Cor Clinic

DOÇ. DR. PELİN ÖZTÜRK KİŞİSEL VERİLERİN KORUNMASI VE İŞLENMESİ POLİTİKASI İÇİNDEKİLER

 

  1. INTRODUCTION…………………………………………………………………………………………………………………………….. 1
  2. PURPOSE…………………………………………………………………………………………………………………………… 1
  3. SCOPE………………………………………………………………………………………………………………………… 1
  4. DEFINITIONS……………………………………………………………………………………………………………………… 2
  5. GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA………………………………………………………….. 3
  6. PROCESSING OF PERSONAL DATA…………………………………………………………………………………………….. 3
    • CONDITIONS OF PROCESSING PERSONAL DATA…………………………………………………………………………… 3
    • PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA…………………………………………………………………. 4
    • CATEGORISATION OF PERSONAL DATA PROCESSED BY OUR COMPANY…………………… 4
  7. ENSURING THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA…………………………………………….. 5
    • Technical Measures Taken to Ensure Lawful Processing of PERSONAL DATA and Prevent Unlawful Access……………………………………………………………………………………………. 6
    • Administrative Measures Taken to Ensure Lawful Processing of PERSONAL DATA and to Prevent Unlawful Access………………………………………………………………………………………………. 6
    • Measures to be taken in case of disclosure of PERSONAL DATA by unlawful means………………….. 6
  8. PURPOSES OF PROCESSING AND STORAGE PERIODS OF PERSONAL DATA………………………………………………… 6
    • Purposes of Processing PERSONAL DATA…………………………………………………………………………….. 6
    • Storage Periods of PERSONAL DATA…………………………………………………………………………….. 7
  9. DELETION, DESTRUCTION AND ANONYMISATION OF PERSONAL DATA……………………………… 7
    • Erasure and Destruction Techniques of Personal Data………………………………………………….. 7
      • Physical Destruction…………………………………………………………………………………….. 7
      • Secure Deletion/Destruction from Software…………………………………………………………….. 7
      • Secure Deletion/Destruction by Expert………………………………………………….. 7
    • Techniques for Organisation of Personal Data…………………………………………………….. 8
      • Masking…………………………………………………………………………………………………….. 8
      • Consolidation…………………………………………………………………………………………………… 8
      • Data Derivation…………………………………………………………………………………………………… 8
      • Data Hybrid………………………………………………………………………………………………………. 8
  1. THIRD PARTIES TO WHOM PERSONAL DATA ARE TRANSFERRED AND PURPOSES OF TRANSFER…………………………………. 8
    • Domestic Transfer of Personal Data…………………………………………………………………………… 8
    • Transfer of Personal Data Abroad…………………………………………………………………………… 9
    • Groups of Persons to whom Personal Data is Transferred by DOÇ. DR. PELİN ÖZTÜRK………………………. 9
  2. DISCLOSURE OBLIGATION OF OUR COMPANY……………………………………………………………………….. 9
  3. RIGHTS OF PERSONAL DATA OWNERS AND EXERCISE OF THESE RIGHTS………………………………………. 9
    • Right to Apply………………………………………………………………………………………………………… 10
    • Situations Excluded from the Scope of the Right of Application………………………………………………………. 10
    • Response Procedure………………………………………………………………………………………………… 10
  4. PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT WITHIN THE COMPANY AND ON THE WEBSITE

DATA PROCESSING PERFORMED ACTIVITIES…………………………………………………………………………………. 11

  • Realisation of Monitoring with Camera………………………………………………………………………… 11
  • Customer Entry – Exits Visiting the Company………………………………………………………………… 11
  • Website Visitors………………………………………………………………………………………. 11

1. INTRODUCTION

According to Article 20 of the Constitution of the Republic of Turkey (https://www.anayasa.gov.tr/ tr/mevzuat/anayasa/), everyone has the right to demand the protection of personal data related to themselves. This right includes being informed about personal data, accessing this data, requesting its correction or deletion, and learning whether it is used for its intended purposes. In the context of exercising this constitutional right, the protection of fundamental rights and freedoms of individuals in the processing of personal data and the obligations of natural and legal persons processing personal data are regulated by the Law on Protection of Personal Data No. 6698 (“KVKK”), which has been published and entered into force. DOÇ. DR. PELİN ÖZTÜRK (“DOÇ. DR. PELİN ÖZTÜRK”) takes the necessary care to comply with the KVKK and has made this a company policy with this Personal Data Protection and Processing Policy (“Policy”). The subject of the Policy is the protection of personal data belonging to Employees, Employee Candidates, Dealers, Suppliers, Contractors, Visitors, Employees of Collaborating Institutions, Customers, and Third Parties (Guarantor, Victim/Right Holder). The activities related to the protection of personal data of our employees are managed within the framework of the DOÇ. DR.
PELİN ÖZTÜRK Information Security Management System, discipline regulation, personnel open consent, personnel privacy procedures, and supplier privacy contracts.

2. PURPOSE

The purpose of this Policy is to provide explanations regarding the personal data processing activities carried out in compliance with the KVKK and the principles adopted for the protection of personal data by DOÇ. DR. PELİN ÖZTÜRK and to inform individuals, including Employee Candidates, Dealers, Suppliers, Contractors, Visitors, Employees of Collaborating Institutions, Customers, and Third Parties (Guarantor, Victim/Right Holder) whose personal data is processed by DOÇ. DR. PELİN ÖZTÜRK. The activities related to the protection of personal data of our employees are managed within the framework of the DOÇ. DR. PELİN ÖZTÜRK Information Security Management System, discipline regulation, personnel open consent, personnel privacy procedures, and supplier privacy contracts.

3. SCOPE

This Policy covers the principles and procedures regarding the processing and protection of personal data within DOÇ. DR. PELİN ÖZTÜRK.

Employee CandidatesNatural persons who make their CV and related information accessible to DOÇ. DR. PELİN ÖZTÜRK by making a job application to DOÇ. DR. PELİN ÖZTÜRK or by any other means
Employees of the Institutions We Collaborate with

Employees of organisations in business relationship with DOÇ. DR. PELİN ÖZTÜRK

Dealer

DOÇ. DR. PELİN ÖZTÜRK, are engaged in the profession of mediating the sale of products on behalf and account of DOÇ. DR. PELİN ÖZTÜRK on a permanent basis in a certain place or region, carry out preparatory work before the conclusion of the contract and assist in the implementation of the contract
SuppliersDOÇ. DR. PELİN ÖZTÜRK or legal and real persons (within the scope of Supplier Confidentiality Agreements) in whose dealers the planned purchases will be made.
ContractorsDOÇ. DR. PELİN ÖZTÜRK or legal and real persons who undertake to perform a construction or commercial work on behalf of DOÇ. DR. PELİN ÖZTÜRK or its dealers.

Customers

Natural persons whose personal data are obtained as a result of business relations within the scope of the activities carried out by DOÇ. DR. PELİN ÖZTÜRK, whether or not there is a contractual relationship.
VisitorsNatural persons who have entered the physical facilities of DOÇ. DR. PELİN ÖZTÜRK for various purposes or who visit the websites

Third Parties

Other natural persons, including but not limited to suppliers, guarantors, victims/right holders, family members, etc., whose personal data are processed within the framework of this Policy, although not defined in the Policy

4. DEFINITIONS

The definitions used in this Policy are given below:

Personal Data

Any information related to an identified or identifiable natural person.

Processing of Personal Data:

Any operation performed on personal data, such as collection, recording, storage, retention, alteration, reorganization, disclosure, transferring, taking over, making retrievable, classification, or preventing the use thereof, fully or partially, automatically or non-automatically, by wholly or partly non-automatic means provided that the process is a part of any data recording system.

Data Subject:

The natural person whose personal data is processed.

Special Categories of Personal Data:

Personal data revealing race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance and dressing, membership of associations, foundations, or trade unions, data regarding health, sex life, criminal convictions and security measures, and biometric and genetic data.

Explicit Consent:

Consent on a specific subject, based on information, and expressed with free will.

Employee Candidate:

Individuals who apply for a job within the Company.

Supplier:

Natural or legal persons that supply goods or services to the Company.

Contractor:

Natural or legal persons that undertake and perform works and services within the scope of a contract concluded with the Company.

Visitor:

Individuals who visit the Company’s premises for various reasons.

Collaborating Institution:

Institutions and organizations that cooperate with the Company.

Customer:Individuals who purchase products or services from the Company.

Third Party (Guarantor, Victim/Right Holder):

Individuals who are not directly related to
the Company’s operations but may be affected by its activities or have a legal relationship.
TCKTurkish Penal Code No. 5237
Data ProcessorA natural or legal person who processes personal data on behalf of the data controller based on the authorisation granted by the data controller
Personal data subjectThe natural person whose personal data is processed, who is considered as “data subject” in the KVK Law
Personal Data Owner Application FormDOÇ. DR. PELİN ÖZTÜRK the application form to be used by the personal data owners whose personal data are processed within DOÇ. DR. PELİN ÖZTÜRK when using their applications regarding their rights described in Article 11 of the KVK Law
Deletion of Personal DataDeletion of personal data is the process of making personal data inaccessible and non-reusable in any way for the users concerned.
Destruction of Personal DataDestruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Anonymisation of Personal DataAnonymisation of personal data means making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if the personal data is matched with other data
Data ControllerThe natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system
VisitorASSOCIATE PROF. DR. Real persons who have accessed PELİN ÖZTÜRK’s physical devices through various processes or visited her websites
Data Controllers RegistryRegistry of data controllers kept by the Personal Data Protection Board

Data Inventory

Inventory that DOÇ. DR. PELİN ÖZTÜRK creates and details the personal data processing activities that DOÇ. DR. PELİN ÖZTÜRK carries out depending on the business processes by associating them with the purposes of personal data processing, the recipient group to which personal data is transferred and the relevant personal data owner group

5. GENERAL PRINCIPLES OF PROCESSING OF PERSONAL DATA

The processing of personal data within DOÇ. DR. PELİN ÖZTÜRK is carried out in accordance with the principles set out in the KVKK and other relevant legislation. These principles are as follows:

* Lawfulness and fairness:

Personal data is processed lawfully and fairly.

* Accuracy and up-to-date:

Personal data is accurate and, if necessary, up-to-date.

* Processing for specific, explicit, and legitimate purposes:

Personal data is processed for specific, explicit, and legitimate purposes.

* Relevance, limited, and proportionality:

Processing is limited to the purpose for which personal data is collected, relevant, and proportionate.

* Retention for the period stipulated by the legislation or required for the purpose:

Personal data is retained for the period stipulated by the legislation or required for the purpose for which it was processed.

6. PROCESSING OF PERSONAL DATA

Personal data within DOÇ. DR. PELİN ÖZTÜRK is processed by following the principles set out in the KVKK and other relevant legislation.

7. CONDITIONS FOR PROCESSING OF PERSONAL DATA

The processing of personal data within DOÇ. DR. PELİN ÖZTÜRK is subject to specific conditions as defined by the KVKK. These conditions include obtaining the explicit consent of the data subject, processing for the fulfillment of legal obligations, processing for the establishment, exercise, or protection of a right, processing for legitimate interests, and processing of data that is made public by the data subject.

8. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

Special categories of personal data, as defined by the KVKK, may only be processed under specific conditions. These conditions include obtaining explicit consent from the data subject, processing for the fulfillment of legal obligations, processing for the protection of vital interests, processing by authorized institutions and organizations, processing by foundations, associations, or non-profit organizations with a legitimate purpose, and processing with the data subject’s public disclosure.

9. CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY

DOÇ. DR. PELİN ÖZTÜRK categorizes the personal data processed by the company. This categorization helps in managing and protecting personal data more effectively.10. KİŞİSEL VERİLERİN AKTARILDIĞI ÜÇÜNCÜ KİŞİLER VE AKTARIM AMAÇLARI Kişisel veri aktarımlarında uygulanacak usul ve esaslar KVKK Kanunu’nun 8. ve 9. maddelerinde düzenlenmiştir. DOÇ. DR. PELİN ÖZTÜRK’ e sunmuş olduğu hizmetlerin yerine getirilmesi amacıyla, kişisel veriler, İş Kanunu, İş Sağlığı ve Güvenliği Kanunu, 6502 sayılı Tüketicinin Korunması Hakkında Kanun ve bu sayılan kanunlara ilişkin sair yönetmelikler, denetleyici ve düzenleyici kurum ve kuruluşların düzenlemeleri ile kamu otoritelerinin zorunlu kıldığı haller dahil olmak fakat bunlarla sınırlı olmamak üzere) hükümleri çerçevesinde işlenmekte, gerçek kişiler veya özel hukuk tüzel kişilerine, iş ortaklarımıza, iştirakler ve bağlı ortaklıklarımıza, bilişim teknolojileri desteği aldığımız kuruluşlara ve yetkili kamu kurum ve kişilerine aktarılabilecektir.

Kişisel verilerin, KVKK Kanunu’nda belirtilen istisna haller hariç olmak üzere kişisel veri sahibinin açık rızası olmaksızın aktarılması mümkün değildir.

10.SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

Ensuring the security and confidentiality of personal data is a priority for DOÇ. DR. PELİN ÖZTÜRK. Technical measures, administrative measures, and procedures are implemented to achieve this goal.

11. TECHNICAL MEASURES FOR ENSURING THE LAWFUL PROCESSING AND PREVENTING UNAUTHORIZED ACCESS TO PERSONAL DATA

Technical measures are implemented to ensure the lawful processing of personal data and prevent unauthorized access. These measures include encryption, access controls, secure coding practices, and regular security assessments.

12. ADMINISTRATIVE MEASURES FOR ENSURING THE LAWFUL PROCESSING AND
PREVENTING UNAUTHORIZED ACCESS TO PERSONAL DATA

Administrative measures are in place to ensure the lawful processing of personal data and prevent unauthorized access. These measures include employee training, access authorization procedures, and regular audits.

13. ACTIONS TO BE TAKEN IN CASE OF UNLAWFUL DISCLOSURE OF PERSONAL DATA

In the event of the unlawful disclosure of personal data, specific actions are defined to address and mitigate the consequences of such incidents. These actions may include notifying the relevant authorities and affected data subjects, conducting an internal investigation, and implementing corrective measures.

14. PURPOSES OF PROCESSING PERSONAL DATA AND STORAGE PERIODS

The purposes for which personal data is processed and the corresponding storage periods are defined by DOÇ. DR. PELİN ÖZTÜRK. It is ensured that personal data is not retained longer than necessary for the purposes for which it was processed.

15. METHODS OF DELETING, DESTROYING, AND ANONYMIZING PERSONAL DATA

Various methods are employed to delete, destroy, or anonymize personal data, including physical destruction, secure software deletion, and expert-led secure deletion. These methods are applied in accordance with the nature of the data and the requirements of the KVKK.

16. TECHNIQUES FOR ANONYMIZING PERSONAL DATA

To anonymize personal data, techniques such as masking, aggregation, data derivation, and data mixing are used. These techniques help in transforming personal data into a form that does not identify individuals.

17. TRANSFER OF PERSONAL DATA TO THIRD PARTIES AND PURPOSES OF TRANSFER

The transfer of personal data to third parties, whether domestically or internationally, is defined by DOÇ. DR. PELİN ÖZTÜRK. The purposes of such transfers are specified, and precautions are taken to ensure the security and lawfulness of the transfer.

18. TRANSFER OF PERSONAL DATA WITHIN THE COUNTRY

DOÇ. DR. PELİN ÖZTÜRK outlines the procedures and conditions for the transfer of personal data within the country. This ensures that such transfers comply with the KVKK and other relevant regulations.

19. TRANSFER OF PERSONAL DATA ABROAD

The transfer of personal data abroad is regulated by DOÇ. DR. PELİN ÖZTÜRK, considering the principles of the KVKK. Necessary precautions are taken to ensure the security and lawfulness of such international transfers.

20. GROUPS OF INDIVIDUALS TO WHOM PERSONAL DATA IS TRANSFERRED BY DOÇ. DR. PELİN ÖZTÜRK

Specific groups of individuals to whom personal data is transferred by DOÇ. DR. PELİN ÖZTÜRK are identified. These transfers are conducted in accordance with the purposes defined and the principles of the KVKK.

21. COMPANY’S OBLIGATION TO INFORM

DOÇ. DR. PELİN ÖZTÜRK acknowledges the obligation to inform individuals whose personal data is processed by the company. Information is provided transparently, and individuals are informed about the processing of their personal data.

22. RIGHTS OF PERSONAL DATA SUBJECTS AND EXERCISE OF THESE RIGHTS

Individuals have specific rights regarding their personal data, as outlined in the KVKK. DOÇ. DR. PELİN ÖZTÜRK ensures that these rights are respected and provides procedures for individuals to exercise their rights.

23. RIGHT TO APPLY

Individuals have the right to apply to DOÇ. DR. PELİN ÖZTÜRK regarding the processing of their personal data. The procedures for making such applications are defined.

24. EXCEPTIONS TO THE SCOPE OF THE RIGHT TO APPLY

Certain situations are outlined where the right to apply does not apply. These exceptions are specified to provide clarity and ensure that the right to apply is exercised within its intended scope.

25. PROCEDURE FOR RESPONDING TO APPLICATIONS

DOÇ. DR. PELİN ÖZTÜRK defines the procedures for responding to applications from individuals regarding their personal data. These procedures include verification of the identity of the applicant and providing a response within the required timeframe.

26. PERSONAL DATA PROCESSING ACTIVITIES WITHIN THE COMPANY AND ON THE COMPANY’S WEBSITE

Various personal data processing activities are conducted within the company, including monitoring through cameras, tracking customer entries and exits, and processing data on the company’s website.

27. MONITORING THROUGH CAMERAS

The use of cameras for monitoring purposes within the company is explained. This includes the purpose of monitoring, the areas covered, and the precautions taken to respect the privacy of individuals.

28. CUSTOMER ENTRIES AND EXITS TO THE COMPANY

The tracking of customer entries and exits to the company is outlined. This may involve the collection and processing of personal data for security and operational purposes.

29. VISITORS TO THE COMPANY’S WEBSITE

The processing of personal data related to visitors on the company’s website is explained. This includes the collection of data through cookies or other tracking technologies.