This privacy policy and information text, prepared by GRS Health Tourism (hereinafter referred to as GRS), in accordance with the obligations we are required to comply with under the Law No. 6698 on the Protection of Personal Data (KVKK), aims to inform visitors/users of our website, https://grshealthtourism.com (hereinafter referred to as GRS), about the processing of information/data they voluntarily share when visiting the site. Data that may be processed/collected includes: 2.1 Certain data collected and shared with us by websites we use for services (Google Analytics, Google Search Console) through the use of cookies. Cookie Usage: While GRS does not directly process data using cookies through its website, data collection may be carried out through the use of cookies on websites we receive services from. 2.2.1 Google Analytics provides information on the number of users/visitors, their demographic characteristics (country, city, gender, interests, age range, etc.), the device and system information they use, their IP address, and which pages on our website they use. Google Analytics Terms and Conditions page: https://www.google.com/analytics/terms/tr.html 2.2.2 Google Search Console shares information on which queries users/visitors used on the Google search engine to reach GRS. For information regarding Google's privacy statement for services provided to GRS related to Google Products, please visit: https://support.google.com/analytics/answer/7105316?hl=tr If you, as a user/visitor, wish to prevent the use of cookies; In Chrome, go to Settings > Show advanced settings… > Privacy > Content Settings > Cookies > Manage exceptions or go to chrome://settings/cookies (help). In Internet Explorer, select the Tools button, then Internet Options > click the Privacy tab > in the Settings section, move the slider up to block all cookies or down to allow all, then select OK. In Firefox, go to Options > Privacy > History > Use custom settings for history > Accept cookies from sites > Privileges or go to about:preferences-privacy (help). To disable cookies for our site on iOS Safari, tap the Settings icon on your phone > Block Safari Cookies > Tap Always Block > Wait 5 minutes and open the app. For other browsers, you can find this information in your browser's settings or help section. Preventing the use of cookies may result in you being unable to fully utilize or only partially utilizing the features of a website. We process data relating to the sections visited/accessed by users/visitors when they enter the website, for purposes such as improving the quality of use, making site use easier to increase the benefits derived from use, and improving our website and preventing potential security vulnerabilities. GRS carries out a data processing process limited to the data collected from the moment users/visitors enter the site, their use of the contact form, and for reasons such as further improving the website for users/visitors, informing users/visitors about the services offered, learning about their satisfaction/complaints regarding the services, making the website more secure, correcting errors/deficiencies on the website, and introducing new services. In this context, GRS will obtain the explicit consent of the data subject users/visitors regarding the data it will process when they visit/use the website. For any data processing process other than this, GRS undertakes that it will not act against the consent of the data subject in accordance with the Personal Data Protection Law and will only engage in a data processing process after obtaining their consent. Reasons for Data Processing and Individuals Who Can Access Data: According to the Personal Data Protection Law (KVKK), while obtaining the consent of the data subject is necessary for data processing, in some exceptional cases, data may be processed even without the data subject's consent. These cases are: a) When explicitly provided for in the laws. b) When it is necessary for the protection of the life or physical integrity of the person who is unable to express their consent due to factual impossibility or whose consent is not legally valid, or for the protection of the life or physical integrity of another person. c) When it is necessary to process the personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract. d) When it is necessary for the data controller to fulfill its legal obligations. e) When the data has been made public by the data subject themselves. f) When data processing is necessary for the establishment, exercise, or protection of a right. g) When data processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject. GRS may share data with the following individuals within the scope of achieving the purposes mentioned above. Website visitors/users acknowledge that they have been explicitly informed in this regard. Individuals with whom data may be shared are: Company subsidiaries, employees, partners/shareholders, officers, and business partners have the right to access and request data from the User/Visitors within the framework of the rights/powers granted to them by the Personal Data Protection Law (KVKK) by applying to GRS regarding: • Whether their personal data is being processed, • If their personal data has been processed, to request information about it, • To learn the purpose of the processing of their personal data and whether it is being used in accordance with its purpose, • To know the third parties to whom their personal data has been transferred domestically or abroad, • To request the correction of their personal data if it is incomplete or inaccurate, • To request the deletion or destruction of their personal data within the framework of the conditions stipulated in the relevant legislation, • To request that the correction, deletion, and destruction processes carried out in accordance with the relevant legislation be notified to the third parties to whom their personal data has been transferred, • To object to a result that is detrimental to them arising from the analysis of processed data exclusively through automated systems, • To demand compensation for damages if they suffer damage due to the unlawful processing of their personal data. Data subjects/users/visitors may apply to GRS regarding their above-mentioned requests via the Application Form in accordance with the Personal Data Protection Law (KVKK). Applications will be answered within thirty days from the date of receipt, depending on the nature of the request, in accordance with Article 13, paragraph 2 of the KVKK. However, if the process requires additional costs, GRS may charge the data subject a fee as determined by the Board. In accordance with the KVKK, GRS may accept or reject the request, explaining the reasons, and will notify the relevant person in writing or electronically. If the request in the application is accepted, GRS will take the necessary action. In accordance with the KVKK, if the application is due to an error on the part of the data controller, the fee charged will be refunded to the relevant person. The visitor/user undertakes that the information provided to GRS is complete, accurate, and up-to-date, and in the event of any breach of this undertaking, all responsibility will rest with the user/visitor, and GRS will have no liability whatsoever. Personal Data Retention Period and Measures to be Taken Regarding Personal Data: In accordance with the Personal Data Protection Law (KVKK), personal data, even if processed in accordance with the KVKK and other relevant laws, shall be deleted, destroyed, or anonymized by the data controller, either automatically or upon the request of the data subject, if the reasons requiring processing cease to exist. Within the scope of this provision, GRS retains the data we process in our system for a period of 1 (one) year. Subsequently, all information received through the contact form and data collected through the use of the website will be removed from the system by deletion, unless consent is obtained again from the data subject or the data subject experiences a situation requiring data processing within the scope of a developing consultancy process, subject to legal obligations. In accordance with the KVKK, the data controller is obliged to take all necessary technical and administrative measures to ensure an appropriate level of security to: a) prevent the unlawful processing of personal data, b) prevent unlawful access to personal data, and c) ensure the preservation of personal data. The data controller is jointly responsible with another natural or legal person for taking the measures specified in the first paragraph when personal data is processed on their behalf. The data controller is obliged to conduct or have conducted the necessary audits within their own institution or organization to ensure the implementation of the provisions of this Law. Data controllers and data processors cannot disclose personal data they have learned to others in violation of the provisions of this Law and cannot use it for purposes other than the processing purpose. This obligation continues even after they leave their positions. GRS undertakes to comply with all of the obligations listed in this scope. GRS reserves the right to make changes to this disclosure text and privacy policy in accordance with current changes, and when a change is made, these changes will take effect on the date they are announced on the website. Contact GRS HEALTH TOURISM HEALTH TOURISM SERVICES LTD. Web: https://grshealthtourism.com Email: info@grshealthtourism.com Last Update: December 2024