INTRODUCTION
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. (Private B.D.İ. Oral and Dental Health Polyclinic), all kinds of personal data belonging to you, our esteemed patients and their relatives, our employees and all third parties related to us, to whom we provide health services in connection with our activities and service purposes, are subject to the Law on Protection of Personal Data No. 6698 ( We attach importance to its processing and storage in accordance with KVKK).
With this “Personal Data Protection, Storage and Disposal Policy” (Policy), Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. The basic principles are determined by determining the methods and responsibilities regarding the deletion, destruction and anonymization of personal data in the required time for the purposes of processing.
PURPOSE
The purpose of this policy is Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. To make explanations on the systems adopted for the protection of personal data and the personal data processing activities carried out in accordance with the Law on the Protection of Personal Data No. 6698, dated March 24, 2016, published in the Official Gazette dated April 7, 2016 and numbered 29677, , to ensure the regulation and supervision of processes that require personal data processing within the organization, to develop the awareness of the legal processing of personal data in the units involved in the processing of personal data and to establish a sense of responsibility in this context, about our personal data processing processes, our employee candidates, officials, visitors, cooperation To provide transparency about our data processing processes by informing the employees, shareholders and officials of the institutions we are in, as well as the third parties, whose personal data are processed by Best Dental Istanbul.
CONTENT
This policy, within the scope of the activities carried out by Best Dental Istanbul, is valid for our employee candidates, our website and social media account users, our employees, former employees, officials, visitors, participants, employees, shareholders and officials of various institutions/organizations such as the supplier companies we cooperate with. and all personal data of third parties that are subject to automatic or non-automatic processing provided that they are part of any data recording system.
The scope of the matters we have stated in this policy may cover all of these groups, which are counted according to the type of processing activity, as well as some groups, such as employees of the supplier company, wholly or partially.
IMPLEMENTATION OF POLICY AND RELEVANT LEGISLATION
This policy, KVKK, Regulation and Regulation on Data Controllers Registry No. 30286 etc. It has been prepared on the basis of relevant regulations.
DEFINITIONS
The terms used in this policy are used to have the following meanings, and if a different term is used instead of the related term or a different meaning is given to the related term, in the terms defined in the legal legislation or regulatory agency decisions, Best Dental Istanbul may also make a change. Such terms will be considered as amended in the application of this policy from the date the amendment enters into force, without the need to
Contact Categories | Descriptions |
AB | European Union |
Constitution | Published in the Official Gazette dated 9 November 1982 and numbered 17863; Constitution of the Republic of Turkey dated 7 November 1982 and numbered 2709 |
Open Consent | Consent on a specific subject, based on information and expressed with free will. |
Anonymization | The process of rendering personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching them with other data. |
Application Form | “Application Form for Applications to be Made by the Related Person (Personal Data Owner) to the Data Controller in accordance with the Law on Protection of Personal Data No. 6698”, which will include the application to be made by the personal data owners/related persons to exercise their rights, and which explains the method of the application that can be accessed from the website www.bestdentalistanbul.com within the scope of the policy. |
Best Dental İstanbul | Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. |
Employee Candidate | Real persons who have applied for a job or internship to Best Dental Istanbul by any means or have opened their resume and related information to Best Dental Istanbul for review, |
Employees | Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Students or graduates who have a business relationship with the Company in accordance with the Labor Law and who are undergoing internship training. |
Related person | The natural person whose personal data is processed. |
Destruction | The process of irreversibly deleting, destroying or anonymizing personal data. |
Institutions/organizations we cooperate with | Employees, shareholders and officials of Best Dental Istanbul, including the shareholders and officials of these institutions, working in the institutions (such as but not limited to business partners, suppliers) with which it has any business relationship, |
Business partner | Parties with whom Best Dental Istanbul has established business partnerships while carrying out its activities, |
Participant | Person who attends any event, course or training organized by Best Dental Istanbul, |
Personal Data | It means any information relating to an identified or identifiable natural person. |
Personal Data Owner/Relevant Person | The natural person whose personal data is processed. For example; employees, visitors, |
Special Qualified Personal Data | Data about race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. |
Processing of Personal Data | Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. It is any operation performed on the data, such as blocking. |
Personal Data Processing Inventory | Personal data processing activities carried out by data controllers depending on their business processes; It is the inventory that they create by associating personal data with the processing purposes, data category, transferred recipient group and data subject group, and detailing the maximum period required for the purposes for which personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security. |
Periodic Destruction | The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data processing, storage and destruction policy, in the event that all of the personal data processing conditions in the law are eliminated. |
Deletion | The process of making personal data inaccessible and unusable for the relevant users in any way. |
Annihilation | The process of making personal data inaccessible, irretrievable and unusable by anyone in any way. |
Recording Media | It refers to any environment where personal data is processed wholly or partially automatically or by non-automatic means provided that it is a part of any data recording system. |
KVKK | Law on Protection of Personal Data No. 6698, dated March 24, 2016, published in the Official Gazette dated 7 April 2016 and numbered 29677 |
KVKK Commission | Best Dental Istanbul Personal Data Protection Commission, which is responsible for ensuring compliance with the Best Dental Istanbul Personal Data Protection Law, KVK Board decisions and the provisions of the relevant legislation, the implementation of the policies regulated and the necessary inspections, |
KVKK Board / Regulatory Board | Personal Data Protection Board |
KVKK Authority / Regulatory Authority | Personal Data Protection Authority |
Responsible Manager | Best Dental Istanbul Oral and Dental Health Services Ltd. Sti Responsible Manager |
Policy | Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Refers to this Personal Data Protection, Processing and Disposal Policy, which regulates the principles adopted by the Company in the processing, storage and destruction of personal data. |
Instructions | Short, simple, understandable written documents that explain how to do the steps of an activity and/or job and support the procedures |
Supplier | Parties that provide services to Best Dental Istanbul on a contractual basis in accordance with Best Dental Istanbul orders and instructions, while carrying out its activities in Best Dental Istanbul, |
Turkish Debts Law | Published in the Official Gazette dated February 4, 2011 and numbered 27836; Turkish Law of Obligations dated 11 January 2011 and numbered 6098 |
Turkish Penal Law | Published in the Official Gazette dated February 4, 2011 and numbered 27836; Turkish Law of Obligations dated 11 January 2011 and numbered 6098 |
Turkish Commercial Law | Published in the Official Gazette dated 14 February 2011 and numbered 27846; Turkish Commercial Law No. 6102 dated January 13, 2011 |
Third Party | Natural persons whose personal data are processed within the scope of the policy, who are not defined differently within the scope of the policy (For example, companions, family members and relatives), |
Data Processor | It is the natural and legal person who processes personal data on behalf of the data controller based on the authority given by the data controller. |
Data Controller | It is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
Data Recording System | It is a recording system in which personal data is processed and structured according to certain criteria. |
Data Controllers Registry Information System (Verbis) | It is an information system created and managed by the Presidency, accessible over the internet, to be used by the data controllers in the application to the Registry and other related transactions related to the Registry. |
Regulation | It refers to the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017. |
Visitor | Real persons who have entered the physical campuses of Best Dental Istanbul for various purposes or visited our websites.Bu politikada yer almayan tanımlar için KVKK tanımları geçerlidir. |
CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF RELATED PERSONS, CLASSIFICATION OF DATA ACCORDING TO THE DATA SUBJECT PERSON GROUP AND RECIPIENT GROUPS TO WHICH IT IS TRANSFERRED
Personal Data Categories
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Within the scope of the personal data processing activities carried out by the Company, the categories and explanations of the personal data processed are as follows:
Personal Data Category | Description |
Identity | Name, surname, T.C. ID number, passport copy or temporary T.C. ID number, date of birth and other identification data by which we can identify you. |
Communication | Telephone number (fixed or mobile phone numbers you have declared), e-mail address, social media accounts, contact records made with the hotline, and personal data obtained when you contact us via e-mail or other means. |
Personnel | It is the personal data that is processed to obtain the information that is the basis for the personal rights of natural persons within the scope of your working relationship with our practice. Data received pursuant to the law or employment contract regarding personnel transactions such as the employee’s starting date, wage, number of working days per month, contact information of family members or relatives, places where they worked before, etc. are all data. |
Transaction Security | IP address information, browser information, cookie information, website login and exit information, password and password information and navigation data obtained during use. |
Finance | Personal data processed regarding information, documents and records showing all kinds of financial results belonging to individuals, and data such as credit card information, bank account number, IBAN number and billing information. |
Visual Data | Photo record data. |
Health Information | Blood group information, personal health information, device and prosthesis information used, health report, periodic examination form for employment, medical history, data on previous surgeries/operations, skin analysis information, laboratory results, test results, examination data, prescription information, medications you constantly use, visual data before and after surgery and other health data. |
Sexual Life | Data on sexual life. |
Communication and Complaint Management | It is the personal data obtained during the process of receiving and evaluating all kinds of requests or complaints against our polyclinic. |
Contact Categories
Within the scope of this Policy, explanations about our patients, platform users, employees, employee candidates and third parties (suppliers and authorized or employees of institutions with which we have a business relationship) are included.
Contact Categories | Description |
Service Recipients | They are real persons who purchase the services offered in our outpatient clinic. |
Employees | They are real people who are in a working relationship with our polyclinic. |
Employee Candidates | They are real persons who have applied for a job in our polyclinic by any means and submitted their CV or information about the job application form for the examination of our polyclinic. |
Website and Social Media Users | Persons who visit and use our website, www.muhammetdilber.com, which belong to our outpatient clinic, and our social media accounts for any purpose. |
Business Connections (Real person suppliers, natural person representatives of legal entities). | While carrying out the activities of our polyclinic, real persons with whom we have business relations, real person representatives of legal persons, employees in the presence of these persons, etc. are all real people. |
Classification of Personal Data by Data Subject Group
The following table describes the personal data categories and the relevant person categories by matching:
Personal Data Categories | Data Subject Group |
Identity Data | Service Users, Parent/Guardian or Representative, Website and Social Media Users, Employees, Employee Candidates and Suppliers. |
Contact Data | Service Users, Parent/Guardian or Representative, Website and Social Media Users, Employees, Employee Candidates and Suppliers |
Personnel Data | Employees and Employee Candidates |
Transaction Security Data | Service Users, Website and Social Media Users and Employees. |
Financial Data | Service Users, Employees and Suppliers |
Visual Data | Service Users. |
Health Data | Service Users, Potential Service Recipients and Employees. |
Sexual Life Data | Service Users. |
Communication and Grievance Management Data | Service Users, Website and Social Media Users and Employees. |
Recipient Groups to which Personal Data is Transferred
Personal data within the scope of the policy, Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. may be transferred to the recipient groups listed below for the purposes specified.
Recipient Groups | Personal Data Transfer Purposes |
Suppliers | Limited to the purposes of our polyclinic to carry out its activities and to provide the necessary services. |
Legally Authorized Public Institutions and Organizations | Limited to the purpose requested by authorized public institutions and organizations within their legal authority. |
Legally Authorized Real Persons or Private Law Legal Entities | Limited to the purpose requested by authorized private legal persons within their legal authority. |
RECORDING ENVIRONMENTS
Personal data is recorded and stored securely in accordance with the law in the following environments.
Electronic media:
Servers: Central server, data center servers, backup, email, web, file sharing etc.
Software: Office software etc.
Information security devices: Firewall, intrusion detection and prevention, antivirus, etc.
Electronic devices: Network devices, desktop and laptop computers, portable devices (USB, hard disk, memory card, etc.), printers, scanners, copier, mobile devices (Phone, tablet, etc.) and optical discs (CD, etc.).
Physical environments:
Unit cabinets, archive,
Manual data recording systems (forms, notebooks, etc.) are written, printed and visual media.
MATTERS REGARDING THE PROTECTION OF PERSONAL DATA
Best Dental Istanbul Oral and Dental Health Services Ltd. Şti., in accordance with Article 12 of the KVKK, takes the necessary administrative and technical measures to ensure the level of security appropriate for the nature of the data to be protected in order to prevent the illegal processing of personal data and illegal access to the data, and carries out the necessary audits in this context.
Administrative Measures
The main administrative measures taken to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure data protection are listed below:
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Personal data processing activities carried out by the Company were determined and a regularly updated personal data inventory was prepared.
Before starting to process personal data, the obligation to inform the relevant persons is fulfilled.
Responsibilities of employees regarding personal data security have been determined in their job descriptions and it has been ensured that they are aware of their responsibilities in this regard.
In order to improve the quality of the employees, trainings are provided on the protection of personal data, processing in accordance with the law, preventing the illegal processing of personal data and illegal access to the data, communication techniques, technical information skills, information security trainings and the Law No. 657 and other relevant legislation. .
Implementation rules are determined in order to ensure compliance requirements, in-house policies are implemented and audits are carried out in order to ensure the continuity of these issues and practice.
Confidentiality commitments are signed by the employees within the scope of personal data protection legislation and data security regarding the activities carried out.
Service recipients. Provisions have been added to the contracts and documents signed with suppliers and third parties in order to ensure the legal processing, protection and data confidentiality of personal data, the responsibilities of the parties are clearly regulated, and provisions that impose sanctions for data processing activities that are contrary to the law and the contract. In case the processed personal data is obtained by others unlawfully, this situation will be notified to the relevant person and the Board as soon as possible.
Technical Measures
In order to prevent unlawful processing of personal data, illegal access to data and to ensure data protection, measures are taken and updated to the extent technology allows, the main technical measures are listed below:
Risks to prevent the unlawful processing of personal data are determined, appropriate technical measures are taken against these risks, and controls are made for the measures taken.
By establishing access procedures, reporting and analysis studies are carried out regarding access to personal data.
Access to personal data stored in electronic or non-electronic media is restricted and only authorized persons are allowed to access this data limited to the purpose of storing personal data, inappropriate access or access attempts are kept under control.
Access to information systems and authorization of users are done through access and authorization matrix and security policies.
Necessary measures are taken for the physical security of information systems equipment, software and data.
Security tests and research are carried out to detect security vulnerabilities on information systems, and the existing or potential risky issues identified as a result of the tests and investigations are eliminated.
The website served by the practice is encrypted with the SHA 256 Bit RSA algorithm using the HTTPS method.
Strong passwords are used in electronic environments where personal data is processed.
Necessary measures are taken to ensure that the deleted personal data is inaccessible and reusable for the relevant users.
Security vulnerabilities are followed and appropriate security patches are installed and information systems are kept up-to-date.
In order to ensure the security of information systems against environmental threats, hardware (access control system that allows only authorized personnel to enter the system room, fire extinguishing system, air conditioning system, etc.) and software (virus protection programs, firewalls, network access control, systems that prevent malware, etc.). .) precautions are taken.
Some personal data are given special importance by the legislation due to the risks of causing victimization and discrimination when processed unlawfully. In accordance with the decision of the Board, dated 31.01.2018 and numbered 2018/10, regarding the “Adequate Precautions to be Taken by Data Controllers in the Processing of Special Quality Personal Data”; Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. A separate, manageable and sustainable policy has been determined within the practice, with the utmost sensitivity, for the security of sensitive personal data.
Special quality personal data security trainings have been provided for employees involved in special quality personal data processing, confidentiality agreements have been made, and the scope and duration of authorization of users who have access to data are clearly defined.
The security updates of the environments where the data is located are followed, the necessary security tests are carried out and the test results are recorded.
Adequate security measures (against electrical leakage, fire, flood, theft, etc.) of physical environments where sensitive personal data are processed, stored or accessed are taken, and unauthorized entries and exits are prevented by ensuring physical security.
If sensitive personal data needs to be transferred via e-mail, it is transferred in encrypted form with a corporate e-mail address or by using a KEP account. If transferring is carried out between servers in different physical environments, data transfer is carried out via FTP method or online via the plesk control panel. If it is required to be transferred via paper media, necessary precautions are taken against the risks such as theft, loss or viewing of the document by unauthorized persons, and the document is sent in a confidential format.
Measures to be Taken in Case of Unauthorized Disclosure of Personal Data
In case the personal data processed in accordance with Article 12 of the KVKK is obtained by others illegally, this situation will be notified to the relevant personal data owner and the KVK Board as soon as possible. In this context, Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Following the determination of the persons affected by the data breach, by notifying the Board without delay and within 72 hours at the latest from the date of learning of this situation, the relevant persons can be reached within the shortest reasonable time possible, such as publishing the contact address of the data subject directly, or on the website of the data controller if it cannot be reached. methods will be reported. In data breach notifications, the purpose of notifying the Board and the people affected by the breach is to ensure that measures are taken to prevent or minimize the negative consequences that may arise for these people as a result of the breach.
MATTERS REGARDING THE STORAGE AND DISPOSAL OF PERSONAL DATA
Storage and Disposal of Personal Data
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Personal data obtained by us are securely recorded, stored and destroyed in accordance with the relevant legislation, especially the provisions of the KVKK, in different environments depending on the principles such as the nature of the data, the purposes of processing and the frequency of use.
Storage and Disposal Periods of Personal Data
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. It preserves the personal data it processes within the scope of its activities for the period specified in the relevant legislation or for the period required for the purpose for which it is processed. In this framework, first of all, if it is stated in the relevant legislation how long the personal data should be kept, this period is acted upon. In case of expiration of the period, the request of the data owner or the purpose of processing the data, the personal data shall be transferred to Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. deleted, destroyed or anonymized by Detailed information about the storage periods of the processed personal data is given in Annex 2 of this Policy.
Reasons Requiring Destruction of Personal Data
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. Personal data processed within the framework of its activities are deleted, destroyed or anonymized upon the request of the person concerned or ex officio, for the following reasons.
Amendment or repeal of the provisions of the relevant legislation, which are the basis for processing,
The disappearance of all purposes that require the processing of personal data and the reasons that require it to be stored,
In cases where the processing of personal data takes place only on the basis of explicit consent, the data owner withdraws his consent,
The request of the data owner to destroy their personal data by using their rights under KVKK and the application made to Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. in the event that the answer is found insufficient or the answer is not given within the time stipulated in the Law; Complaints to the Board and the approval of this request by the Board are the cases where there is no condition to justify keeping the personal data for a longer period, although the maximum period for keeping the personal data has passed.
Legal Disposal of Personal Data
Despite being processed in accordance with the provisions of the law and other relevant laws, in case the purpose that requires the processing and storage of personal data ceases to exist, the personal data shall be transferred to Best Dental Istanbul Oral and Dental Health Services Ltd., ex officio or upon the request of the data owner. Sti. by deletion, destruction or anonymization.
Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. acts in accordance with the above-mentioned technical and administrative measures, relevant legislation provisions, Board decisions and this Policy in deleting, destroying or anonymizing personal data. All transactions made within this scope are recorded and these records are kept for at least three years, excluding other legal obligations.
Unless a contrary decision is taken by the Board, the appropriate method of deletion, destruction or anonymization regarding the destruction of personal data is selected.
For the destruction of personal data, Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. The main technical and administrative measures taken by the company are listed below:
Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. informs and trains its employees on the periodic and proper destruction of personal data.
Personal data destruction process, Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. carried out by.
Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. evaluates and monitors the personal data inventory on the basis of retention and data destruction periods, and conducts audits.
Provisions have been added to the contracts and documents signed with third parties regarding the legal processing of personal data, their storage and elimination of the purpose of processing, the expiration of the storage period or their destruction upon the request of the data owner.
Methods of Disposal of Personal Data
1-Deletion of Personal Data
Deletion of personal data is the process of making personal data inaccessible and non-reusable for relevant users. Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. can use the following methods to delete personal data, depending on the environment in which the data is recorded:
Recording Media | Data Destruction Method |
Secure deletion from software | While deleting data processed by fully or partially automated means and stored in digital media; Methods for deleting the data from the relevant software are used so that it cannot be accessed and reused in any way for the relevant users. |
Personal data in the physical environment | Removing the relevant personal data from the document by physically cutting it or rendering it invisible by using fixed ink in a way that cannot be recovered and read with technological solutions, and applying a blackening process by drawing, painting or deleting it in a way that cannot be read. |
2-Destruction of Personal Data
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way. Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. can use one or more of the following methods, depending on the environment in which the data is recorded, to delete personal data:
Recording Media | Data Destruction Method |
Data recorded in online server in FTP or plesk control panel | It is the process of deleting personal data from the software panel, whose time period has expired. |
Personal data in the physical environment | Among the personal data in the paper environment, the ones whose period has expired are irreversibly destroyed by paper clipping machines or by incineration. Personal data transferred to electronic media are destroyed by scanning from the original paper format and by appropriate methods according to the environment in which they are located. |
3-Anonymizing Personal Data
Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person in any way, even if it is matched with other data. In order for personal data to be anonymized; personal data should not be associated with the data controller, recipient or recipient groups, even by using appropriate techniques for the recording medium and the relevant field of activity, such as returning the data and matching the data with other data. In accordance with Article 28 of KVKK; Anonymized personal data may be processed for purposes such as research, planning and statistics. Since such processing will be outside the scope of KVKK, the explicit consent of the data owner will not be sought and the right to apply will not be valid for this data. Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. may use one or more of the following methods to anonymize personal data:
Removing Variables: After the data collected by the method of extracting descriptive data, one or more of the high-descriptive variables in the data set are removed and the existing data set is anonymized.
Removing Records: By removing a data line containing singularity in the personal data set, the stored data is anonymized.
Aggregation: With the data aggregation method, many data are aggregated and personal data is rendered incapable of being associated with any person. For example, it is revealed that there are 50 service recipients born in 1982 without showing the birth years of the patients one by one.
Data Exchange: The data exchange method is record changes obtained by exchanging values belonging to a subset of variables between pairs selected from the records. In this method, which is used for data that can be categorized in general, the aim is to transform the database by interchanging the data of the data owners.
Titles, Units and Job Descriptions of Persons Involved in Personal Data Storage and Disposal Processes
You can find the titles and job descriptions of the personnel involved in the personal data storage and destruction process from the list in Annex-1 of this Policy.
Periodic Destruction Periods of Personal Data
Best Dental Istanbul Oral and Dental Health Services Ltd. Şti. deletes, destroys or anonymizes personal data in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.
In accordance with Article 11 of the Regulation, it has determined the period of periodic destruction as 6 months; however, it is accepted that the Board may shorten the periods specified in this article and the destruction period table in case of irreparable or impossible damages and if there is a clear violation of the law. Accordingly, periodic destruction is carried out in June and December each year.
DUTIES REGARDING THE STORAGE AND DISPOSAL OF PERSONAL DATA
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. attaches importance to ensuring, maintaining, maintaining, managing and developing compliance with the personal data protection legislation.
In this context, the following tasks are fulfilled:
To prepare the basic policies regarding the processing, storage, protection and destruction of personal data, to ensure the implementation of the policies, to coordinate and manage the compliance process with the legislation and the practice policy,
Best Dental Istanbul Oral and Dental Health Services Ltd. Coordinating the communication with the relevant data owners within the scope of the activities carried out by the Company as a data controller,
To carry out the necessary activities and arrangements within the practice in relation to the requests, requests, complaints and notifications of the Board, to organize the processes,
To carry out the necessary activities and arrangements within the practice regarding the requests, requests, complaints and notifications from the relevant persons,
To update the personal data processing inventory and to monitor and report data processing activities and to make necessary updates in Verbis in case of changes,
To organize trainings for the awareness of the employees and to measure the efficiency, To inform the institutions with which it cooperates,
To decide how to carry out the supervision of personal data processing activities and to ensure the necessary coordination in this context,
To determine the risks that may occur in personal data processing activities within the scope of KVKK compliance and to ensure that the necessary measures are taken,
Managing processes and corrective actions regarding data privacy violations,
To follow the board announcements and developments regarding the legislation, to ensure that they are implemented in relevant places and to make necessary notifications.
UPDATES AND CHANGES
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti. This Policy is revised as needed and the necessary sections are updated by the company.
Due to the changes made in the Law, the right to make changes in this Policy and other policies related to this Policy, in accordance with the Board decisions or in line with the developments in the sector or in the field of informatics, are reserved.
Changes made in the Policy are immediately recorded in the text and explanations regarding the changes are explained at the end of the Policy.
PUBLICATION AND STORAGE OF THE POLICY
The policy is published in two different media, with wet signature (printed paper) and electronically, and is disclosed to the public on the website. The printed paper copy is also kept in the file.
ENFORCEMENT AND ANNOUNCEMENT OF THE POLICY
The policy is deemed to have entered into force after its publication on the website. If it is decided to cancel it, old copies of the Policy with wet signatures are canceled and signed and kept for at least 5 years.
Attachments:
Annex-1: Table of Titles, Units and Job Descriptions of Persons Involved in Personal Data Storage and Disposal Processes
EMPLOYEE | DUTY | RESPONSIBILITY |
Assistant | Human resources department | Supervising the functionality of processes related to the processing, protection and storage of personal data, excluding sensitive personal data, ensuring the compliance of processes with the storage period and managing the periodical destruction process. |
Assistant | Accounting department | Management of financial and accounting processes. |
Annex-2: Table of Retention and Disposal Periods of Personal Data
Personal data will be kept for the periods specified in the table below, and will be anonymized or destroyed at the end of the period.
DATA CATEGORY | DATA STORAGE PERIOD | DISPOSAL TIME |
Identity | 20 Years from expiry of service contract | Within 180 days after the end of the retention period. |
Contact | 20 Years from expiry of service contract | Within 180 days after the end of the retention period |
Personnel | 10 Years from the end of the service contract | Within 180 days after the end of the retention period |
Transaction Security | 2 Years from data acquisition | Within 180 days after the end of the retention period |
If the purpose of the polyclinic to use the relevant personal data has not expired, if the storage period stipulated for the relevant personal data in accordance with the legislation is longer than the periods in the table, or if the time-out period for the case requires the personal location to be kept longer than the periods in the table, the periods in the above table may not be applied. In this case, the purpose of use, special legislation or the statute of limitations for the case, whichever comes to an end, will be applicable for that period.
The above periods start from the date of termination of the employment contract for employees, from the date of termination of the contract for suppliers and service users, or from the date of the last transaction if there is no contract.
Best Dental Istanbul Oral and Dental Health Services Ltd. Sti.