Privacy Policy

Privacy Policy

    1. INTRODUCTION

    SEÇKİN DİŞ (“SEÇKİN DİŞ”) attaches utmost importance to protecting the fundamental rights and freedoms of individuals, particularly in the protection and processing of personal data, based on the right to privacy as stipulated in Article 20 of the Constitution. In this context, SEÇKİN DİŞ is committed to the lawful protection and processing of personal data in accordance with the Personal Data Protection Law No. 6698 (“KVKK”) and the European Union General Data Protection Regulation (“GDPR”), and acts with this understanding in all its planning and activities.

    Ensuring the security of individuals’ Personal Data is one of SEÇKİN DİŞ’s primary objectives. Therefore, SEÇKİN DİŞ takes the necessary security measures, in accordance with applicable legislation, to ensure the secure processing of individuals’ Personal Data and to prevent any unlawful access to or leakage of such data.

    1.1. PURPOSE OF THE POLICY

    Personal Data Protection and Processing Policy (“Policy”) is to inform Personal Data Subjects about SEÇKİN DİŞ’s obligations and the procedures and principles it will adhere to in the protection and processing of personal data processed fully or partially automatically, or non-automatically, provided that it is part of a data recording system, in accordance with the purposes of the KVKK and GDPR. In line with the purpose of the Policy , SEÇKİN DİŞ aims to ensure full compliance with legislation in its personal data protection and processing activities and to protect the right of Personal Data Subjects to privacy and data security.

    1.2. SCOPE OF THE POLICY

    This Policy has been prepared for Customers, Employees, Job Candidates, and Visitors, provided that they are natural persons, and will apply to these individuals. SEÇKİN DİŞ publishes this Policy on its website to inform Data Owners about the protection and processing of personal data and data security. This Policy will not apply to legal entities, regardless of their status.

    This Policy will apply to the Data Subjects specified above if their personal data is processed by SEÇKİN DİŞ, either fully or partially, by automated means, or non-automated means provided that it is part of any data recording system. This Policy will not apply if the data is not considered “Personal Data” within the scope specified below, or if SEÇKİN DİŞ does not process personal data through the means specified above.

     

    1.3. DEFINITIONS

    this Policy have the following meanings:

    Explicit Consent

    It is consent regarding a specific subject, based on information and expressed with free will.

    Obligation to Disclose

    It is the data controller’s obligation to inform the persons whose personal data he processes, about who can process these data, for what purposes and on what legal grounds, and to whom and for what purposes they can be transferred.

    Related User

    Persons who process personal data within the data controller organization or in accordance with the authority and instructions they receive from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of data.

    Destruction

    It refers to the deletion, destruction or anonymization of personal data.

    Processing of Personal Data

    It is any operation performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of Personal Data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.

    Personal Data Protection Board

    It is the Personal Data Protection Board.

    Personal Data Owner

    It refers to Patients, Clients, Employees, Job Candidates and Visitors whose Personal Data ( including special categories of personal data ) are processed.

    Personal Data

    It is any information relating to an identified or identifiable natural person.

    Institution/Control Mechanism

    It is the Personal Data Protection Authority consisting of the Board and the Presidency.

    Automatic Data Processing

    It is a processing activity that is carried out automatically by devices with processors such as computers, phones, watches, etc., without human intervention, within the scope of algorithms prepared in advance through software or hardware features.

    Special Personal Data

    race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are special data.

    Record

    It is the Registry of Data Controllers .

    SEÇKİN DENTAL

    SEÇKİN DİŞ .

    Data Processor

    A natural or legal person who processes Personal Data on behalf of the data controller based on the authority granted by the data controller.

    Data Recording System

    It refers to the recording system in which Personal Data is structured and processed according to certain criteria .

    Data Category

    It is the personal data class belonging to the data subject group or groups in which personal data are grouped according to their common characteristics.

    Data Subject Group

    It is the group of persons whose personal data is processed by the data controller.

    Data Controller

    It is the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

    1.4. ENFORCEMENT OF THE POLICY

    The Policy principles, which were prepared by SEÇKİN DİŞ and entered into force on 01.04.2021, are published on the corporate website of SEÇKİN DİŞ and made available to Data Owners.

    1. PROTECTION OF PERSONAL DATA

    2.1. SECURITY OF PERSONAL DATA

    SEÇKİN DİŞ takes all necessary administrative and technical measures to ensure an appropriate level of security to securely store personal data in accordance with the KVKK and GDPR and to prevent unlawful processing and access of personal data. The administrative and technical measures taken to ensure the security of personal data are detailed in SEÇKİN DİŞ’s Personal Data Storage and Destruction Policy .

    2.2. AUDIT

    SEÇKİN DİŞ carries out and has carried out the necessary audits in order to ensure the establishment of data security described above and the regularity and continuity of the measures taken.

    Technical measures taken by SEÇKİN DİŞ are inspected by authorized persons at six-monthly intervals per year, while administrative measures are inspected by persons authorized by SEÇKİN DİŞ .

    2.3. PRIVACY

    the Data Processor does not disclose personal data learned in the course of their duties to anyone in violation of the provisions of the KVKK, GDPR, and the Policy, and does not use it for purposes other than those intended. In this context, information and training programs are conducted for the Practice’s employees regarding the KVKK, GDPR, and the Policy, and confidentiality agreements are signed by the relevant employees as part of the recruitment process. Furthermore, policies are communicated to Suppliers and Data Processors who provide outsourced services, and Confidentiality Commitments are obtained.

    2.4. UNAUTHORIZED DISCLOSURE OF PERSONAL DATA

    If personal data processed by SEÇKİN DİŞ is obtained by others through unlawful means, SEÇKİN DİŞ will take the necessary steps to notify the Data Subject and the PPD Board within the timeframes determined by the PPD Board . If deemed necessary by the PPD Board, this situation will be announced on the PPD Board’s website or by another method deemed appropriate by the PPD Board.

    2.5. PROTECTING THE LEGAL RIGHTS OF THE RELATED PERSONS

    SEÇKİN DİŞ observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

    2.6. PROTECTION OF SPECIAL NATURE PERSONAL DATA

    Data related to an individual’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership in associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, constitute special personal data. SEÇKİN DİŞ is aware that Special Personal Data, if learned by others, could cause the Data Subject to victimization or discrimination. Therefore, it diligently takes the adequate measures, as determined by the Board, to protect such personal data processed in accordance with the law. In this context, it has a separate policy (the Security of Special Personal Data Policy) that is systematic, has clearly defined rules, is manageable, and sustainable.

    1. PROCESSING AND TRANSFER OF PERSONAL DATA

    3.1. GENERAL PRINCIPLES IN PROCESSING AND TRANSFER OF PERSONAL DATA

    Personal Data is processed by SEÇKİN DİŞ in accordance with the procedures and principles set forth in KVKK, GDPR, and this Policy. SEÇKİN DİŞ adheres to the following principles when processing personal data.

    1. a) Compliance with the Law, the Rules of Integrity and the Principle of Transparency

    SEÇKİN DİŞ processes and uses personal data in accordance with relevant legislation and the requirements of the principle of good faith. In accordance with the principle of good faith, SEÇKİN DİŞ takes into account the interests and reasonable expectations of data subjects when seeking to achieve its data processing objectives. It acts to prevent the emergence of outcomes that the Data Subject did not anticipate and should not have anticipated. In accordance with this principle, it also ensures transparency of data processing activities for the Data Subject and complies with its obligations of disclosure and warning.

    1. b) Being Accurate and Up-to-Date When Necessary

    SEÇKİN DİŞ ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of Data Subjects. In this context, SEÇKİN DİŞ carefully considers issues such as identifying the sources from which data is obtained, verifying its accuracy, and assessing whether it needs to be updated. SEÇKİN DİŞ always maintains open channels to ensure that personal data subject information is accurate and up-to-date. Maintaining accurate and up-to-date personal data protects SEÇKİN DİŞ’s interests and is also essential for protecting the fundamental rights and freedoms of Data Subjects .

    1. c) Processing for Specified, Clear and Legitimate Purposes

    SEÇKİN DİŞ clearly and precisely identifies the purpose of data processing and ensures that this purpose is lawful. A lawful purpose means that the personal data SEÇKİN DİŞ processes is related to and necessary for the healthcare services in which it operates. SEÇKİN DİŞ does not process data for purposes other than those specified. Therefore, SEÇKİN DİŞ is meticulous in adhering to the principles of specificity and clarity in legal acts and texts explaining the purposes of processing personal data.

    1. d) Being Related, Limited, Proportionate and Necessary to the Purpose for Which They Are Processed

    SEÇKİN DİŞ ensures that the personal data processed is suitable for the achievement of the designated purposes and avoids processing data that is not relevant or necessary to achieve the purpose. SEÇKİN DİŞ does not collect or process personal data for purposes that do not already exist or are intended to be realized later. Furthermore, it limits the data processed to only what is necessary to achieve the purpose. Under the principle of proportionality, it establishes a reasonable balance between data processing and the intended purpose.

    1. e) Storage for the Period Stipulated in the Relevant Legislation or Necessary for the Purpose for which they are Processed

    SEÇKİN DİŞ complies with any data retention periods specified in relevant legislation; otherwise, it retains personal data only for the period necessary for the purpose for which it is processed. If there is no valid reason for SEÇKİN DİŞ to retain personal data further, the data in question will be deleted, destroyed, or anonymized. Procedures for the storage and destruction of personal data are detailed in SEÇKİN DİŞ’s Personal Data Storage and Destruction Policy .

    1. f) Compliance with Integrity and Confidentiality Principles

    Personal data is processed by SEÇKİN DİŞ by taking the necessary technical and administrative measures to ensure appropriate security against loss, destruction, damage or the protection of personal data.

    1. g) Compliance with the Accountability Principle

    SEÇKİN DİŞ has fulfilled its obligation to comply with the rules on the protection of personal data in its processing activities and, in case of any complaint or ex officio investigation, it will be able to submit documents proving that these measures have been taken to the supervisory authorities.

    3.2. CONDITIONS FOR PROCESSING PERSONAL DATA

    SEÇKİN DİŞ does not process personal data without the explicit consent of the Data Owner . Personal data may only be processed without the explicit consent of the Data Owner if one of the following conditions is met :

    1. a) Explicitly Provided in Laws

    SEÇKİN DİŞ may process personal data without seeking the explicit consent of the Data Owner in cases clearly stipulated by law .

    1. b) If it is necessary for a person who is unable to express his consent due to a physical impossibility or whose consent is not recognized as legally valid to protect his own life or the physical integrity of another person.

    SEÇKİN DİŞ may process personal data without seeking explicit consent in order to protect the life or physical integrity of individuals in cases where consent cannot be explained or is not valid.

    1. c) Processing of Personal Data of the Parties to a Contract is Necessary, Provided That It is Directly Related to the Establishment or Execution of a Contract

    Owner’s personal data , limited to this purpose, without seeking explicit consent, in accordance with the normal course of life.

    1. d) It is necessary for SEÇKİN DİŞ to fulfill its legal obligations.

    Owner’s personal data without seeking explicit consent in cases where it is necessary to fulfill its legal obligations as the Data Controller .

    1. e) It has been made public by the relevant person himself/herself

    SEÇKİN DİŞ may process the personal data of the Data Owner that have been made public by the Data Owner, in other words, disclosed to the public in any way, for limited purposes, as it is accepted that the legal interest to be protected in the processing of such data that have been made public by the Data Owner and thus become known to everyone is eliminated.

    1. f) Data Processing is Necessary for the Establishment, Exercise or Protection of a Right

    Owner’s personal data without seeking explicit consent in cases where data processing is mandatory for the exercise or protection of a legitimate right .

    1. g) Data Processing is Mandatory for the Legitimate Interests of Our Company, Provided That It Does Not Harm the Fundamental Rights and Freedoms of the Persons Concerned

    SEÇKİN DİŞ may process the Data Subject’s personal data in cases where processing personal data is necessary to ensure its legitimate interests, provided that it does not prejudice the Data Subject ‘s fundamental rights and freedoms protected under the KVKK, GDPR, and the Policy . SEÇKİN DİŞ demonstrates due diligence in complying with the fundamental principles of personal data protection and in balancing the interests of SEÇKİN DİŞ and personal data subjects. A legitimate interest is a legitimate, effective, specific, and already existing interest that competes with the Data Subject’s fundamental rights and freedoms. SEÇKİN DİŞ implements additional safeguards to prevent harm to the Data Subject’s rights. A reasonable balance is maintained between the interests of our company and the fundamental rights and freedoms of the data subject.

    3.3. CONDITIONS FOR PROCESSING SPECIAL NATURE PERSONAL DATA

    SEÇKİN DİŞ does not process special personal data without the explicit consent of the Data Owner . Special personal data may only be processed without the explicit consent of the data owner if one of the following conditions is met:

    Clearly Provided in Laws

    Special personal data of the Data Owner , excluding those related to health and sexual life, may be processed without the explicit consent of the Data Owner in cases expressly provided for by law .

    For the Protection of Public Health, Preventive Medicine, Medical Diagnosis, Treatment and Care Services, Planning and Management of Health Services and Financing

    The Data Owner’s special personal data regarding his/her health and sexual life may be processed by persons or authorized institutions and organizations under an obligation of confidentiality for the purposes of protecting public health, providing preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and their financing.

    3.4. CONDITIONS FOR TRANSFER OF PERSONAL DATA

    SEÇKİN DİŞ may transfer personal data to third parties by taking the necessary security measures, in accordance with Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR, based on and limited to one or more of the personal data processing conditions specified below:

    Data Owner has express consent,

    There is a clear regulation in the laws regarding the transfer of personal data,

    If the transfer of personal data is necessary to protect the life or physical integrity of the Data Owner or another person and the person concerned is unable to give his consent due to the actual impossibility or his consent is not legally valid,

    It is necessary to transfer personal data of the parties to a contract, provided that it is directly related to the establishment or execution of a contract,

    SEÇKİN DİŞ to fulfill its legal obligations,

    Personal data has been made public by the Data Owner,

    The transfer of personal data is mandatory for the establishment, exercise or protection of a right,

    The transfer of personal data is necessary for the legitimate interests of SEÇKİN DİŞ , provided that it does not harm the fundamental rights and freedoms of the Data Owner .

    Sensitive personal data may be transferred based on one of the following conditions and provided that sufficient, limited measures are taken:

    The explicit consent of the relevant person,

    If the person concerned has special personal data other than his or her health and sexual life, there must be a clear regulation in the law regarding the transfer of this data.

    If the data subject has special personal data regarding his/her health and sexual life, these data may be transferred by persons under a confidentiality obligation or by authorized institutions and organizations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of health services and their financing.

    1. PERSONAL DATA CATEGORIES AND DATA SUBJECT GROUPS

    4.1. Personal Data Categories

    by categorizing them as follows :

    Identity Name- Surname , TR ID Number and/or Passport Number and/or Temporary TR ID Number, place and date of birth, marital status, gender, profession, signature and other identity data that can identify real persons.

    Contact Address ( residence , workplace), telephone number (notified home/workplace landline and/or mobile telephone numbers), e-mail address, social media accounts, IP address and other communication data

    Personal CV, title information; employment entry and exit document records; social security/retirement information, payroll information and other personnel data

    Physical Space Security Security camera recordings and other physical space security data

    Personal data processed regarding the information, documents and records showing the results of all kinds of financial relationships that SEÇKİN DİŞ has established with personal data owners, as well as bank account information, credit card information and other financial information.

    Visual and Audio Records: Photographs, cameras and audio recordings taken outside the scope of physical location security of personal data owners.

    Communication Records Communication data that can be obtained through SEÇKİN DİŞ’s communication and information systems: Corporate telephone call records, corporate mail and e-mail records and their contents, etc.

    Customer Transactions Satisfaction information regarding our practice’s patients, invoice, receipt information, etc.

    SPECIAL NATURE PERSONAL DATA

    Health Information: Blood type, allergies, chronic diseases, data on previous treatments/surgeries, regularly used medications, test and imaging results, prescription information, body analysis and measurement information, medical history, skin analysis information, hormonal tests, venereal disease information, information on Covid-19 disease, medical treatments, and other health data.

    Biometric Data Image, audio, video data

    4.2. Data Subject Groups

    Only natural persons can benefit from the protection of this Policy and the Law. Personal data subjects within this scope are grouped as follows:

    Applicants are natural persons who have applied for a job in our practice through any means or who have made their resume and related information available for review by our practice.

    Customers are patients or clients who come to our office.

    Employees are individuals who work at SEÇKİN DİŞ .

     

    Visitors are all natural persons who have entered the physical premises of our practice for various purposes or visited our websites for any purpose.

    1. METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

    5.1. PERSONAL DATA COLLECTION METHOD

    Your Personal Data is processed by natural or legal persons authorized by SEÇKİN DİŞ in the capacity of “DATA PROCESSOR/PROCESSOR” by keeping records verbally, in writing, by recording with cameras and photographs, in physical and electronic media, and by obtaining your explicit consent in the cases stipulated by KVKK and GDPR .

    Job application forms,

    Personnel information forms,

    Various documents submitted to SEÇKİN DİŞ ,

    Mails and e-mails forwarded to SEÇKİN DİŞ ,

    Corporate phones,

    Photo/Video recordings,

    Websites,

    Security cameras,

    Log Recording Devices (Firewall),

    Patient Information Forms,

    Analysis Results,

    Health Information Forms, Service providers whose servers are located abroad (whatsapp/instagram/facebook/messanger/linkedin/youtube/zoomus/Google/Hotmail/yahoo etc.).

    5.2. LEGAL REASON FOR COLLECTING PERSONAL DATA

    SEÇKİN DİŞ collects personal data based on one of the following legal grounds, in accordance with Articles 5 and 6 of the Law and Articles 6 and 9 of the GDPR:

    The explicit consent of the relevant person,

    It is clearly provided for in the laws;

    Personal data has been made public by the relevant person,

    It is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of a contract,

    If the Data Owner has special personal data regarding his/her health and sexual life, these data are for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing,

    SEÇKİN DİŞ to fulfill its legal obligations,

    Data processing is necessary for the establishment, exercise or protection of a right,

    It is mandatory for SEÇKİN DİŞ to process data for its legitimate interests, provided that it does not harm the fundamental rights and freedoms of the persons concerned.

    1. PURPOSES OF PROCESSING PERSONAL DATA

    6.1. Matching Data Subject Groups with Processing Purposes Regarding Personal Data Categories

    The matching of the data subject groups, whose definitions and scopes are given above, with the processing purposes related to the personal data categories is presented below:

    Employee Candidate

    Data Categories: Identity, Contact, Personnel, Professional Experience, Physical Space Security

    Processing Purposes: Carrying out emergency management processes, carrying out information security processes, carrying out candidate selection and placement processes, carrying out candidate application processes, ensuring physical space security, carrying out communication activities.

    Patient/Client

    Data Categories: Identity, Communication, Financial, Customer Transaction, Physical Space Security, Health Data, Biometric Data

    Purposes of Processing: to be able to create a patient file, to carry out examination, preventive medicine, medical diagnosis, treatment and care services, to carry out health checks after medical diagnosis and treatment processes, to communicate one-on-one with patients, to manage appointment processes, to perform patient satisfaction and request management, to fulfill legal and contractual obligations, to preserve information regarding your health data that must be kept in accordance with the relevant legislation within the specified periods, to ensure the security of the office, to get consultation from another relevant specialist physician when necessary in order to perform the treatments correctly , to fulfill legal obligations in accordance with the legislation within the scope of health tourism, to plan the transfer and accommodation services of patients/clients coming within the framework of health tourism, to announce innovations regarding medical treatment and practices, to inform third parties medically about the medical procedures applied, to carry out promotional and marketing activities related to medical practices applied within the framework of the International Health Tourism Incentive legislation, to plan and manage health services and their financing, to fulfill the responsibilities arising from the legal relationship established between the doctor and the patient, to fulfill financial and administrative obligations. to be able to provide technical and commercial security and to fulfil public obligations.

    Worker

    Data Categories: Identity, Contact, Personnel, Finance, Visual and Audio Information, Physical Space Security,

    Purposes of Processing: Execution of Emergency Management Processes, Execution of Information Security Processes, Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees, Execution of Side Rights and Benefits Processes for Employees, Execution of Activities in Compliance with Legislation, Ensuring Physical Space Security, Execution / Supervision of Business Activities, Organization and Event Management

    Visitor

    Data Categories: Physical Space Security

    Purposes of Processing: Execution of Emergency Management Processes, Execution of Information Security Processes, Ensuring Physical Space Security

    6.2. Personal Data Processing Activities Performed in Physical Locations

    To ensure the security of our office, entrances and exits are recorded, and common areas are monitored by cameras. SEÇKİN DİŞ has provided data owners with the necessary information to enable camera monitoring.

    6.3. Personal Data Processing Activities Performed on the Website

    Traffic information about online visitors to our website is automatically processed for information security purposes. Furthermore, pursuant to Law No. 5651 and other legislation, hosting providers are obligated to record and store website traffic information.

    6.4 Personal Data Processing Activities Performed Through Communication Channels

    Communications made via channels such as telephone, e-mail, etc. are inspected and recorded by SEÇKİN DİŞ for the purpose of conducting/supervising business activities and following up on requests/ complaints .

    Data Owners must use these channels only within the scope of their business activities.

    1. PURPOSES OF TRANSFERRING PERSONAL DATA AND PERSONS/ORGANIZATIONS TO WHICH IT IS TRANSFERRED

    7.1. Purposes of Transferring Personal Data

    SEÇKİN DİŞ transfers personal data within the framework of the conditions specified in Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR, limited to the following purposes:

    To be able to carry out examination, preventive medicine, medical diagnosis, treatment and care services,

    Managing complication processes,

    Ability to receive consultation,

    To fulfill the obligations in accordance with the legislation of the Ministry of Health,

    Fulfilling obligations in accordance with International Health Tourism Legislation,

    Meeting the transportation, accommodation and interpreter needs of Health Tourist patients,

    Fulfilling administrative obligations before Provincial Health Directorates and District Health Directorates,

    To provide medical information to third parties regarding the health services provided,

    Carrying out the definition and marketing activities of health services offered within the scope of International Health Tourism Incentive Legislation,

    Carrying out candidate selection and placement processes,

    Conducting the Application Process of Employee Candidates,

    Fulfillment of Employment Contract and Legislative Obligations for Employees,

    Execution of Employee Benefits and Side Benefits Processes,

    Carrying out activities in accordance with legislation,

    Execution of Finance and Accounting Affairs,

    Conducting/Supervising Business Activities,

    Carrying out activities to ensure business continuity,

    Execution of Risk Management Processes,

    Ensuring and auditing data security,

    Execution of Contract Processes,

    Providing Information to Authorized Persons, Institutions and Organizations

    7.2. Persons/Organizations to Which Personal Data Are Transferred

    SEÇKİN DİŞ may transfer personal data to the following persons and organizations by applying all administrative and technical security measures stipulated by the legislation, limited to the data subject groups and data required by the purpose of transfer:

    To other specialist physicians for consultation purposes,

    To Insured Employees,

    To its suppliers,

    Financial Advisors, Tax and Finance Consultants and Auditors

    Legal Advisor

    Database (Server) Providers

    “Clinical Management Software System” Service Provider

    Interpreters

    International Promotion Consultant

    Support Management System (DMS) Officer

    Data Protection Officer

    IT Consultant

    Tourism Agencies

    To Public Institutions and Organizations authorized within the framework of the law,

    To the Judicial Authorities.

    1. DESTRUCTION AND STORAGE PERIOD OF PERSONAL DATA
    2. Destruction of Personal Data

    Without prejudice to the provisions of other laws regarding the destruction of personal data, SEÇKİN DİŞ deletes, destroys or anonymizes personal data it has processed in accordance with the KVKK and other legal provisions, in accordance with the Personal Data Storage and Destruction Policy, ex officio or upon the request of the relevant person, if the reasons requiring processing are eliminated.

    Deletion of personal data refers to the process of making personal data inaccessible and reusable for the relevant users in any way.

    Destruction of data refers to the process of making personal data inaccessible, irretrievable and reusable by anyone.

    Anonymization of data refers to the process of making personal data incapable of being associated with an identified or identifiable natural person in any way, even if it is matched with other data through techniques such as masking, variable extraction, generalization, etc.

    8.2. Storage Periods of Personal Data

    SEÇKİN DİŞ retains personal data for the periods stipulated in laws and other legislation. If there is no retention period stipulated in laws or other legislation, personal data is retained for the period necessary to achieve the purpose of processing that personal data in accordance with SEÇKİN DİŞ’s Personal Data Retention and Destruction Policy , and is subsequently deleted, destroyed, or anonymized within the framework of periodic destruction periods.

    1. RIGHTS OF THE PERSONAL DATA OWNER UNDER KVKK AND GDPR

    9.1. DATA OWNER’S RIGHTS UNDER THE GDPR

    As a Data Subject, your Personal Data is also protected under the GDPR. Where the GDPR falls under the jurisdiction of Data Subjects (European citizens or residents), their rights are as follows:

    Right of Access (GDPR Article 15): The data owner has the right to confirm whether personal data relating to him/her is being processed by applying to SEÇKİN DİŞ , and to learn the details set out in GDPR Article 15 in case of processing of personal data.

    Right to Rectification (GDPR Article 16): The Data Owner has the right to have his/her personal data, which are held by SEÇKİN DİŞ and which have changed, corrected at any time by contacting us.

    Right to Erasure (GDPR Article 17): Data Subjects have the right to request the erasure of their personal data held by SEÇKİN DİŞ. If the conditions specified in GDPR Article 17 occur, SEÇKİN DİŞ will delete your personal data without undue delay.

    Right to Restriction of Processing (Article 18 GDPR):

    If the Data Owner objects to the up-to-dateness of the Personal Data, the Data Owner has the right to request the restriction of the use of the data until the accuracy of the Personal Data is confirmed by SEÇKİN DİŞ.

    the processing of Personal Data is unlawful and the Data Owner objects to the erasure of Personal Data, the Data Owner has the right to request the restriction of the use of the data.

    If SEÇKİN DİŞ no longer needs your personal data but we want to establish and exercise your rights, the Data Owner has the right to request the restriction of the use of the data.

    SEÇKİN DİŞ’s legitimate grounds outweigh the legitimate grounds of the Data Subject.

    if technically feasible , by contacting us. However, you can exercise this right only when the processing is based on your consent or as required by contract.

    Right to Object (GDPR article 21):

    The Data Subject has the right to object, on grounds relating to his or her particular situation, to the processing of Personal Data, including profiling, within the meaning of Article 6(1) (e) or (f) of the GDPR. SEÇKİN DİŞ will not process your Personal Data unless it can demonstrate a compelling legitimate reason for the processing which overrides the Data Subject’s interests, rights, and freedoms, or for the establishment, exercise, or protection of a legal right.

    Where Personal Data is processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of Personal Data for marketing, including profiling to the extent that it is related to such direct marketing.

    If the Data Owner objects to the processing of Personal Data for direct marketing purposes, the Personal Data will no longer be processed for such purposes.

    9.2. DATA OWNER’S RIGHTS UNDER KVKK

    of the KVKK, are as follows:

    Learning whether personal data is being processed,

    To request information regarding the processing of personal data,

    To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

    Knowing the third parties to whom personal data is transferred, either domestically or abroad,

    To request correction of personal data if it is processed incompletely or incorrectly and to request that the action taken in this context be notified to third parties to whom personal data has been transferred,

    To request the deletion or destruction of personal data in case the reasons requiring processing are eliminated, even though the data has been processed in accordance with the provisions of the KVKK and other relevant laws, and to request that the action taken within this scope be notified to third parties to whom the personal data has been transferred,

    To object to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,

    To request compensation in case of damages due to unlawful processing of personal data.

    If data subjects wish to exercise any of the rights listed above or have requests, they may submit written applications, clearly and understandably stating which of the rights specified in Article 11 of the Personal Data Protection Law they wish to exercise, in person to SEÇKİN DİŞ, with a wet signature and documents proving their identity. These applications may be submitted by hand to SEÇKİN DİŞ, sent through a notary public, signed with a secure e-signature, and forwarded to SEÇKİN DİŞ’s corporate email address at info@bembeyazdis.com, or sent using other methods specified in the Personal Data Protection Law . Applications must include the following information: name and surname , signature, Turkish ID number/passport number /temporary ID number , residence or workplace address, email address, telephone and fax numbers, and the requested information, as per the “Communiqué on the Procedures and Principles for Applications to the Data Controller.”

     

    Depending on the nature of the request, SEÇKİN DİŞ will complete the request free of charge as soon as possible and within thirty (30) days at the latest. However, if the process requires additional costs, the fee set by the Personal Data Protection Board will be charged.