Personal Data Processing and Protection Policy

Personal Data Processing and Protection Policy
Introduction

1.1. Purpose of the Policy

Under the Law No. 6698 on the Protection of Personal Data (“Law”);

As Uzm.Dr. Mezihat BEYOĞLU, the processing and protection of personal data in accordance with the laws is among our top priorities. We follow the same priority in all our planning and business activities. In this context, we present this Personal Data Processing and Protection Policy (“Policy”) to inform you in accordance with Article 10 of the Law and to notify you of all administrative and technical measures we will implement regarding the processing and protection of personal data.

1.2 Scope

This Policy determines the conditions for the processing of personal data and outlines the principles adopted by Uzm.Dr. Mezihat BEYOĞLU in the processing of personal data. In this context, the Policy covers all personal data processing activities carried out by Uzm.Dr. Mezihat BEYOĞLU, all processed personal data, and their owners.

1.3 Definitions

  • Explicit Consent: Consent that is informed and given freely regarding a specific subject.
  • Anonymization: The process of making data that was previously associated with a person such that it can no longer be associated with any identifiable or identifiable person, even when matched with other data.
  • Candidate Employee: Real persons who are not employed by Uzm.Dr. Mezihat BEYOĞLU but are in the status of a job applicant.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The natural person whose personal data is being processed.
  • Processing of Personal Data: Any operation performed on personal data, whether automated or non-automated, such as obtaining, recording, storing, preserving, altering, rearranging, disclosing, transferring, acquiring, making available, classifying, or preventing the use of the data.
  • Law: The Law No. 6698 on the Protection of Personal Data published in the Official Gazette dated April 7, 2016, numbered 29677.
  • Special Categories of Personal Data: Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, clothing, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
  • Policy: Uzm.Dr. Mezihat BEYOĞLU – Personal Data Processing and Protection Policy.
  • Data Processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
  • Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept.
  • Data Recording System: A system in which personal data is processed according to specific criteria.
  • Business Partners: Persons with whom Uzm.Dr. Mezihat BEYOĞLU has established a contractual relationship in the framework of its activities.

1.4 Enforcement of the Policy

This Policy, organized by Uzm.Dr. Mezihat BEYOĞLU, has come into effect on April 13, 2022, and has been made available to the public. In case of a conflict between the provisions of this Policy and the applicable legislation, particularly the Law, the provisions of the legislation shall prevail. Uzm.Dr. Mezihat BEYOĞLU reserves the right to amend this Policy in line with legal regulations.

Information Regarding Personal Data Processing Activities Conducted by Uzm.Dr. Mezihat BEYOĞLU

2.1 Data Subjects

Data subjects under this Policy are all natural persons whose personal data is processed by Uzm.Dr. Mezihat BEYOĞLU, excluding Uzm.Dr. Mezihat BEYOĞLU employees. Generally, the data subjects can be categorized as follows:

Data Subject CategoriesDescription
PatientsNatural persons benefiting from the services offered by Uzm.Dr. Mezihat BEYOĞLU.
Potential PatientsNatural persons showing interest in and potentially benefiting from the services offered by Uzm.Dr. Mezihat BEYOĞLU.
Job ApplicantsNatural persons applying for jobs at Uzm.Dr. Mezihat BEYOĞLU by sending a resume or through other means.
VisitorsPersons visiting Uzm.Dr. Mezihat BEYOĞLU for any reason.
Third PartiesNatural persons, excluding Uzm.Dr. Mezihat BEYOĞLU employees, who fall outside the above categories.

The data subject categories listed in the table above are provided for general informational purposes. The failure of a data subject to fall within any of these categories does not negate their status as a data subject as defined in the Law.

2.2 Purposes of Personal Data Processing

2.2.1 To carry out the necessary work by relevant units to enable the data subjects to benefit from the services provided by Uzm.Dr. Mezihat BEYOĞLU and to carry out business processes:

  • Planning and execution of service processes,
  • Planning and/or execution of post-service activities,
  • Planning and execution of patient relationship management processes,
  • Tracking of contract processes and/or legal requests,
  • Tracking patient requests and/or complaints.

2.2.2 To plan and implement the human resources policies and processes of Uzm.Dr. Mezihat BEYOĞLU:

  • Planning and execution of talent-career development activities,
  • Fulfillment of contractual and/or legal obligations for clinic staff,
  • Planning and execution of benefits and interests for employees,
  • Planning and execution of in-clinic orientation activities,
  • Planning and execution of personnel exit processes,
  • Wage management,
  • Planning of human resources processes,
  • Management of personnel recruitment processes,
  • Planning and execution of appointment-promotion and termination processes for the clinic,
  • Planning and execution of employee performance evaluation processes,
  • Monitoring and/or auditing of employee work activities,
  • Planning and/or execution of in-house training activities,
  • Planning and execution of employee satisfaction and/or engagement processes,
  • Planning and execution of processes for obtaining and evaluating employee suggestions aimed at improving work and/or production processes,
  • Planning and/or execution of processes for the recruitment, placement, and operation of interns and/or students.

2.2.3 To carry out the necessary work by the relevant units to perform the activities conducted by Uzm.Dr. Mezihat BEYOĞLU and to execute related business processes:

  • Event management,
  • Planning and execution of business activities,
  • Planning and execution of corporate communication activities,
  • Planning and execution of supply chain management processes,
  • Planning and execution of operational processes,
  • Planning, auditing, and executing information security processes,
  • Establishing and managing IT infrastructure,
  • Planning and executing access rights of business partners to information,
  • Monitoring of financial and/or accounting work,
  • Planning and execution of corporate sustainability activities,
  • Planning and execution of corporate governance activities,
  • Planning and/or execution of business continuity activities,
  • Planning and execution of logistics activities.

2.2.4 To plan and implement Uzm.Dr. Mezihat BEYOĞLU’s commercial and/or business strategies:

  • Managing relationships with business partners.

2.2.5 To ensure the legal, technical, and commercial security of Uzm.Dr. Mezihat BEYOĞLU and the relevant persons with whom Uzm.Dr. Mezihat BEYOĞLU has a business relationship:

  • Monitoring legal affairs,
  • Planning and executing necessary operational activities to ensure that clinic activities are conducted in accordance with business procedures and/or relevant legislation,
  • Providing information to the relevant authorities as required by law,
  • Planning and executing emergency management processes,
  • Planning and executing clinic inspection activities,
  • Planning and/or executing occupational health and safety processes,
  • Ensuring the safety of clinic operations,
  • Planning and/or executing financial risk processes of the clinic,
  • Ensuring the safety of clinic equipment and/or resources.

2.3 Categories of Personal Data

The personal data categorized as follows by Uzm.Dr. Mezihat BEYOĞLU are processed in accordance with the conditions for processing personal data specified in the Law and relevant legislation:

Data CategoryDescription
Identity InformationInformation found in documents such as driver’s licenses, ID cards, residence permits, passports, attorney IDs, marriage certificates, etc.
Contact InformationInformation used to communicate with a person (e.g., email address, phone number, mobile number, address).
Patient InformationInformation related to patients (health data, etc.).
Patient Transaction InformationInformation regarding any procedures performed by patients benefiting from our services.
Transaction Security InformationPersonal data processed to ensure technical, administrative, legal, and commercial security during the activities of Dr. Mezihat Beyoğlu.
Financial InformationPersonal data regarding any financial outcomes generated based on the legal relationship established between Dr. Mezihat Beyoğlu and the personal data owner.
Job Applicant InformationPersonal data processed about individuals who have applied to work for Dr. Mezihat Beyoğlu or have been evaluated as job candidates due to human resources needs based on commercial custom and honesty rules.
Legal Process and Compliance InformationPersonal data processed in the context of identifying, tracking, and enforcing Dr. Mezihat Beyoğlu’s legal claims and obligations.
Audit and Inspection InformationPersonal data processed to comply with legal obligations and clinic policies of Dr. Mezihat Beyoğlu.
Sensitive DataData related to individuals’ health, criminal convictions, and security measures.
Request/Complaint Management InformationPersonal data regarding any requests or complaints directed to Dr. Mezihat Beyoğlu and their evaluation.
Incident Management InformationPersonal data processed to take necessary legal, technical, and administrative measures to protect the commercial rights and interests of Dr. Mezihat Beyoğlu and the rights and interests of patients in response to developing incidents.

Principles and Conditions Regarding Personal Data Processing

Dr. Mezihat Beyoğlu processes personal data in accordance with Article 4 of the Law, ensuring that it is conducted in a legal and ethical manner, accurate and updated when necessary, specific, clear, and pursued for legitimate purposes, related, limited, and proportionate. Dr. Mezihat Beyoğlu retains personal data for the duration required by laws or as necessary for the purpose of processing.

3.1 Principles of Personal Data Processing

In accordance with Article 10 of the KVK Law, Dr. Mezihat Beyoğlu informs data subjects and obtains consent where required, processing personal data based on the principles outlined below.

  1. Lawfulness and Fairness of Data Processing
    Dr. Mezihat Beyoğlu acts in compliance with legal regulations and principles of general security and fairness in the processing of personal data. The principle of fairness dictates that while pursuing its objectives in data processing, Dr. Mezihat Beyoğlu considers the interests and reasonable expectations of the data subjects.
  2. Ensuring Data Accuracy and Currency
    Maintaining personal data accurately and up to date is essential for protecting the fundamental rights and freedoms of the data subject. Dr. Mezihat Beyoğlu has an active duty of care in ensuring the accuracy and currency of the data. Consequently, all communication channels are open for data subjects to keep their information accurate and up to date.
  3. Processing Data for Specific, Clear, and Legitimate Purposes
    Dr. Mezihat Beyoğlu clearly defines the legitimate and lawful purpose of personal data processing. It processes only the data necessary for the conduct of its commercial activities.
  4. Relevance, Limitation, and Proportionality of Data Processing
    Dr. Mezihat Beyoğlu processes personal data only as necessary for related purposes relevant to its business operations. Therefore, it processes personal data in a manner suitable for fulfilling the specified objectives and avoids processing data that is unrelated or unnecessary.
  5. Retention of Data for the Duration Necessary as per Relevant Legislation
    Dr. Mezihat Beyoğlu retains personal data only for the period stipulated by relevant legislation or as long as necessary for the processing purpose. It first determines whether a retention period is prescribed in the relevant legislation; if so, it complies with this period; if not, it retains the data only as long as necessary for the processing purpose. Once the processing purpose ceases or the statutory retention period elapses, Dr. Mezihat Beyoğlu deletes, destroys, or anonymizes the personal data.

3.2 Conditions for Processing Personal Data

Dr. Mezihat Beyoğlu processes personal data when at least one of the conditions specified in Article 5 of the Law exists.

  1. Explicit Consent of the Data Subject
    The explicit consent of the data subject is one of the conditions for processing personal data. The explicit consent must be based on information and expressed freely regarding a specific issue.
  2. Legally Foreseen Processing Activities
    Personal data can be processed without explicit consent if the processing is clearly prescribed by law.
  3. Inability to Obtain Consent Due to Actual Impossibility
    If the data subject cannot provide consent due to actual impossibility, personal data may be processed to protect the life or physical integrity of the data subject or another person.
  4. Direct Relevance to the Establishment or Execution of a Contract
    Personal data may be processed if it is necessary for the establishment or execution of a contract to which the data subject is a party.
  5. Compliance with Legal Obligations
    Personal data may be processed when it is necessary for Dr. Mezihat Beyoğlu to fulfill legal obligations as a data controller.
  6. Publicly Disclosed Personal Data
    If the data subject has made their personal data publicly available, it may be processed.
  7. Necessary for the Establishment or Protection of a Right
    Personal data may be processed when it is necessary for the establishment, exercise, or protection of a right.
  8. Necessary for the Legitimate Interests of Dr. Mezihat Beyoğlu
    Personal data may be processed when necessary for the legitimate interests of Dr. Mezihat Beyoğlu, provided it does not harm the fundamental rights and freedoms of the data subject.

3.3 Processing of Sensitive Personal Data

Dr. Mezihat Beyoğlu processes sensitive personal data as defined by the KVK Law in strict compliance with the regulations outlined in the KVK Law. Sensitive personal data is processed only under the following conditions:

  • If the data subject’s explicit consent is obtained.
  • If there is no explicit consent, sensitive personal data related to the health and sexual life of the data subject may only be processed by individuals or authorized institutions and organizations bound by confidentiality obligations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment, and care services, and planning and managing health services and financing.

Transfer of Personal Data

Dr. Mezihat Beyoğlu can transfer the personal and sensitive personal data of data subjects to third parties, both domestically and internationally, by taking necessary security measures for the legally permissible purposes of personal data processing. Dr. Mezihat Beyoğlu acts in accordance with the regulations specified in Article 8 of the KVK Law.

4.1 Transfer of Personal Data to Third Parties in the Country

Personal data can be transferred by Dr. Mezihat Beyoğlu, provided that at least one of the conditions for data processing specified in Articles 5 and 6 of the Law is met and that the fundamental principles of data processing are adhered to.

4.2 Transfer of Personal Data to Third Parties Abroad

Dr. Mezihat Beyoğlu can transfer personal and sensitive personal data to third parties abroad by taking necessary security measures, provided that at least one of the conditions for data processing outlined in this Policy is satisfied. Personal data may be transferred to foreign countries designated by the KVK Board as having adequate protection (“Adequate Protection Foreign Country”) or, in the absence of adequate protection, to foreign countries where data controllers in Turkey and the relevant foreign country have committed to provide adequate protection in writing and have obtained the KVK Board’s permission (“Foreign Country with a Data Controller Committing to Provide Adequate Protection”). Dr. Mezihat Beyoğlu complies with the regulations specified in Article 9 of the KVK Law.

4.3 Third Parties to Whom Personal Data is Transferred and Purposes of Transfer

In accordance with the general principles of the Law and the conditions for processing personal data outlined in Articles 8 and 9, Dr. Mezihat Beyoğlu can transfer data to the parties categorized in the table below:

Individuals to Whom Data Can Be TransferredDescriptionPurpose
Business PartnersParties with whom Dr. Mezihat Beyoğlu has established a partnership for conducting its activitiesSharing personal data is limited to fulfilling the purposes of the partnership
Clinic OfficialsManagement, administrative, and healthcare professionals working within the clinicEnsuring compliance with legal obligations and effective management of patient care

Feel free to modify or add any specific details as needed!