PERSONAL DATA STORAGE AND DISPOSAL POLICY
Homepage > PERSONAL DATA STORAGE AND DISPOSAL POLICY
PROF.DR.AHMET MURAT BÜLBÜL PERSONAL DATA STORAGE AND DISPOSAL POLICY
1.INTRODUCTION
1.1 Purpose
This Personal Data Retention and Disposal Policy (“Policy”) is applied to the entirety of Prof.Dr.Ahmet Murat BÜLBÜL’s Office (hereinafter referred to as the “Examination”) and is based on the nationally accepted basic principles regarding personal data destruction. It includes the framework and principles regarding the necessary destruction works within the scope of the relevant legislation.
In the third paragraph of Article 7 of the Law on Protection of Personal Data (“Law”), there is the provision “The procedures and principles regarding the deletion, destruction or anonymization of personal data are regulated by a regulation”. Pursuant to this provision and subparagraph (e) of the first paragraph of Article 22 of the Law, the Regulation on the Deletion, Destruction or Anonymization of Personal Data (“Regulation”) has been prepared by the Personal Data Protection Board (“Board”) and dated 28 October 2017. It was published in the Official Gazette numbered 30224.
Based on the above regulation, the purpose of this Policy is to determine the procedures and principles regarding the deletion, destruction or anonymization of the personal data processed in the course of the practice in accordance with the Regulation.
1.2.Scope
Personal data belonging to patients, relatives, employees, company employees/officials and suppliers with whom our practice has legal relations, are within the scope of this Policy. is applied.
1.3. Abbreviations and Definitions
CONCEPT | DEFINITION |
Recipient group | Natural or legal person category to whom personal data is transferred by the data controller |
Open Consent | Consent on a particular subject, based on information and expressed with free will |
Anonymization | Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Electronic environment | Environments where personal data can be created, read, changed and written by electronic devices. |
Non-Electronic Media | All written, printed, visual etc. other than electronic media. other environments. |
Related person | Natural person whose personal data is processed |
Related user | Except for the person or unit responsible for the technical storage, protection and backup of the data, the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller. |
Destruction | Deletion, destruction or anonymization of personal data |
Law | Law No. 6698 on the Protection of Personal Data |
recording media | Any medium containing personal data that is fully or partially automated or processed by non-automatic means, provided that it is a part of any data recording system. |
Personal data | Any information relating to an identified or identifiable natural person |
Personal data owner | Natural person whose personal data is processed |
Processing of personal data | Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. all kinds of operations performed on the data, such as blocking |
Personal data processing inventory | Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data with the purposes of processing, the data category, the transferred recipient group and the data subject group, explaining the maximum time required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security. |
Board | Personal Data Protection Board |
Institution | Personal Data Protection Authority |
Special categories of personal data | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data |
periodic destruction | In the event that all of the personal data processing conditions in the law are eliminated, the deletion, destruction or anonymization process to be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy. |
Policy | The policy on which data controllers base the process of determining the maximum time required for the purpose for which personal data is processed, and the process of deletion, destruction and anonymization. |
Record | The registry of data controllers kept by the Personal Data Protection Authority. |
data processor | The real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
data logging system | The registry system where personal data is processed and structured according to certain criteria. |
data controller | Prof.Dr. Ahmet Murat BÜLBÜL |
regulation | Regulation on the Deletion, Destruction or Anonymization of Personal Data, which entered into force by being published in the Official Gazette dated 28.10.2017 and numbered 30224. |
DISTRIBUTION OF RESPONSIBILITIES AND DUTIES
Data controller in the storage and destruction processes of personal data, Prof.Dr. Ahmet Murat BÜLBÜL is responsible.
3. RECORDING ENVIRONMENTS
Personal data is stored safely by the Institution in the environments listed in Table 2, in accordance with the law.
Table 2: Personal data storage environments
Elektronik Ortamlar | Elektronik Olmayan Ortamlar |
|
|
|
|
EXPLANATIONS ON STORAGE AND DISPOSAL
By the practice; Personal data of patients, relatives, employees, company employees/authorities from whom services are provided/provided, and suppliers are stored and destroyed in accordance with KVKK.In this context, detailed explanations regarding storage and disposal are given below, respectively.
4.1 Remarks on Retention
In Article 3 of the Law, the concept of processing personal data is defined, in Article 4 it is stated that the processed personal data should be related to the purpose for which they are processed, limited and measured and should be kept for the period required for the purpose for which they are processed or as stipulated in the relevant legislation. counted.
Accordingly, personal data within the scope of practice activities are stored for a period of time stipulated in the relevant legislation or suitable for our processing purposes.
4.1.1 Legal Reasons for Retention
The practice preserves the personal data processed within the framework of its activities for the period stipulated in the relevant legislation. In this context, personal data;
Tax Procedure Law No. 213
Labor Law No. 4857
Social Insurance and General Health Insurance Law No. 5510
Law No. 5651 on Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts
Turkish Code of Obligations No. 6098
Turkish Commercial Code No. 6102
Health Services Basic Law No. 3359
Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,
Private Hospitals Regulation
Law No. 6698 on the Protection of Personal Data
It is stored as long as the storage periods specified in the other secondary legislation in force, especially4.1.2. Processing Purposes Requiring Storage
Veri Kayıt Ortamı | Açıklama |
Fiziksel ortamda yer alan kişisel veriler | Fiziksel ortamda bulunan kişisel veriler karartma yöntemi kullanılarak veya belgenin, ilgili kullanıcılar tarafından hiçbir şekilde erişilmeyecek şekilde güvenli bir ortamda saklanılması suretiyle silinmektedir. |
Fiziksel ortamda yer alan kişisel veriler | Fiziksel ortamda bulunan kişisel veriler karartma yöntemi kullanılarak veya belgenin, ilgili kullanıcılar tarafından hiçbir şekilde erişilmeyecek şekilde güvenli bir ortamda saklanılması suretiyle silinmektedir. |
Sunucularda Yer Alan Kişisel Veriler | Sunucularda yer alan kişisel verilerden saklanmasını gerektiren süre sona erenler için sistem yöneticisi tarafından ilgili kullanıcıların erişim yetkisi kaldırılarak silme işlemi yapılır. |
Veri tabanlarında yer alan kişisel veriler | İlgili kullanıcının, rol ve izin ataması yapılarak, veri tabanında yer alan kişisel verilere erişimi engellenmektedir. |
6.2. Destruction of Personal Data
As a practice, the methods used by us in order to legally destroy personal data are as follows:
Table 4: Destruction of Personal Data
Veri Kayıt Ortamı | Açıklama |
Fiziksel ortamda yer alan kişisel veriler | Kâğıt ortamında yer alan kişisel verilerden saklanmasını gerektiren süre sona erenler, kâğıt kırpma makinelerinde geri döndürülemeyecek şekilde yok edilir. |
Çevresel (ağ cihazları, flash tabanlı ortamlar, optik sistemler vb.) ve yerel sistemlerde yer alan kişisel veriler | Kişisel veri içeren cihazlar; yakma, küçük parçalara ayırma, eritme gibi fiziksel işlemlerle yok edilmektedir. Ayrıca, demanyetize etme yöntemi ile aygıtın üzerinde yer alan kişisel veriler okunamaz hale getirilerek yok etme işlemi gerçekleştirilmektedir. Bununla birlikte; özel yazılımlar ile var olan verilerin üzerine rastgele veri girişi yapılması sonucu eski verilerin kurtarılmasının önüne geçilerek yok etme işlemi uygulanmaktadır. |
6.3. Anonymization of Personal Data
Anonymization of personal data means making personal data not associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.
In order for personal data to be anonymized; Personal data must be rendered unrelated to an identified or identifiable natural person, even by using appropriate techniques for the recording medium and the relevant field of activity, such as returning the personal data by the data controller or third parties and/or matching the data with other data.
STORAGE AND DISPOSAL TIMES
Regarding the personal data being processed by the practice within the scope of its activities;
The retention periods on the basis of personal data regarding all personal data within the scope of the activities carried out in connection with the processes are in the Personal Data Processing Inventory;
Storage periods on the basis of data categories are recorded in VERBIS;
Process-based retention periods are included in this Personal Data Retention and Disposal Policy.
The destruction process of personal data is carried out by the Practice in accordance with the retention periods determined in accordance with the relevant legislation in accordance with each relationship. Personal data whose storage period has expired are deleted, destroyed or anonymized in periodic destruction periods determined by the Practice.
Table 5: Process-Based Storage and Disposal Times Table
SÜREÇ | SAKLAMA SÜRESİ | İMHA SÜRESİ |
İnsan kaynakları çalışan süreçlerinin yürütülmesi | Çalışanın işten ayrılmasından itibaren 10 yıl | Saklama süresinin bitimini takip eden ilk 6 aylık periyodik imha süresinde. |
Sözleşme süreçlerinin yürütülmesi | Sözleşmenin sona ermesini takiben 10 yıl | Saklama süresinin bitimini takip eden ilk 6 aylık periyodik imha süresinde. |
Muhasebe ve finans süreçlerinin | Kayıt altına alınmasını takiben 10 yıl | Saklama süresinin bitimini takip eden ilk 6 aylık periyodik imha süresinde. |
Hasta/ ürün hizmet alan kişi | Müşteri/ hasta ilişkisinin sona ermesinden itibaren 10 yıl | Saklama süresinin bitimini takip eden ilk 6 aylık periyodik imha süresinde. |
Ex officio deletion, destruction or anonymization of personal data whose storage period has expired is carried out by Prof.Dr. It is carried out by Ahmet Murat BÜLBÜL.
PERIODIC DISPOSAL TIME
In accordance with Article 11 of the Regulation, the period of periodic destruction has been determined by the practice as [6] months. Accordingly, periodic destruction is carried out by the Practice in June and December each year.
PUBLICATION AND STORAGE OF THE POLICY
The policy is published in two different media, with wet signature (printed paper) and electronically, and is disclosed to the public on the website.
UPDATE PERIOD OF THE POLICY
The policy is updated as needed and changed processes are found.
EFFECT AND REVOCATION OF THE POLICY
This Policy is deemed to have entered into force after its publication on the website of the Practice.
Hareket etmek üzere tasarlanmış olan insanoğlunun bu fonksiyonu sürdürmesi için ihtiyacı olan lokomotor sistemi yani kas ve iskelet sistemini ilgilendiren hastalıkların tedavisi ile uğraşmaktayım.
