to the “ Relevant Person Application ”.

ENSURING THE SECURITY OF PERSONAL DATA

I. TECHNICAL AND ADMINISTRATIVE MEASURES TO ENSURE THE LEGAL PROCESSING OF PERSONAL DATA

Ento KBB takes all necessary technical and administrative measures within the scope of ISMS to ensure that personal data is processed in accordance with the law. In this context,

Within the scope of our company, a Data Inventory compatible with the VERBIS system is prepared (Data Mapping), where compliance with the law and purpose audits are carried out.

“ Information (Information) Statement ” has been put into effect in order for Ento KBB to fully and accurately fulfill its obligation to inform the relevant persons .
Employees on the law of protection of personal data and the processing of personal data in accordance with the law.
All activities carried out by Ento KBB are analyzed in detail specific to all business units, and as a result of this analysis, personal data processing activities are revealed, specific to the activities carried out by the relevant business units.
Personal data processing activities carried out by business units of Ento KBB; The requirements to be fulfilled in order to ensure that these activities comply with the personal data processing conditions sought by the KVK Law No. 6698 are specific to each business unit and the detailed activity it carries out.
Contracts and documents governing the legal relationship between Ento KBB and employees, except for the instructions of Ento KBB and the exceptions brought by law, are subject to the obligation not to process, disclose or use personal data, and awareness of employees is created and audits are carried out.
Contracts and documents governing the legal relationship between Ento KBB and the third parties that process the data for which Ento KBB is responsible, except for the instructions of Ento KBB and the exceptions brought by the law, are subject to the obligation not to process, disclose or use personal data, and in this regard , within the scope of “ISMS ” Supplier and Contractor Confidentiality Agreement ” has been put into effect.

II. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN IN THE PROCESSING OF SPECIAL QUALITY DATA

With the KVK Law No. 6698, special importance has been attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Ento KBB acts sensitively in the protection of special quality personal data, which is determined as “special quality” by the KVK Law No. 6698 and processed in accordance with the law. In this context, technical and administrative measures taken by Ento KBB for the protection of personal data are carefully implemented in terms of special quality personal data and necessary inspections are provided. In this context;

A “Special Quality Personal Data Policy” has also been prepared regarding the security and processing principles of special quality personal data.
For employees involved in the processing of sensitive personal data, regular trainings are provided on the Law and related regulations, as well as on sensitive personal data security, confidentiality agreements are made, the scope and duration of authorization of users who have access to data are clearly defined, and authorization controls are carried out, The authorizations of employees who have a change of job or quit their job in this field are immediately revoked, and in this context, the inventory allocated to them by the data controller is taken as a return.
The environments where sensitive personal data are processed, stored and/or accessed, and electronic media are stored using cryptographic methods. Within the scope of ISMS, cryptographic keys are kept in secure and different environments, transaction records of all movements performed on the data are securely logged, security updates of the environments where the data are located are followed, necessary security tests are carried out, and test results are recorded.
In case the data is accessed through a software, user authorizations for this software are made, the security tests of these software are carried out regularly, and the test results are recorded. If remote access to data is required, at least two-stage authentication system is provided.
If the physical environment where sensitive personal data is processed, stored and/or accessed, adequate security measures (against electrical leakage, fire, flood, theft, etc.) unauthorized entry and exit
If sensitive personal data is to be transferred, if the data needs to be transferred via e-mail, it is provided to be transferred with an encrypted corporate e-mail address or by using a Registered Electronic Mail (KEP) account.
If Private Data needs to be transferred via media such as Memory, CD, DVD, it is encrypted with cryptographic methods and the cryptographic key is kept in a different environment.
If private data is transferred between servers in different physical environments, data transfer is carried out by establishing a VPN between servers or using the sFTP method. If private data needs to be transferred via paper media, necessary precautions are taken against risks such as theft, loss or viewing of documents by unauthorized persons.
In addition to the measures mentioned above, technical and administrative measures to ensure the appropriate level of security specified in the Personal Data Security Guide published on the website of the Personal Data Protection Authority are also taken into account.

III. TECHNICAL AND ADMINISTRATIVE MEASURES TO PREVENT ILLEGAL ACCESS OF PERSONAL DATA

Ento KBB takes technical and administrative measures within the scope of ISMS to prevent reckless or unauthorized disclosure, access, transfer or any other unlawful access to personal data.

1. TECHNICAL MEASURES TAKEN TO PREVENT UNLAWFUL ACCESS TO PERSONAL DATA

The main technical measures taken by Ento KBB to prevent unlawful access to personal data are listed below:

A) ENSURING CYBER SECURITY

In order to ensure personal data security, primarily cyber security products are used, but the measures are not limited to this, furthermore, measures such as firewall and gateway are taken within the scope of ISMS. Unused software and services are removed from devices.

B) SOFTWARE UPDATES

With patch management and software updates, it is ensured that the software and hardware work properly and that the security measures taken for the systems are adequately checked regularly.

C) ACCESS RESTRICTIONS

Access to systems containing personal data is also restricted. In this context, employees are granted access to the extent necessary for their jobs and duties, as well as their authorities and responsibilities, and access to the relevant systems is provided by using a user name and password. While creating the aforementioned passwords and passwords, it is ensured that combinations of upper and lower case letters, numbers and symbols are preferred instead of numbers or letter sequences associated with personal information that can be easily guessed. Accordingly, an access authorization and control matrix is created within the scope of ISMS.

D) ENCRYPTION

In addition to the use of strong passwords and passwords, methods such as limiting the number of password attempts, ensuring that passwords and passwords are changed at regular intervals, opening the administrator account and admin authority for use only when necessary, and deleting the account or closing the logins without wasting time for employees who have been dismissed from the data controller. access is restricted.

E) ANTI VIRUS SOFTWARE

In order to protect against malicious software, products such as antivirus and antispam, which regularly scan the information system network and detect dangers, are used, and the necessary files are regularly scanned by keeping these up-to-date. If personal data is to be obtained from different websites and/or mobile application channels, connections are made with SSL or a more secure way.

F) MONITORING OF PERSONAL DATA SECURITY

Checking which software and services are running in information networks,
Determining whether there is an infiltration or a movement that should not occur in the information networks,
Keeping the transaction records of all users regularly (such as log records),
Reporting security issues as quickly as possible,

A formal reporting procedure is established within the scope of ISMS for employees to report security vulnerabilities in systems and services or threats using them.

Evidence is collected and securely stored in undesirable events such as the crash of the information system, malicious software, denial-of-service attack, incomplete or incorrect data entry, violations of confidentiality and integrity, abuse of the information system.

G) ENSURING THE SECURITY OF ENVIRONMENTS CONTAINING PERSONAL DATA

If personal data is stored on the devices of the data controllers at Ento KBB campuses or on paper media, physical security measures are taken against threats such as theft or loss of these devices and papers. Physical environments containing personal data are protected against external risks (fire, flood, etc.) with appropriate methods, and entry/exit to these environments is controlled.

If personal data is in electronic media, access can be restricted or separated between network components in order to prevent personal data security breach.

The same level of precautions are taken for paper media, electronic media and devices (laptop computer, mobile phone, flash memory) located outside the Ento KBB campus and containing personal data belonging to Ento KBB. Personal data to be transferred by e-mail or post are also sent carefully and by taking adequate precautions.

In case the employees access the information system network with their personal electronic devices, adequate security measures are taken for them as well.

In case of loss or theft of devices containing personal data, access control authorization and/or encryption methods are used. In this context, the encryption key is stored in an environment that only authorized persons can access, and unauthorized access is prevented.

Documents in paper media containing personal data are also stored in a locked way and in environments that can only be accessed by authorized persons, and unauthorized access to these documents is prevented.

H) STORAGE OF PERSONAL DATA IN THE CLOUD

Applications for storing personal data in the cloud can also be applied when necessary. In this case, Ento KBB should evaluate whether the security measures taken by the cloud storage service provider are also adequate and appropriate. In this context, the measures specified in the guidelines and recommendations of the KVK Board are taken into account.

İ) INFORMATION TECHNOLOGY SYSTEMS SUPPLY, DEVELOPMENT AND MAINTENANCE

Security requirements are taken into account by Ento KBB while determining the needs for the supply of new systems, development or improvement of existing systems within the scope of ISMS.

İ) BACKING UP PERSONAL DATA

In cases where personal data is damaged, destroyed, stolen or lost for any reason, the Company uses the backed up data to take action as soon as possible. Backed up personal data can only be accessed by the system administrator, and data set backups are kept out of the network.

2. ADMINISTRATIVE MEASURES TAKEN TO PREVENT UNLAWFUL ACCESS TO PERSONAL DATA

The main administrative measures taken by Ento KBB to prevent unlawful access to personal data are listed below:

Employees are informed and trained about the technical measures to be taken to prevent unlawful access to personal data.
Employees are informed that the personal data they learn cannot be disclosed to others in violation of the provisions of the KVK Law No. 6698 and cannot be used for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.
Personal Data Security Policies and Procedures within the Scope of ISMS are determined, regular controls are made, the controls are documented, and the issues that need to be improved are determined. Again, for each category of personal data, the risks that may arise and how security breaches will be managed are also clearly stated.
Reducing Personal Data as Much as Possible: Personal data should be accurate and up-to-date, and should be kept for as long as required by the relevant legislation or for the purpose for which they are processed. However, it is being evaluated whether there is still a need for data that is inaccurate, outdated and does not serve any purpose, and personal data that is not needed is deleted, destroyed or anonymized with the personal data retention and destruction policy.
Management of Relationships with Data Processors: When Ento KBB receives services from data processors to meet IT needs, when receiving services, transactions are made by making sure that at least the level of security provided by the data processors regarding personal data is provided. In this context, protective regulations regarding the protection of personal data are introduced into the contracts signed with the data processor.

IV. STORING PERSONAL DATA IN SAFE ENVIRONMENTS

Ento KBB takes the necessary technical and administrative measures according to the technological possibilities and implementation cost in order to store personal data in secure environments and to prevent their destruction, loss or alteration for unlawful purposes.

1. TECHNICAL MEASURES TAKEN FOR STORING PERSONAL DATA IN SECURE ENVIRONMENTS

The main technical measures taken by Ento KBB for the storage of personal data in secure environments are listed below:

Systems suitable for technological developments are used to store personal data in secure environments.
Technical security systems are established for the hiding areas, the technical measures taken are periodically audited by the control mechanism determined by Ento KBB, the risky issues are re-evaluated and the necessary technological solution is produced.
In order to ensure the secure storage of personal data, all necessary

infrastructures are used.

2. ADMINISTRATIVE MEASURES TO KEEP PERSONAL DATA IN SECURE ENVIRONMENTS

The main administrative measures taken by Ento KBB for the storage of personal data in secure environments are listed below:

Employees are informed about ensuring that personal data is kept securely.
In the event that an external service is received by Ento KBB due to technical requirements regarding the storage of personal data, the contracts made with the relevant companies to which the personal data is transferred in accordance with the law; Provisions are included that the persons to whom personal data are transferred will take the necessary security measures in order to protect personal data and that these measures will be complied with in their own establishments, and in this regard, the provisions of Ento KBB’s procedures within the scope of ISMS are acted upon.

V. EDUCATION

Ento KBB provides its employees with the necessary training within the scope of ISMS, KVK Policies and KVKK Regulations on the protection of Personal Data.
Particular attention is paid to the definitions and protection of Special Quality Personal Data in the trainings.
If Ento KBB’s employee has access to Personal Data physically or on a computer, Ento KBB will provide the relevant employee with training specific to these accesses (for example, the computer program accessed).

VI. AUDIT

1. RAISING AWARENESS AND SUPERVISION OF BUSINESS UNITS ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Ento KBB ensures that the necessary notifications are made to the business units in order to prevent the unlawful processing of personal data, to prevent illegal access to the data and to increase the awareness of data protection.

2. RAISING AWARENESS AND SUPERVISION OF BUSINESS PARTNERS AND SUPPLIERS ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

Ento KBB provides necessary information to its business partners in order to prevent unlawful processing of personal data, to prevent illegal access to data, and to increase awareness regarding data protection.

3. SUPERVISION OF THE MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA

Ento KBB has the right to regularly and ex officio inspection, without any prior notice, that all employees, departments and contractors of Ento KBB act in accordance with this Policy and KVK Regulations, and in this context, it carries out or has the necessary routine inspections done. The results of these inspections are evaluated within the scope of the internal functioning of Ento KBB and necessary activities are carried out to improve the measures taken.

Measures to be Taken in Case of Unauthorized Disclosure of Personal Data Ento KBB ensures that the personal data processed in accordance with Article 12 of the KVK Law No. 6698 is obtained by others unlawfully, and that this situation is notified to the relevant personal data owner and the KVK Board as soon as possible. runs the system.

prepared

APPROVED

IT Manager

ONUR BAYIR

GENERAL COORDINATOR

KENAN KILIÇ

BU BELGEYİ YAZDIRMAK VEYA İNDİRMEK İÇİN TIKLAYIN

+90 232 348 45 55 | info@entokbb.com

Online Appointment System