Personal Data Processing and Protection Policy

1.1 Introduction

("SPECIALIST DOCTOR MERIH TOMBUL YEŞİLDAL") attaches utmost importance to protecting the fundamental rights and freedoms of individuals, especially the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. Within this framework, Uz. Dr. Merih Tombul Yeşildal pays attention to the protection and processing of personal data in accordance with the Law No. 6698 on the Protection of Personal Data ("KVKK") and the European Union General Data Protection Regulation ("GDPR"), and acts with this understanding in all its planning and activities.

Ensuring the security of people's personal data is one of the primary goals of Uz. Dr. Merih Tombul Yeşildal's primary goals. For this reason, necessary security measures are taken by Uz. Dr. Merih Tombul Yeşildal in accordance with the applicable legislation in order to process the personal data of individuals securely and to prevent any unlawful access or leakage of such data. Dr. Merih Tombul Yeşildal takes the necessary security measures.

1.2 Purpose of the Policy

The purpose of the Personal Data Protection and Processing Policy ("Policy") is to inform the personal data owners about the obligations of Uz. Dr. Merih Tombul Yeşildal and the procedures and principles to be followed by Uz. Dr. Merih Tombul Yeşildal in the protection and processing of personal data processed by fully or partially automated means or by non-automated means provided that they are part of any data recording system in accordance with the purpose of KVKK and GDPR. Dr. Merih Tombul Yeşildal's obligations and the procedures and principles to be followed by personal data owners. In line with the purpose of the Policy, Uz. Dr. Merih Tombul Yeşildal aims to ensure full compliance with the legislation in the protection and processing of personal data and to protect the right to privacy and data security of personal data owners.

1.3 Scope of the Policy

This Policy has been prepared for Patients/Consultants, Employees, Employee Candidates and Visitors, provided that they are real persons, and will be applied within the scope of these specified persons. Uz. Dr. Merih Tombul Yeşildal, the purpose of publishing the provisions of this Policy on the website within the clarification text is to inform the data owners about the protection and processing of personal data and data security. This Policy shall not apply to legal entities in whatever capacity.

This Policy shall apply to the above-mentioned Data subjects in the event that their personal data are processed by Uz. Dr. Merih Tombul Yeşildal processes their personal data. If the data is not included in the scope of "Personal Data" within the scope specified below or if Uz. Dr. Merih Tombul Yeşildal's personal data processing activity is not carried out by the above-mentioned means, this Policy will not be applied.

1.4 Definitions

The terms used in the implementation of this Policy have the meanings given below:

Open Consent: It is consent on a specific subject, based on information and expressed with free will.

Disclosure Obligation: It is the obligation of the data controller to inform the persons whose personal data it processes, by whom, for what purposes and on what legal grounds these data may be processed and to whom and for what purposes they may be transferred.

Related User: Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.

Destruction: It refers to the deletion, destruction or anonymization of personal data.

Processing of Personal Data: It is any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

KVK Board: Personal Data Protection Board.

Personal Data Owner: Patients, Clients, Employees, Employee Candidates and Visitors whose Personal Data (including sensitive personal data) are processed.

Personal Data: Any information relating to an identified or identifiable natural person.

Institution / Supervisory Mechanism: The Personal Data Protection Authority consisting of the Board and the Presidency.

Automated Data Processing: It is a processing activity that is performed by devices with processors such as computers, phones, watches, etc., and that takes place spontaneously without human intervention within the scope of algorithms prepared in advance through software or hardware features.

Sensitive Personal Data: Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive data.

Registry Data Controllers Registry.

Uz. Dr. Merih Tombul Yesildal: Uz. Dr. Merih Tombul Yeşildal Examination.

Data Processor: A natural or legal person who processes Personal Data on behalf of the Data Controller based on the authorization granted by the Data Controller.

Data Recording System: It refers to the recording system where Personal Data is structured and processed according to certain criteria.

Data Category: It is a class of personal data belonging to the data subject group or groups of persons in which personal data are grouped according to their common characteristics.

Data Subject Person Group: The group of persons whose personal data is processed by the data controller.

Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

1.5 Enforcement of the Policy

Uz. Dr. Merih Tombul Yeşildal and entered into force on 01.07.2021, the Policy principles are made available to Data Subjects in the content of the KVK disclosure text published on the corporate websites of Uz. Prof. Dr. Merih Tombul Yeşildal are made available to Data Subjects in the content of the PDP disclosure text published on the corporate websites of Prof. Dr. Merih Tombul Yeşildal.

2.1 Security of Personal Data

Uz. Dr. Merih Tombul Yeşildal takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data securely and to prevent unlawful processing and access to personal data in accordance with KVKK and GDPR. Administrative and technical measures taken regarding the security of personal data, Uz. Dr. Merih Tombul Yeşildal's Personal Data Storage and Destruction Policy is regulated in detail.

2.2 Audit

Uz. Dr. Merih Tombul Yeşildal carries out the necessary audits and has them carried out in order to establish the data security described above and to ensure the regularity and continuity of the measures taken. Prof. Dr. Merih Tombul Yeşildal Prof. Dr. Merih Tombul Yeşildal shall be audited by authorized persons in semi-annual periods, and administrative measures shall be audited by Prof. Dr. Merih Tombul Yeşildal. Dr. Merih Tombul Yeşildal's authorized persons.

2.3 Privacy

All necessary administrative and technical measures are taken by Uz. Dr. Merih Tombul Yeşildal in order not to disclose the personal data learned by the Data Processor within the scope of his/her duty to anyone else in violation of the provisions of KVKK, GDPR and Policy and not to use it for purposes other than processing. Dr. Merih Tombul Yeşildal takes all necessary administrative and technical measures. In this context, information and training activities on KVKK, GDPR and Policy are carried out for the employees of the Practice, and confidentiality agreements are signed as part of the recruitment processes of the relevant employees.

Of course, you can find the given text below in pure text, completely extracted from the HTML:

2.4 Unauthorized Disclosure of Personal Data

Uz. In the event that the personal data processed by Dr. Merih Tombul Yeşildal is obtained by others in ways that are not in accordance with the law, Uz. Dr. Merih Tombul Yeşildal carries out the necessary procedures to notify the Data Owner and the KVK Board within the periods determined by the KVK Board. If deemed necessary by the PDP Board, this situation shall be announced on the website of the PDP Board or by another method deemed appropriate by the PDP Board.

2.5 Observing the Legal Rights of Relevant Persons

Uz. Dr. Merih Tombul Yeşildal observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

2.6 Protection of Special Categories of Personal Data

Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data. Uz. Dr. Merih Tombul Yeşildal is aware of the fact that Special Categories of Personal Data are data that may cause the Data Owner to be victimized or discriminated against if learned by others, and for this reason, it sensitively takes adequate measures determined by the Board for the protection of such personal data processed in accordance with the law. Within this framework; it has a systematic, clearly defined, manageable and sustainable separate policy (Security Policy for Special Categories of Personal Data).

PROCESSING AND TRANSFER OF PERSONAL DATA

3.1 General Principles for Processing and Transferring Personal Data

Uz. Dr. Merih Tombul Yeşildal processes Personal Data in accordance with the procedures and principles stipulated in KVKK, GDPR and this Policy. Uz. Dr. Merih Tombul Yeşildal complies with the following principles when processing personal data.

3.1.1 Compliance with the Law, Good Faith and the Principle of Transparency

Uz. Dr. Merih Tombul Yeşildal processes personal data in accordance with the relevant legislation and the requirements of the rule of honesty and uses it within these limits. In accordance with the principle of compliance with the rule of good faith, Uz. Dr. Merih Tombul Yeşildal takes into account the interests and reasonable expectations of the data subjects while trying to achieve its goals in data processing. It acts in a way that prevents the occurrence of consequences that the Data Subject does not expect and should not expect. Pursuant to the principle, it also ensures that the data processing activity in question is transparent for the data subject and acts in accordance with the disclosure and warning obligations.

3.1.2 Being accurate and up to date when necessary

Uz. Dr. Merih Tombul Yeşildal ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of the data subjects. In this context, it carefully considers issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated. Uz. Dr. Merih Tombul Yeşildal always keeps the channels open to ensure that the information of the personal data owner is accurate and up-to-date. Keeping personal data in an accurate and up-to-date manner is the key to Uz. Dr. Merih Tombul Yeşildal's interests as well as protecting the fundamental rights and freedoms of the Data Subject.

3.1.3 Processing for Specific, Explicit and Legitimate Purposes

Uz. Dr. Merih Tombul Yeşildal clearly and precisely determines the purpose of data processing and ensures that this purpose is in accordance with the law. The lawfulness of the purpose means that the personal data processed by Uz. Prof. Dr. Merih Tombul Yeşildal processes personal data in connection with and necessary for the health service in which it operates. Uz. Dr. Merih Tombul Yeşildal does not process data for purposes other than these purposes. In this respect, it shows sensitivity in compliance with the principle of certainty and clarity in legal transactions and texts where the purposes of personal data processing are explained.

3.1.4 Being Relevant, Limited, Measured and Necessary for the Purpose for which they are Processed

Uz. Dr. Merih Tombul Yeşildal pays attention to the fact that the personal data processed is suitable for the realization of the specified purposes and avoids the processing of data that is not related to the realization of the purpose or is not needed. Uz. Prof. Dr. Merih Tombul Yeşildal does not collect or process personal data for purposes that do not exist and are thought to be realized later. In addition, it limits the processed data only to what is necessary for the realization of the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the purpose to be achieved.

3.1.5 Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

Uz. Dr. Merih Tombul Yeşildal complies with these periods if there is a period stipulated in the relevant legislation for the storage of data; otherwise, it retains personal data only for the period required for the purpose for which they are processed. Uz. Prof. Dr. Merih Tombul Yeşildal deletes, destroys or anonymizes personal data in case there is no valid reason for further storage of personal data. Procedures for the storage and destruction of personal data Uz. Dr. Merih Tombul Yeşildal Personal Data Retention and Destruction Policy is regulated in detail.

3.1.6 Compliance with Integrity and Confidentiality Principles

Uz. Dr. Merih Tombul Yeşildal processes personal data by taking the necessary technical and administrative measures against loss, destruction, damage or in order to ensure an appropriate level of security regarding the protection of personal data.

3.1.7 Compliance with the Principle of Accountability

Uz. Dr. Merih Tombul Yeşildal has fulfilled its obligation to comply with the rules on the protection of personal data in its processing activities and will be able to submit documents proving that these measures have been taken to the supervisory authorities in case of any complaint or ex officio examination.

3.2 Terms of Processing Personal Data

Uz. Dr. Merih Tombul Yeşildal does not process personal data without the explicit consent of the Data Owner. Personal data may only be processed without the explicit consent of the Data Owner in the presence of one of the following conditions:

3.2.1 Explicit Provision in the Law

Uz. Dr. Merih Tombul Yeşildal may process personal data without seeking the explicit consent of the Data Owner in cases expressly provided by law.

3.2.2 It is Necessary for the Protection of the Life or Physical Integrity of the Person or of Another Person Who Is Incapable of Expressing His/her Consent Due to Actual Impossibility or Whose Consent is Not Given Legal Validity

Uz. Dr. Merih Tombul Yeşildal may process personal data without seeking explicit consent in order to protect the life or body integrity of individuals in cases where consent cannot be disclosed or is not valid.

3.2.3 Processing of Personal Data of the Parties to a Contract is Necessary Provided that it is Directly Related to the Establishment or Performance of a Contract

Uz. Dr. Merih Tombul Yeşildal may process the personal data of the Data Owner without seeking explicit consent in the event that it is mandatory to process the personal data of the parties to the contract directly related to the establishment or performance of a contract, as required by the ordinary course of life, limited to this purpose.

3.2.4 Necessity for the Fulfillment of Legal Obligations

Uz. Dr. Merih Tombul Yeşildal may process the personal data of the Data Owner without seeking explicit consent in cases where it is mandatory to fulfill its legal obligations as Data Controller.

3.2.5 Publicized by the Relevant Person Himself

Uz. Dr. Merih Tombul Yeşildal may process the personal data of the Data Owner, which is made public by the Data Owner himself/herself, in other words, which has been disclosed to the public in any way, limited to the purpose of publicization, since it is accepted that the legal interest to be protected in the processing of such data, which is made public by the Data Owner and thus becomes publicly known, has disappeared.

3.2.6 Data Processing is Mandatory for the Establishment, Exercise or Protection of a Right

Uz. Dr. Merih Tombul Yeşildal may process the personal data of the Data Owner without seeking explicit consent in cases where data processing is mandatory for the exercise or protection of a legitimate right.

3.2.7 Data Processing is Mandatory for the Legitimate Interests of Our Practice, Provided that it does not harm the Fundamental Rights and Freedoms of the Data Subjects

Uz. Dr. Merih Tombul Yeşildal may process the personal data of the Data Owner in cases where the processing of personal data is mandatory for the provision of legitimate interests, provided that it does not harm the fundamental rights and freedoms of the Data Owner protected under the KVKK, GDPR and Policy. Uz. Prof. Dr. Merih Tombul Yeşildal is responsible for compliance with the basic principles regarding the protection of personal data and the protection of Uz. Dr. Merih Tombul Yeşildal shows the necessary sensitivity in observing the balance of interests of Uz. Dr. Merih Tombul Yeşildal and personal data owners. Legitimate interest means an interest that is legitimate, effective, specific and already existing at a level that can compete with the fundamental rights and freedoms of the Data Subject. Uz. Dr. Merih Tombul Yeşildal takes additional protective measures to prevent damage to the rights of the Data Owner. Uz. Prof. Dr. Merih Tombul Yeşildal's interest and the fundamental rights and freedoms of the data subject are reasonably balanced.

3.3 Processing Conditions of Special Categories of Personal Data

Uz. Dr. Merih Tombul Yeşildal does not process sensitive personal data without the explicit consent of the Data Subject. Sensitive personal data can only be processed without the explicit consent of the data subject in the presence of one of the following conditions:

3.3.1 Explicit Provision in the Law

Sensitive personal data other than the health and sexual life of the Data Owner may be processed without the explicit consent of the Data Owner in cases clearly stipulated by law.

3.3.2 For the Protection of Public Health, Preventive Medicine, Medical Diagnosis, Treatment and Care Services, Planning and Management of Health Services and Financing

Sensitive personal data of the Data Owner regarding his/her health and sexual life may be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

3.4 Conditions of Transfer of Personal Data

Uz. Dr. Merih Tombul Yeşildal may transfer personal data to third parties based on and limited to one or more of the following personal data processing conditions in accordance with Articles 8 and 9 of KVKK and Articles 45 and 49 of GDPR by taking necessary security measures:

The transfer of personal data is mandatory for the protection of the life or physical integrity of the Data Subject or someone else and the data subject is unable to disclose his/her consent due to actual impossibility or his/her consent is not legally valid,

It is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,

Uz. Dr. Merih Tombul Yeşildal's personal data transfer is mandatory in order to fulfill its legal obligation,

Personal data has been made public by the Data Subject,

Personal data transfer is mandatory for the establishment, exercise or protection of a right,

Provided that it does not harm the fundamental rights and freedoms of the Data Owner, Uz. The transfer of personal data is mandatory for the legitimate interests of Dr. Merih Tombul Yeşildal.

Sensitive personal data may be transferred based on one of the following conditions and limitedly provided that adequate measures are taken:

Explicit consent of the person concerned,

In the case of sensitive personal data other than the health and sexual life of the data subject, there is a clear regulation in the laws regarding the transfer of such data.

In the case of special categories of personal data relating to the health and sexual life of the data subject, such data may be transferred by persons under the obligation of confidentiality or authorized institutions and organizations for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

4.1 Categories of Personal Data

Personal data are processed by Uz. Dr. Merih Tombul Yeşildal is categorized and processed as follows:

• Id:
  • Your name, surname, Turkish Identity Number and/or Passport Number and/or Temporary Turkish Identity Number, place and date of birth, marital status, gender, occupation, signature and other identification data that can identify you
• Communication:
  • Your address (residence, workplace), telephone number (home/workplace fixed and/or mobile telephone numbers you have provided), e-mail address, social media accounts and other communication data.
• Summary
  • Curriculum vitae, title information; employment and exit document records; social security/pension information, payroll information and other personal data.
• Finance:
  • Personal data processed regarding the information, documents and records showing the result of all kinds of financial relations established by our practice with personal data owners and bank account information, credit information, balance sheet information, financial profile, asset and insurance information and other financial information.
• Audio and Visual Recordings: Photographs, camera and audio recordings taken outside the scope of physical space security of personal data owners.
• Communication Records: Communication data that can be obtained through the communication and information systems of our practice: Corporate telephone call records, corporate mail and e-mail records and contents, etc.
• Customer Transaction: Satisfaction information, invoice, receipt information, etc. regarding the patients of our practice.

SPECIAL CATEGORIES OF PERSONAL DATA

Health Information:

• Your blood type, allergies, chronic diseases, data on previous surgeries/operations, medications you use continuously, test and imaging results, prescription information, body analysis and measurement information, medical history, skin analysis information, hormonal tests, information on your sexual life, venereal disease information, information on Covid-19 disease, medical treatments, anesthesia information and other health data.

4.2 Data Subject Groups

Only real persons can benefit from the protection of this Policy and the Law. Personal data owners within this scope are grouped as follows:

• Employee Candidate: Real persons who have applied for a job in any way to our practice or who have opened their CV and related information to the examination of our practice.
• Client Patients or clients who come to our practice.
• Employee Uz. Dr. Merih Tombul Yeşildal is an individual who works in her practice.
• Visitor All real persons who have entered the physical premises of our practice for various purposes or who visit our websites for any purpose.

5.1 Method of Collecting Personal Data

Your Personal Data, Uz. Dr. Merih Tombul Yeşildal in the capacity of "DATA PROCESSOR / PROCESSOR" by real or legal persons authorized by Dr. Merih Tombul Yeşildal; verbally, in writing, by recording in physical and electronic media by taking camera and photo records, and by obtaining your explicit consent in cases stipulated by KVKK and GDPR.

• Job application forms,
• Personnel information forms,
• Uz. Various documents submitted to Dr. Merih Tombul Yeşildal,
• Uz. Mail and e-mails sent to Dr. Merih Tombul Yeşildal,
• Corporate telephones,
• Photo/Video recordings,
• Websites,
• Patient Clarification Forms,
• Assay Results,
• Imaging Results,
• Health Information Forms,
• Log Recorder (Firewall),
• Service providers with servers located abroad (whatsapp/instagram/facebook/messanger/linkedin/youtube/zoomus/Google/Hotmail/yahoo etc.)

5.2 Legal Grounds for Collection of Personal Data

Our practice collects personal data based on one of the following legal grounds in accordance with Articles 5 and 6 of the Law and Articles 6 and 9 of the GDPR:

• Explicit consent of the person concerned,
• Explicitly stipulated in the law;
• The personal data has been made public by the data subject himself/herself,
• Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
• In the case of personal data of special nature related to the health and sexual life of the Data Owner, these data are for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing,
• Uz. Dr. Merih Tombul Yeşildal to fulfill her legal obligation,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Provided that it does not harm the fundamental rights and freedoms of the data subjects, Uz. Dr. Merih Tombul Yeşildal is mandatory for their legitimate interests.

PURPOSES OF PROCESSING PERSONAL DATA

6.1 Matching the Data Subject Person Groups with the Processing Purposes Regarding Personal Data Categories

The matching of the data subject groups, whose definitions and scopes are given above, with the processing purposes for personal data categories is presented below:

Employee Candidate

Data Categories: Identity, Contact, Personal, Professional Experience

Processing Objectives:

• Execution of Emergency Management Processes
• Execution of Information Security Processes
• Execution of Employee Candidate / Intern / Student Selection and Placement Processes
• Execution of Employee Candidate Application Processes
• Execution of Communication Activities

Customer (Patient/Consultant)

Data Categories: Identity, Contact, Financial, Customer Transaction, Health Data, Biometric Data

Processing Objectives:

• To be able to create a patient file
• To be able to carry out your examination, preventive medicine, medical diagnosis, treatment and care services
• To realize your controls after medical diagnosis and treatment processes
• To be able to communicate with you one-on-one
• To be able to manage appointment processes
• To be able to realize patient satisfaction and demand management
• To be able to fulfill legal and contractual obligations
• To be able to keep the information regarding your health data that must be kept in accordance with the relevant legislation within the specified periods
• To be able to receive consultation from another relevant specialist physician when necessary in order to ensure that the treatment offered is carried out correctly
• To be able to fulfill legal obligations in accordance with the legislation within the scope of health tourism
• To be able to plan transfer and accommodation services of patients/consultants coming within the framework of health tourism
• To be able to announce innovations related to medical treatment and applications
• Informing third parties about the medical procedure applied
• To be able to plan and manage health services and financing
• To be able to fulfill the responsibilities arising from the legal relationship established between the doctor and the patient
• To fulfill financial and administrative obligations
• Ensure technical and commercial security and fulfill public obligations

Employee

Data Categories: Identity, Contact, Personal, Financial, Audiovisual

Processing Objectives:

• Execution of Emergency Management Processes
• Execution of Information Security Processes
• Fulfillment of Employment Contract and Regulatory Obligations for Employees
• Execution of Fringe Benefits and Benefits Processes for Employees
• Execution of Activities in Compliance with the Legislation
• Execution / Supervision of Business Activities
• Organization and Event Management

Visitor

Data Categories: Legal Process

Processing Objectives:

• Execution of Emergency Management Processes
• Execution of Information Security Processes

6.2 Personal Data Processing Activities Performed on the Website

Traffic information of online visitors to our website is automatically processed for the purpose of carrying out information security processes. On the other hand, in accordance with Law No. 5651 and other legislation, hosting providers are obliged to record and store website traffic information.

6.3 Personal Data Processing Activities Conducted through Communication Channels

Communications made via phone, e-mail, etc. are monitored and recorded by Uz. Dr. Merih Tombul Yeşildal for the purpose of conducting/supervising business activities and monitoring requests/complaints.

PURPOSES OF TRANSFER OF PERSONAL DATA AND PERSONS/ORGANIZATIONS TO WHOM PERSONAL DATA ARE TRANSFERRED

7.1 Purposes of Transfer of Personal Data

Uz. Dr. Merih Tombul Yeşildal transfers personal data limited to the following purposes within the framework of the conditions specified in Articles 8 and 9 of KVKK and Articles 45 and 49 of GDPR:

• To be able to carry out examination, preventive medicine, medical diagnosis, treatment and care services,
• Ability to manage complication processes,
• Obtaining consultation,
• Fulfillment of obligations in accordance with the Ministry of Health Legislation,
• Fulfillment of obligations in accordance with International Health Tourism Regulations,
• Meeting the transportation, accommodation and interpreter needs of health tourist patients, fulfilling administrative obligations before Provincial Health Directorates and District Health Directorates,
• Informing third parties about the health services provided from a medical point of view,
• Execution of Employee Candidate Application Processes,
• Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees,
• Execution of Employee Benefits and Benefits Processes,
• Execution of Activities in Compliance with the Legislation,
• Execution of Finance and Accounting Affairs,
• Execution/Supervision of Business Activities,
• Execution of Business Continuity Ensuring Activities,
• Execution of Risk Management Processes,
• Ensuring and auditing data security,
• Execution of Contract Processes,
• Providing Information to Authorized Persons, Institutions and Organizations

7.2 Persons/Organizations to whom Personal Data are Transferred

Uz. Dr. Merih Tombul Yeşildal may transfer personal data to the following persons and organizations limited to the data subject groups and data required by the purpose of transfer:

• Other specialists for consultation purposes,
• Insured Employees,
• Suppliers,
• Financial Advisors, Tax and Financial Consultants and Auditors
• Legal Advisor
• Database (Server) Providers
• Translators
• Web Consultant
• Data Protection Officer
• IT Consultant
• Tourism Agencies
• Public Institutions and Organizations authorized under the laws,
• Judicial Authorities

DESTRUCTION OF PERSONAL DATA AND STORAGE PERIODS

8.1 Destruction of Personal Data

Without prejudice to the provisions of other laws regarding the destruction of personal data, Uz. Dr. Merih Tombul Yeşildal deletes, destroys or anonymizes the personal data that it has processed in accordance with the provisions of KVKK and other laws, ex officio or upon the request of the relevant person in accordance with the Personal Data Storage and Destruction Policy in the event that the reasons requiring its processing disappear.

Deletion of personal data refers to the process of making personal data inaccessible and non-reusable in any way for the relevant users.

Destruction of data refers to the process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way.

Anonymization of data refers to the process of making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data by masking, variable extraction, generalization, etc. techniques.

8.2 Retention Periods of Personal Data

Uz. Dr. Merih Tombul Yeşildal stores personal data in accordance with the periods stipulated in the laws and other legislation. If there is no retention period stipulated in the laws and other legislation, personal data are stored in accordance with Uz. Dr. Merih Tombul Yeşildal's Personal Data Retention and Destruction Policy, personal data are stored for the period required for the realization of the purpose of processing that personal data, and then deleted, destroyed or anonymized within the framework of periodic destruction periods.

RIGHTS OF THE PERSONAL DATA SUBJECT PURSUANT TO KVKK AND GDPR

9.1 Rights of the Data Subject Pursuant to GDPR

As a Data Subject, your Personal Data is also protected under the GDPR. The rights of Data subjects (European citizens or residents of Europe) where they fall under the jurisdiction of the GDPR are as follows;

• Right of Access (Art. 15 GDPR): The data subject has the right to confirm whether personal data concerning him/her is being processed by applying to Uz. Dr. Merih Tombul Yeşildal, and if personal data is processed, he/she has the right to learn the details in Article 15 of the GDPR.
• Right to rectification (Art. 16 GDPR): Data Subject, Uz. Dr. Merih Tombul Yeşildal has the right to have the changed personal data belonging to him/her corrected by contacting us at any time.
• Right to Erasure (Art. 17 GDPR): The Data Subject has the right to request the deletion of his/her personal data held by Uz. Dr. Merih Tombul Yeşildal has the right to request the deletion of his/her personal data held under his/her responsibility. In case the issues specified in Article 17 of the GDPR occur. Dr. Merih Tombul Yeşildal will delete your personal data without delay.
• Right to Restriction of Processing (Art. 18 GDPR): If the Data Subject objects to the timeliness of the Personal Data, the Data Subject has the right to request the restriction of the use of the data until the accuracy of the Personal Data is confirmed by Uz. Dr. Merih Tombul Yeşildal confirms the accuracy of the Personal Data, the Data Subject has the right to request restriction of the use of the data.

Data Subject Rights

Uz. Dr. Merih Tombul Yeşildal, the Data Subject has the right to request restriction of the use of the data in case we want to establish and execute your rights although we no longer need your personal data.

Uz. Dr. Merih Tombul Yeşildal's legitimate reasons outweigh the legitimate reasons of the Data Subject, the Data Subject has the right to request restriction of the use of the data if he/she objects to the processing in accordance with Article 21/1 GDPR.

Right to Data Portability (Art. 20 GDPR): The Data Subject has the right to request, if technically feasible, the transfer of his/her Personal Data held by Uz. Dr. Merih Tombul Yeşildal has the right to request the transfer of his/her Personal Data to another controller by contacting us at any time. However, you may exercise this right when data processing is based on your consent or when required by the contract.

Right to Object (Art. 21 GPDR): The Data Subject has the right to object, on grounds relating to his/her particular situation, to the processing of Personal Data, including profiling within the meaning of subparagraphs (e) or (f) of Article 6(1) of the GDPR. Uz. Dr. Merih Tombul Yeşildal cannot process your Personal Data unless it can demonstrate a strong legitimate ground, such as the establishment, exercise or protection of a legal right or overriding the interests, rights and freedoms of the Data Subject.

The Data Subject has the right to object at any time to the processing of Personal Data for marketing purposes, including profiling to the extent that it is related to such direct marketing, where such processing is for direct marketing purposes.

If the Data Subject objects to the processing of Personal Data for direct marketing purposes, Personal Data will no longer be processed for such purposes.

9.2 Rights of the Data Owner Pursuant to KVKK

The rights of natural persons whose Personal Data are processed in accordance with Article 11 of the KVKK are as follows;

• Learn whether personal data is being processed,
• Request information if their personal data has been processed,
• To learn the purpose of processing personal data and whether they are used for their intended purpose,
• To know the third parties to whom personal data are transferred domestically or abroad,
• To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• Although it has been processed in accordance with the provisions of the KVKK and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
• In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

In the event that there are rights or requests that the data owners want to use among the rights listed above; They can submit their written applications, in which they clearly and clearly state which of the rights specified in Article 11 of the KVKK they request to use, with wet signature and documents to prove their identity, to Uz. Dr. Merih Tombul Yeşildal Practice address in person, send it through a notary public or sign it with a secure e-signature and send it to Uz. Dr. Merih Tombul Yeşildal's corporate e-mail address or by other methods specified in the KVKK. In accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller", it is mandatory to include the following elements in the applications: name and surname, signature, Turkish ID number / passport number / temporary ID number, residence or workplace address, e-mail address, telephone and fax number, and the subject of the request.

Uz. Dr. Merih Tombul Yeşildal will finalize the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged.

Effective Date : 03.10.2023

Update Date : 03.10.2023