Our Privacy Policy

Protection of personal data is an important issue for ENAMEDİ (“enahairclinic.com”, “medexcrm.com”). enahairclinic.com, as medexcrm.com data controller, adopts the principles stipulated by the KVK Law in order to comply with the Law on the Protection of Personal Data No. 6698 (“KVK Law”), and the processing, deletion, destruction, anonymization, transfer of personal data fulfills its obligations regarding informing the data subject and ensuring data security. The Privacy and Personal Data Protection Policy regulated in this context is made available to natural persons whose personal data are processed (“Relevant Person”).

1. Scope and Purpose of Privacy and Personal Data Protection Policy
This Privacy and Personal Data Protection Policy;
Personal data collection methods and legal reasons,
Which person groups' personal data are processed (Data Subject Person Group Categorization),
Which category of personal data is processed in relation to these groups of persons (Data Categories) and sample data types,
In which business processes and for what purposes this personal data is used,
Technical and administrative measures taken to ensure the security of personal data,
To whom and for what purpose personal data can be transferred,
Personal data retention periods,
Profiling and Segmentation
What are the rights of the persons concerned over their personal data and how they can use these rights,
How the relevant persons can change their positive or negative preferences in receiving electronic commercial messages,
Sharing personal data with official authorities
It explains Cookie Usage and Management.

a. Personal Data Collection Methods and Legal Reasons
enahairclinic.com, medexcrm.com personal data specified in Article 5 of the Personal Data Protection Law No. 6698.
It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract, as clearly stipulated in the law.
The person concerned has been made public by himself
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Data processing is mandatory for the establishment, exercise or protection of a right
Based on legal reasons, it collects in audio, electronic or written form through websites, mobile applications of websites, social media accounts, cookies, call center, notifications from administrative and judicial authorities and other communication channels.

b. Data Subject Person Group Categorization
enahairclinic.com, medexcrm.com categorizes the data subject groups of persons whose personal data are processed in the personal data processing processes and activities related to these processes as follows. However, in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law, and in line with the legal reasons specified in this Privacy/Personal Data Protection Policy, personal data of other individual groups (consultant, educator, blogger) can be processed.

c. Data Categories and Example Data Types
1.
a) Member Customer
Identity Information: Name, surname, date of birth, gender, T.R. identification number
Location Information: City, county (delivery address of the shopping made through enahairclinic.com, medexcrm.com)
Contact Information: mobile phone, e-mail address, address, zip code, landline phone
Financial Information: Tax office, invoice information
Customer/Member Information: Membership information, membership ID number
Customer/Member Transaction Information: Purchased product/s, shopping amount, shopping date, call center call records, commercial communication permission, used campaigns/competitions, coupons used, order information
Risk Management Information: IP address
Transaction Security Information: Password, password information
Marketing Information: Cookie records, targeting information, reviews showing habits and likes
Audio Data: Call center call recordings
Legal Action and Compliance Information: The start and end time of the service provided, the type of service used, the amount of data transferred, the commercial electronic message permission given by the relevant person in the electronic environment, the membership agreement approved, the corporate membership agreement, enahairclinic.com, the services offered by medexcrm.com other legal texts and contracts
Marketing Information: SMS, e-mail messages or calls made by the call center for marketing purposes sent based on the commercial electronic message permission given by the person concerned.
Request/Complaint Management/Reputation Management Information: Records of the complaints and/or requests submitted by the relevant person via the website, mobile application, social media accounts or call center regarding the product or service purchased, and the transactions performed during the evaluation or management of these requests

b) Guest Customer (users who shop on the site without being a member)
Identity Information: Name, surname, date of birth, gender, T.R. identification number
Location Information: City, county (delivery address of the shopping made through enahairclinic.com, medexcrm.com)
Contact Information: mobile phone, e-mail address, address, zip code, landline phone
Financial Information: Tax office, invoice information
Guest Customer Transaction Information: Purchased products, shopping amount, shopping date, call center call records, commercial communication permission, used campaigns, order information
Risk Management Information: IP address
Transaction Security Information: Password, password information
Marketing Information: Cookie records, targeting information, reviews showing habits and likes
Audio Data: Call center call recordings
Legal Transaction and Compliance Information: The start and end time of the service provided, the type of service used, the amount of data transferred, the commercial electronic message permission given by the relevant person in the electronic environment, other legal texts and contracts that enable to benefit from the services offered by enahairclinic.com, medexcrm.com
Marketing Information: SMS, e-mail messages or calls made by the call center for marketing purposes sent based on the commercial electronic message permission given by the person concerned.
Request/Complaint Management/Reputation Management Information: Records of the complaints and/or requests submitted by the relevant person via the website, mobile application, social media accounts or call center regarding the product or service purchased, and the transactions performed during the evaluation or management of these requests

2.Online Visitor
Transaction Security Information: Password, mobile phone, password information
Legal Transaction Information/Risk Management Information: IP address
Legal Action and Compliance Information: Start and end time of the service provided, type of service utilized, amount of data transferred.

3. The Person on whose Name the Purchased Product will be Delivered
Identity Information: Name, surname, date of birth, gender, T.R. identification number
Location Information: City, county (delivery address of the shopping made through enahairclinic.com, medexcrm.com)
Contact Information: mobile phone, e-mail address, address, zip code, landline phone
Financial Information: Tax office, invoice information

4. Vendor/Supplier/Candidate Vendor/Vendor or Supplier Employee or Official
Identity Information: TR Identity Number, Name Surname
Contact Information: e-mail address, telephone, KEP address, address, mobile phone
Financial Information: Account No, Tax Office, Tax Identification Number, tax plate, IBAN
Legal Transaction and Compliance Information: Signature circular, activity certificate,
Special Qualified Personal Data/Legal Transaction Information: Signature
Visual Information: Photo

D. In Which Business Processes and For What Purposes Personal Data Are Used
1
a) Member Customer Personal Data
Execution of membership transactions,
Enahairclinic.com, e-commerce platforms (“platform”) operated by medexcrm.com; improving the services offered, developing new services and informing about it,
For the purpose of performing the Membership Agreement established with the Member Customer, for the Member Customers with commercial electronic message approval; Analyzing the preferences, tastes and needs of the Member Customer and providing special promotions, opportunities and benefits to the Member Customer,
Remarketing, targeting, profiling and analysis in line with the express consent of the Member Customer, and promoting and marketing applications, goods/products and services in line with the Member Customer's preference and liking,
Resolving member customer problems and complaints,
Improving the Member Customer experience on both the platform and the mobile application,
Follow-up of accounting and purchasing transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making necessary arrangements in order to ensure that the processed data is up-to-date and correct.

b) Guest Customer (users who shop on the site without being a member) Personal Data
To be able to shop from the platforms as a “guest”,
Improving the services offered on the platforms, developing new services and informing about it,
For Guest Customers with commercial electronic message approval; Analyzing the preferences, tastes and needs of the Guest Customer and providing special promotions, opportunities and benefits,
Remarketing, targeting, profiling and analysis in line with the express consent of the Guest Customer, and promotion and marketing of applications, goods/products and services in line with the Guest Customer's preference and taste,
Resolving guest customer problems and complaints,
Improving the Guest Customer experience on both the platform and the mobile application,
Follow-up of accounting and purchasing transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making necessary arrangements in order to ensure that the processed data is up-to-date and correct,
Fulfillment of legal obligations

2.Online Visitor Personal Data
Processing of online visitor data within the scope of Law No. 5651,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Fulfillment of legal obligations

3. Personal Data of the Person to whom the Purchased Product will be Delivered
Execution of product delivery processes,
Follow-up of accounting and purchasing transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making necessary arrangements in order to ensure that the processed data is up-to-date and correct,
Fulfillment of legal obligations

4. Personal Data of Seller/Supplier/Candidate Vendor/Vendor or Supplier Employee or Official
Execution of contract processes,
Follow-up of accounting and purchasing transactions,
Legal processes and compliance with legislation,
Answering information requests from administrative and judicial authorities,
Ensuring information and transaction security and preventing malicious use,
Making necessary arrangements in order to ensure that the processed data is up-to-date and correct,
Fulfillment of legal obligations

to. Technical and Administrative Measures Taken to Ensure the Security of Personal Data
enahairclinic.com and medexcrm.com undertake to take all necessary technical and administrative measures and to show due diligence to ensure the confidentiality, integrity and security of your personal data.
enahairclinic.com and medexcrm.com take the necessary measures to prevent unauthorized access, misuse, unlawful processing, disclosure, alteration or destruction of personal data. enahairclinic.com and medexcrm.com use generally accepted security technology standards such as firewalls and Secure Sockets Layer (SSL) encryption when processing personal data. In addition, when sending your personal data to enahairclinic.com, medexcrm.com via the website, mobile application and mobile site, this data is transferred using SSL.
Regarding the prevention of unlawful access to the personal data processed by enahairclinic.com, medexcrm.com, the prevention of unlawful processing of this data and the protection of personal data:
All areas on the website or mobile application from which personal data are obtained are protected with SSL,
Creates and implements access authorization and control matrices for its employees so that personal data collected from the website or mobile application is not processed unlawfully,
In order to ensure that personal data is not accessed unlawfully; periodically performs penetration tests, tests the system's resistance to unauthorized access,
For all secondary data processing other than the primary processing purpose, it uses the Pseudonymization (aliased data) method. It uses encryption methods in the systems where this data is located in order to ensure that the pseudonymous data makes it impossible to identify the person concerned, and applies a stricter access authorization and control policy to this data,
It ensures that personal data in paper media is kept in locked cabinets and only accessed by authorized persons.
Personal data processed through cookies belonging to third parties from which service is received, are deleted from the systems of third parties if the membership is terminated.
Although enahairclinic.com, medexcrm.com takes the necessary information security measures, in case personal data is damaged or accessed by unauthorized third parties as a result of attacks on the platforms operated by enahairclinic.com, medexcrm.com or the enahairclinic.com, medexcrm.com system, enahairclinic.com, medexcrm.com immediately notifies you and the Personal Data Protection Board of this situation and takes the necessary measures.

f. To Whom Personal Data Can Be Transferred And For What Purpose
enahairclinic.com, medexcrm.com transfers personal data to third parties only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the KVK Law. Member Customer/Guest Customer data processed in this context and the person to whom the purchased product will be delivered are shared with the seller and the cargo company, and these data can also be accessed by the call center when necessary. The information of the person on whose behalf an invoice will be issued is shared with the cargo company for the purpose of sending the invoice to the relevant person.
Mobile phone number and/or e-mail address of the Member Customer/Guest Customer; Based on the commercial electronic message approval, it is shared with the commercial electronic message tool service provider in order to provide promotion, advertisement, benefits and opportunities in line with shopping preferences, tastes and habits.
Website or mobile application usage preferences and browsing history are shared with our domestic/abroad business partners from whom cookie service is obtained, for the purpose of segmentation and communication with the Member Customer/Guest Customer in line with their tastes and preferences. Personal data transfers made within this scope, depending on the relevant scope; In all cases where there is no need to transfer the personal data of the Member Customer/Guest Customer, the transfer is made using Pseudonymous data (pseudonymous data).
Member Customer/Guest Customer data of Member Customer/Guest Customer are shared with companies that will conduct market research in order to increase customer satisfaction and loyalty.
Within the scope of reporting and statistical studies, the data of the Member Customer/Guest Customer is shared with enahairclinic.com, ENAMEDI, the partners of medexcrm.com.
In addition, your personal data will be shared with our business partners abroad for the purposes of providing business development services, providing statistical and technical services and conducting customer relations.
If the Member Customer/Guest Customer/Online Visitor reaches enahairclinic.com, medexcrm.com via the corporate Whatsapp line, they will have sent their personal data abroad, since the Whatsapp platform is a service offered from abroad. If the Member Customer/Guest Customer/Online Visitor does not want to send their personal data abroad by using Whatsapp, they will be able to use other communication opportunities offered by enahairclinic.com, medexcrm.com.
In addition to the technical measures to ensure their security, the personal data subject to domestic and international transfer we mentioned above; Considering that the other party of the legal relationship is a data controller or a data processor, it is also legally protected thanks to the provisions in line with the KVK Law included in our contracts.
While transferring personal information to countries other than Turkey during the sharing of information as stated above, it is ensured that the data is transferred in accordance with this policy and as permitted by the applicable law on data protection.

g. Personal Data Retention Periods
enahairclinic.com, medexcrm.com maintains the personal data it processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required for the purpose of processing. In our Personal Data Retention and Disposal Policy, these periods are approximately as follows:
Call Center voice recordings 3 years Law No. 6563 and related secondary legislation Records regarding membership and order 10 years Law No. 6098 All records related to accounting and financial transactions 10 years Law No. 6102, Law No. 213 Cookies Maximum 540 days Commercial electronic message confirmation records Approve 1 year from the date of withdrawal Law No. 6563 and related secondary legislation Traffic information regarding online visitors 2 years Law No. 5651 Information received due to job application and/or CVs 1 year Personal data regarding Member Customer/Guest Customers After the legal relationship ends 10 years; 3 years in accordance with the 6563 Law and the relevant secondary legislation Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502 Personal data regarding suppliers 10 years after the legal relationship ends Law No. 6102, Law No. 6098 and Law No. 213 Personal data obtained for the purpose of usability test research is obtained through Cookies for 2 weeks. You can review our Cookie Policy regarding the storage periods of the personal data we collect.

h. Profiling and Segmentation
using the personal data that enahairclinic.com processes regarding medexcrm.com Member Customer/Guest Customer;

a. Regarding the Member Customer/Guest Customer who has given consent to receive commercial electronic messages, it carries out profiling and segmentation in order to prepare more suitable content for the Member Customer/Guest Customer's tastes and preferences, and to make advertisements, promotions and discounts.
b. In terms of Member Customer/Guest Customer who have not given commercial electronic message approval, profiling and segmentation is carried out;
Product improvement (determination of the most sold or unsold product categories),
Organizing campaigns for customer groups that have the potential to buy a certain product by making models by analyzing shopping preferences and uploading them to the system,

Efforts are being made to take actions to increase the sales potential.

Within the scope of profiling and segmentation studies, the personal data of the Member Customer/Guest Customer, especially name and surname, mobile phone, e-mail or address information, are not used directly, instead, transactions are made with the Member Customer/Guest Customer IDs assigned to them. The protection of the personal data of the Customer/Member is ensured by the use of the Member Customer/Guest Customer ID or in other words pseudonymous data.
is working. Member Customer/Guest Customer IDs are accessible only to relevant persons or departments within enahairclinic.com, medexcrm.com. These IDs assigned to the Member Customer/Guest Customer are kept encrypted by enahairclinic.com, medexcrm.com within the system and access to this section is only given to limited persons.

I. What are the Rights of the Related Persons on their Personal Data and How They Can Use These Rights
The rights of the data subject on the personal data processed by enahairclinic.com, medexcrm.com, pursuant to article 11 of the KVK Law are listed below:
Learning whether personal data is processed or not,
If personal data has been processed, requesting information about it,
Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing,
Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law,
Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To request the compensation of the damage in case of loss due to unlawful processing of personal data.
In order to exercise your rights over your personal data, you can access your account from the "My Account" section of the enahairclinic.com, medexcrm.com website, mobile application and mobile site and make the necessary changes, updates and / or deletions. In addition, you can make your application and exercise your rights through the methods specified in the "Application Form" prepared in accordance with Article 13 of the KVK Law, located on the website or mobile application of the electronic commerce platforms operated by enahairclinic.com, medexcrm.com.

j. How Related Persons Can Change Their Positive or Negative Preferences for Receiving Electronic Commercial Messages
You can change or update your positive or negative preferences for receiving commercial electronic messages, which you have given at a later time, when you become a member of the website or mobile application of the electronic commerce platforms operated by enahairclinic.com, medexcrm.com, by accessing the "My Account" section.
Termination of membership does not mean withdrawing your consent to receive commercial electronic messages. For this reason, be sure to complete all the procedures to revoke your consent.
In terms of cookie management, you can follow the steps specified in our Cookie Policy.

k. Personal Data Sharing with Official Authorities
Your personal data regarding your visit or subscription to electronic commerce platforms and mobile applications operated by enahairclinic.com, medexcrm.com, and traffic information such as your navigation information; enahairclinic.com, medexcrm.com in order to fulfill its obligation under the law (fight against crime, threat to state and public security and similar but not limited to enahairclinic.com, medexcrm.com's legal or administrative obligation to notify or provide information) may share this information with public institutions and organizations that are legally authorized to request this information.

l. Cookie Usage and Management
You can review our Cookie Policy for detailed information about the cookies used by enahairclinic.com, medexcrm.com, types of cookies, their purposes, storage times and cookie management.

2. Terms of Deletion, Destruction and Anonymization of Personal Data
enahairclinic.com, medexcrm.com, keeps the personal data it processes through its website, mobile application or mobile site for the periods stipulated by the relevant laws and/or for the periods required by the processing purpose, pursuant to articles 7, 17 of the KVK Law and article 138 of the Turkish Penal Code. In the event that these periods expire, it will delete, destroy or anonymize Personal Data in accordance with the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data.
enahairclinic.com refers to the process of deleting personal data by medexcrm.com and rendering personal data inaccessible and reusable in any way for the relevant users. enahairclinic.com, medexcrm.com creates and implements a user-level access authorization and control matrix for this. It takes the necessary measures to perform the deletion in the database.
enahairclinic.com refers to the process of destroying personal data by medexcrm.com, making personal data inaccessible, unrecoverable and unusable by anyone in any way.
enahairclinic.com means the anonymization of personal data by medexcrm.com, making it impossible to associate personal data with an identified or identifiable natural person in any way, even if it is matched with other data.
enahairclinic.com, medexcrm.com, explains in detail the methods of deletion, destruction and anonymization and the technical and administrative measures it takes within the scope of the Personal Data Storage and Disposal Policy prepared in accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data. In this Policy, the period of time for the periodic destruction stipulated by the Regulation is determined as 6 months.

3. Changes to the Privacy/Personal Data Protection Policy
enahairclinic.com, medexcrm.com may make changes to this Privacy/Personal Data Protection Policy at any time. These changes will become effective immediately upon the publication of the amended new Privacy/Personal Data Protection Policy. You, our members, will be informed about the changes in this Privacy/Personal Data Protection Policy.