POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA

 
POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA

1.1 Introduction

Dr. Cevahir Tekcan, MD’s practice (“Dr. Cevahir Tekcan, MD”) is subject to the provisions of Article 20 of the Constitution in the protection and processing of personal data. It attaches utmost importance to protecting the fundamental rights and freedoms of individuals, based on the right to privacy as set out in Art. Within this framework, Dr. Cevahir Tekcan, MD pays attention to the protection and processing of personal data in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union General Data Protection Regulation (“GDPR”), and acts with this understanding in all its planning and activities.

Ensuring the security of people’s personal data is one of Dr. Cevahir Tekcan, MD’s primary goals. For this reason, necessary security measures are taken by Dr. Cevahir Tekcan, MD in accordance with the applicable legislation in order to process the personal data of individuals securely and to prevent any unlawful access or leakage of such data.

1.2 Purpose of the Policy

Personal Data Protection and Processing Policy (“Policy”) The purpose of this Policy is to inform personal data owners about the obligations of Dr. Cevahir Tekcan, MD and the procedures and principles to be followed by Dr. Cevahir Tekcan, MD in the protection and processing of personal data processed by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system in accordance with the purpose of the KVKK and GDPR. In line with the purpose of the Policy, it is aimed to ensure full compliance with the legislation in the protection and processing of personal data carried out by Dr. Cevahir Tekcan, MD and to protect the right to privacy and data security of personal data owners.

1.3 Scope of the Policy

This Policy has been prepared for Patients/Consultants, Employees, Employee Candidates and Visitors, provided that they are real persons, and will be applied within the scope of these specified persons. The purpose of publishing the provisions of this Policy by Prof. Dr. Cevahir Tekcan, MD on the website within the clarification text is to inform data subjects about the protection and processing of personal data and data security. This Policy shall not apply to legal entities in whatever capacity.

This Policy shall apply to the above-mentioned Data subjects in the event that their personal data are processed by Dr. Cevahir Tekcan, MD through fully or partially automated or non-automated means, provided that they are part of any data recording system. This Policy shall not apply if the data is not included in the scope of “Personal Data” within the scope specified below or if the personal data processing activity carried out by Dr. Cevahir Tekcan, MD is not in the ways specified above.

1.4 Definitions

The terms used in the implementation of this Policy have the meanings given below:

Open Consent It is consent on a specific issue, based on information and expressed with free will.
Disclosure Obligation It is the obligation of the data controller to inform the persons whose personal data it processes, by whom, for what purposes and on what legal grounds these data may be processed and to whom and for what purposes they may be transferred.
Related User Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.
Destruction It refers to the deletion, destruction or anonymization of personal data.
Processing of Personal Data It is any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
KVK Board Personal Data Protection Board.
Personal Data Owner Patients, Clients, Employees, Employee Candidates and Visitors whose Personal Data (including sensitive personal data) are processed.
Personal Data Any information relating to an identified or identifiable natural person.
Institution / Audit Mechanism The Personal Data Protection Authority consisting of the Board and the Presidency.
Automatically Processing Data Computer, phone, watch, etc. is a processing activity that is performed by devices with processors, and that takes place spontaneously without human intervention within the scope of algorithms prepared in advance through software or hardware features.
Sensitive Personal Data Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive data.
Registry Data Controllers Registry.
Dr. Cevahir Tekcan, MD Dr. Cevahir Tekcan, MD Practice.
Data Processor A natural or legal person who processes Personal Data on behalf of the Data Controller based on the authorization granted by the Data Controller.
Data Recording System It refers to the recording system where Personal Data is structured and processed according to certain criteria.
Data Category It is a class of personal data belonging to the data subject group or groups of persons in which personal data are grouped according to their common characteristics.
Data Subject Person Group The relevant group of persons whose personal data is processed by the data controller.
Data Controller The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

1.5 Enforcement of the Policy

The Policy principles, which were issued by Dr. Cevahir Tekcan, MD and entered into force on 01.07.2021, are made available to Data owners in the content of the PDP disclosure text published on the corporate websites of Dr. Cevahir Tekcan, MD.

  1. PROTECTION OF PERSONAL DATA

2.1 Security of Personal Data

Dr. Cevahir Tekcan, MD takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data securely and to prevent unlawful processing and access to personal data in accordance with KVKK and GDPR. The administrative and technical measures taken regarding the security of personal data are regulated in detail in the Personal Data Storage and Destruction Policy of Dr. Cevahir Tekcan, MD.

2.2 Audit

Dr. Cevahir Tekcan, MD carries out the necessary audits and has them carried out in order to establish the data security described above and to ensure the regularity and continuity of the measures taken.

The technical measures taken by Dr. Cevahir Tekcan, MD are audited by authorized persons on a semi-annual basis, and administrative measures are audited by persons authorized by Dr. Cevahir Tekcan, MD.

2.3 Privacy

All necessary administrative and technical measures are taken by Dr. Cevahir Tekcan, MD in order to ensure that the Data Processor does not disclose the personal data learned within the scope of his/her duty to anyone else in violation of the provisions of KVKK, GDPR and Policy and does not use it for purposes other than processing. In this context, information and training activities on KVKK, GDPR and Policy are carried out for the employees of the Practice, and confidentiality agreements are signed as part of the recruitment processes of the relevant employees.

2.4 Unauthorized Disclosure of Personal Data

In the event that the personal data processed by Dr. Cevahir Tekcan, MD are obtained by others through unlawful means, Dr. Cevahir Tekcan, MD shall carry out the necessary procedures to notify the Data Subject and the PDP Board of this situation within the periods determined by the PDP Board. If deemed necessary by the PDP Board, this situation shall be announced on the website of the PDP Board or by another method deemed appropriate by the PDP Board.

2.5 Observing the Legal Rights of Relevant Persons

Dr. Cevahir Tekcan, MD observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

2.6 Protection of Special Categories of Personal Data

Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data. Dr. Cevahir Tekcan, MD is aware that Special Categories of Personal Data are data that may cause the Data Owner to be victimized or subjected to discrimination if learned by others, and for this reason, it sensitively takes adequate measures determined by the Board for the protection of such personal data processed in accordance with the law. Within this framework; it has a separate policy (Policy on the Security of Sensitive Personal Data) that is systematic, clearly defined, manageable and sustainable.

  1. PROCESSING AND TRANSFER OF PERSONAL DATA

3.1 General Principles for Processing and Transferring Personal Data

Personal Data is processed by Dr. Cevahir Tekcan, MD in accordance with the procedures and principles stipulated in KVKK, GDPR and this Policy. Dr. Cevahir Tekcan, MD complies with the following principles when processing personal data.

3.1.1 Compliance with the Law, Good Faith and the Principle of Transparency

Dr. Cevahir Tekcan, MD processes personal data in accordance with the relevant legislation and the requirements of the rule of honesty and uses it within these limits. In accordance with the principle of compliance with the rule of good faith, Dr. Cevahir Tekcan, MD takes into account the interests and reasonable expectations of data subjects when trying to achieve its objectives in data processing. It acts in a way that prevents the occurrence of results that the Data Subject does not expect and does not need to expect. Pursuant to the principle, it also ensures that the data processing activity in question is transparent for the data subject and acts in accordance with the disclosure and warning obligations.

3.1.2 Being accurate and up to date when necessary

Dr. Cevahir Tekcan, MD ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of the data subjects. In this context, it carefully considers issues such as identifying the sources from which the data are obtained, confirming their accuracy, and assessing whether they need to be updated. Dr. Cevahir Tekcan, MD always keeps the channels open to ensure that the information of the personal data owner is accurate and up-to-date. Keeping personal data accurate and up-to-date is necessary for the protection of the fundamental rights and freedoms of the Data Owner as well as protecting the interests of Dr. Cevahir Tekcan, MD.

3.1.3 Processing for Specific, Explicit and Legitimate Purposes

Dr. Cevahir Tekcan, MD determines the purpose of data processing clearly and precisely and ensures that this purpose complies with the law. The lawfulness of the purpose means that the personal data processed by Dr. Cevahir Tekcan, MD is related to and necessary for the health service in which it operates. Dr. Cevahir Tekcan, MD does not process data for purposes other than these purposes. In this respect, it shows sensitivity in compliance with the principle of certainty and clarity in legal transactions and texts where the purposes of personal data processing are explained.

3.1.4 Being Relevant, Limited, Measured and Necessary for the Purpose for which they are Processed

Dr. Cevahir Tekcan, MD pays attention to the fact that the processed personal data is suitable for the realization of the specified purposes and avoids the processing of data that is not related to the realization of the purpose or is not needed. Dr. Cevahir Tekcan, MD does not collect or process personal data for purposes that do not currently exist and are thought to be realized later. It also limits the processed data to only what is necessary for the realization of the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the purpose to be achieved.

3.1.5 Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

Dr. Cevahir Tekcan, MD complies with these periods if there is a period stipulated in the relevant legislation for the storage of data; otherwise, it retains personal data only for the period required for the purpose for which they are processed. In the event that there is no valid reason for further storage of a personal data by Dr. Cevahir Tekcan, MD, the data in question is deleted, destroyed or anonymized. Procedures regarding the storage and destruction of personal data are regulated in detail in Dr. Cevahir Tekcan, MD’s Personal Data Storage and Destruction Policy.

3.1.6 Compliance with Integrity and Confidentiality Principles

Personal data are processed by Dr. Cevahir Tekcan, MD by taking the necessary technical and administrative measures against loss, destruction, damage or in order to ensure an appropriate level of security regarding the protection of personal data.

3.1.7 Compliance with the Principle of Accountability

Dr. Cevahir Tekcan, MD has fulfilled its obligation to comply with the rules on the protection of personal data in its processing activities and will be able to submit documents proving that these measures have been taken to the supervisory authorities in case of any complaint or ex officio examination.

3.2 Terms of Processing Personal Data

Dr. Cevahir Tekcan, MD does not process personal data without the explicit consent of the Data Owner. Personal data may only be processed without the explicit consent of the Data Owner in the presence of one of the following conditions:

3.2.1 Explicit Provision in the Law

Dr. Cevahir Tekcan, MD may process personal data without seeking the explicit consent of the Data Owner in cases expressly provided by law.

3.2.2 It is Necessary for the Protection of the Life or Bodily Integrity of the Person or of Another Person Who Is Incapable of Explaining His/her Consent Due to Physical Impossibility or Whose Consent Is Not Given Legal Validity

In cases where consent cannot be disclosed or is not valid, Dr. Cevahir Tekcan, MD may process personal data without seeking explicit consent in order to protect the life or bodily integrity of individuals.

3.2.3 Processing of Personal Data of the Parties to a Contract is Necessary Provided that it is Directly Related to the Establishment or Performance of a Contract

In the event that it is mandatory to process the personal data of the parties to a contract directly related to the establishment or performance of a contract, Dr. Cevahir Tekcan, MD may process the personal data of the Data Owner without seeking explicit consent, as required by the ordinary course of life, limited to this purpose.

3.2.4 Necessity for the Fulfillment of Legal Obligations

Dr. Cevahir Tekcan, MD may process the personal data of the Data Owner without seeking explicit consent in cases where it is mandatory to fulfill its legal obligations as Data Controller.

3.2.5 Publicized by the Relevant Person Himself

Dr. Cevahir Tekcan, MD may process the personal data of the Data Owner, which is made public by the Data Owner himself/herself, in other words, which has been disclosed to the public in any way, limited to the purpose of publicization, since it is accepted that the legal benefit to be protected in the processing of such data, which is made public by the Data Owner and thus becomes publicly known, has disappeared.

3.2.6 Data Processing is Mandatory for the Establishment, Exercise or Protection of a Right

Dr. Cevahir Tekcan, MD may process the personal data of the Data Owner without seeking explicit consent in cases where data processing is mandatory for the exercise or protection of a legitimate right.

3.2.7 Data Processing is Mandatory for the Legitimate Interests of Our Practice, Provided that it does not harm the Fundamental Rights and Freedoms of the Data Subjects

Dr. Cevahir Tekcan, MD may process the personal data of the Data Owner in cases where the processing of personal data is mandatory for the provision of legitimate interests, provided that it does not harm the fundamental rights and freedoms of the Data Owner protected under the KVKK, GDPR and Policy. Dr. Cevahir Tekcan, MD shows the necessary sensitivity to comply with the basic principles regarding the protection of personal data and to observe the balance of interests of Dr. Cevahir Tekcan, MD and personal data owners. Legitimate interest means an interest that is legitimate, effective, specific and already existing at a level that can compete with the fundamental right and freedom of the Data Subject. Dr. Cevahir Tekcan, MD takes additional protective measures to prevent damage to the rights of the Data Subject. A reasonable balance is maintained between the interests of Dr. Cevahir Tekcan, MD and the fundamental rights and freedoms of the person concerned.

3.3 Processing Conditions of Special Categories of Personal Data

Dr. Cevahir Tekcan, MD does not process sensitive personal data without the explicit consent of the Data Owner. Sensitive personal data may only be processed without the explicit consent of the data subject in the presence of one of the following conditions:

3.3.1 Explicit Provision in the Law

Sensitive personal data other than the health and sexual life of the Data Owner may be processed without the explicit consent of the Data Owner in cases clearly stipulated by law.

3.3.2 For the Protection of Public Health, Preventive Medicine, Medical Diagnosis, Treatment and Care Services, Planning and Management of Health Services and Financing

Sensitive personal data of the Data Owner regarding his/her health and sexual life may be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

3.4 Conditions of Transfer of Personal Data

Dr. Cevahir Tekcan, MD shall take the necessary security measures to protect personal data in accordance 8. and Article 9 and GDPR Article 45. And 49. In accordance with the articles, it may transfer personal data to third parties based on and limited to one or more of the following personal data processing conditions:

  • Explicit consent of the Data Subject,
  • There is a clear regulation on the transfer of personal data in the laws,
  • The transfer of personal data is mandatory for the protection of the life or physical integrity of the Data Subject or someone else and the data subject is unable to disclose his/her consent due to actual impossibility or his/her consent is not legally valid,
  • It is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
  • Personal data transfer is mandatory for Dr. Cevahir Tekcan, MD to fulfill his legal obligation,
  • Personal data has been made public by the Data Owner,
  • Personal data transfer is mandatory for the establishment, exercise or protection of a right,
  • Provided that it does not harm the fundamental rights and freedoms of the Data Owner, the transfer of personal data is mandatory for the legitimate interests of Dr. Cevahir Tekcan, MD.

Sensitive personal data may be transferred based on one of the following conditions and limitedly provided that adequate measures are taken:

  • Explicit consent of the person concerned,
  • In the case of sensitive personal data other than the health and sexual life of the data subject, there is a clear regulation in the laws regarding the transfer of such data.
  • In the case of special categories of personal data relating to the health and sexual life of the data subject, such data may be transferred by persons under the obligation of confidentiality or authorized institutions and organizations for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
  1. CATEGORIES OF PERSONAL DATA AND GROUPS OF DATA SUBJECTS

4.1 Categories of Personal Data

Personal data are categorized and processed by Dr. Cevahir Tekcan, MD as follows:

Identity Your name, surname, Turkish ID Number and/or Passport Number and/or Temporary Turkish ID Number, place and date of birth, marital status, gender, occupation, signature and other identification data that can identify you
Contact Your address (residence, workplace), telephone number (home/workplace fixed and/or mobile telephone numbers you have provided), e-mail address, social media accounts and other communication data.
Personnel Curriculum vitae, title information; employment and exit document records; social security/pension information, payroll information and other personal data.
Finance Personal data processed regarding the information, documents and records showing the result of all kinds of financial relations established by our practice with personal data owners and bank account information, credit information, balance sheet information, financial profile, asset and insurance information and other financial information.
Audio and Visual Recordings Photographs, camera and voice recordings data taken outside the scope of physical space security of personal data owners.
Communication Records Communication data that can be obtained through the communication and information systems of our practice: Corporate telephone call records, corporate mail and e-mail records and contents, etc.
Customer Transaction Satisfaction information about the patients of our practice, Invoice, receipt information, etc.

SPECIAL CATEGORIES OF PERSONAL DATA

Health Information Your blood type, allergies, chronic diseases, data on previous surgeries/operations, medications you use continuously, test and imaging results, prescription information, body analysis and measurement information, medical history, skin analysis information, hormonal tests, information on your sexual life, venereal disease information, information on Covid-19 disease, medical treatments, anesthesia information and other health data.

4.2 Data Subject Groups

Only real persons can benefit from the protection of this Policy and the Law. Personal data subjects within this scope are grouped as follows:

Employee Candidate Real persons who have applied for a job in any way to our practice or who have opened their CV and related information to the examination of our practice.
Customer Patients or clients who come to our practice.
Employee They are individuals working at Dr. Cevahir Tekcan, MD Practice.
Visitor All real persons who have entered the physical premises owned by our practice for various purposes or who visit our websites for any purpose.
  1. METHOD AND LEGAL GROUNDS FOR COLLECTING PERSONAL DATA

5.1 Method of Collecting Personal Data

Your Personal Data is processed by real or legal persons authorized by Dr. Cevahir Tekcan, MD in the capacity of “DATA PROCESSOR / PROCESSOR“; verbally, in writing, by taking camera and photo records, by keeping records in physical and electronic media, and by obtaining your explicit consent in cases stipulated by KVKK and GDPR.

  • Job application forms,
  • Personnel information forms,
  • Various documents submitted to Dr. Cevahir Tekcan, MD,
  • Mail and e-mails sent to Dr. Cevahir Tekcan, MD,
  • Corporate telephones,
  • Photo/Video recordings,
  • Websites,
  • Patient Clarification Forms,
  • Assay Results,
  • Imaging Results,
  • Health Information Forms,
  • Log Recorder (Firewall),
  • Service providers with servers located abroad (whatsapp/instagram/facebook/messanger/linkedin/youtube/zoomus/ Google/Hotmail/yahoo etc.)

5.2 Legal Grounds for Collection of Personal Data

Personal data of our practice, the Law 5. and Articles 6 and GDPR 6. And 9. collects on the basis of one of the following legal grounds pursuant to the articles:

  • Explicit consent of the person concerned,
  • Explicitly stipulated in the law;
  • The personal data has been made public by the data subject himself/herself,
  • Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
  • In the case of personal data of special nature related to the health and sexual life of the Data Owner, these data are for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing,
  • It is mandatory for Dr. Cevahir Tekcan, MD to fulfill his legal obligation,
  • Data processing is mandatory for the establishment, exercise or protection of a right,
  • Provided that it does not harm the fundamental rights and freedoms of the data subjects, data processing is mandatory for the legitimate interests of Dr. Cevahir Tekcan, MD.
  1. PURPOSES OF PROCESSING PERSONAL DATA

6.1 Matching the Data Subject Person Groups with the Processing Purposes Regarding Personal Data Categories

The matching of the data subject groups, whose definitions and scopes are given above, with the processing purposes for personal data categories is presented below:

– Employee Candidate

Data CategoriesIdentity, Contact, Personal, Professional Experience,

Processing ObjectivesExecution of Emergency Management Processes, Execution of Information Security Processes, Execution of Employee Candidate / Intern / Student Selection and Placement Processes, Execution of Employee Candidate Application Processes, Execution of Communication Activities

– Customer (Patient/Consultant)

Data CategoriesIdentity, Contact, Financial, Customer Transaction, Health Data, Biometric Data

Processing Objectives: To be able to create a patient file, to carry out your examination, preventive medicine, medical diagnosis, treatment and care services, to carry out your controls after medical diagnosis and treatment processes, to contact you one-on-one, to manage appointment processes, to manage patient satisfaction and demand management, to fulfill legal and contractual obligations, to keep the information regarding your health data that must be kept in accordance with the relevant legislation within the specified periods, To be able to receive consultation from another relevant specialist physician when necessary in order to perform the treatment offered correctly, to fulfill legal obligations in accordance with the legislation within the scope of health tourism, to be able to plan the transfer and accommodation services of patients/consultants coming within the framework of health tourism, to announce innovations regarding medical treatment and practices, to be able to announce innovations regarding medical treatment and practices, to be able to inform about the applied medical procedure 3. To inform people, to plan and manage health services and financing, to fulfill the responsibilities arising from the legal relationship established between the doctor and the patient, to fulfill financial and administrative obligations, to ensure technical and commercial security and to fulfill public obligations

– Employee

Data CategoriesIdentity, Contact, Personal, Financial, Audiovisual,

Processing PurposesExecution of Emergency Management Processes, Execution of Information Security Processes, Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees, Execution of Benefits and Benefits Processes for Employees, Execution of Activities in Compliance with Legislation, Execution / Supervision of Business Activities, Organization and Event Management

– Visitor

Data Categories: Legal Process

Processing Objectives: Execution of Emergency Management Processes, Execution of Information Security Processes,

6.2 Personal Data Processing Activities Performed on the Website

Traffic information of online visitors to our website is automatically processed for the purpose of carrying out information security processes. On the other hand, pursuant to Law No. 5651 and other legislation, hosting providers are obliged to record and store website traffic information.

6.3 Personal Data Processing Activities Conducted through Communication Channels

Telephone, e-mail, etc. The communications made through channels are monitored and recorded by Dr. Cevahir Tekcan, MD for the purpose of conducting/supervising business activities and following up requests/complaints.

Data subjects are only required to use these channels within the scope of their business activities.

  1. PURPOSES OF TRANSFER OF PERSONAL DATA AND PERSONS/ORGANIZATIONS TO WHOM PERSONAL DATA ARE TRANSFERRED

7.1 Purposes of Transfer of Personal Data

Dr. Cevahir Tekcan, MD, personal data are protected by 8. and Article 9 and GDPR Article 45. and 49. limited to the following purposes within the framework of the conditions specified in the articles:

  • To be able to carry out examination, preventive medicine, medical diagnosis, treatment and care services,
  • Ability to manage complication processes,
  • Obtaining consultation,
  • Fulfillment of obligations in accordance with the Ministry of Health Legislation,
  • Fulfillment of obligations in accordance with International Health Tourism Regulations,
  • Meeting the transportation, accommodation and interpreter needs of health tourist patients, fulfilling administrative obligations before Provincial Health Directorates and District Health Directorates,
  • Related to the health services provided 3. Being able to inform people medically,
  • Execution of Employee Candidate Application Processes,
  • Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees,
  • Execution of Employee Benefits and Benefits Processes,
  • Execution of Activities in Compliance with the Legislation,
  • Execution of Finance and Accounting Affairs,
  • Execution/Supervision of Business Activities,
  • Execution of Business Continuity Ensuring Activities,
  • Execution of Risk Management Processes,
  • Ensuring and auditing data security,
  • Execution of Contract Processes,
  • Providing Information to Authorized Persons, Institutions and Organizations

7.2 Persons/Organizations to whom Personal Data are Transferred

Dr. Cevahir Tekcan, MD may transfer personal data to the following persons and organizations limited to the data subject groups and data required by the purpose of transfer:

  • Other specialists for consultation purposes,
  • Insured Employees,
  • Suppliers,
    • Financial Advisors, Tax and Financial Consultants and Auditors
    • Legal Advisor
    • Database (Server) Providers
    • Translators
    • Web Consultant
    • Data Protection Officer
    • IT Consultant
    • Tourism Agencies
  • Public Institutions and Organizations authorized under the laws,
  • Judicial Authorities
  1. DESTRUCTION OF PERSONAL DATA AND STORAGE PERIODS

8.1 Destruction of Personal Data

Without prejudice to the provisions of other laws regarding the destruction of personal data, Dr. Cevahir Tekcan, MD deletes, destroys or anonymizes the personal data that it has processed in accordance with the provisions of KVKK and other laws, ex officio or upon the request of the relevant person in accordance with the Personal Data Storage and Destruction Policy in the event that the reasons requiring its processing disappear.

Deletion of personal data refers to the process of making personal data inaccessible and non-reusable in any way for the relevant users.

Destruction of data refers to the process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way.

Anonymization of data, masking of personal data, variable extraction, generalization, etc. It refers to the process of making it impossible to associate it with an identified or identifiable natural person under any circumstances, even if it is matched with other data using techniques.

8.2 Retention Periods of Personal Data

Dr. Cevahir Tekcan, MD stores personal data in accordance with the periods stipulated in laws and other legislation. If there is no retention period stipulated in the laws and other legislation, personal data are stored for the period required for the realization of the purpose of processing that personal data in accordance with Dr. Cevahir Tekcan, MD’s Personal Data Retention and Destruction Policy, and then deleted, destroyed or anonymized within the framework of periodic destruction periods.

  1. RIGHTS OF THE PERSONAL DATA OWNER PURSUANT TO KVKK AND GDPR

9.1 Rights of the Data Subject Pursuant to GDPR

As a Data Subject, your Personal Data is also protected in accordance with the GDPR. The rights of Data subjects (European citizens or residents of Europe) where they fall under the jurisdiction of the GDPR are as follows;

  • Right of Access (Art. 15 GDPR): The data subject has the right to confirm whether personal data related to him/her is being processed by applying to Dr. Cevahir Tekcan, MD, and if personal data is processed, to learn the details in Article 15 of the GDPR.
  • Right to rectification (GDPR Article 16): The Data Subject has the right to have the changed personal data belonging to Dr. Cevahir Tekcan, MD corrected by contacting us at any time.
  • Right to Erasure (Article 17 GDPR): The Data Subject has the right to request the deletion of his/her personal data held by Dr. Cevahir Tekcan, MD. If the matters specified in Article 17 of the GDPR occur, your personal data will be deleted by Dr. Cevahir Tekcan, MD without delay.
  • Right to Restriction of Processing (Art. 18 GDPR):
    • If the Data Owner objects to the timeliness of the Personal Data, the Data Owner has the right to request restriction of the use of the data until the accuracy of the Personal Data is confirmed by Dr. Cevahir Tekcan, MD.
  • Right to Data Portability (Article 20 GDPR): The Data Subject has the right to request the transfer of his/her Personal Data held by Dr. Cevahir Tekcan, MD to another controller by contacting us at any time, if technically feasible. However, you may exercise this right when the data processing is based on your consent or when required by the contract.
  • Right of Appeal (Article 21 GPDR):
    • The Data Subject agrees that Article 6(1) of the GDPR (e) or (f) to object to the processing of Personal Data, including profiling, on grounds relating to his/her particular situation. Dr. Cevahir Tekcan, MD cannot process your Personal Data unless it can demonstrate a strong legitimate reason, such as the establishment, exercise or protection of a legal right that overrides the interests, rights and freedoms of the Data Subject.
    • Where Personal Data is processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of Personal Data for marketing, including profiling to the extent it is related to such direct marketing.
    • If the Data Subject objects to the processing of Personal Data for direct marketing purposes, Personal Data will no longer be processed for such purposes.

9.2 Rights of the Data Owner Pursuant to KVKK

The real persons whose Personal Data are processed are subject to the provisions of Article 11 of the KVKK. The rights he/she has pursuant to the article are as follows;

  • Learn whether personal data is being processed,
  • Request information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used for their intended purpose,
  • To know the third parties to whom personal data are transferred domestically or abroad,
  • To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
  • Although it has been processed in accordance with the provisions of the KVKK and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
  • To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
  • In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

In case the data subjects have rights or requests that they want to exercise among the rights listed above; 11. They can submit their written applications, in which they clearly and understandably state which of the rights specified in the article, together with wet signed documents to prove their identity, to the address of Dr. Cevahir Tekcan, MD Practice in person, send them through a notary public or sign with a secure e-signature and send them to the corporate e-mail address of Dr. Cevahir Tekcan, MD or send them by other methods specified in the KVKK. In accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller”, it is mandatory to include the following elements in the applications: name, surname, signature, Turkish ID number/passport number/temporary ID number, residence or workplace address, e-mail address, telephone and fax number, subject of the request.

Dr. Cevahir Tekcan, MD will finalize the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged.

Effective Date : 31.12.2021

Update Date : 10.10.2023