Welcome to Private Clinic Aydın Oral and Dental Health Polyclinic Web Site
PDPP Policy and Clarification Text
KlinikAydin Medical Health Services Industry and Trade Co. Ltd.
PROCESSING AND PROTECTION OF PERSONAL DATA POLICY
1. PURPOSE AND SCOPE
As KlinikAydin Medical Health Services Industry and Trade and Co. Ltd. (will be indicated as Company/Clinic/Employer below) at the address "Yedi Eylül Mah. İzmir Bulvarı No:31/15 Efeler-AYDIN,
In accordance with the Law No. 6698 on Protection of Personal Data, which is regulated as a constitutional right; while carrying out our activities, we care about the protection of personal data of all real persons we come into contact with in any way, and to fulfill the requirements of the PDPP in this context.
This Personal Data Protection Policy; has been prepared to inform you about the processes related to collection, use, sharing and storage of personal data, by the KlinikAydin Medical Health Services
Industry and Trade and Co. which resides at Yedi Eylül Mah. İzmir Bulvarı No:31/15 Efeler-AYDIN. In the practise of processing and protecting personal data; the provisions of the relevant legislation
will be applied as a priority.
In this context, the main purpose of this Personal Data Protection and Processing Policy (“Policy”) is; to reveal the rules, measures, duties and responsibilities within the scope of the personal data protection legislation adopted by our company with a methodological approach and to ensure transparency in the measures we apply for the protection of personal data.
2. DEFINITIONS AND ABBREVIATIONS
The terms used in the application of this Policy have the meanings given below.
Employees: Refers to the employees of our company.
Contact Person: It is the person responsible for following the personal data processing activities within our company and the implementation of the PDP Policies and Procedures on an individual
Personal Data: It means all kinds of information related to an identified or identifiable real person.
For example; name, surname, address, telephone number, date of birth, place of birth, eye color, identification number.
Personal Data Owner: The real person whose personal data is processed. For example; employee, visitor, patient, customer,
Processing of Personal Data: All kinds of operations performed on personal data, which are fully or partially automated or non-automatic, provided that they are part of any data recording system.
For example; obtain, save, store, change, transfer.
PDP Law: Refers to the Law No. 6698 on Protection of Personal Data.
3. PRINCIPLES OF PROCESSING PERSONAL DATA
Our company processes personal data in accordance with the procedures and principles stipulated in the PDPP and other laws.
The following principles are complied with in the processing of personal data:
a) Compliance with the law and honesty rules:
Our company processes personal data in accordance with the provisions of the legal regulations, the law and the rules of honesty. It informs the personal data owners.
b) Being accurate and up-to-date when necessary:
Our company takes the necessary measures to ensure that the personal data it processes is accurate and up-to-date.
c) Processing for specific, explicit and legitimate purposes:
Our company clearly and precisely determines the purpose of processing personal data, which is legitimate and lawful. Our company processes personal data in connection with the service it
provides and as much as is necessary for them.
ç) Being connected, limited and proportional to the purpose for which they are processed:
Our company processes personal data for the purposes determined within the scope of the service it provides, and avoids receiving, processing and storing personal data that is not necessary for the
d) Preservation for the period required by the relevant legislation or for the purpose for which they are processed:
Our company stores personal data in accordance with the provisions of the legal legislation. At the end of the period, personal data is deleted, anonymized or destroyed.
PERSONAL DATA PROCESSING CONDITIONS:
While processing personal data, our company complies with the following conditions in line with the provisions of the PDPP No. 6698:
(1) Personal data cannot be processed without the consent of the
Personal data is only processed with the consent of the data owner/relevant person. In this direction, patients are informed about the subject and their full consent is obtained with their free will.
(2) In case of existence of one of the following conditions, it is possible to process personal data without seeking the consent of the data subject:
a) It is clearly stipulated in the laws.
b) It is compulsory for the protection of life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not given legal
c) It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the conclusion or performance of a contract.
ç) It is mandatory for the data controller to fulfill its legal obligation.
d) The data has been made public by the person concerned.
e) Data processing is mandatory for the establishment, exercise or protection of a right.
f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
PROCESSING CONDITIONS OF SPECIAL QUALITY PERSONAL DATA
Our company complies with the regulations specified in the PDPP No. 6698 in the processing of special quality personal data.
PDPP “ARTICLE 6- (1) Regarding the race, ethnic origin, political thought, philosophical belief, religion or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, data concerning criminal conviction and security measures and biometric and genetic data are defined as “special quality personal data”.
Our company processes special quality personal data with the consent of the person concerned, personal data other than health and sexual life are processed without seeking the consent of the
person concerned, in cases stipulated by the laws, personal data related to health and sexual life are processed without seeking the explicit consent of the person concerned, for the purpose of
protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of keeping confidentiality.
METHODS OF COLLECTING AND PROCESSING PERSONAL DATA
In accordance with Articles 4, 5 and 6 of the Law on the Protection of Personal Data, and based on the Personal Data Processing Inventory, which is regulated within the scope of Articles 5, 7, 9 and 10 of the Regulation and contain the information below, processes personal
data of individuals.
1- Data category
2- Personal data processing purposes and legal reason
3- Transferred recipient/recipient groups
4- Data subject groups
5- The maximum storage period required for the purposes for whichpersonal data is processed
6- Transfer to foreign countries
7- Administrative and technical measures taken regarding data
THIRD PARTIES TO WHICH PERSONAL DATA IS TRANSFERRED BY OUR
COMPANY AND THE PURPOSE OF THE TRANSFER
Regarding the sharing of personal data with third parties by our company, provided that it complies with the provisions of other laws, we carefully comply with the conditions regulated in PDPP. In this context, personal data is not transferred to third parties by our
company, KlinikAydin Medical Health Services Industry and Trade Co.Ltd., without the consent of the data owner. However, in the presence of one of the following conditions regulated by PDPP,
personal data may be transferred by our Company without obtaining the consent of the data owner:
• It is clearly stipulated in the laws,
• It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized,
• It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the conclusion or performance of a contract,
• It is mandatory for the data controller to fulfill its legal obligation,
• It has been made public by the data owner himself,
• Data processing is mandatory for the establishment, exercise or
protection of a right,
• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.
Provided that adequate precautions are taken; stipulated in the laws in terms of special quality personal data other than health and sexual life, and in terms of special quality personal data related to health and sexual life,
• Protection of public health,
• Preventive medicine,
• Medical diagnosis,
• Carrying out treatment and care services,
• Your personal data may be transferred without obtaining consent for purposes such as planning and management of health services and financing. In the transfer of special quality personal data, the conditions specified in the processing conditions of this data are complied with.
STORAGE OF PERSONAL DATA UNDER RELATED LEGISLATION
Our company keeps personal data securely in physical or electronic environment for an appropriate period of time in order for our company KlinikAydin Medical Health Services Industry and Trade CO. Ltd. to carry out its activities in accordance with the provisions of the
PDPP and other relevant laws. First of all, it examines whether there is a period for the storage of personal data and acts in accordance with this period. In the absence of a legal period, the required period is determined and personal data is stored in accordance with this
period. When the period expires, personal data is deleted, destroyed and anonymized.
However, in cases where the data controller has a legitimate interest, personal data may be kept until the expiration of the general statute of limitations (ten years) regulated in the Code of Obligations, provided that it does not harm the fundamental rights and freedoms
of the data subjects, despite the expiration of the purpose of processing and the periods specified in the relevant laws.
In this context, our clinic provides the necessary training to the relevant units within and provides awareness.
MEASURES TAKEN FOR DATA SECURITY
KlinikAydin Medical Health Services Industry and Trade Co. Ltd. takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data.
12 (1) of PDPP. The measures envisaged in the article are as follows:
• To prevent the unlawful processing of personal data,
• To prevent unlawful access to personal data,
• To ensure the protection of personal data.
The measures taken by our company in this context are listed below:
• Our company performs the necessary audits in order to ensure the implementation of the provisions of the Law.
• In case the processed personal data is obtained by others illegally, our Company notifies the relevant person and the Board as soon as possible.
• Regarding the sharing of personal data, it signs a framework agreement with the persons to whom the personal data is shared or provides data security with the provisions it will add to the
• Employs knowledgeable and experienced personnel about the processing of personal data and provides necessary PDP training to its personnel.
• Our company employs knowledgeable and experienced people to ensure data security and provides necessary PDP training to its personnel.
• Performs necessary internal controls within the scope of established systems.
• It ensures the provision of the technical infrastructure to prevent and/or monitor the leakage of personal data outside the institution and the creation of relevant matrices.
PDPP of PERSONAL DATA OWNERS 11. RIGHTS ACCORDING TO
Within the framework of Article 11 of the Law on the Protection of Personal Data No. 6698 (PDPP), personal data owners may apply to the address of our Company for;
a-Learning whether personal data is processed,
b- If personal data has been processed, requesting information about
c- Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
ç- Knowing the third parties to whom personal data is transferred in the country or abroad,
d-Requesting correction of personal data if it is incomplete or incorrectly processed,
e- Requesting the deletion or destruction of personal data in accordance with the provisions of PDPP and other relevant legislation,
f- In case of correction, deletion or destruction of your personal data, requesting the notification of these transactions to the third parties to whom the personal data has been transferred,
g- Objecting to this result if a result arises against you by analyzing your processed personal data exclusively through automated systems,
ğ- The right to demand the compensation of the damage, in case you suffer damage due to unlawful processing of personal data.
PROCESSING OF PERSONAL DATA CLARIFICATION TEXT
Private Clinic Aydın Oral and Dental Health Polyclinic Established on January 2 2019 in Aydın, Private Clinic Aydın Oral and Dental Health Polyclinic, provides treatments such as Implant, Root Canal Treatment, Filling, Veneers, Bleaching, Gingival Treatment, Extraction of Impacted Wisdom Teeth, Caries Treatment, Orthodontic Treatment, Temporomandibular Diseases, etc.
As KlinikAydin Medical Health Services Industry and Trade and Co. Ltd. (will be indicated as Practice/Company/Clinic/Employer below) at the address "Yedi Eylül Mah. İzmir Bulvarı No:31/15 Efeler-AYDIN", as Data Controller we inform you about our mutual rights and obligations within the scope of the Law No. 6698 on Protection of Personal Data; that your personal information may be recorded, stored, updated, disclosed to third parties, transferred, classified and processed in the ways listed in the PDPP when permitted by the legislation, while carrying out our activities, we care about the protection of personal data of all real persons we come into contact with in any way, and to fulfill the requirements of the PDPP in this context.
We let you know that within the scope of legal legislation, in order to establish a physician-patient relationship and to provide you with health services (diagnosis, treatment, care services, etc.) in line with patient benefit and public health, we will save and process your personal information and keep it in our archives.
Within the scope of "Private Hospitals Law, Private Hospitals Regulation, Health Practice Communiqué, Patient Rights Regulation and other legislation", as our company, we declare that we are obliged to save all records and documents such as but not limited to identity, address, phone number, medical history and all other necessary information to identify the patient treated; classify all records and documents to be in the medical patient file that will be the basis of the transaction in electronic or paper form. We inform you that your personal data will be shared with the relevant authorities and persons, for the purpose of public health and preventive medicine services, if requested by the persons appointed by the competent authorities or within the scope of e-Nabız and similar systems established, or within the scope of our notification and/or reporting obligation imposed on us such as but not limited to The Ministry of Health of the Republic of Turkey, Provincial Health Directorates, Public Health Centers and other units affiliated to the
Ministry of Health, Social Security Institution and private health insurance - if you use your private health insurance.
PURPOSE AND LEGAL REASONS FOR PROCESSING PERSONAL DATA
Establishing and performing the physician-patient relationship and fulfilling the provisions of the contract, using it in the services we can offer you; to record the identity, address, tax number and other necessary information, including personal health data, in order to identify the information of the patient/proxy; to organize all records and documents that will be the basis for the transaction in electronic (internet/mobile etc.) or paper media; to comply with the data collecting, reporting and information obligations stipulated by the legislation, authorized institutions and other authorities; to increase the quality of service with marketing and statistical activities, to offer the requested / other products / services. Special quality personal data is processed due to communication, information and similar processes within the contractual relationship.
We process your personal data such as but not limited to your blood type, laboratory and imaging results, tests, allergies, chronic diseases, venereal diseases, infectious diseases, data on previous
surgeries/operations, medications you constantly use, information on Covid-19 disease, medical treatments, prescription information, your harmful habits, body analysis and scale information, and other health data necessary for the treatment and applications to be applied to you; to be able to create a patient file, to carry out preventive medicine, examination, medical diagnosis, treatment and care services, to carry out your checks after medical diagnosis and treatment processes, to manage complications that may occur, to communicate with you one-on-one, to manage appointment processes, to perform patient satisfaction and demand management, to be able to fulfill contractual obligations, to keep the information about your health data, which must be kept in accordance with the relevant legislation, within the specified periods, to receive consultation services from other relevant specialist physicians when necessary in order to carry out your treatment correctly, to fulfill legal obligations in accordance with the legislation within the scope
of health tourism, to be able to plan the transfer, accommodation, interpreter services of the clients, to announce the innovations regarding the medical treatment and practices, to be able to inform the third persons, to plan and manage health services and financing, to ensure workplace safety, to fulfill the responsibilities arising from the legal relationship established between the doctor and the patient, to fulfill financial and administrative obligations, to provide technical and commercial security and to fulfill public obligations.
Other scopes in which your personal data can be processed are as follows: hr operations, internal operations, activities with legal, technical and administrative consequences, strategy, planning and
business partners/supplier, customer management, planning and execution of corporate communication activities, events, planning of in-company training programs and execution, company workplace safety, protection of worker and occupational health and safety, performance of after-sales services, execution of technical service services, fulfillment of dealership agreements, realization of collection transactions, to customers; providing various advantages through product-service promotion, information, personalized advertising, campaigns and other benefits, sending commercial electronic messages, surveys and tele-sales applications, statistical analysis, carrying out studies to improve service quality and providing better service, invoice for our services issuance of services from external sources, providing services to customers in areas that are
not in their area of expertise and providing technology services to customers, benefiting from company activities due to company activities, confirmation of identity, answering questions and
complaints, taking necessary technical and administrative measures within the scope of data security obtaining financial agreement with relevant business partners and other third parties regarding the products and services provided, obtaining necessary information in line with the requests and inspections of regulatory and supervisory institutions and official authorities, storing in accordance with the relevant legislation preserving the information about the required data, ensuring the control of the consistency of the information, measuring the customer satisfaction, in terms of employees; creation of the personnel file, determination of whether it is capable of constantly fulfilling the requirements of the job, making private health insurance, creating a health file, taking occupational safety measures, making travel plans. for employee candidates: managing
and planning the process of evaluating suitability for vacant positions, publishing the visual and audio data of the company and itsemployees, their stands, obtained in competitions, organizations,
fairs, work and other activities within the scope of its field of activity, for the purpose of developing and sharing the business, harmonizing the operation and policies of the dealers in the dealer chain, fulfilling legal obligations execution of the company's financial reporting and risk management transactions, execution / follow-up of legal affairs, creation and follow-up of visitor records, planning and execution of internet, common network, computer usage in accordance with the law, planning and execution of company fair, activity, social projects, product and corporate promotion. The aforementioned purposes are for informational purposes only, and further updates will be announced by us so that the Company can carry out its future operational activities.
5/2 of PDPP states the exceptions that make it possible to process personal data in accordance with the law. In this respect, apart from consent, the company may also process personal data in the
presence of one of the other conditions (exceptions) listed below. The basis of the personal data processing activity can be only one of the conditions stated below, or more than one of these conditions can be the basis of the same personal data processing activity.
These are: explicitly established in the laws, obligation to process the personal data of the person who is unable to express his or her consent due to actual impossibility or whose consent cannot be validated, in order to protect the life or bodily integrity of himself or another person, being directly related to the establishment or performance of the contract, fulfilling the legal obligation of the
company. These are the cases where data processing is obligatory for the establishment or protection of a right, data processing is obligatory for the legitimate benefit of the Clinic, provided that it does not harm the fundamental rights and freedoms of the data owner.
PERSONS/ENTERPRISES THAT PERSONAL DATA MAY BE TRANSFERRED:
Persons permitted by the provisions of the legal legislation are public institutions and organizations and private public institutions and organizations. Special quality personal data, on the other hand, can be transferred to domestic and foreign parties, from which we receive services, to carry out activities that are subject to the purposes specified in the legislation to which we are subject and
which are secured by confidentiality agreements. Personal and special quality data; is stored in a secure environment that is not open to public use and is never shared with third parties unless
authorized or under a legal obligation.
STORAGE OF PERSONAL DATA
Your personal data may be collected verbally, in writing or electronically through all digital channels such as the questions sent to our website, messages, phone calls, etc.
The personal data we obtain is securely stored in physical or electronic environment for an appropriate period of time in order for our Company to carry out its activities. Within the scope of these activities, our Company complies with the obligations stipulated in all relevant legislation, especially the PDPP, regarding the protection of personal data.
In the event that the purposes for processing personal data expire,with the exception of cases where personal data is allowed or required to be stored for a longer period of time in accordance with the relevant legislation, the data will be deleted, destroyed, or anonymized by our Company, ex officio or upon the request of the data owner. In case of deletion of personal data, these data will be destroyed in a way that cannot be used again and cannot be recovered.
In cases where the data controller has a legitimate interest, personal data may be stored, provided that the law allows this, despite the expiration of the purpose of processing and the periods specified in the relevant laws, provided that it does not harm the fundamental rights and freedoms of the data subjects. After the expiry of the aforementioned statute of limitations, personal data will be deleted, destroyed or anonymized according to the above-mentioned procedure.
MEASURES TAKEN FOR DATA SECURITY
Our company takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data. 12 (1) of the PDPP states the measures envisaged as follows: to prevent the unlawful processing of personal
data, to prevent unlawful access to personal data, to ensure the preservation of personal data.
PROCESSING IMAGE RECORDINGS
In order to ensure the general and service safety of its facilities and businesses, the Company records the visitors, employees and other relevant persons in accordance with the basic principles stipulated in the PDPP, and these records are securely stored in a physical or electronic environment for a period of time suitable for the purposes of processing.
At the entrances to the place where the image recording is taken, the warning that the image recording has been taken is visible in order to inform the data owners. Images are strictly not taken in areas where privacy is required. Within the scope of these activities, the Company complies with the obligations stipulated in all relevant legislation, especially the PDPP, regarding the protection of personal data.
KEEPING RECORDS OF THE INTERNET ACCESS THAT THE CLINIC PROVIDES TO VISITORS
Our company can provide internet access to our visitors during their stay in our workplaces. In this case, the log records of your internet access are recorded in accordance with the Law No. 5651 and the mandatory provisions of the legislation arranged according to this law; these records are only processed when requested by authorized public institutions and organizations or to fulfill our legal obligations in the audit processes to be carried out within the Company.
Only a limited number of Company employees have access to the log records obtained within this framework. Company employees who have access to the aforementioned records access these records only for use in requests or audit processes from authorized public institutions and organizations, and share them with those who are legally authorized and who undertake to protect the confidentiality of the data they access in limited numbers.
FOLLOW-UP OF GUEST ENTRANCES AND EXITS EXECUTED AT AND IN THE COMPANY ENTRANCES
By our company; personal data processing is carried out in order to ensure security and for the stated purposes, in order to monitor guest entries and exits in company buildings and facilities. While obtaining the names and surnames of the guests who come as guests, or through the texts that put on the walls or made available to the guests in other ways, the personal data owners in question are informed in this context by the Company. The data obtained for the purpose of tracking guest entry-exit is processed only for this purpose, and the relevant personal data is recorded in the data recording system in physical and/or electronic media.
PROCESSING OF PERSONAL DATA OF BUSINESS PARTNERS
Within the scope of the activities that our company has established with business partners such as distributors, the personal data of the employees of the business partners may be processed if mandatory for the fulfillment of the work or the functioning of the service activity for the purposes specified in the law, for the fulfillment of the human resources goals and policies, for the mutual working business in order to fulfill its legal and commercial security.
APPLICATION PROCEDURE AND RIGHTS
Your rights in accordance with Article 11 of PDPP; You may, by applying to us about your personal data;
a) learning whether it has been processed,
b) requesting information if it has been processed,
c)learning the purpose of the processing and whether it is used in accordance with its purpose,
ç) knowing the third parties to whom it has been transferred,
d) requesting correction if it has been processed incompletely/wrongly,
e) To request deletion / destruction within the framework of the conditions stipulated in Article 7 of the PDPP,
f) to request the notification of the transactions made in accordance with subparagraphs (d) and (e) above, to the third parties to which it has been transferred,
g) to object to have a result against you due to the analysis exclusively by automated systems,
ğ) to request the compensation of the damage from the address of our Company, in case you suffer damage due to unlawful processing.
Your requests in your application will be concluded free of charge within thirty days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost for our Company, the fee in the tariff determined in the Communiqué on Application Procedures and Principles to the Data Controller by the Personal Data Protection Board may be charged. The relevant request can be made with the methods and information specified in the "Communiqué on the Procedures and Principles of Application to the Data Controller" published in the Official Gazette dated March 10, 2018 and numbered 30356.
Exceptions to the Right of Application Pursuant to Article 28 of the PDP Law, personal data owners will not be able to assert their rights in the following matters.
• Processing of personal data for purposes such as research, planning and statistics by anonymizing with official statistics
• Processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense,
national security, public security, public order and economic security.
•Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings
Pursuant to article 28/2 of the PDP Law; In accordance with the purpose and basic principles of the law and proportionally, Article 10, which regulates the obligation of disclosure of the data controller, Article 11, which regulates the rights of the data subject, except for the right to demand the compensation of the damage, and Article 16, which regulates the obligation to register in the Data Controllers Registry, shall not be applied in the following cases:
• The processing of personal data is necessary for the prevention of crime or for criminal investigation.
• Processing of personal data made public by the personal data owner himself
• Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation and prosecution by authorized and authorized public institutions and
organizations and professional organizations in the nature of public institutions based on the authority given by the law.
• The processing of personal data is necessary for the protection of the economic and financial interests of the state with regard to budget, tax and financial matters.
We would like to inform you that we continue our activities with the awareness that personal data security is at the forefront in all our products and services we offer to you.