entry
THE NATURE, PURPOSE AND SCOPE OF THE DESTRUCTION POLICY
THIS IS THE DISPOSAL POLICY (POLICY) , THE MEDICAL SERVICE OFFICE (PRACTICE)
No. 6698 of the personal data obtained from the operator as the DATA OFFICER PHYSICIAN (DATA OFFICER)
Deletion, destruction and /or destruction of Personal Data in accordance with the Law on the Protection of Personal Data and relevant legislation
it has been prepared in order to determine the procedures and principles to be applied in relation to anonymization.
In this context, the employees of the OFFICE, candidates for employees, patients, patients
escorts/guardians-personal data of their parents and within the OFFICE for any reason
personal data of all natural persons found; within the framework of this Personal Data Storage and Destruction Policy
It is carried out in accordance with the Constitution and laws.
definitions
Data Officer
Determining the purposes and means of processing personal data, data
responsible for the establishment and management of the registration system
a natural or legal person who has
The contact person is the real person whose personal data is processed,
Any kind of Personal Data related to a specific or identifiable natural person
information
Personal Data of a Special Nature
Race, ethnicity, political thought, philosophical belief, religious,
sect or other beliefs, disguise and outfit, association, foundation or
his/her union membership, health, sexual life, criminal conviction and
biometric and genetic data related to security measures
the data
Processing of Personal Data
Your personal data is fully or partially automated or
provided that you are part of any data recording system
obtaining, saving by non-automatic means,
storage, storage, replacement, reuse
regulation, disclosure, transfer, acquisition, acquisition
making it acceptable, classifying or using it
any kind of blocking performed on data such as
process
Based on the authority granted by the data Processor, the data controller
a natural or legal person who processes personal data on behalf of
Destruction Deletion, destruction or anonymization of personal data
execution
annihilation
Your personal data cannot be accessed by anyone in any way,
making it irretrievable and unusable again
the process
Deleting Personal data is in no way accessible to the relevant users and
it is the process of making it unusable again
Anonymization
In no case should your personal data be matched with other data, even if
with an identified or identifiable natural person
making it unassociable
Law / KVKK published in the Official Gazette dated 07.04.2016 and numbered 29677
Law No. 6698 on personal data protection,
Regulation
published in the Official Gazette dated 28.10.2017 and numbered 30224
Personal data deletion, destruction or become anonymous
The Regulation on the Introduction of
The Board established the Personal Data Protection Board
The Institution has established the Personal Data Protection Authority
Recording media
Any data that is fully or partially automated or
non-automatic, provided that you are part of the registration system
any environment where there is personal data processed by means of
Data recording system is a system where personal data is processed by configuring it according to certain criteria
the registration system
expresses.
DISTRIBUTION OF RESPONSIBILITIES AND DUTIES
THE DATA OFFICER is responsible for the preparation, development, execution of the POLICY in the relevant environments
publication and updating of the Policy, compliance of employees with the policy, compliance with the POLICY
he is responsible for providing the technical solutions needed in its implementation.
As required by the technical and administrative measures taken within the scope of the POLICY, the employees of the OFFICE
implementation, prevention of unlawful processing of personal data, compliance of personal data with the law
preventing illegal access and ensuring that personal data is stored in accordance with the law
in order to ensure data security in all environments where personal data is processed, technical and administrative
follow the precautions.
METHODS OF COLLECTION OF PERSONAL DATA
Personal data, natural or legal persons who process data authorized by the DATA CONTROLLER
in accordance with the Law on the Protection of Personal Data No. 6698 and in accordance with this law, issued by
within the terms and purposes specified in the secondary regulations;
application and initial notification, opening the registration and creating a patient file, paper and
online through the SSI system, through means such as forms and minutes kept electronically
as a result, in case of benefiting from a private insurance company, the shared records are referred to the OFFICE
if it has been done through the records of other medical institutions, with the submission of a CV or work
contact the OFFICE for any purpose as received from the supplier/service, with applications
when it is passed and the service is received, it can be done orally, in writing or by automated and non-automated methods
it is provided electronically. jul.
RECORDING MEDIA
Personal data are collected by the OFFICE in accordance with the law in the environments listed in Table 2
it is stored safely.
3.1. DATA STORED IN ELECTRONIC MEDIA
Servers (Domain, backup, email, database, web, file sharing, etc.)
Software (office software, portal, medical programs) *
Information security devices (firewall, intrusion detection and blocking, log file, antivirus
etc.)
For personal computers (Desktop, laptop)
Mobile devices (phone, tablet, etc.)
Optical discs (CD, DVD, etc.)
Removable memory cards (USB, Memory Card, etc.)
Printer, scanner, copier
3.2. NON-ELECTRONIC ENVIRONMENTS
Paper
Manual data recording systems (patient files, protocol book, inspection and audit book, working
keeping documents in accordance with the visitor's logbook and private medical enterprises that provide medical services
other books that are mandatory)
Written, printed, visual media
EXPLANATIONS ON STORAGE AND DISPOSAL
By the DATA OFFICER; employees, prospective employees, patients, patient companions/parents-guardians and
personal data of all natural persons who have personal data within the OFFICE for any reason
the data is stored and destroyed in accordance with the Law. In this context, detailed information about storage and disposal
the explanations are given below, respectively.
4.1. EXPLANATIONS RELATED TO STORAGE
3 Of the Act.the article defines the concept of processing personal data, 4. personal data processed in the article
the data must be linked, limited and measured for the purpose for which they are processed, and provided for in the relevant legislation or
it is stated that they should be kept for the required period of time for the purpose for which they were processed, 5 and 6. in the articles
the terms of processing of personal data are considered. Accordingly, within the framework of the activities of the OFFICE
personal data, the DATA CONTROLLER for as long as the period stipulated in the relevant legislation or in accordance with the purposes of processing
are stored.
4.1.1. LEGAL REASONS REQUIRING STORAGE
Personal data processed in the OFFICE within the framework of activities, as required by the service provided and related
it is maintained for as long as stipulated in the legislation. In this context, personal data;
Law No. 6698 on the Protection of Personal Data,
Law No. 1219 on the Style Execution of Tababet and Şuabatı Arts
Turkish Code of Obligations No. 6098,
Turkish Criminal Code No. 5237,
Social Insurance and General Health Insurance Law No. 5510,
Basic Law of Health Services No. 3359,
Occupational Health and Safety Law No. 6361,
Labor Code No. 4857,
Occupational Health and Safety Services Regulation
Patient Rights Regulation,
Regulation of Medical Deontology
In accordance with other relevant laws and other secondary regulations in force in accordance with these laws
it is stored up to the prescribed storage periods.
4.1.2. PROCESSING PURPOSES THAT REQUIRE STORAGE
Personal data processed within the framework of the activities of the OFFICE are used for the following purposes
it is stored.
To be able to perform work and operations as a result of signed contracts and protocols.
Obligation to prove as evidence in legal disputes that may arise in the future
Fulfilling legal obligations as required or required by legal regulations
ensuring the fulfillment of
4.2. REASONS THAT REQUIRE DESTRUCTION
Personal data;
Amendment or change of the provisions of the relevant legislation, which is the basis for its processing,
Elimination of the purpose that requires its processing or storage,
In cases where the processing of personal data occurs only on the condition of explicit consent, the relevant person's explicit
taking back consent,
11 of the Law. according to the article, deletion and destruction of personal data within the framework of the rights of the relevant person
acceptance of his application for admission by the OFFICE,
The OFFICE is subject to deletion, destruction or anonymization of its personal data by the person concerned
if he rejects the application made to him with a request to be brought, he finds the answer he has given insufficient, or
In case of non-response within the period stipulated by the law; he must submit an application to the Board and this
approval of the request by the Board,
The maximum period that requires the storage of personal data has passed, and the personal data is longer
there are no conditions that justify storing for a while,
In their case, they are deleted, destroyed or re'sen by the OFFICE at the request of the relevant person
they are deleted, destroyed or anonymized.
TECHNICAL AND ADMINISTRATIVE MEASURES
Secure storage, unlawful processing and access of personal data
12 of the Law on the prevention and destruction of personal data in accordance with the law. article
6 Of the Act. article 4. for personal data of a special nature in accordance with the paragraph determined by the Board and announced
within the framework of the adequate measures taken, technical and administrative measures are taken by the OFFICE.
5.1. TECHNICAL MEASURES
The following are the technical measures taken by the DATA CONTROLLER in relation to the personal data it processes
has been counted:
All personal data, including personal data of a private nature, stored electronically
necessary measures are being taken for its safety. In this context; firewalls, network access control,
systems that block malware, security patches are used. Information systems are up to date