SECTION 1: INTRODUCTION
1.1. Introduction
The protection of personal data is of great importance for Dalbudak Health Services Industry and Trade Joint Stock Company (hereinafter briefly referred to as “Sefa Dalbudak Oral and Dental Health Center” or the “Polyclinic”) and is among its primary priorities. In this context, the personal data of job applicants who apply to work within Sefa Dalbudak Oral and Dental Health Center, insured employees working within the Polyclinic, patients and their relatives, individuals with whom Sefa Dalbudak Oral and Dental Health Center has commercial relations, officials of institutions and organizations with which it has commercial relations, visitors, and third parties whose personal data are processed by the Polyclinic in any way are protected with utmost care in accordance with the Constitution of the Republic of Türkiye, international conventions, the Personal Data Protection Law No. 6698 (“Law”), and other relevant legislation.
1.2. Purpose of the Policy
The main purpose of this Policy is to provide explanations regarding the personal data processing activities carried out lawfully by the Polyclinic and the systems adopted for the protection of personal data, and to ensure transparency by informing job applicants, employees, patients and their relatives, persons in commercial relationship with Sefa Dalbudak Oral and Dental Health Center, employees and officials of institutions and organizations in commercial relationship, visitors, and third parties whose personal data are processed by the Polyclinic.
1.3. Scope
This Policy relates to all personal data processed automatically or non-automatically as part of any data recording system concerning job applicants who apply to work within Sefa Dalbudak Oral and Dental Health Center, insured employees working within the Polyclinic, patients and their relatives, individuals and institution employees and officials in commercial relationship with Sefa Dalbudak Oral and Dental Health Center, visitors, and third parties whose personal data are processed by the Polyclinic in any manner.
1.4. Entry into Force of the Policy
This Policy has been prepared by Dalbudak Health Services Industry and Trade Joint Stock Company and entered into force by a Board of Directors resolution. The Policy is published on the official website and is made accessible to personal data subjects upon request.
1.5. Abbreviations and Definitions
Recipient Group: The category of natural or legal persons to whom personal data are transferred by the data controller.
Explicit Consent: Consent given freely, based on information and relating to a specific subject.
Anonymization: Rendering personal data incapable of being associated with an identified or identifiable natural person, even by matching with other data.
Employee: Personnel of the Personal Data Protection Authority.
Job Applicant: Natural persons who do not work within the Polyclinic but are candidates for employment.
Data Subject: Natural persons whose data are processed.
EBYS: Electronic Document Management System.
Electronic Environment: Environments where personal data can be created, read, modified and written via electronic devices.
Non-Electronic Environment: All written, printed, visual and other environments other than electronic environments.
Service Provider: Natural or legal persons providing services to the Personal Data Protection Authority under a specific contract.
Relevant Person: The natural person whose personal data are processed.
Relevant User: Persons who process personal data within the organization of the data controller or in line with the authorization and instructions received from the data controller, excluding those responsible for technical storage, protection and backup of data.
Destruction: Deletion, destruction or anonymization of personal data. Law: Personal Data Protection Law No. 6698.
Recording Medium: Any environment where personal data processed automatically or non-automatically as part of a data recording system are stored.
Personal Data: Any information relating to an identified or identifiable natural person.
Personal Data Processing Inventory: An inventory detailing personal data processing activities carried out by data controllers in connection with their business processes, including purposes and legal grounds, data categories, recipient groups, data subject groups, maximum retention periods, transfers abroad, and security measures taken.
Processing of Personal Data: Any operation performed on personal data such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use.
Board: The Personal Data Protection Board.
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Periodic Destruction: The deletion, destruction or anonymization of personal data at recurring intervals specified in the retention and destruction policy when the conditions for processing cease to exist.
Policy: Personal Data Retention and Destruction Policy.
Data Processor: Natural or legal persons processing personal data on behalf of the data controller based on its authorization.
Data Recording System: A recording system in which personal data are structured according to specific criteria.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Registry Information System: The information system created and managed by the Presidency, accessible via the internet, used by data controllers for registry applications and related transactions.
VERBIS: Data Controllers’ Registry Information System.
Regulation: The Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.
SECTION 2: MATTERS REGARDING THE SECURITY OF PERSONAL DATA
2.1. Ensuring the Security of Personal Data
Dalbudak Health Services Industry and Trade Joint Stock Company, in accordance with Article 12 of the Personal Data Protection Law No. 6698, takes the necessary technical and administrative measures to ensure an appropriate level of security in order to prevent unlawful processing and access to personal data and to ensure their preservation, and conducts or has conducted the necessary audits within this scope.