Personal Data Storage and Destruction Policy

DENTAFORUM TİCARET HİZMETLERİ TURİZM ÖZEL SAĞLIK HİZMETLERİ

SANAYİ ve TİCARET ANONYMOUS COMPANY

PERSONAL DATA STORAGE AND DESTRUCTION POLICY

ARTICLE 1- PURPOSE

Personal data storage and destruction policy has been prepared to determine the procedures and principles regarding the work and transactions regarding the storage and destruction of personal data processed by Dentaforum Tedavi Hizmetleri Turizm Özel Sağlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi (Dentaforum).

ARTICLE 2- SCOPE

Personal data belonging to the company employees, job candidates, product and service buyers, potential product and service buyers, visitors, suppliers are within the scope of this policy.

This policy is applied to all recording environments where personal data owned or managed by the company is processed and activities related to personal data processing.

ARTICLE 3 – DEFINITIONS

Recipient group: The category of real or legal persons to whom personal data is transferred by the data controller.

Explicit consent: Consent based on information and expressed with free will regarding a specific subject

Anonymization: Making personal data in no way associable with an identified or identifiable real person, even when matched with other data

Employee: Company personnel

Electronic environment: Environments where personal data can be created, read, changed and written with electronic devices

Non-electronic environment: All written, printed, visual etc. outside of electronic environments. other environments

Service provider: A natural or legal person who provides services within the framework of a specific contract with the Company

Relevant person: A natural person whose personal data is processed

Relevant user: Persons who process personal data within the data controller organization or in accordance with the authorization and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of data

Destruction: Deletion, destruction or anonymization of personal data

Law: Law No. 6698 on the Protection of Personal Data

Recording medium: Any medium containing personal data processed by fully or partially automatic means or non-automatic means provided that it is part of any data recording system

Personal data: Any information related to an identified or identifiable natural person

Personal data processing inventory: Personal data processing activities carried out by data controllers in connection with their business processes; the inventory they create by relating the purposes and legal reason of processing personal data, data category, recipient group to which it is transferred and the data subject group and detailing the maximum retention period required for the purposes for which personal data is processed, personal data planned to be transferred to foreign countries and the measures taken regarding data security

Processing of personal data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, which is fully or partially automatic or non-automatic provided that it is part of any data recording system

Board: Personal Data Protection Board

Special personal data: Data regarding the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures of individuals, and biometric and genetic data

Periodic destruction: Data regarding the processing conditions of personal data specified in the law in case of complete disappearance, the process of deletion, destruction or anonymization specified in the personal data storage and destruction policy and carried out ex officio at recurring intervals

Policy: Personal Data Storage and Destruction Policy

Company: Dentaforum Tedavi Hizmetleri Turizm Özel Sağlık Hizmetleri Sanayi ve Ticaret Anonim Şirketi (Dentaforum)

Product and service recipient: Patient

Data processor: Natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller

Data recording system: Recording system in which personal data is structured and processed according to certain criteria

Data controller: Natural or legal person who determines the purposes and means of processing personal data, and is responsible for the establishment and management of the data recording system

Data controllers registry information system: Information system created and managed by the Presidency, accessible over the internet, to be used by data controllers in applying to the Registry and other relevant transactions related to the Registry

VERBİS: Data Controllers Registry Information System

Regulation: October 28 Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 2017

ER

All employees and units of the company provide full and active support to the responsible units regarding the legal acquisition, processing and storage of personal data. All employees and units support the responsible units in the implementation of administrative and technical measures taken within the scope of the policy, in the training of unit employees, in ensuring, increasing and monitoring the awareness of employees, in preventing unlawful access to personal data and in the legal storage of personal data.

The distribution of titles, units and job descriptions of those responsible for the storage and destruction of personal data is shown in ADDITIONAL TABLE: 1.

ARTICLE 5- RECORDING ENVIRONMENTS

Personal data is stored securely in accordance with the law by the company in the environments listed in ADDITIONAL TABLE: 2.

ARTICLE 6- LEGAL REASONS REQUIRING STORAGE

Personal data processed within the scope of the activities in the company are stored for the period stipulated in the relevant legislation and within the scope of the law and the relevant legislation. In this context, the reasons that require storage are as follows:

Storing personal data because it is directly related to the establishment and execution of contracts,

Storing personal data for the purpose of establishing, exercising or protecting a right

Storing personal data is mandatory for the legitimate interests of the company, provided that it does not harm the fundamental rights and freedoms of individuals

Storing personal data for the purpose of fulfilling any legal obligations of the company

The legislation clearly stipulates that personal data should be stored

Explicit consent of data owners is available for storage activities that require the explicit consent of data owners

ARTICLE 7 – PROCESSING PURPOSES REQUIRING STORAGE

The company may process the personal data of the relevant person or third parties specified by the relevant person for various purposes, including but not limited to the following:

Conducting Emergency Management Processes

Conducting Information Security Processes

Conducting the Selection and Placement Processes of Employee Candidates / Interns / Students

Application of Employee Candidates Execution of Processes

Execution of Employee Satisfaction and Loyalty Processes

Fulfillment of Employment Contract and Legislative Obligations for Employees

Execution of Side Rights and Benefits Processes for Employees

Execution of Audit / Ethics Activities

Execution of Training Activities

Execution of Access Authorizations

Execution of Activities in Accordance with Legislation

Execution of Finance and Accounting Affairs

Ensuring Physical Space Security

Execution of Assignment Processes

Follow-up and Execution of Legal Affairs

Execution of Internal Audit / Investigation / Intelligence Activities

Execution of Communication Activities

Planning of Human Resources Processes

Execution / Audit of Business Activities

Execution of Occupational Health / Safety Activities

Improvement of Business Processes Receiving and Evaluating Recommendations

Conducting Business Continuity Activities

Conducting Logistics Activities

Conducting Goods/Service Purchasing Processes

Conducting Goods/Service After-Sales Support Services

Conducting Goods/Service Sales Processes

Conducting Goods/Service Production and Operation Processes

Conducting Customer Relationship Management Processes

Conducting Activities for Customer Satisfaction

Organization and Event Management

Conducting Marketing Analysis Studies

Conducting Performance Evaluation Processes

Conducting Advertising/Campaign/Promotion Processes

Conducting Risk Management Processes

Conducting Storage and Archive Activities

Conducting Contract Processes

Conducting Strategic Planning Activities

Following Up Requests/Complaints

Protecting the Security of Movable Goods and Resources Provision

Execution of Supply Chain Management Processes

Execution of Wage Policy

Execution of Marketing Processes of Products/Services

Ensuring the Security of Data Controller Operations

Execution of Investment Processes

Execution of Talent/Career Development Activities

Provision of Information to Authorized Persons, Institutions and Organizations

Execution of Management Activities

Creation and Monitoring of Visitor Records

ARTICLE 8- LEGAL REASONS REQUIRING DESTRUCTION

Personal data shall be deleted or destroyed by the company upon the request of the relevant person or ex officio in the event of the existence of the following situations:

Changes or removal of relevant legislative provisions constituting the basis for processing personal data

Disappearance of the purpose requiring processing or storage of personal data

In cases where processing of personal data is carried out only based on the condition of explicit consent, the relevant person withdraws his/her explicit consent

Article 11 of the Law The data controller accepts the application made by the relevant person regarding the deletion and destruction of his/her personal data within the framework of his/her rights as per Article 1 of the Law

Person

ARTICLE 4- RESPONSIBILITY AND DUTY

Sohbete Başla
Merhaba?
Size Nasıl Yardımcı Olabilirim?