Data Protection Notice
In Accordance with GDPR and Turkish Data Protection Law (KVKK No. 6698)
1. Data Controller
In accordance with the General Data Protection Regulation (GDPR) and Turkish Personal Data Protection Law No. 6698 (KVKK), your personal data is processed by NOKIC AI A.Ş. as the data controller, within the scope described below.
NOKIC AI A.Ş.
Fenerbahçe Mah. İğrip Sk. No:13/1 Kadıköy - İstanbul
Göztepe VD: 6311697371
Tel: 0216 606 22 94
Email: destek@dentory.art
2. Purposes of Data Processing
Your personal data is processed in compliance with applicable data protection regulations for the following purposes:
- Account registration and management
- Provision and improvement of platform services
- Management of clinic inventory, orders, and supply chain processes
- Sterilization tracking and audit record keeping
- Provision of training and examination services
- Delivery of AI-powered analysis and recommendation services
- Invoicing and payment processing
- Communication activities
- Information security management
- Fulfillment of legal obligations
- Resolution of legal disputes
3. Categories of Personal Data Processed
| Data Category | Description |
|---|---|
| Identity Information | Full name |
| Contact Information | Email address, phone number, clinic address |
| Financial Information | Tax office, tax number, billing details |
| Transaction Data | Inventory, order, sterilization records |
| Security Data | Password (hashed), session data, IP address |
| Marketing Data | Service usage preferences, subscription information |
4. Data Collection Methods and Legal Basis
Your personal data is collected through electronic means via the platform. The collected data is processed based on the following legal grounds:
- Performance of contract: Establishing and fulfilling the service agreement (GDPR Art. 6(1)(b))
- Legal obligation: Tax legislation, e-commerce regulations, and other legal requirements (GDPR Art. 6(1)(c))
- Legitimate interest: Improving service quality, security, and fraud prevention (GDPR Art. 6(1)(f))
- Consent: Marketing and communication activities (GDPR Art. 6(1)(a))
5. Data Transfers
Your personal data may be transferred to the following recipient groups in compliance with applicable regulations:
- Infrastructure service providers: Server hosting (within the EU region), database services
- Payment service providers: For subscription and billing operations
- Email service providers: For notifications and communications
- Authorized public institutions: As required by law
For international data transfers, appropriate safeguards are implemented in accordance with GDPR Chapter V requirements, including transfers to countries with adequate protection levels or through standard contractual clauses.
6. Your Rights as a Data Subject
Under GDPR and applicable data protection laws, you have the following rights:
- Right to know whether your personal data is being processed
- Right to request information about your processed data
- Right to learn the purpose of data processing and whether it is used accordingly
- Right to know third parties to whom your data has been transferred
- Right to request correction of incomplete or inaccurate data
- Right to request deletion or destruction of your personal data under applicable conditions
- Right to request notification of corrections, deletions to third parties
- Right to object to automated processing that produces adverse results
- Right to claim compensation for damages caused by unlawful data processing
7. Data Security Measures
Dentory implements all necessary technical and organizational measures to ensure the security of your personal data:
Technical Measures
- SSL/TLS encrypted data transmission
- Database-level access control (Row Level Security)
- One-way hash algorithm password storage
- Regular security updates and patches
- Daily automatic backups
- Penetration testing and security audits
Organizational Measures
- Role-based access authorization
- Tenant-based data isolation
- Data processing inventory and policies
- Employee training programs
- Data breach notification procedures
8. Data Retention Periods
- Account data: Duration of membership + 30 days after account deletion
- Transaction records: 3 years from completion of the related transaction
- Financial data: 10 years as required by tax legislation
- Log records: 2 years as required by applicable law
- Cookie data: Duration of session or maximum 1 year
9. How to Exercise Your Rights
To exercise your rights under data protection laws, you may contact us through the following methods:
- By email: Send your request with identifying information to destek@dentory.art.
- By mail: Submit a signed petition to Fenerbahçe Mah. İğrip Sk. No:13/1 Kadıköy - İstanbul.
- Via platform: Use the "My Data" section in Settings to submit data download or deletion requests.
Your request will be processed free of charge within 30 days at the latest. If the process requires additional costs, fees determined by the relevant authority may apply.
10. Changes
This data protection notice may be revised in accordance with changes in legislation or updates to our data processing activities. The current version will always be published on this page.