This Personal Data Storage and Destruction Policy (“Policy”), “Data Controller” OP. DR. It has been prepared to determine the procedures and principles regarding the works and transactions related to the storage and destruction activities carried out by DENİZ KORKMAZ.
In this context, Data Controller OP. DR. DENİZ KORKMAZ employees, employee candidates, patients and OP for any reason. DR. The personal data of all natural persons who have personal data with DENİZ KORKMAZ are transferred to T.R. within the framework of the Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy. It has been determined as a priority to process data in accordance with the Constitution, international agreements, Personal Data Protection Law No. 6698 (“Law”) and other relevant legislation and to ensure that relevant persons exercise their rights effectively.
Work and procedures regarding the storage and destruction of personal data, OP. DR. It is carried out in accordance with the Policy prepared accordingly by DENİZ KORKMAZ.
Explicit Consent: Consent regarding a specific issue, based on information and expressed with free will.
Anonymization: Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Employee: Employees of the Data Controller.
Electronic Environment: Environments where personal data can be created, read, changed and written with electronic devices.
Non-Electronic Media: All written, printed, visual, etc. other than electronic media. other environments.
Relevant Person: Natural person whose personal data is processed.
Relevant User: Persons who process personal data within the data controller organization or in line with the authorization and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data.
Destruction: Deletion, destruction or anonymization of personal data.
Law: Personal Data Protection Law No. 6698.
Recording Environment: Any environment where personal data is processed by fully or partially automatic or non-automatic means, provided that it is part of any data recording system.
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory they create by associating the personal data with the purposes and legal reason for processing personal data, the data category, the transferred recipient group and the data subject person group, and detailing the maximum retention period required for the purposes for which personal data are processed, the personal data envisaged to be transferred to foreign countries and the measures taken regarding data security.
Board: Personal Data Protection Board
Periodic Destruction: The process of deleting, destroying or anonymizing personal data, which is specified in the personal data storage and destruction policy and will be carried out ex officio at recurring intervals, in case all the conditions for processing personal data specified in the law are eliminated.
Policy: Personal Data Storage and Destruction Policy
Data Recording System: A recording system in which personal data is structured and processed according to certain criteria.
Data Controllers Registry Information System: The information system created and managed by the Presidency, accessible over the internet, that data controllers will use in applying to the Registry and other related transactions related to the Registry.
VERBİS: Data Controllers Registry Information System.
Regulation: Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017.
All OP. DR. DENİZ KORKMAZ employees, in order to prevent the unlawful processing of personal data by properly implementing the technical and administrative measures taken within the scope of the Policy, to increase the training and awareness of their employees, to monitor and supervise them, to prevent unlawful access to personal data and to ensure the legal storage of personal data. It actively supports responsible employees in taking technical and administrative measures to ensure data security in all environments where personal data is processed.
Personal data is stored securely by the Data Controller in accordance with the law in the environments listed in Table 1.
Table 1: Personal data storage environments
Electronic Media | Non-Electronic Media |
|
|
By the Data Controller; Personal data of employees, employee candidates and patients are stored and destroyed in accordance with the Law. In this context, detailed explanations regarding storage and disposal are given below.
In Article 3 of the Law, the concept of processing personal data is defined, in Article 4, it is stated that the personal data processed should be related to the purpose for which they are processed, limited and proportionate and should be kept for the period foreseen in the relevant legislation or for the period required for the purpose for which they are processed, and in Articles 5 and 6, it is stated that the processing of personal data should be limited and proportionate. conditions are listed. Accordingly, within the framework of the Data Controller's activities, personal data is stored for a period of time stipulated in the relevant legislation or in accordance with our processing purposes.
Personal data processed within the framework of the Data Controller's activities are retained for the period stipulated in the relevant legislation.
In this context, personal data;
Personal Data Protection Law No. 6698,
Health Services Basic Law No. 3359,
Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Subsidiaries,
Regulation on Processing and Ensuring the Privacy of Personal Health Data,
Law No. 1219 on the Proper Performance of Tabebat and Shuabati Arts,
Physician Professional Ethics Rules,
Turkish Code of Obligations No. 6098,
Social Insurance and General Health Insurance Law No. 5510,
Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through These Publications,
Labor Law No. 4857,
Regulation on Archive Services.
The Data Controller stores the personal data it processes within the scope of its activities for the following purposes:
It is stored for the retention periods stipulated within the framework of other secondary regulations in force in accordance with these laws.
Personal data;
Article 12 of the Law and Article 6/4 of the Law are required for the safe storage of personal data, prevention of unlawful processing and access, and lawful destruction of personal data. In accordance with the article, technical and administrative measures are taken by the Data Controller within the framework of adequate measures determined and announced by the Board for special personal data.
The technical measures taken by the Data Controller regarding the storage of the personal data it processes are listed below:
Administrative measures taken by the Data Controller regarding the storage of personal data processed are listed below:
At the end of the period stipulated in the relevant legislation or the storage period required for the purpose for which they are processed, personal data are destroyed by the Data Controller ex officio or upon the application of the relevant person, using the techniques specified below, in accordance with the provisions of the relevant legislation.
Personal data is deleted by the methods given in Table-2.
| Data Recording Environment | Explanation |
| Personal Data on Servers | For personal data on the servers whose retention period has expired, the system administrator removes the access authorization of the relevant users and deletes them. |
| Personal Data in Electronic Media | Among the personal data in the electronic environment, those whose period of storage has expired are made inaccessible and unusable in any way for other employees (relevant users) except the database administrator. |
| Personal Data in Physical Environment | Personal data kept in physical environment, for those whose period of storage has expired, are made inaccessible and unusable by all employees except the unit manager responsible for the document archive. In addition, blackening is also applied by drawing / painting / erasing the surface so that it cannot be read. |
| Personal Data Contained in Portable Media | Among the personal data kept in Flash-based storage media, those that have expired are stored in secure environments with encryption keys, by being encrypted by the system administrator and access authorization is given only to the system administrator. |
Personal data is destroyed by the Data Controller using the methods given in Table-3.
Table 3: Destruction of Personal Data
| Data Recording Environment | Explanation |
| Personal Data in Physical Environment | Personal data stored on paper that have expired are irreversibly destroyed in paper shredding machines. |
| Personal Data Contained in Optical / Magnetic Media | Personal data contained in optical media and magnetic media whose storage period has expired are physically destroyed, such as melting, burning or pulverizing. In addition, the data on the magnetic media is rendered unreadable by passing it through a special device and exposing it to a high magnetic field. |
Anonymization of personal data means making it impossible to associate personal data with an identified or identifiable natural person in any way, even if it is matched with other data.
In order for personal data to be anonymized; Personal data must be returned by the Data Controller or third parties and/or made impossible to associate with an identified or identifiable natural person, even through the use of appropriate techniques in terms of the recording environment and relevant field of activity, such as matching the data with other data.
Destruction of data is carried out only by authorized employees of the Data Controller. Employees are informed within the framework of the legislation regarding the protection and destruction of personal data. Necessary equipment, especially for physical destruction, is kept within the workplace.
Regarding the personal data being processed by the Data Controller within the scope of its activities;
Personal data-based retention periods for all personal data within the scope of activities carried out depending on the processes are included in the Personal Data Processing Inventory;
Process-based retention periods are included in the Personal Data Storage and Destruction Policy.
For personal data whose storage period has expired, ex officio deletion, destruction or anonymization is carried out.
Table 4: Durations for Storage and Destruction of Data
| Period | Storage Period | Destruction Period |
| Patients | 15 Years | 6 Months from the Expiry of the Storage Period |
| Employees | 15 Years After Termination Date | 6 Months from the Expiry of the Storage Period |
| Candidates Applying for Jobs | 15 Years from Application Period | 6 Months from the Expiry of the Storage Period |
| Contact Persons Other Than the Above Data Owners | 10 Years | 6 Months from the Expiry of the Storage Period |
The policy is published in two different media: with wet signature (printed paper) and electronically.
The policy is reviewed as needed and necessary sections are updated
This Policy enters into force on 01.01.2021.
KISS. DR. DENİZ KORKMAZ
Contact Form
Fill out the form and we will contact you as quickly as possible.
Contact us on Whatsapp.
Scan with your camera app or click the QR code to start a conversation.
Notification Centre 00:00 
