MİRADENT ÖZEL SAĞLIK HİZMET.SAN.VE TİC.AŞ.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
The purpose of this policy is the Personal Data Protection Law No.6698 dated 24 March 2016, published in the Official Gazette dated April 7, 2016 and numbered 29677 by our Miradent Özel Sağlık Hiz.San.ve Tic.A.Ş. and to make explanations on the systems adopted for the personal use and processing in accordance with the decisions of the cryptic institutions that can be arranged in accordance with the decisions of the regulatory personal institutions, to ensure the execution and supervision of the processes for personal data transactions within the institution, to raise the awareness of the processing in accordance with the personalized law in the personal department and this To place a sense of responsibility in the context, we provide information about our personal data processing processes, our employee candidates, our officials, the institutions we cooperate with, their officials and officials, as well as third parties, personally personally processed by Miradent, and transparently about our data processing processes is to provide warmth.
This policy means that the activities of Miradent are employees, our employees, our former employees, our officials, our opinion, our partners, the opinions of various institutions / organizations we cooperate with, the opinions of various institutions / organizations and others and third third parties and to be part of a third data record information. It includes all personal information subject to the transaction in non-automatic ways.
The scope of the issues stated in this policy may be from these groups, which are counted according to the type of processing activity, or the sample correspondence may be in a group or cover such as company employees.
The terms used in this policy are used to express the following meanings, and if a different term is used instead of the term related to a change to be made in the relevant legislation or decisions in the terms defined in the legal legislation or regulatory body decisions, or if the relevant term is given a different meaning,Miradent should also be amended. These terms will be taken into account as modified in the implementation of this policy from the date on which the amendment enters into force:
EU: European Union,
Constitution: Published in the Official Gazette dated 9 November 1982 and numbered 17863; No.2709 dated November 7, 1982 and the Constitution of Turkey,
Explicit consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Personal data will lose the quality of personal data and this situation cannot be recovered, for example; blackout, masking, aggregation, data corruption, etc. making it impossible to associate with a natural person by techniques,
Application Form: Application Regarding the Applications to be Made to the Data Controller by the Relevant Person (Personal Data Owner) in accordance with the Law on Protection of Personal Data No.6698, which will include the application of personal data owners to exercise their rights, and explains the method of the application accessible on www.miradentturkey.com within the scope of the policy Form “,
Employee candidate: Real persons who have applied for a job or internship in Miradent by any means or who have opened their CV and related information for Miradent’s review,
Destruction: Deletion, destruction or anonymization of personal data,
Institutions / organizations that we cooperate with:Miradent employees, shareholders and officials, including the shareholders and officials of these institutions, working in all kinds of business relationships (such as business partners, suppliers, but not limited to them),
Business partner: Parties with whom Miradent has established a business partnership while conducting its activities,
Participant: A person who attends any event, course or training organized by Miradent,
Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosure, transferring, taking over, making available, by means of non-automatic means, provided that personal data are fully or partially automated or are part of any data recording system, Any transaction performed on data such as classification or prevention of use,
Personal data: All kinds of information regarding an identified or identifiable natural person. For example; name-surname, TR ID, mobile phone number, e-mail, contact address, etc.,
Personal data owner / concerned person: Real person whose personal data is processed. For example; employees, visitors,
Personal data storage and destruction policy: The policy on which data controllers are the basis for the process of determining the maximum time required for the purpose of processing personal data, and for deletion, destruction and anonymization,
KVK Law: Personal Data Protection Law dated 24 March 2016 and numbered 6698, published in the Official Gazette dated April 7, 2016 and numbered 29677,
KVK Commission: Miradent Personal Data Protection Commission, which is obliged to comply with the Miradent Personal Data Protection Law, KVK Board decisions and the relevant legislation provisions, to implement the regulated policies and to carry out the necessary audits,
KVK Board / Regulatory Board: Personal Data Protection Board,
KVK Institution / Regulatory Authority: Personal Data Protection Authority,
Periodic destruction: The process of deletion, destruction or anonymization to be carried out ex officio at repetitive intervals specified in the personal data storage and destruction policy in case all of the conditions for processing personal data in the Law are eliminated
Policy: Miradent Personal Data Protection and Processing Policy,
Special quality personal data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, membership in associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data,
Instruction: Short, simple, understandable written documents that explain how to do the steps of an activity and / or work and support the procedures
Supplier: Parties who provide Miradent services on a contract basis in accordance with Miradent orders and instructions while conducting Miradent activities,
Turkish Code of Obligations: Published in the Official Gazette No. 27836 dated February 4, 2011 Turkish Code of Obligations dated 11 January 2011 and numbered 6098,
Turkish Penal Code: Published in the Official Gazette No. 25611 dated October 12, 2004 Turkish Penal Code No.5237 of 26 September 2004,
Turkish Commercial Code: Published in the Official Gazette dated February 14, 2011 and numbered 27846; Turkish Commercial Code No. 6102 dated January 13, 2011,
Miradent: Miradent Oral and Dental Health Hiz.San.ve Tic.A.Ş.
Third person: Real persons whose personal data are not defined differently within the scope of the policy and whose personal data are processed within the scope of the policy (eg companion, family members and relatives),
Data processor: Real and legal person who processes personal data on behalf of the data controller based on the authority given by him,
Data controller: Person who determines the purposes and means of processing personal data and manages the place where data is systematically kept (data recording system),
Visitor: Real persons who have entered the physical campuses owned by Miradent for various purposes or visited our websites.
4.1. BASIC PRINCIPLES
Protection of personal data is one of the most sensitive issues in Miradent, although it is a right protected at the Constitution level as a human right.Miradent collects personal data from a wide variety of data groups such as visitors, employees, business partners, suppliers within the framework of its activities. The processing and storage of personal data in accordance with the provisions of the legislation in force and the decisions of the KVK Institution, which is the regulatory body operating in this field, and in this context, creating a permanent awareness of our employees and other persons related to Miradent within the framework of respect for the right to protect personal data, is among our values.
All our personal data processing activities to be carried out within Miradent,
a. Compliance with the law and honesty rules,
b. Being accurate and up-to-date when necessary,
c. Processing for specific, explicit and legitimate purposes,
D. Being connected, limited and measured for the purpose of processing,
to. Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed,
f. Taking necessary administrative and technical measures for the storage of personal data,
g. Ensuring that the necessary sensitivity is shown in accordance with the rules stipulated in the processing of special quality personal data, which are taken under special protection due to their nature,
h. Enlightening personal data owners when required by legislation and obtaining their explicit consent when necessary,
I. To take the necessary administrative and technical measures in the transfer of personal data, to supervise the data processing of the transferred third parties in accordance with the relevant legislation and the decisions of the regulatory authority,
We carry out in accordance with all the terms and conditions stipulated in the current legislation, especially the principles and the general principles of the law.
to the protection of personal data, although individuals with a recognized right by the Constitution of Turkey, the essence of this right as Miradent in order to be used in an appropriate manner we have adopted to show the highest degree of care and thought to ourselves.
4.2. LEGAL REASONS FOR THE PROCESSING OF PERSONAL DATA
Miradent, in accordance with Articles 20 of the Constitution and 5th articles of the Law on KVK, although personal data varies depending on the nature of the personal data processed and the data processing process, the 5/2 of the KVK Law on the processing of personal data. It operates based on one or more of the following conditions stated in the article:
a) It is clearly stipulated in the laws, eg. Keeping employee’s personal information as required by law,
b) It is mandatory for the protection of the life or body integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid, eg. The missing person’s location information,
c) It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract, eg. For the company to record the address information of the person concerned,
ç) It is mandatory for the data controller to fulfill its legal obligation, eg. Sharing information during special audits in areas such as banking, energy and capital markets,
d) It has been made public by the person concerned, eg. Including the contact information of the person who wants to sell his house in the sales announcement,
e) When data processing is mandatory for the establishment, use or protection of a right, eg. Keeping the necessary information of an employee who quits the job during the timeout of the case,
f) It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned, eg. Data processing for the purpose of applying rewards and bonuses that increase employee loyalty.
It is understood that our personal data processing activity does not fall into any of the conditions mentioned here, but in cases where this personal data processing is considered necessary and measured, express consent is obtained.
If it is understood that the personal data subject to processing is special quality personal data, in accordance with Article 6 of the KVK Law, if there is no regulation stipulated in the laws in terms of personal data other than health and sexual life; Personal data related to health and sexual life, for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, in accordance with the conditions of processing by persons under the obligation of secrecy or authorized institutions and organizations. If it cannot be processed, it is processed within the scope of the explicit consent of the person concerned, provided that they comply with the principles of necessity and proportionality.
4.3. ISSUES ON THE PROTECTION OF PERSONAL DATA
Article 12 of the KVK Law,
a) To prevent unlawful processing of personal data,
b) To prevent unlawful access to personal data,
c) To ensure the protection of personal data
It imposes obligations on the data controller to take all kinds of technical and administrative measures to ensure the appropriate level of security. In accordance with the obligation specified in this article, Miradent takes the necessary legal, technical and administrative measures in order to ensure the security of the personal data subject to processing activities, although not limited to the specified and will be moved to a further level depending on the current developments, the measures taken by Miradent can be summarized as follows. :
4.3.1. Miradent takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that personal data are processed legally. Employees are informed that they cannot disclose the personal data they have learned to anyone in violation of the provisions of the KVK Law and cannot use it except for the purpose of processing, that they should not keep the personal data accessible to others and that these obligations will continue after their dismissal, regularly organize awareness trainings on this issue and if deemed necessary, commitments are taken from them accordingly.
4.3.2. Miradent acts sensitively in the protection of personal data of special nature, which are determined as “special quality” by the KVK Law and processed in accordance with the law. In this context, technical and administrative measures taken by Miradent for the protection of personal data are carefully applied in terms of special quality personal data and necessary inspections are provided.
4.3.3. Miradent takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and application costs in order to prevent the imprudent or unauthorized disclosure of personal data, access, transfer or all other forms of illegal access. Miradent raises awareness in data processing institutions such as business partners and suppliers to prevent unlawful processing of personal data, prevent unlawful access to data, and ensure legal storage of data, and uploads it on a contractual basis in accordance with the nature of their activity.
4.3.4. A Personal Data Protection Commission has been established within Miradent in order to audit our personal data processing activities in Miradent and to comply with the relevant legislation and regulatory agency decisions and to ensure the continuity of this compliance and to make the necessary updates.
4.3.5. Miradent takes the necessary technical and administrative measures according to the technological possibilities and application costs in order to keep personal data in secure environments and to prevent the destruction, loss or change for illegal purposes, and the transactions performed are recorded.
4.3.6. Miradent, in accordance with Article 12 of the KVK Law, carries out the necessary inspections or has it done within its own body. These audit results are reported to the relevant unit chiefs and the KVK Commission within the scope of the internal operation of Miradent, and within the framework of the suggestions and instructions of the KVK Commission, new measures are taken or necessary actions are carried out to improve the measures taken.
4.3.7. Miradent runs the system where data owners can exercise their rights in the most effective way and can be answered in Article 11 of the KVK Law.
4.3.8. Miradent operates the system that ensures that personal data processed in accordance with Article 12 of the KVK Law are obtained by others illegally, and this situation is reported to the relevant personal data owner and the KVK Board as soon as possible.
4.3.9. Miradent has created a personal data storage and destruction policy in accordance with Article 7 of the KVK Law and the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224.
4.4. ENLIGHTENING AND INFORMING THE PERSONAL DATA OWNER
Miradent, in accordance with Article 10 of the Law on KVK and Article 4 of the Communiqué on Procedures and Principles for Fulfilling the Obligation of Disclosure, provides the enlightenment of the persons concerned with various means in accordance with the content of the data processing activity. The issues stipulated in the relevant articles and the following are included in the disclosure:
a) Identity of Miradent, who is the data controller,
b) For what purpose we process / can process personal data,
c) To whom and for what purpose we can transfer personal data,
ç) Our personal data collection methods and legal reasons,
d) The data owner / data subject is listed in Article 11 of the Law and 4.6. other rights specified in article.
Disclosure obligation In accordance with Article 10 of the KVK Law, at the latest during the acquisition of personal data, if the personal data is not obtained from the person concerned, and in accordance with Article 6 of the Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Disclosure Obligation,
a) Within a reasonable time from the acquisition of personal data,
b) If personal data will be used for communication with the person concerned, during the first communication,
c) In the event that personal data will be transferred, at the latest at the time of the first transfer of personal data,
It is being fulfilled.
The purpose of publishing this policy on the www.miradentturkey.eu/en website, which can be easily accessed by the relevant persons, is to contribute to the transparency of Miradent personal data processing activities and therefore the protection of the right to protect personal data in accordance with the essence of the right.
4.5. TRANSFER OF PERSONAL DATA
Miradent is able to transfer personal data and special quality personal data of the personal data owner to third parties by taking the necessary security measures in line with the purposes of personal data processing in accordance with the law. In this direction, Miradent acts in accordance with the regulations stipulated in the 8th article of the KVK Law.
the transfer abroad of personal data by Miradent, but have not yet been disclosed foreign countries with adequate protection by KVK Board, in case of receiving the explicit consent of the data subject or the lack of adequate protection, an adequate protection of those responsible for the data in and in the foreign countries, Turkey declared that a written undertaking KVK The appropriate method of approval of the Board is used. If the aforementioned safe country list is announced by the KVK Board, this option can also be preferred as a method, and the data subject is informed as to which method is preferred at the stage of data collection. In this context, Miradent acts in accordance with the regulations stipulated in Article 9 of the KVK Law.
4.6. PROTECTING THE RIGHTS OF THE DATA OWNER; THE CREATION OF CHANNELS THAT WILL TRANSFER THESE RIGHTS TO TRAKYADENT AND EVALUATION OF DATA OWNERS ‘REQUESTS
The rights of the data owner are regulated in Article 11 of the KVK Law, and the rights that can be used by contacting the data controller are:
- a) Learning whether personal data is being processed,
b) To request information if personal data has been processed,
c) Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
ç) To know the third parties to whom personal data are transferred domestically or abroad,
d) To request correction of personal data in case of incomplete or incorrect processing,
e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law (in case the reasons requiring its processing disappear although it has been processed in accordance with the provisions of the KVK Law and other related laws),
f) Request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data have been transferred,
g) To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
ğ) To request the compensation of the damage in case of damage due to the processing of personal data illegally.
The necessary channels have been established in accordance with Article 13 of the KVK Law in order to evaluate the requests to be submitted to Miradent by the personal data owners or the relevant persons and to provide the necessary information to the personal data owners, and the internal operation is carried out by the KVK Commission and the necessary legal, administrative and technical arrangements are made through the aforementioned commission.
The application methods foreseen under this article are organized as follows:
ü The person concerned sends a signed copy of the application form to “Miradent Özel Sağlık Hiz.San.ve Tic.AŞ. , Muhittin Mah. Fikir Sok. No: 27/4 Çorlu / Tekirdağ ”or by a proxy authorized by a power of attorney with special authorization,
ü The person concerned sends a signed copy of the application form to “Miradent Özel Sağlık Hiz.San.ve Tic.AŞ. , Muhittin Mah. Fikir Sok. No: 27/4 Çorlu / Tekirdağ ”via registered mail,
ü A signed copy of the relevant person application form to the e-mail address of firstname.lastname@example.org,
ü A signed copy of the relevant person application form to the e-mail address email@example.com, with electronic signature,
In order to be able to apply the methods stipulated here, the applicant must send the supporting documents to Miradent through the channel of his choice, as well as explain what the claims are in the application document and the right to be used. Miradent miradentturkey.eu/en It was announced on the .com.tr website and brought to the attention of the relevant parties.
The procedure Miradent will follow in case a request is made within the scope of the explained is as follows:
In accordance with the legal regulations, the requests submitted to Miradent by one of the methods mentioned above by the data owners or the relevant persons will be evaluated according to the nature of the request and the claimant will be answered free of charge within 30 (thirty) days as soon as possible. . In the first examination, if it is understood that the necessary information and documents are communicated for a sound evaluation, the applicant will be informed in writing immediately.
If it is understood that the transaction also requires a cost, the claimant will be informed about this issue immediately after the realization of this situation and it will be stated that the claimant must cover this cost, taking into account the current tariffs published by the KVK Authority. If the claimant does not cover this cost, the requests will be evaluated at the point of whether they can be discriminated at the point of being free of charge, and if it is understood that it is not possible, a written answer will be given to the claimant.
If it is understood that the application is acceptable as a result of the evaluation of the request of the claimant, the necessary measures will be taken immediately to minimize the possible damages that may arise from the violation that is the subject of the claim.
4.7. DISPOSAL OF PERSONAL DATA
4.2 of this policy. In the event that the personal data processing conditions, which are processed within the framework of the legal reasons specified in the article, are completely eliminated, these personal data are destroyed by deletion, destruction or anonymization, either ex officio or upon the request of the person concerned.
In the deletion, destruction or anonymization of personal data, 4.1. We act in accordance with the basic principles stated in the article and the technical and administrative measures to be taken to protect these personal data, the provisions of the relevant legislation, the Board decisions and the personal data storage and destruction policy.
Inspections are carried out within Miradent within the framework of the calendar arranged by the KVK Commission, at the latest every 3 months by Miradent. In the light of the reports issued as a result of these regular audits, personal data whose purpose of processing is detected to be eliminated are periodically destroyed.
In case of a request for destruction of the data subject, the follow-up inspection period is not expected, immediately and within 30 days at the latest after the request reaches Miradent, the request is evaluated and if deemed necessary, the destruction process is carried out with the method deemed appropriate within the same period and the claimant is informed.
In the event that the data destroyed within the scope of this article is transferred to third parties at any time, it is ensured that these third parties are also informed about the transaction carried out and that the third parties take the necessary actions.
All transactions regarding the deletion, destruction and anonymization of personal data are recorded by the relevant unit with the Personal Data Destruction record and the said records are kept in the Legal Unit for at least three years, excluding other legal obligations.
Unless a contrary decision is taken by the KVK Board, Miradent will choose the appropriate method of deleting, destroying or anonymizing personal data. In case of destruction based on the request of the relevant person, an explanation is made to the applicant regarding the reason for the preference of the appropriate method. If the conditions for the processing of personal data are not completely eliminated, Miradent may reject the request by explaining its justification to the claimant, in which case the claimant is informed by an appropriate means.
The anonymous data obtained by performing the destruction process as anonymization of personal data can be used by Miradent for purposes such as using for statistical purposes stipulated by the KVK Law.
In this context, by taking the necessary technical and administrative measures within Miradent in order to fulfill its obligation, Miradent; has developed the necessary functioning mechanisms in this regard; In order to comply with these obligations, relevant business units are trained, assigned and their awareness is increased within the framework of the planning and decisions taken by the KVK Commission.
5.1. APPLICATION OF THE POLICY AND LEGISLATION
In the personal data processing activities carried out by Miradent, the decisions of the regulatory authorities are primarily applied to the extent that they comply with the provisions of the legislation in force and their quality. In the event that any provision or decisions specified in this policy are incompatible, the rules most favorable to personal data owners are taken into account.
5.2. EFFECTIVE DATE
This policy issued by Miradent entered into force on …… .20…. If some of the articles in this policy are changed partially or completely, the relevant amendment will enter into force as of the date the change is published.
This policy is published on www.miradentturkey.com and changes are published in the same way. If requested, a copy of the policy is delivered to the relevant person physically or electronically.
5.3. THE RELATIONSHIP OF TRAKYADENT POLICY ON PROTECTION AND PROCESSING OF PERSONAL DATA WITH OTHER POLICIES AND INTERNAL DIRECTIVES
Miradent, the principles set forth with this policy; It ensures its implementation within Miradent with its policy for the execution of the relevant principles. By establishing a connection with the policy put forward on the protection of personal data and other policies, procedures and internal directives carried out by Miradent in other fields, compatibility between the processes Miradent operates with different policies, procedures and internal guidelines for similar purposes is also ensured and there is no incompatibility in any way. If it is understood, this policy is taken into consideration with priority in matters to be applied regarding personal data.
This policy will be reviewed by the KVK Committee every year in January and July, and the changes and updates are published on the website with the approval of the Chief Physician.