Let Us Call You

PERSONAL DATA and SPECIAL PERSONAL DATA STORAGE and DESTRUCTION POLICY

Kurumsal

PERSONAL DATA and SPECIAL PERSONAL DATA STORAGE and DESTRUCTION POLICY

PERSONAL DATA and SPECIAL PERSONAL DATA STORAGE and DESTRUCTION POLICY

PERSONAL DATA and SPECIAL PERSONAL DATA STORAGE and DESTRUCTION POLICY
1.entry
1.1 Purpose
The Personal Data Storage and Destruction Policy (the “Policy”) has been prepared in order to determine the procedures and principles regarding the works and transactions related to the storage and destruction activities carried out by “Abdullah Ünal Clinik” (the “Institution”).
The Institution; T of the personal data belonging to the institution's employees, employee candidates, patients, suppliers, service providers, visitors and other third parties.C. The Constitution, international conventions, the Law on the Protection of Personal Data numbered 6698 (the “Law”) and other relevant legislation have determined as a priority the processing of Personal Data in accordance with and ensuring the effective use of the rights of the persons concerned. The works and operations related to the storage and destruction of personal data are carried out in accordance with the Policy prepared by the Institution in this direction.
1.2 Scope
Personal data belonging to corporate employees, employee candidates, patients, suppliers, service providers, visitors and other third parties are within the scope of this Policy and this Policy is applied to all recording environments and personal data processing activities owned or managed by the Institution in which personal data are processed.
1.3 Abbreviations and Definitions
Recipient Group : The category of natural or legal person to whom personal data is transferred by the data controller.
Explicit Consent : Consent related to a specific topic, based on information and explained by free will.
Anonymization : Making personal data that cannot be associated with an identified or identifiable real person under any circumstances, even by matching it with other data.
Employee : The staff of the institution ”Abdullah Ünal Clinik".
Patient : a person who receives health, medical treatment services from ”Abdullah Ünal".
Electronic Environment: Environments where personal data can be created, read, modified and written with electronic devices.
Non-Electronic Media : All written, printed, visual, etc. that are outside the electronic media. other environments.
Service Provider : A natural or legal person who provides services within the framework of a specific contract with the Personal Data Protection Authority.
Contact Person : The real person whose personal data is processed.
Related User: Persons who process personal data within the data controller organization or in accordance with the authority and instructions received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of data.
Destruction : Deletion, destruction or anonymization of personal data.
Law : Law No. 6698 on the Protection of Personal Data.
Recording Environment: Any environment in which personal data is processed by means of fully or partially automatic or non-automatic means, provided that it is part of any data recording system.
Personal Data : Any kind of information related to an identified or identifiable real person.
Personal Data Processing Inventory: An inventory in which data controllers detail the personal data processing activities they perform depending on their business processes; the purposes and legal reason for processing personal data, the data category, the transferred recipient group and the data subject group, explaining the maximum retention period required for the purposes for which personal data are processed, the personal data envisaged for transfer to foreign countries and the measures taken for data security.
Processing of Personal Data: All kinds of operations performed on data such as obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, inheriting, making available, classifying or preventing the use of personal data by means that are fully or partially automatic or non-automatic, provided that they are part of any data recording system.
Special Categories of Personal Data: Race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs of persons, clothing and clothing, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures related data, as well as biometric and genetic data.
December Destruction: In case of the elimination of all the conditions of processing of personal data contained in the law, the process of erasure, destruction or anonymization of personal data will be carried out on your own at recurring intervals specified in the policy of storage and destruction.
Policy : Personal Data Storage and Destruction Policy
Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Data Recording System: A recording system in which personal data is processed by being structured according to certain criteria.
Data Controller: The natural or legal person responsible for the establishment and management of the data recording system, who determines the purposes and means of processing personal data.
Data Controllers Registry Information System: An information system that data controllers will use to apply to the Registry and other related transactions related to the Registry, accessible via the Internet, created and managed by the Presidency.
VERBIS : Data Controllers Registry Information System
Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.
2.DISTRIBUTION OF RESPONSIBILITIES AND DUTIES
All units and employees of the institution actively support the responsible units in the proper implementation of the technical and administrative measures taken by the responsible units within the scope of the Policy, increasing the training and awareness of unit employees, monitoring and continuous supervision, and taking technical and administrative measures to ensure data security in all environments where personal data are processed in order to prevent illegal processing of personal data, prevent illegal access to personal data, and ensure legal storage of personal data. The distribution of the titles, units and job descriptions of those involved in the storage and destruction of personal data is given in Table 1.
Table 1: Storage and disposal processes task distribution
TITLE DUTY
The Data Manager is responsible for ensuring that employees act in accordance with the policy.
The Data Manager is responsible for the preparation, development, execution, publication and updating of the Policy in the relevant environments, as well as its cancellation and storage by the decision of the Institution.
The Data Security Officer is responsible for providing the technical solutions needed for the implementation of the Policy.
Other Units are responsible for the execution of the Policy in accordance with their duties and the tasks defined by the internal directive
3.RECORDING MEDIA
Personal data is stored securely by the Institution in accordance with the law in the environments listed below.
Table 2: Personal data storage environments
Electronic Environments Non-Electronic Environments
Servers (Domain, backup, e-mail, database, web, file sharing, etc.)Software (office software, portal, EBYS, VERBIS.)Information security devices (firewall, intrusion detection and prevention, log log file, antivirus, etc. )Personal computers (Desktop, laptop)Mobile devices (phone, tablet, etc.)Optical discs (CD, DVD, etc.)Removable memories (USB, Memory Card, etc.)Printer, scanner, copier PaperManuel data recording systems (survey forms, visitor logbook) Written, printed, visual media
4.EXPLANATIONS RELATED TO STORAGE AND DISPOSAL
Personal data belonging to employees of employees, employee candidates, patients, suppliers, visitors and employees of third parties, institutions or organizations that are in a relationship as a service provider are stored and destroyed by the institution in accordance with the Law. In this context, detailed explanations related to storage and disposal are given below, respectively.
4.1 Explanations Related to Storage
The concept of processing of personal data is defined in article 3 of the Law, it is stated in article 4 that the personal data processed must be related, limited and measured for the purposes for which they are processed and must be stored for the period required for the purpose stipulated in the relevant legislation or processed, and the conditions for processing personal data are listed in articles 5 and 6. Accordingly, within the framework of the activities of our Institution, personal data is stored for the period stipulated in the relevant legislation or in accordance with our processing purposes.
4.1.1 Legal Reasons Requiring Retention
The personal data processed in the institution within the framework of its activities are kept for the period stipulated in the relevant legislation. In this context, personal data;
• Personal Data Protection Law No. 6698,
* Law No. 5651,
• Turkish Code of Obligations No. 6098,
• Turkish Commercial Code No. 4721,
* Law No. 6563
* Regulation on Private Health Insurance and related legislation
* Patient Rights Regulation and related legislation
* Deontology Regulation,
• Social Insurance and General Health Insurance Law No. 5510, insurance legislation
• Occupational Health and Safety Law No. 6331,
• Information Acquisition Law No. 4982,
* Law No. 3071 on the Exercise of the Right of Petition,
* Labor Law No. 4857,
* Retiree Health Law No. 5434,
• Social Services Law No. 2828
* Regulation on Health and Safety Measures to be Taken in Workplace Buildings and Annexes,
* Regulation on Archive Services
• It is stored for the period of storage stipulated within the framework of other secondary regulations in force in accordance with these laws.
4.1.2 Processing Purposes Requiring Storage
The institution stores the personal data it processes within the framework of its activities for the following purposes.
* Performance of health service
* Billing operations
* To carry out human resources processes.
* To provide corporate communication.
• Corporate security and supervision,
* Ensuring data security,
* To ensure the physical security of the institution's interior,
* Staff training,
• To be able to perform works and transactions as a result of signed contracts and protocols.