Purpose and Scope

Evdiş attaches great importance to processing and protecting personal data in line with Law No. 6698 on the Protection of Personal Data. This page summarizes the principles that guide how we collect, store, use and protect personal information.

The policy covers patients, patient relatives, employees, employee candidates, visitors, suppliers and all third parties whose personal data may be processed within our operational processes.

Principles We Follow

We process personal data lawfully, fairly, accurately and for specific, explicit and legitimate purposes. We limit the data we process to what is necessary and retain it only for the period required by law or by the relevant processing purpose.

• Compliance with law and good faith
• Accuracy and up-to-date records when necessary
• Processing for legitimate and explicit purposes only
• Relevance, proportionality and limited retention

Legal Basis for Processing

Personal data may be processed with the explicit consent of the data subject or when permitted by law, such as contract performance, legal obligations, protection of vital interests, legitimate rights claims or publicly disclosed information.

Data Subject Rights

Data subjects may request information about whether their personal data is processed, learn the purpose of processing, request correction of incomplete or inaccurate data, and ask for deletion or anonymization when the legal conditions are met.

Applications are reviewed as soon as possible and no later than 30 days in accordance with the legislation.

Data Security

Evdiş applies administrative and technical safeguards including controlled access, role-based authorization, secure storage, backups, staff awareness, and confidentiality practices to protect personal data.