GDPR Compliance Text

UROSEM HEALTH SERVICES INC. As (“the Company”), the protection of personal data and ensuring data security are cornerstones of our corporate culture. In accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”), as the data controller, we process the data of our users and patients in compliance with the law, principles of fairness, and transparency.

1. Our Data Processing Principles

Our company fully complies with the following principles when processing personal data:

• Compliance with the Law and Principles of Integrity: Data is processed within legal limits and using transparent methods.

• Accuracy and Timeliness: The accuracy of the processed data is ensured; incomplete or erroneous data is corrected in accordance with relevant requests.

• Specific and Legitimate Purposes: Data is processed solely within the scope of healthcare delivery, legal obligations, and operational requirements.

• Data Minimization: Only data necessary for the specified purposes is collected; unnecessary data is not retained.

2. Technical and Administrative Measures

To protect your data from unauthorized access, loss, or misuse, we implement the following security measures in our digital and physical infrastructure:

• SSL Certificate: All data shared through our website is protected by SSL (Secure Sockets Layer) technology, which provides end-to-end encryption.

• Access Restriction: Access to personal data is restricted to authorized personnel only to the extent required by the service.

• Data Masking and Encryption: Critically important data is stored in encrypted format within our information systems.

• Cybersecurity Audits: System security is continuously monitored through firewalls, up-to-date antivirus software, and periodic penetration tests.

3. Protecting Data Subject Rights

In accordance with Article 11 of the Turkish Personal Data Protection Law (KVKK), every individual whose data is processed has the right to access their data, request correction, request deletion, or demand compensation for damages if their data is processed unlawfully. Our company undertakes to process these requests within the legal time limits.

4. Sharing Data with Third Parties

Your personal data will not be subject to any commercial transactions with third parties for any purpose other than legal obligations, the protection of public health, and the financing of health services (Social Security Institution, Private Insurances, etc.). Compliance with the Personal Data Protection Law (KVKK) is a mandatory criterion in contracts with the technology suppliers we use.

5. Destruction Policy

When the purpose of processing ceases to exist or the legal retention periods expire, your personal data is securely deleted, destroyed, or anonymized as part of our periodic destruction processes.