[email protected] +90 222 408 08 08
Türkçe TR
Türkçe TR

Protection Of User Data

  1. Home >
  2. Protection Of User Data

Protection of User Data

Personal Data Protection and Processing, Personal Data Storage and Destruction Policy of PİŞİREN ORAL AND DENTAL HEALTH SERVICES CLINIC INDUSTRY AND TRADE LIMITED COMPANY

1.PURPOSE

The purpose of this Personal Data Protection and Processing, Personal Data Storage and Destruction Policy is to regulate the methods and principles to be followed to ensure that Pişiren Oral and Dental Health Services Clinic Industry and Trade Limited Company processes and protects personal data in compliance with the Law on the Protection of Personal Data (KVKK). Through this, the Data Controller aims to ensure full compliance with legislation in personal data processing and protection activities and to protect all rights of data subjects arising from the legislation. As Pişiren Oral and Dental Health Clinic, we prioritize the protection and legal guarantee of your personal data, and we are aware of our responsibility. With this awareness, we show great sensitivity in processing and preserving all kinds of personal data belonging to you in the best possible and careful way. In this context, pursuant to Article 10 of the Law No. 6698, we wish to inform you about our personal data processing activities.

2. SCOPE

Sensitive personal data belonging to company employees, employee candidates, service providers, visitors, and other third parties will be processed and protected within the scope of this policy. This policy is applied by the Data Controller in all activities carried out for the processing and protection of personal data, together with detailed data procedures.

2.1. Implementation of the Policy and Relevant Legislation In the processing and protection of personal data, relevant legal regulations in force will primarily find application.

2.2. Validity of the Policy In case the entire policy or certain articles are renewed, the effective date of the policy will be updated. The Policy is published on the Data Controller's website and made available to relevant persons upon request.

3. ABBREVIATIONS AND CONCEPTS

KVKK: Law No. 6698 on the Protection of Personal Data published in the Official Gazette dated April 7, 2016, and numbered 29677.

Data Processor: The person who processes personal data on behalf of the data controller based on authority and instructions, excluding the person or unit responsible for technical storage, protection, and backup.

Data Subject: The natural person whose personal data is processed, such as employees, customers, business partners, shareholders, officials, potential customers, candidate employees, interns, visitors, and suppliers.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

Explicit Consent: Consent regarding a specific subject, based on information and expressed with free will.

Disposal: Deletion, destruction, or anonymization of personal data.

Recording Medium: Any medium containing personal data processed by fully or partially automated means or non-automated means provided that it is part of a data recording system.

Personal Data: Any information relating to an identified or identifiable natural person.

Sensitive Personal Data: Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and appearance, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

Processing of Personal Data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data.

Anonymization: Making personal data impossible to associate with an identified or identifiable natural person, even by matching with other data.

Deletion: Making personal data inaccessible and unusable for relevant users in any way.

Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.

4. MATTERS REGARDING THE PROTECTION OF PERSONAL DATA

4.1. Technical and Administrative Measures The Data Controller takes necessary technical and administrative measures to provide the appropriate security level to prevent unlawful processing of personal data, prevent unlawful access to data, and ensure data preservation in accordance with Article 12 of the KVKK. Personal data is stored for the period stipulated in the relevant legislation or required by the processing purposes.

4.2.1. Technical Measures

Network security and application security are provided.

Key management is implemented.

Closed system networks are used for personal data transfers via the network.

Security measures within the scope of IT system procurement, development, and maintenance are taken.

Security of personal data stored in the cloud is ensured.

Access logs are kept regularly.

Up-to-date anti-virus systems and firewalls are used.

Personal data is backed up, and the security of backed-up data is ensured.

User account management and authority control systems are implemented.

Log records are kept in a way that prevents user intervention.

Intrusion detection and prevention systems are used.

4.2.2. Administrative Measures

Training is provided to employees on preventing unlawful processing and access to sensitive data, preservation, communication techniques, and relevant legislation.

Confidentiality agreements are signed by employees regarding company activities.

The obligation to inform (clarification) is fulfilled before processing data.

A personal data processing inventory has been prepared.

Periodic and random internal audits are conducted.

Information security training is provided to employees.

4.3. Measures in Case of Unauthorized Disclosure The Data Controller operates a system ensuring that if processed personal data is obtained by others through unlawful means, this situation is reported to the relevant person and the KVK Board as soon as possible.

4.4. Protection of Sensitive Personal Data The Data Controller acts with sensitivity regarding the processing of "special category" (sensitive) personal data as determined by the KVKK. These data are processed with the explicit consent of the data subject, or without consent only in cases stipulated by law (for data other than health and sexual life) or for purposes of public health, medical diagnosis, and treatment by persons under a confidentiality obligation.

5. COLLECTION, PROCESSING, AND PURPOSES

Personal data and health data collected include:

Identity data: Name, surname, TR ID number, passport number or temporary TR ID number for non-citizens, date and place of birth, marital status, and gender.

Contact data: Address, phone number, e-mail address.

Financial data: Bank account number, IBAN, and credit card information for collection purposes.

Health data: Laboratory and imaging results, test results, examination data, prescription information, and patient history (blood type, chronic diseases, regular medications).

Visual/Audio data: CCTV recordings at the clinic, face images and "before/after" photos for procedures like smile design.

Digital data: IP address, browser information, and medical documents/surveys submitted via the website.

5.1. Purposes of Processing Personal data is processed for purposes including:

Confirming identity and conducting scientific research.

Protecting public health, medical diagnosis, treatment, and care services.

Sharing information with the Ministry of Health and public institutions.

Managing health service financing and sharing data with private insurance companies.

Planning clinic internal operations, risk management, and quality improvement.

Appointment tracking via call centers and digital channels.

Fulfilling legal and regulatory requirements and invoicing.

Conducting marketing, media, and communication activities (campaigns, special content).

Ensuring data security of systems and applications.

Ensuring building and workplace safety through camera monitoring.

5.2. Transfer of Personal Data Personal data is shared only with legally authorized institutions and organizations, including the Ministry of Health, Social Security Institution (SGK), law enforcement, judicial authorities, and medical laboratories. It may also be shared with private insurance companies, legal representatives, and third-party consultants (lawyers, auditors).

5.2.1. International Transfer Personal data cannot be transferred abroad without explicit consent. However, for specific services like Invisalign (clear aligner therapy), data may be transferred abroad, and specific explicit consent will be obtained for patients requesting this treatment.

6. STORAGE OF PERSONAL DATA

Personal data is securely stored in physical archives and IT systems for the duration required by the clinic's activities and relevant legislation.

6.2. Recording Media

Hard disks and servers.

Physical files and locked archive cabinets.

Software programs.

7. DELETION, DESTRUCTION, AND ANONYMIZATION

The Data Controller deletes, destroys, or anonymizes personal data upon the disappearance of the reasons requiring processing or upon the request of the Data Subject.

Servers: System administrators remove access rights for data whose retention period has expired.

Electronic Media: Data is made inaccessible and unusable for all employees except the database manager.

Physical Media: Data is made inaccessible for all employees except the archive manager, and blacking out (redaction) is applied.

Portable Media: Data on flash-based media is encrypted and stored in secure environments with keys held only by the system administrator.

Pişiren Oral and Dental Health Clinic
Contact Us Contact Us