ClinicCRM

GDPR Information Notice

Information Notice within the Scope of Personal Data Protection Law No. 6698

Last updated: 5 Feb 2025

1. Data Controller

Pursuant to the Personal Data Protection Law No. 6698 ("KVKK"), your personal data may be processed by ClinicCRM Software and Technology Inc. (hereinafter referred to as "Company") as the data controller, within the scope explained below.

Data Controller: ClinicCRM Yazılım ve Teknoloji A.Ş.
Address: Levent Mahallesi, Büyükdere Caddesi, No:123, 34394 Şişli/İstanbul
Email: kvkk@cliniccrm.net
Phone: 0850 123 45 67

2. Processed Personal Data

The following categories of your personal data are processed by our company:

2.1. Identity Data

  • Name, surname
  • ID number
  • Tax ID number
  • Date of birth

2.2. Contact Data

  • Phone number
  • Email address
  • Address information

2.3. Customer Transaction Data

  • Appointment information
  • Service history
  • Payment records
  • Invoice information

2.4. Transaction Security Data

  • Username and password (encrypted)
  • IP address
  • Login/logout records
  • Device information

2.5. Marketing Data

  • Preferences and likes
  • Campaign participation information
  • Communication permissions

3. Purposes of Processing Personal Data

Your personal data is processed for the following purposes:

3.1. Service Delivery

  • Making the platform available
  • Providing appointment management services
  • Customer relationship management
  • Technical support services

3.2. Communication

  • SMS and email notifications
  • Appointment reminders
  • Service updates
  • Customer satisfaction surveys

3.3. Commercial Activities

  • Contract process management
  • Billing and payment transactions
  • Accounting and finance transactions

3.4. Legal Obligations

  • Fulfilling obligations arising from legislation
  • Providing information to authorized institutions and organizations
  • Audit activities

3.5. Security

  • Information security process management
  • Prevention of fraud and misuse
  • Ensuring system security

4. Transfer of Personal Data

Your personal data may be transferred to the following recipient groups in accordance with the conditions specified in Articles 8 and 9 of KVKK:

  • Business Partners: SMS delivery service providers, payment institutions
  • Suppliers: Hosting and server service providers, software companies
  • Authorized Institutions: Courts, regulatory bodies, tax offices
  • Legal Advisors: For legal process management

Your personal data is not transferred abroad. Servers located in Turkey are used for cloud services.

5. Collection Method and Legal Basis of Personal Data

Your personal data is collected by the following methods:

  • Electronically through website and mobile application
  • Through email, phone and other communication channels
  • Through cookies and similar technologies

Your personal data is processed based on the following legal grounds specified in Article 5 of KVKK:

  • Your explicit consent
  • Necessary for establishment and performance of contract
  • Mandatory for fulfillment of legal obligation
  • Mandatory for our legitimate interests

6. Rights of Personal Data Owner

You have the following rights under Article 11 of KVKK:

  • a) Right to know whether your personal data is being processed
  • b) Right to request information if your personal data has been processed
  • c) Right to learn the purpose of processing your personal data and whether they are used in accordance with their purpose
  • d) Right to know third parties to whom your personal data is transferred domestically or abroad
  • e) Right to request correction of personal data if it has been processed incompletely or incorrectly
  • f) Right to request deletion or destruction of personal data within the framework of conditions stipulated in Article 7 of KVKK
  • g) Right to request notification of operations under paragraphs (e) and (f) to third parties to whom personal data has been transferred
  • h) Right to object to a result that occurs against you by analysis of processed data exclusively through automated systems
  • i) Right to demand compensation for damage if you suffer damage due to unlawful processing of personal data

7. Application Method

You can use one of the following methods to exercise the rights listed above:

Application Channels

  • 1Email: Application with identity verification to kvkk@cliniccrm.net
  • 2Mail: Application to company address via notary or registered mail
  • 3KEP: Application via secure email to our registered email address

Your applications will be concluded within 30 days at the latest. If the process requires additional cost, the tariff determined by the Personal Data Protection Board will be applied.

8. Data Retention Period

Your personal data is stored for as long as the processing purposes require:

  • Account information: During membership and 3 years after account closure
  • Transaction records: 10 years from transaction date (per Commercial Code)
  • Invoice and payment information: 10 years (per tax legislation)
  • Communication records: 3 years
  • Log records: 2 years

9. Updates

This information notice may be revised in line with changes in legislation or company policies. The current text is always published on our website.

GDPR Application Form

You can download and fill out the application form for your personal data requests.

Download Form (PDF)
Back to Home