Personal Data Storage and Disposal Policy will be referred to as the "Policy". This policy has been prepared in order to determine the procedures and principles regarding the works and transactions regarding the storage and destruction activities carried out by the Data Controller.
Our basic principle as a data controller is; Personal data of product service recipients/patients, employees, potential patients and product service recipients, service providers, visitors and other third parties. It is processed in accordance with its Constitution, international agreements and the Law on the Protection of Personal Data No. 6698 (“Law”) and other relevant legislation. In this context, it has been determined as a priority for the persons concerned not to lose their rights and to use their rights effectively.
This prepared Personal Data Retention and Destruction Policy, Law on Protection of Personal Data No. 6698, Regulation on the Deletion, Destruction or Anonymization of Personal Data entered into force in the Official Gazette dated 28.10.2017 and numbered 30224 (“Regulation”) and other legislation It has been prepared in accordance with its provisions.
Recipient Group | Category of natural or legal person to whom personal data is transferred by the data controller. |
Explicit Consent | Consent on a particular subject, based on information and expressed with free will. |
Anonymization | Making personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Client/ Patient/ Potential patient |
The person who buys the product or service/ The person who gets the potential product or service/ the real persons who use or have used the services offered by our clinic, regardless of whether they have any contractual relationship. Real persons who have requested or been interested in using our services or have been evaluated in accordance with commercial practices and honesty rules that may have this interest |
Employee | Personnel at the data controller. |
Employee candidate | Candidates for interns or employees whose CVs are taken |
Electronic Media | Environments where personal data can be created, read, changed and written by electronic devices |
Non-Electronic Media | All written, printed, visual, etc. other than electronic media. other environments. |
Service Provider | Natural or legal person providing services within the framework of a certain contract with the Personal Data Protection Authority. |
Contact Person | The natural person whose personal data is processed. For example; patients and staff. |
Related User | Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data |
Destruction | Deletion, destruction or anonymization of personal data. |
Law | Law on Protection of Personal Data No. 6698. |
Recording Media | Any medium in which personal data is processed wholly or partially automatically or non-automatically, provided that it is a part of any data recording system. |
Personal Data | Any information relating to an identified or identifiable natural person. Therefore, the processing of information regarding legal persons is not within the scope of the Law. For example; name-surname, TCKN, e-mail, address, date of birth, bank information etc. |
Personal Data Processing Inventory | Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group and the data subject group by explaining the maximum storage period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security< /td> |
Processing of Personal Data | Obtaining, recording, storing, keeping, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or classifying personal data by fully or partially automated or non-automatic means, provided that it is a part of any data recording system. Any operation performed on the data, such as preventing its use. |
Board | Personal Data Protection Board |
Private Personal Data | Data on people's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. data. |
Periodic Disposal | Deletion, destruction or anonymization, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the law are eliminated. |
Policy | Personal Data Retention and Disposal Policy |
Data Processor | The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
Data Recording System | Registration system in which personal data is structured and processed according to certain criteria. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
Data Controllers Registry Information System | The information system, which is accessible over the internet, created and managed by the Presidency, to be used by the data controllers in the application to the Registry and in other related transactions related to the Registry. |
VERBIS | Data Controllers Registry Information System |
Regulations |
Deletion of Personal Data published in the Official Gazette dated 28 October 2017, Regulation on Destruction or Anonymization. |