Clarification Text (For Cameras)
PROCESSING AND PROTECTION OF PERSONAL DATA POLICY
CONTENTS
PREFACE
1. Purpose and Scope
2. Definitions
3. Data Controller Identity
4. Purposes of Data Processing
5. Data Controller Organization Chart
5.1. Company Bodies
5.2. Board of Directors Structuring
6. Personal Data Protection Organizational Structure
6.1. Personal Data Protection Unit
6.2. Contact Person
7. General Principles in Processing Personal Data
8. Conditions of Processing of Personal Data
10.2. Özel Nitelikli Verilerin Açık Rıza Olmaksızın İşlenmesi
10.3. KVKK Kanunun Uygulanmayacağı Tam İstisna Halleri
10.4. Kısmı İstisna Halleri
11.Kişisel Verilerin İşlenmesine İlişkin Genel Bilgiler
11.1.Kişisel Verilerin Elde Edildiği Kanallar
11.2.Kişisel Verilerin Kategorizasyonu
11.3. Veri Sahibi Kategorizasyonu
12.Kişisel Verilerin Saklanması ve İmhası
13.Kişisel Verilerin Üçüncü Kişilerle Paylaşılması
14.Aydınlatma Yükümlülüğü
15.Veri Sahibinin Hakları
16.Kişisel Verilerin Güvenliğine İlişkin Tedbirler
17. Ziyaretçilere Sağlanan İnternet Erişimlerine İlişkin Kayıtların Saklanması
18. Çerezler Üzerinden Toplanan Kişisel Verilerin İşlenmesi
19.Diğer Hükümler
ÖNSÖZ
The right to protection of personal data is included in Article 8 of the European Union Declaration of Fundamental Rights and Article 16 of the Treaty on the Functioning of the European Union as a fundamental human right. In addition, personal data is regulated in Article 20 of the Constitution of the Republic of Turkey titled "Privacy of Private Life" and is included among the fundamental rights.
Due to this importance, the Personal Data Protection Law No. 6698 (“KVKK”) protects the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data of real persons and the obligations of real and legal persons processing personal data and the procedures and procedures to be followed. It was published in the Official Gazette dated 7 April 2016 in order to regulate the principles.
1. PURPOSE AND SCOPE
KlinikaDent Istanbul Dental Clinic (“COMPANY”) Personal Data Processing and Protection Policy (“Policy”), to discipline the processing of personal data within the framework of the legislation on personal data and to protect fundamental rights and freedoms, especially the privacy of private life, as envisaged in the Constitution. It was prepared for the purpose of protection.
9. Conditions for Processing of Special Personal Data
10. Legal Exceptions and Explicit Consent Statement in the Processing of Personal and Special Data
10.1. Processing of Personal Data Without Explicit Consent
While preparing the "Policy", first of all, within the "COMPANY" organizational chart, it is necessary to determine which data the working units collect, why they collect it and why there is a need to transfer these data to third parties, and to determine the personal data of the COMPANY. understanding the data processing procedure has been determined as the basic principle. While the requirements of the relevant legislation are transferred to the "Policy", it is privatized and explains in a simple and understandable language which data the "COMPANY" provides and why it processes these data. Protection of personal data It has been adopted as a principle within the framework of sensitivity within the necessity. In addition, it is aimed to take the necessary administrative and technical measures to protect data privacy within and outside the "COMPANY" organization and to inform and enlighten the individuals whose data are processed.
The scope of the "Policy" includes all real persons whose data are processed by the "COMPANY".
2. DEFINITIONS
Explicit Consent | It refers to consent regarding a specific subject, based on information and expressed with free will. |
Company | ClinikaDent Istanbul Dental Clinic located at Meclis Mahallesi Teraziler Caddesi Aşkın Sokak No 27/A Sancaktepe/İstanbul |
Cookie | They are small files saved on users' computers or mobile devices that help store preferences and other information on the web pages they visit. |
Relevant User | Except for the person or unit responsible for the technical storage, protection and backup of the data, they are the persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller. |
Destruction | Deletion, destruction or anonymization of personal data. |
Contact Person | Concerning the obligations of legal entities resident in Turkey and the legal entity data controller representative who are not resident in Turkey within the scope of the Law and secondary regulations to be issued based on this Law, with the Authority. The real person notified by the data controller during registration to the Registry for the communication to be established. (The contact person is not authorized to represent the Data Controller. As the name suggests, it is the person appointed only to provide "contact" for the communication of the data controller and the relevant persons and the Institution.) |
Law/KVKK | Personal Data Protection Law No. 6698, dated 24 March 2016, published in the Official Gazette No. 29677, dated 7 April 2016. |
Recording Media | Any environment where personal data is processed by fully or partially automated means or by non-automatic means provided that it is part of any data recording system. |
Personal Data | Any information regarding an identified or identifiable natural person. |
Processing of Personal Data | Obtaining, recording, storing, preserving, changing, rearranging personal data by fully or partially automatic or non-automatic means as part of any data recording system Any operation performed on data such as disclosure, transfer, acquisition, making available, classification or preventing its use. |
Anonymization of Personal Data | Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data. |
Personal Data Deletion | Deletion of personal data; making personal data inaccessible and unusable in any way for Relevant Users. |
Personal Data Destruction | The process of making personal data inaccessible, irretrievable and unusable by anyone. |
Special Feature Personal Data | A person's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, company, foundation or union membership, health, sexual data regarding his life, criminal convictions and security measures, as well as biometric and genetic data. |
Periodic Destruction | In case all the conditions required for the processing of personal data are eliminated, the deletion, destruction or anonymization process specified in the personal data storage and destruction policy and to be carried out ex officio at recurring intervals.< /p> |
Policy | Personal data protection policy created by the company. |
Data Processor | Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller |
Data Recording System | Recording system where personal data is structured and processed according to certain criteria. |
Data Owner/Relevant Person | Natural person whose personal data is processed. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. |
Regulation | Regulation on Deletion, Destruction or Anonymization of Personal Data. |
Source: | Personal Data Protection Law No. 6698- Regulation on Deletion, Destruction or Anonymization of Personal Data - Regulation on the Registry of Data Controllers - Clarification Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation - Communiqué on Application to the Data Controller and Procedural Principles Communiqué on the Procedures and Principles of Application to the Data Controller |
3. DATA CONTROLLER IDENTITY
Information regarding the identity of the data controller for all kinds of personal data processing activities within the scope of this policy is given below.
Data Controller | KLINİKADENT ISTANBUL DENTAL CLINIC |
Address | Majlis Mahallesi Teraziler Caddesi Aşkın Sokak No 27/A Sancaktepe/İstanbul |
Telefon | 444 50 76, 0551 257 89 62 |
KEP |
|
Website | https://www.klinikadent.com/ |
4. PERSONAL DATA PROTECTION ORGANIZATIONAL STRUCTURE
4.1. Contact Person
A Contact Person has been determined to monitor the effectiveness of the measures taken by our company to comply with the personal data protection legislation. The primary responsibility of the Contact Person is to work towards the KVKK Unit's fulfillment of its Central Policies duties and responsibilities. The Contact Person is a member of the KVKK Unit and calls the KVKK Unit to a meeting when necessary.
The Contact Person also acts as the contact person within the scope of KVKK Legislation before our Company's data controllers registry and the Personal Data Protection Board.
If the Contact Person is not present in our Company due to leave and/or other reasons, the person who will act in his place is temporarily assigned by the KVKK Unit. In this case, the person temporarily assigned is responsible for fulfilling all duties assigned to the Contact Person within the scope of the Personal Data Protection Policy.
5. PURPOSES OF PROCESSING YOUR PERSONAL DATA, YOUR PERSONAL DATA WE PROCESS, COLLECTION METHODS AND LEGAL REASONS
i. Purposes of Processing
Your personal data will be used to achieve the purposes specified in the COMPANY legislation, in accordance with the limits set out in KVKKK and in accordance with the Higher Education Law No. 2547. Processing purposes are as follows;
a. Meeting the obligations regarding Data Processing activities and auditing stipulated by the KVK Law,
b. Establishment of rights arising from the activity of employing workers within the scope of Labor Law Legislation No. 4857,
ç. Carrying out the necessary work by the relevant units for you to benefit from the services offered by our company,
d. Communicating with you for the purpose of promoting our Company and its activities through the communication channels you have shared with us,
e. Providing personnel in the areas needed by the company, fulfilling rights and obligations within the scope of the legislation regulating business life, especially the Labor Law No. 4857, Occupational Health and Safety Law No. 6331 and Social Insurance and General Health Insurance Law No. 5510,
g. Paying salaries to personnel, providing allowances, making revolving fund payments, etc. carrying out activities, conducting internal company correspondence,
ğ. Providing information and documents to authorized public institutions and organizations and judicial and judicial authorities within the circumstances specified in the law,
h. Ensuring the functionality of the company's organization and event management processes (seminar, conference, meeting, training, symposium, etc.) and announcing them to the public, ensuring the continuity of the website and social media accounts with up-to-date data in order to ensure public awareness of the company and maintain its up-to-dateness, and managing promotion and advertising processes,< /p>
ı. Keeping archives in accordance with the procedures specified in the legislation in order to carry out storage and archive activities and to prepare annual unit activity reports,
i. Creating and tracking visitor records,
j. Ensuring building, personnel and visitor security,
l. The data can be made anonymous and used in statistical activities for research purposes,
m. Developing new strategies, updating old strategies and making necessary analyzes on behalf of the company under the leadership of the Strategy Development Department,
n. Organizing formal/online, certified/uncertified trainings,
o. Receiving and responding to relevant person applications within the scope of KVKK.
ii. Your Personal Data We Process
Identity Information: Your name, surname, T.R. Your identification number, mother's name, father's name, place and date of birth, personnel registry number, nationality information and other information provided to the Company with your express consent.
Contact Information: Your residence address, workplace address, telephone number and e-mail address, KEP address and, if available, your mobile phone number, fax number or address that you have informed the Company that you prefer to contact you. Your information regarding other communication channels you have provided with your consent so that we can reach you.
Your Working and Education Information: The application form you have filled out for the application to the Company (job application, application to participate in certified/uncertified training), within the scope of the registration document and/or the Company's official e-mail address.In the job application forms sent to info@klinikadent.com or by using other online or physical application methods provided by the Company, your identity information, information regarding your employment status, contact information and your education status (“University graduate, master's degree graduate, physics department graduate”) your information (such as) and your past graduation information, course/seminar information you attended, certificate information and national or international exam results.
Your Financial Information: Obtained for the purpose of paying salaries and benefits, returning excessive and inappropriate payments, making payments from the revolving fund, and making payments for assignments outside the company; bank name and branch information, bank account number information, IBAN number information.
Visual/Audio Information: Regarding the event in conferences, seminars, theater shows, exhibitions, debates and similar events organized by the Company; Static or streaming images and/or sounds of the place where the event takes place and the participants, for purposes such as introducing, announcing and disseminating the event, and visual/audio information provided by the cameras installed to ensure security at the Company's headquarters, branches and representative offices. The audio/visual information obtained at such events may be used on the Company's website, on social media platforms used by the Company, and in works published by the Company, in a manner that does not exceed the Company's activities and is limited to the purpose of the event. Or it may be sent to third parties (printing house, publisher, institution, organization, etc.) to be printed/published with the permission and control of the Company. This usage method will not include security camera footage, and participants will be informed separately before the relevant visual/audio personal data is used (for example, at the beginning of the event) and their explicit consent will be obtained.
Personal Data of Special Qualification: Special personal data regarding health, criminal convictions and security measures regarding disabled people and people who have been convicted and/or security measures have been taken within the company in order to fulfill their employment obligations arising from the legislation. The data is being processed.
Although the Company does not have any other direct purpose of processing special personal data other than these purposes, religion, disguise, etc. your clothing, philosophical beliefs, political thoughts and health data (for example, clothing, devices and prostheses evident in the photograph) and other special information that you optionally specify in a document provided by the Company.
iii. Methods of Collection of Your Personal Data
Your personal data is collected through the member registration form, registration/application forms filled out on the internet, receipt and expenditure documents, video and audio recorders used in events, security camera recordings and, in case personal data is sent to the COMPANY's official e-mail address, through these communication channels. .
Personal data is also collected by physically sending documents or physically filling out a document provided by the Company.
Your personal data is also collected automatically through cookies used at https://www.klinikadent.com/ and its extensions. These cookies are only necessary for the visitor to use the site at full efficiency and are used to remember the visitor's preferences and do not provide any other personal data. You can access our cookie policy at.
iv. Legal Reasons for Processing Personal Data
KVKK lists the conditions for processing personal data in the 2nd paragraph of Article 5. If the purposes of processing personal data by a data controller can be evaluated within the framework of the personal data processing conditions listed in the KVKK, that data controller can process personal data in accordance with the law. In this context, personal data processing activities are carried out by the Company in cases where the personal data processing purposes pursued by the Company can be evaluated within the scope of the personal data processing conditions regulated in KVKK. The company does not engage in any personal data processing activities that are not within the scope of personal data processing terms.
The personal data processing conditions in KVKK are as follows;
- The relevant person has explicit consent,
- It is clearly foreseen in the law,
- It is necessary for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity,
- It is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of a contract,
- It is mandatory for the data controller to fulfill its legal obligation,
- The data has been made public by the data owner,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.
The basic processing condition for special personal data is explicit consent and the Company does not primarily aim to process special personal data. However, your special personal data that we need to process due to our activities or that you have approved with your explicit consent are also processed in a proportionate manner within the framework of the legislation.
The conditions listed in KVKK for the processing of special categories of personal data are as follows;
- Explicit consent of the relevant person,
- It is clearly foreseen by law for special personal data other than health and sexual life,
Personal data regarding health and sexual life can only be
- Protection of public health,
- Preventive medicine,
- Medical diagnosis,
- Execution of treatment and care services,
- For the purpose of planning and management of health services and financing,
- It may be processed by persons under the obligation of confidentiality or by authorized institutions and organizations without the express consent of the person concerned.
There may be one or more personal data processing conditions that make a personal data processing activity lawful.
In order to achieve our mentioned purposes, it is necessary to process your data mentioned above. While identity information is transferred to our company, data that is not actually within the scope of our processing purposes may also be transferred to us. Within the scope of administrative and technical measures, we delete and/or anonymize the data in question at the end of the periods stipulated in the legislation, but it is not possible to ensure this situation under all circumstances. In this case, it is necessary to seek your explicit consent for the processing of the data in question.
7. TRANSFER OF PERSONAL DATA
Your personal data is shared with authorized public institutions and organizations, judicial authorities, enforcement authorities, police units and suppliers from whom contracted products and or services are purchased, for the purposes and through the means specified in this Policy. Below is the table showing the shared parties:
SHARING PARTIES | SHARING EXAMPLES |
Legally Authorized Public/Private Institution or Organization | Data can be shared with official institutions and organizations such as the Ministry of Treasury and Finance, Internal Audit Coordination Board, Court of Accounts, Judicial and Enforcement Authorities, other public and foundation Companies, Companies located abroad for international programs, and Notaries. |
Organization Companies | If Company Activities are planned with the involvement of organization companies, participant lists are shared with the organization company officials in question. |
Supplier/Business Partner/Consultant | Data can be shared with the consultants, organizations and parties from which the company receives services that are complementary to its activities and cooperates, limited to the purposes of the activities they carry out. |
Transferred Parties | Types of Transferred Data |
No data is transferred that does not concern the company's purposes. For example; Even if we have obtained it with your consent, your IP address information or vehicle license plate information is not shared with any third party, including the persons and institutions shown above. The exception to this determination is if the transfer of the data in question is required by legislation or if a crime is being investigated.