Kişisel Veri Saklama Ve İmha Politikası - Denizli Dermatolog

Personal Data Storage and Destruction Policy

SPECIALIST DOCTOR TUBA CELEBI KAYHAN DERMATOLOGY CLINIC

PERSONAL DATA STORAGE AND DESTRUCTION POLICY

CHAPTER: NATURE AND PURPOSE OF THE DESTRUCTION POLICY

Introduction

This destruction policy has been prepared by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic in its capacity as the data controller (Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic data controller; “Specialist Dr. Tuba Çelebi Kayhan”) in order to determine the procedures and principles to be applied by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic regarding the deletion, destruction or anonymization of personal data in our possession in accordance with the Personal Data Protection Law No. 6698 and other legislation.

In this context, the personal data of our employees, job candidates, customers and all real persons whose personal data is held by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic for any reason are managed in accordance with the laws within the framework of the Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy.

DEFINITIONS

Direct identifiers	:	Identifiers that, on their own, directly reveal, disclose and distinguish the person they are associated with,
Indirect identifiers	:	Identifiers that, when combined with other identifiers, reveal, disclose and distinguish the person they are associated with,
Contact person	:	The real person whose personal data is processed,
Destruction	:	Deletion, destruction or anonymization of personal data,
Law	:	Personal Data Protection Law No. 6698 published in the Official Gazette dated 07.04.2016 and numbered 29677,
Regulations	:	Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224
Board	:	Personal Data Protection Board
Recording media	:	Any environment containing personal data processed by fully or partially automatic means or non-automatic means provided that it is part of any data recording system,
Personal Data Processing and Protection Policy	:	https://drtubacelebikayhan.com The policy that determines the procedures and principles regarding the management of personal data held by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic, which can be accessed at
Data recording system	:	The registration system in which personal data is structured and processed according to certain criteria,

expresses.

SECTION: ENVIRONMENTS AND SECURITY MEASURES

ENVIRONMENTS WHERE PERSONAL DATA IS STORED

Personal data stored at Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic is kept in a recording environment appropriate to the nature of the relevant data and our legal obligations.

The recording media used for storing personal data are generally listed below. However, some data may be kept in a different environment than the environments shown here due to their special characteristics or our legal obligations. Data Controller on behalf of Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic Specialist Dr. Tuba Çelebi Kayhan acts as the data controller in any case and processes and protects personal data in accordance with the Law, the Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy.

a) Printed media	:	These are environments where data is stored by printing on paper or microfilm.
b) Local digital environments	:	The servers within the Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic are other digital media such as fixed or portable disks and optical disks.
c) Cloud environments	:	Although not part of the Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic, these are environments where internet-based systems encrypted with cryptographic methods are used by the Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic.

ENSURING THE SECURITY OF ENVIRONMENTS

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic takes all necessary technical and administrative measures in accordance with the characteristics of the relevant personal data and the environment in which it is kept, in order to securely store personal data and to prevent unlawful processing and access.

These measures include, but are not limited to, the following administrative and technical measures to the extent they are appropriate to the nature of the relevant personal data and the environment in which it is kept.

Technical Measures

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic takes the following technical measures in all environments where personal data is stored, in accordance with the characteristics of the relevant data and the environment in which the data is kept:

Only up-to-date and secure systems compatible with technological developments are used in the environments where personal data is kept.

Security systems are used for the environments where personal data is kept.

Security tests and research are conducted to identify security vulnerabilities in information systems, and existing or potential risk issues identified as a result of the tests and research are eliminated.

Access to the environments where personal data is stored is restricted, and only authorized persons are allowed to access this data limited to the purpose for which the personal data is stored, and all access is recorded.

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic has sufficient technical personnel to ensure the security of the environments where personal data is kept.

Administrative Measures

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic takes the following administrative measures in accordance with the characteristics of the relevant data and the environment in which the data is kept in all environments where personal data is stored:

Studies are carried out to increase the awareness and consciousness of all Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic employees who have access to personal data on the issues of information security, personal data and privacy.
Access to personal data and authorization processes are designed and implemented in accordance with legal compliance requirements for personal data processing on a business unit basis.
Legal and technical consultancy services are received to follow the developments in the fields of information security, confidentiality of private life and protection of personal data and to take the necessary actions.
In all kinds of documents that regulate the relationship between Spec. Dr. Tuba Çelebi Kayhan Dermatology Clinic personnel and contain personal data, records have been added stating that the obligations stipulated by the Law must be complied with for the lawful processing of personal data, personal data must not be disclosed, personal data must not be used unlawfully, and the confidentiality obligation regarding personal data continues even after the termination of the employment contract with Spec. Dr. Tuba Çelebi Kayhan Dermatology Clinic.
Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the Law and cannot use it for purposes other than processing, and that this obligation will continue after they leave office, and the necessary commitments are obtained from them in this regard.
Provisions are added to the contracts signed with the persons to whom personal data is lawfully transferred by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic, stating that the persons to whom personal data is transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations.
Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic carries out and has carried out the necessary inspections in order to ensure the implementation of the provisions of the Law. It eliminates the confidentiality and security vulnerabilities that arise as a result of the inspections.
If it is understood that the processed personal data has been obtained by others through unlawful means, Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic will notify the relevant person and the Board as soon as possible.

In-Clinic Audit

As the Data Controller on behalf of Spec. Dr. Tuba Çelebi Kayhan Dermatology Clinic, Spec. Dr. Tuba Çelebi Kayhan conducts in-clinic audits regarding the implementation of the provisions of the Law and this Personal Data Storage and Destruction Policy and the Personal Data Processing and Protection Policy in accordance with Article 12 of the Law.

If any deficiencies or defects in the implementation of these provisions are detected as a result of in-clinic inspections, these deficiencies or defects are immediately remedied.

If it is understood during the audit or otherwise that personal data under the responsibility of Spec. Dr. Tuba Çelebi Kayhan Dermatology Clinic has been obtained by others through illegal means, Spec. Dr. Tuba Çelebi Kayhan Dermatology Clinic shall notify the relevant person and the Board of this situation as soon as possible.

SECTION: DESTRUCTION OF PERSONAL DATA

REASONS FOR STORAGE AND DESTRUCTION

Reasons for Storage

Personal data held by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic is processed in accordance with our Law and Personal Data Policy (relevant policy) https://drtubacelebikayhan.com (you can reach it from the address) and for the purposes and reasons stated herein.

Personal data is directly related to the establishment and execution of contracts,

Personal data is related to the establishment, exercise or protection of a right,

Provided that personal data does not harm the fundamental rights and freedoms of individuals, it is in the legitimate interest of Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic,

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic fulfills any legal obligations,

The storage of personal data is clearly foreseen in the legislation,

Explicit consent of data owners is required for storage activities that require explicit consent of data owners.

Reasons for Destruction

Personal data held by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic will be deleted, destroyed or made anonymous in accordance with this destruction policy upon the request of the relevant person or if the reasons listed in Articles 5 and 6 of the Law are eliminated.

The reasons listed in Articles 5 and 6 of the Law are as follows:

Amendment or repeal of relevant legislative provisions that form the basis for the processing or storage of personal data,
The purpose requiring the processing or storage of personal data disappears, and the conditions requiring the processing of personal data in Articles 5 and 6 of the Law disappear.
In cases where personal data is processed only based on explicit consent, the person concerned must withdraw his/her consent,
The data controller accepts the application of the relevant person for the deletion, destruction or anonymization of his/her personal data within the framework of his/her rights in subparagraphs 2 (e) and (f) of Article 11 of the Law.
In cases where the data controller rejects the application made by the relevant person requesting the deletion, destruction or anonymization of his/her personal data, the response given is found insufficient or does not respond within the period stipulated in the Law; a complaint should be made to the Board and this request should be approved by the Board,
Although the maximum period for which personal data must be stored has passed, there are no circumstances that would justify storing personal data for a longer period.

DISPOSAL METHODS

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic deletes, destroys or anonymizes personal data, which it stores in accordance with the Law and other legislation and the Personal Data Processing and Protection Policy, upon the request of the relevant person or ex officio within the periods specified in this Personal Data Storage and Destruction Policy, in case the reasons requiring the processing of the data are eliminated.

The most commonly used deletion, destruction and anonymization techniques by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic are listed below:

Deletion Methods

Deletion Methods for Personal Data Held in Printed Media
Blackout	:	Personal data in printed media is erased using the blackout method. The blackout process is carried out by cutting the personal data on the relevant document where possible, or by making it invisible using fixed ink in a way that is irreversible and unreadable with technological solutions.
Deletion Methods for Personal Data Held in the Cloud and Local Digital Environment
Securely delete from software	:	Personal data stored in the cloud or local digital environments is deleted by digital command in a way that cannot be recovered again. Data deleted in this way cannot be accessed again.

Methods of Extermination

Destruction Methods for Personal Data Held in Printed Media
Physical destruction	:	Documents kept in printed form are destroyed with document shredders in a way that they cannot be put back together again.
Destruction Methods for Personal Data Held in Local Digital Environment
Physical destruction	:	It is the process of physically destroying optical and magnetic media that contain personal data, such as melting, burning or pulverizing them. Data is rendered inaccessible by processes such as melting, burning, pulverizing or passing optical or magnetic media through a metal grinder.
De-magnetization (degauss)	:	It is the process of exposing magnetic media to a high magnetic field, thus corrupting the data on it to an unreadable state.
Overwrite	:	By writing random data consisting of 0s and 1s at least seven times onto magnetic media and rewritable optical media, the reading and recovery of old data is prevented.
Destruction Methods for Personal Data Held in the Cloud
Securely delete from software	:	Personal data stored in the cloud environment is digitally deleted in a way that it cannot be recovered again, and when the cloud computing service relationship ends, all copies of the encryption keys required to make personal data usable are destroyed. In this way, deleted data cannot be accessed again.

Anonymization Methods

Anonymization is the process of making personal data in such a way that it cannot be associated with an identified or identifiable natural person in any way, even when matched with other data.

Subtracting variables	:	It is the removal of one or more direct identifiers contained in the personal data of the relevant person that would allow the relevant person to be identified in any way. This method can be used to anonymize personal data, or to delete personal data if it contains information that is not compatible with the purpose of data processing.
Regional hiding	:	It is the process of deleting information that may be distinctive about data that is an exception within the data table where personal data is collectively and anonymously stored.
Generalization	:	It is the process of bringing together personal data belonging to many people and turning them into statistical data by removing distinguishing information.
Lower and upper bound coding / Global coding	:	For a specific variable, ranges belonging to that variable are defined and categorized. If the variable does not contain a numerical value, then the data that are close to each other within the variable are categorized. The values remaining in the same category are combined.
Micro joining	:	With this method, all records in the dataset are first sorted in a meaningful order and then the entire set is divided into a certain number of subsets. Then, the average of the value of the specified variable of each subset is taken and the value of that variable of the subset is replaced with the average value. In this way, since the indirect identifiers in the data will be corrupted, it becomes difficult to associate the data with the relevant person.
Data hashing and corruption	:	Direct or indirect identifiers in personal data are mixed with other values or corrupted, thus severing their relationship with the relevant person and causing them to lose their identifying qualities.

Spec. Dr. Tuba Çelebi Kayhan Dermatology Clinic uses one or more of these anonymization methods, depending on the nature of the relevant data, to anonymize personal data.

STORAGE AND DESTRUCTION PERIODS

Retention Periods

DATA OWNER	DATA CATEGORY	DATA STORAGE PERIOD
Worker	Identity, Communication, Personnel, Legal Procedures, Physical Space Security, Transaction Security, Risk Management, Finance, Professional Experience, Visual and Audio Records, Health Information	Data Storage Until the Purpose Ends and for the Period Required by Legislation
Employee Candidate	Identity, Communication, Physical Space Security, Risk Management, Professional Experience	Data Storage Until the Purpose Ends and for the Period Required by Legislation
Product or Service Recipient	Identity, Communication, Legal Transactions, Customer Transactions, Physical Space Security, Transaction Security, Risk Management, Finance, Visual and Audio Records, Health Information, Genetic Data	Data Storage Until the Purpose Ends and for the Period Required by Legislation
Parent/Guardian/Representative	Identity, Communication, Legal Transaction, Customer Transaction, Physical Space Security, Risk Management, Finance	Data Storage Until the Purpose Ends and for the Period Required by Legislation
Visitor	Identity, Communication, Physical Space Security Transaction Security	Data Storage Until the Purpose Ends and for the Period Required by Legislation
Institutions/Companies that Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic Collaborates with (Supplier-Supplier Employee)	Identity Information, Contact Information, Physical Space Security, Risk Management, Financial Information	Data Storage Until the Purpose Ends and for the Period Required by Legislation

Destruction Times

In the first periodic destruction process following the date on which the obligation to delete, destroy or anonymize personal data for which Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic is responsible in accordance with the Law, relevant legislation, the Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy arises, it deletes, destroys or anonymizes personal data.

When the relevant person applies to Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic pursuant to Article 13 of the Law and requests the deletion or destruction of his/her personal data;

If all conditions for processing personal data have been eliminated; Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic shall delete, destroy or anonymize the personal data subject to the request by explaining the reason within 30 (thirty) days from the day it receives the request, using an appropriate destruction method. In order for Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic to be deemed to have received the request, the relevant person must have made the request in accordance with the Personal Data Processing and Protection Policy. Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic shall in any case inform the relevant person about the action taken.
If all the conditions for processing personal data have not been eliminated, this request may be rejected by Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic, by explaining the reason in accordance with the third paragraph of Article 13 of the Law, and the rejection will be notified to the relevant person in writing or electronically within thirty days at the latest.

PERIODIC DESTRUCTION

In case all the processing conditions of personal data specified in the law are eliminated; Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic will delete, destroy or anonymize the personal data whose processing conditions have been eliminated through a process specified in this Personal Data Storage and Destruction Policy and carried out ex officio at recurring intervals.

Periodic destruction processes begin on the date our private health clinic activities begin and repeat every 6 (six) months.

AUDITING THE LEGALITY OF THE DESTRUCTION PROCESS

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic carries out its destruction operations, both upon request and ex officio in periodic destruction processes, in accordance with the Law, other legislation, the Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy.

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic takes a number of administrative and technical measures to ensure that destruction procedures are carried out in accordance with these regulations.

Technical Measures

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic maintains technical tools and equipment suitable for each disposal method included in this policy.

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic ensures the security of the place where the destruction operations are carried out.

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic keeps access records of the persons performing the destruction process.

Administrative Measures

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic carries out studies to increase the awareness of its employees who will perform the destruction process on the issues of information security, personal data and privacy.
Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic receives legal and technical consultancy services to follow developments in the fields of information security, confidentiality of private life, protection of personal data and secure destruction techniques and to take the necessary actions.
In cases where the destruction process is carried out by third parties due to technical or legal requirements, Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic signs protocols with the relevant third parties for the protection of personal data and shows all necessary care to ensure that the relevant third parties comply with their obligations in these protocols.
Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic regularly checks whether the destruction operations are carried out in accordance with the law and the conditions and obligations specified in this Personal Data Storage and Destruction Policy, and takes the necessary actions.
Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic records all operations regarding the deletion, destruction and anonymization of personal data and keeps the records in question for at least three years, excluding other legal obligations.

SECTION: UPDATE AND ADAPTATION

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic reserves the right to make changes in the Personal Data Processing and Protection Policy or this Personal Data Storage and Destruction Policy due to changes in the Law, in accordance with the decisions of the Institution or in line with the developments in the sector or in the field of informatics.

Any changes made to this Personal Data Storage and Destruction Policy are immediately incorporated into the text and explanations regarding the changes are provided at the end of the policy.

CHANGE NOTES

Specialist Dr. Tuba Çelebi Kayhan Dermatology Clinic

Personal Data Storage and Destruction Policy has been published.