DR.
GONUL ATEŞSAÇAN EXAMINATION
PERSONAL
DATA
CONSERVATION
AND PROCESSING POLICY
Dr.
GÖNÜL ATEŞSAÇAN Clinic (“ Dr. GÖNÜL ATEŞSAÇAN ”) attaches utmost
importance to protecting the fundamental rights and freedoms of individuals, in
particular the privacy of private life regulated in Article 20 of the
Constitution, in the protection and processing of personal data. In this
context, Dr. GÖNÜL ATEŞSAÇAN pays attention to the legal protection and
processing of personal data in accordance with the Law on the Protection of
Personal Data No. 6698 (“ KVKK ”)
and the European Union General Data Protection Regulation (“ GDPR ”),
and acts with this understanding in all its planning and activities.
Ensuring the security of personal data of individuals. It is one of the
priority targets of GÖNÜL ATEŞSAÇAN . For this reason, in order to process the
Personal Data of individuals securely and to prevent any unlawful access or
leakage to this data, necessary security measures are taken by Dr. It is taken
by GÖNÜL ATEŞSAÇAN.
Personal
Data Protection and Processing Policy (“ Policy
”) is to protect and process personal data, which is fully or partially
automated or non-automatic, provided that it is part of any data recording
system, in accordance with the purpose of KVKK and GDPR . To inform Personal
Data Owners about GÖNÜL ATEŞSAÇAN's obligations and the procedures and
principles it will comply with. For the purpose of the Policy , Dr. It is aimed
to ensure full compliance with the legislation in the protection and processing
of personal data carried out by GÖNÜL ATEŞSAÇAN and to protect the right of
privacy and data security of Personal Data Owners.
This Policy; It has been prepared for
Customers, Employees, Employee Candidates and Visitors provided that they are
natural persons and will be implemented within the scope of these specified
persons. Dr. The purpose of publishing this Policy on the website by GÖNÜL
ATEŞSAÇAN is to inform
the Data Owners about the protection and processing of personal data and data
security. This Policy will not apply to legal entities in any capacity.
This
Policy applies to the above-mentioned Data Owners, who collect their personal
data in whole or in part by automated means or by non-automatic means provided
that they are part of any data recording system. It will be applied if it is
processed by GÖNÜL ATESSAÇAN. If the data is not included in the scope of
"Personal Data" in the scope specified below, or Dr. This Policy will
not be applied if the personal data processing activity carried out by GÖNÜL
ATEŞSAÇAN is not carried out in the above-mentioned ways.
this
Policy have the following meanings:
|
Open
Consent |
It
is the consent of a particular subject, based on information and expressed
with free will. |
|
Lighting
Obligation |
It
is the obligation of the data controller to inform the persons whose personal
data they are processing about, by whom, for what purposes and on what legal
grounds, and to whom it can be transferred, for what purposes. |
|
Related
User |
Except
for the person or unit responsible for technical storage, protection and
backup of the data, they are the persons who process personal data within the
organization of the data controller or in line with the authorization and
instruction received from the data controller. |
|
Destruction |
It
refers to the deletion, destruction or anonymization of personal data. |
|
Processing
of Personal Data |
Obtaining,
recording, storing, preserving, changing, rearranging, disclosing,
transferring, taking over, making available, classifying or using Personal
Data in whole or in part by automatic or non-automatic means provided that it
is a part of any data recording system. It is any operation performed on the
data, such as blocking. |
|
KVK
Board |
It
is the Personal Data Protection Board. |
|
Personal
Data Owner |
Refers
to Patients, Clients, Employees, Employee Candidates and Visitors whose
Personal Data (including sensitive personal data) is processed. |
|
Personal
Data |
Any
information relating to an identified or identifiable natural person. |
|
Institution/
Control Mechanism |
It
is the Personal Data Protection Authority consisting of the Board and the
Presidency. |
|
Automatic
Data Processing |
Computer,
phone, clock etc. It is a processing activity that takes place spontaneously
without human intervention within the scope of algorithms prepared in advance
through software or hardware features, performed by devices with processors. |
|
Special
Qualified Personal Data |
Data
on race, ethnicity, political thought, philosophical belief, religion, sect
or other beliefs, dress, association, foundation or union membership, health,
sexual life, criminal conviction and security measures, and biometric and
genetic data are special data. |
|
Record |
Data
Controllers Registry . |
|
Dr.GÖNÜL
ATEŞSAÇAN |
Dr.
Heart Firescatter It's the clinic . |
|
Data
Processor |
It
is the natural or legal person who processes Personal Data on behalf of the
data controller, based on the authority given by the data controller. |
|
Data
Recording System |
It
refers to the recording system in which Personal Data is processed and
structured according to certain criteria. |
|
Data
Category |
It
is the personal data class belonging to the data subject group or groups in
which personal data are grouped according to their common characteristics. |
|
Data
Subject Group |
It
is the group of persons whose personal data the data controller processes. |
|
Data
Controller |
It
is the natural or legal person who determines the purposes and means of
processing Personal Data and is responsible for the establishment and
management of the data recording system. |
Dr.
Policy principles, which were arranged by GÖNÜL ATEŞSAÇAN and entered into
force on 01.04.2021, were prepared by Dr. It is published on the corporate
websites of GÖNÜL ATEŞSAÇAN and made available to the Data Owners.
Dr.
GÖNÜL ATEŞSAÇAN takes all necessary administrative and technical measures to
ensure the appropriate level of security in order to securely store personal
data and prevent unlawful processing and access of personal data in accordance
with KVKK and GDPR. Administrative and technical measures taken regarding the
security of personal data, Dr. It is regulated in detail in the Personal Data
Retention and Disposal Policy of GÖNÜL ATEŞSAÇAN .
Dr.
GÖNÜL ATEŞSAÇAN performs the necessary audits and has them done in order to
establish the data security described above and to ensure the regularity and
continuity of the measures taken.
Dr.
The technical measures taken by GÖNÜL ATEŞSAÇAN are supervised by authorized
persons in semi-annual periods, and the administrative measures are carried out
by Dr. It is supervised by people authorized by GÖNÜL ATEŞSAÇAN .
Data
Processor not to disclose the personal data he has learned within the scope of
his duty, contrary to the provisions of KVKK, GDPR and Policy, and not to use
it for purposes other than processing. All necessary administrative and
technical measures are taken by GÖNÜL ATEŞSAÇAN. In this context, information
and training activities are carried out for workplace employees about KVKK,
GDPR and the Policy, and confidentiality agreements are signed as part of the
recruitment processes of the relevant employees. Confidentiality Commitments
are received by communicating the policies to Suppliers and Data Processors who
also provide outsourced services.
Dr.
In case the personal data processed by GÖNÜL ATEŞSAÇAN is obtained by others
illegally, Dr. GÖNÜL ATEŞSAÇAN carries out the necessary procedures to notify
the Data Owner and the KVK Board of this situation within the periods
determined by the KVK Board. If deemed necessary by the KVK Board, this
situation is announced on the website of the KVK Board or by another method
deemed appropriate by the KVK Board.
Dr.
GÖNÜL ATEŞSAÇAN observes all legal rights of the persons concerned regarding
the implementation of the Policy and the Law and takes all necessary measures
to protect these rights.
Data
on race, ethnic origin, political opinion, philosophical belief, religion, sect
or other beliefs, disguise and dress, membership in associations, foundations
or unions, health, sexual life, criminal convictions and security measures, and
biometric and genetic data are of special nature. is personal data. Dr. GÖNÜL
ATEŞSAÇAN is aware of the fact that Special Quality Personal Data is data that
may cause the Data Owner to be victimized or exposed to discrimination if
learned by others, and therefore takes adequate measures determined by the
Board sensitively for the protection of such personal data processed in
accordance with the law. In this context; It has a separate policy (Private
Personal Data Security Policy) that is systematic, clearly defined, manageable
and sustainable.
Dr.
Personal Data is processed by GÖNÜL ATEŞSAÇAN in accordance with the KVKK, GDPR
and the procedures and principles stipulated in this Policy. Dr. GÖNÜL
ATEŞSAÇAN complies with the following principles when processing personal data.
Dr.
GÖNÜL ATEŞSAÇAN processes personal data in accordance with the relevant
legislation and the requirements of the honesty rule and uses them within these
limits. In accordance with the principle of compliance with the rule of
honesty, Dr. GÖNÜL ATEŞSAÇAN considers the interests and reasonable
expectations of the persons concerned while trying to achieve its goals in data
processing. It acts in a way to prevent the occurrence of results that the Data
Owner does not expect and does not have to wait for. In accordance with the
principle, it also ensures that the data processing activity in question is
transparent to the data subject; acts in accordance with its lighting and
warning obligations.
Dr. Personal data is processed by
GÖNÜL ATEŞSAÇAN by taking the necessary technical and administrative measures
in order to ensure adequate security against loss, destruction, damage or
protection of personal data.
Dr. GÖNÜL ATEŞSAÇAN has fulfilled
its obligation in accordance with the rules of protection of personal data in
its processing activities, and in case of any complaint or ex officio
examination, it will be able to submit documents proving that these measures
have been taken.
Dr.
GÖNÜL ATEŞSAÇAN does not process personal data without the explicit consent of
the Data Owner . Personal data can only be processed without seeking the
explicit consent of the Data Owner
in the presence of one of the following conditions :
Dr.
GÖNÜL ATEŞSAÇAN may process personal data without seeking the explicit consent
of the Data Owner in cases expressly stipulated by the laws.
Dr.
GÖNÜL ATEŞSAÇAN may process personal data without seeking explicit consent in
order to protect the life or physical integrity of individuals in cases where
consent cannot be disclosed or is not valid.
Dr.
GÖNÜL ATEŞSAÇAN may process the personal data of the Data Owner , limited to
this purpose, as a requirement of the ordinary course of life, without seeking
explicit consent, in case the personal data of the parties to the contract is
required to be processed directly related to the establishment or performance
of a contract.
Dr.
GÖNÜL ATEŞSAÇAN may process the personal data of the Data Owner without seeking
explicit consent when necessary in order to fulfill its legal obligations as a
Data Controller.
Dr.
GONUL ATEŞSAÇAN; It may process the personal data made public by the Data Owner
himself, in other words, disclosed to the public in any way, for a limited
purpose, since it is accepted that the legal benefit to be protected in the
processing of such data, which has been made public by the Data Owner and thus
becomes known to everyone, has disappeared.
Dr.
GÖNÜL ATEŞSAÇAN may process the personal data of the Data Owner without seeking
explicit consent in cases where data processing is necessary for the exercise
or protection of a legally legitimate right .
Dr.
GÖNÜL ATEŞSAÇAN may process the personal data of the Data Owner in cases where
it is necessary to process the personal data in order to ensure its legitimate
interests, provided that it does not harm the fundamental rights and freedoms
of the Data Owner protected under the KVKK, GDPR and the Policy . Dr. GÖNÜL
ATEŞSAÇAN, to comply with the basic principles regarding the protection of
personal data and to Dr. GÖNÜL ATEŞSAÇAN and personal data owners show the necessary
sensitivity to observe the balance of interests. What is meant by legitimate
interest; It is a legitimate, effective, specific and already existing interest
that can compete with the fundamental rights and freedoms of the Data Owner . Dr.
GÖNÜL ATEŞSAÇAN takes additional protective measures in order not to harm the
rights of the Data Owner . A reasonable balance is maintained between the
interests of our company and the fundamental rights and freedoms of the person
concerned.
Dr.
GÖNÜL ATEŞSAÇAN does not process sensitive personal data without the explicit
consent of the Data Owner . Special categories of personal data can only be
processed without seeking the explicit consent of the data subject in the
presence of one of the following conditions:
Private
personal data of the Data Owner, other than his health and sexual life, may be
processed without the explicit consent of the Data Owner, in cases expressly
stipulated by the laws .
Persons
or authorized institutions and organizations that are under the obligation to
keep confidential personal data of the Data Owner regarding his health and
sexual life for the purpose of protecting public health, performing preventive
medicine, medical diagnosis, treatment and care services, planning and managing
health services and financing. can be processed by
Dr.
GÖNÜL ATEŞSAÇAN can transfer personal data to third parties based on one or
more of the following personal data processing conditions, in accordance with
Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR , by taking the
necessary security measures :
·
Having
the explicit consent of the Data Owner ,
·
There
is a clear regulation in the law regarding the transfer of personal data,
·
Data
Owner or someone else, and the data subject is unable to express his or her
consent due to actual impossibility or the consent is not legally valid,
·
It
is necessary to transfer the personal data of the parties to the contract,
provided that it is directly related to the establishment or performance of a
contract,
·
Dr.
Personal data transfer is mandatory for GÖNÜL ATEŞSAÇAN to fulfill its legal
obligation,
·
The
personal data has been made public by the Data Owner,
·
It
is necessary to transfer personal data for the establishment, exercise or
protection of a right,
·
Provided
that it does not harm the fundamental rights and freedoms of the Data Owner ,
Dr. Personal data transfer is mandatory for the legitimate interests of GÖNÜL ATEŞSAÇAN
.
Special
categories of personal data, on the other hand, can be transferred based on one
of the following conditions and on a limited basis, provided that adequate
measures are taken:
·
Having
the express consent of the person concerned,
·
If
there are sensitive personal data other than the health and sexual life of the
person concerned, there is a clear regulation in the law regarding the transfer
of this data.
·
In
the case of sensitive personal data regarding the health and sexual life of the
person concerned, these data are used by persons or authorized institutions
under the obligation to keep confidential, for the purpose of protecting public
health, performing preventive medicine, medical diagnosis, treatment and care
services, planning and managing health services and financing. transferable by
organizations.
Personal
data It is processed by GÖNÜL ATESSAÇAN by categorizing it as follows :
|
Identity |
Name-Surname , TR Identity Number and/or Passport
Number and/or Temporary TR Identity Number, place and date of birth, marital
status, gender, profession , signature and other identification data that can
identify real persons |
|
Communication |
Address ( residence , workplace), phone number
(reported home/workplace fixed and/or mobile phone numbers), e-mail address,
social media accounts, IP address and other contact data |
|
Personnel |
Curriculum
vitae, title information; employment entry-exit document records; social
security/retirement information, payroll information and other personal data |
|
Physical
Space Security |
Security
camera footage and other physical location security data |
|
finance |
Dr.
Personal data, bank account information, credit card information, and other
financial information processed regarding information, documents and records
showing the result of any financial relationship that GÖNÜL ATEŞSAÇAN has
established with personal data owners |
|
Audio
and Audio Recordings |
of
photographs, cameras and audio recordings taken outside the scope of physical
space security of personal data owners |
|
Communication
Records |
Dr.
Communication data obtained through GÖNÜL ATEŞSAÇAN's communication and
information systems: Corporate phone call records, corporate mail and e-mail
records and their contents, etc. |
|
Customer
Transaction |
Satisfaction
information about the patients of our practice, Invoice, receipt information,
etc. |
|
PRIVATE
PERSONAL DATA |
|
|
Health
Information |
Blood
type, allergies, chronic diseases, data on previous applications/operations,
drugs used continuously, analysis and imaging results, prescription
information, body analysis and measurement information, medical history, skin
analysis information, hormonal tests, venereal disease information ,
Information on Covid-19 disease, medical treatments and other health data |
|
Biometric
Data |
Image,
audio, video data |
Only
natural persons can benefit from the protection of this Policy and the Law.
Personal data owners within this scope are grouped as follows:
|
Employee
Candidate |
They
are real persons who have applied for a job in our practice by any means or
have opened their CV and related information to our practice. |
|
Customer |
Patients
or clients who come to our practice. |
|
Worker |
Dr.
GÖNÜL ATEŞSAÇAN They are the individuals working in his practice. |
|
Visitor |
They
are all natural persons who enter the physical campus of our practice for
various purposes or visit our websites for any purpose. |
Your Personal Data, Dr. As a " DATA PROCESSOR " by natural or legal persons
authorized by GÖNÜL ATEŞSAÇAN ; It is processed by taking
verbal, written, camera and photographic recordings and keeping records in
physical and electronic media, and by obtaining your explicit consent in cases
stipulated by KVKK and GDPR .
·
job
application forms,
·
Personnel
information forms,
·
Dr.
Various documents submitted to GÖNÜL ATEŞSAÇAN ,
·
Dr.
Mail and e-mails forwarded to GÖNÜL ATEŞSAÇAN ,
·
corporate
phones,
·
Photo/Video
recordings,
·
Websites,
·
Security
cameras,
·
Log
Recorders (Firewall),
·
Patient
Disclosure Forms,
·
Assay
Results,
·
Health
Information Forms, Service providers whose servers are abroad
(whatsapp/instagram/facebook/messanger/linkedin/youtube/zoomus/Google/Hotmail/yahoo
etc.).
Dr.
GÖNÜL ATESSAÇAN collects personal data based on one of the following legal
reasons in accordance with Articles 5 and 6 of the Law and Articles 6 and 9 of
the GDPR:
·
The
express consent of the person concerned,
·
expressly
provided for in laws;
·
The
personal data has been made public by the person concerned,
·
Provided
that it is directly related to the establishment or performance of a contract,
it is necessary to process the personal data of the parties to the contract,
·
Data
Owner has sensitive personal data regarding his health and sexual life, these
data are for the purpose of protecting public health, performing preventive
medicine, medical diagnosis, treatment and care services, planning and managing
health services and financing,
·
Dr.
It is mandatory for GÖNÜL ATEŞSAÇAN to fulfill its legal obligation,
·
Data
processing is mandatory for the establishment, exercise or protection of a
right,
·
Provided
that it does not harm the fundamental rights and freedoms of the persons concerned,
Dr. Data processing is mandatory for GÖNÜL ATESSAÇAN's legitimate interests.
Matching the Data Subject Groups with the Purposes of
Processing for Personal Data Categories
The
mapping of the data subject groups, the definitions and scopes of which are
given above , with the processing purposes related to the personal data
categories is presented below:
·
Employee Candidate
Data Categories : Identity, Communication,
Personnel, Professional Experience, Physical Space Security
Purposes of Processing :
Execution
of Emergency Management Processes, Execution of Information Security Processes,
Execution of Employee Candidate Selection and Placement Processes, Execution of
Application Processes of Employee Candidates, Ensuring Physical Space Security,
Execution of Communication Activities
·
Patient/Client
Data Categories : Identity, Communication,
Financial, Customer Transaction, Physical Space Security, Health Data, Biometric
Data
Purposes of Processing :
To be able to create a patient file, to apply examination, preventive
medicine, medical
diagnosis, treatment, weight loss protocols accompanied by medical evaluation,
to carry out post-treatment care services , to perform health checks after
medical diagnosis and treatment processes, to communicate with patients
one-to-one, to manage the development of medical protocols, To be able to
manage appointment processes, to perform patient satisfaction and demand management,
to fulfill
legal and contractual obligations, to keep the information about your health
data, which must be kept in accordance with the relevant legislation, within
the specified periods, to ensure the safety of the practice, to receive
consultation from another relevant specialist when necessary in order to
perform the treatments correctly. To be able to fulfill legal obligations in
accordance with the legislation within the scope of health tourism, to provide
transfer and accommodation services for patients/clients coming within the
scope of health tourism. To plan medical procedures, to announce innovations regarding medical treatments
and practices, to inform third parties about medical procedures, to carry out
promotional and marketing activities regarding medical practices applied within
the framework of the International Health Tourism Incentive legislation, to plan and
manage health services and their financing , to communicate between the
doctor and the patient. To be able to fulfill the responsibilities arising from
the legal relationship established, to fulfill the financial and administrative
obligations, to provide technical and commercial security and to fulfill public
obligations.
·
Worker
Data Categories : Identity, Communication,
Personnel, Finance, Visual and Audio Information, Physical Space Security,
Purposes of Processing :
Execution
of Emergency Management Processes, Execution of Information Security Processes,
Fulfillment of Obligations Originated from Labor Contracts and Legislation for
Employees, Execution of Benefits and Benefits Processes for Employees,
Execution of Activities in Compliance with Legislation, Ensuring Physical Space
Security, Execution / Audit of Business Activities, Organization and Event
Management
·
Visitor
Data Categories : Physical Space Security
Processing Purposes : Execution of
Emergency Management Processes, Execution of Information Security Processes,
Providing Physical Space Security
6.2
Personal Data Processing Activities Performed in Physical Spaces
In
order to ensure the security of our practice, entrances and exits are recorded
and video surveillance is performed in common areas. In order to be able to
monitor with the camera, the Data Owners, Dr. It was enlightened by GÖNÜL
ATEŞSAÇAN.
Traffic
information of online visitors visiting our website is automatically processed
for the purpose of conducting information security processes. On the other
hand, hosting providers have an obligation to record and store website traffic
information pursuant to Law No. 5651 and other legislation.
6.4 Personal Data Processing Activities Performed
Through Communication Channels
Phone,
e-mail etc. communications via channels. It is audited and recorded by GÖNÜL
ATEŞSAÇAN for the purpose of conducting/supervising business activities and
following up requests/complaints.
Data
Owners are required to use these channels only within the scope of their
business activities.
Dr. GÖNÜL ATEŞSAÇAN transfers personal data limited to
the following purposes within the framework of the conditions specified in
Articles 8 and 9 of the KVKK and Articles 45 and 49 of the GDPR:
·
Execution
of weight loss protocols and care services accompanied by examination, preventive medicine,
medical diagnosis, treatment, medical evaluation ,
·
Managing complication processes,
·
Monitoring and Execution of the Development of Treatment Protocols,
·
Getting consultation,
·
Fulfillment of obligations pursuant to Ministry of Health Legislation,
·
Fulfillment
of obligations in accordance with International Health Tourism Legislation,
·
Meeting
the transportation, accommodation and interpreter needs of health tourist
patients,
·
Fulfillment
of administrative obligations before Provincial Health Directorates and
District Health Directorates,
·
Informing
third parties about the health services provided, from a medical point of view,
·
Execution
of Employee Candidate Selection and Placement Processes,
·
Execution
of Application Processes of Employee Candidates,
·
Fulfilling
Obligations Arising from Employment Contracts and Legislation for Employees,
·
Execution
of Benefits and Benefits Processes for Employees,
·
Carrying
out the Activities in Compliance with the Legislation,
·
Execution
of Finance and Accounting Affairs,
·
Execution
/ Supervision of Business Activities,
·
Conducting
Business Continuity Ensuring Activities,
·
Execution
of Risk Management Processes,
·
Ensuring
and controlling data security,
·
Execution
of Contract Processes,
·
Providing
Information to Authorized Persons, Institutions and Organizations.
Dr. GÖNÜL ATEŞSAÇAN can transfer personal data to the
following individuals and organizations by applying all kinds of administrative
and technical security measures stipulated by the legislation, limited to the data subject groups
and data required by the purpose of transfer:
·
To other specialist physicians for consultation,
·
To Insured Employees,
·
to its suppliers,
Ø Financial
Advisor, Tax and Financial Advisors and Auditors
Ø Legal
Advisor
Ø Database
(Server) Providers
Ø “Clinical
Management Software System” Service Provider
Ø interpreters
Ø Overseas
Promotion Consultant
Ø Data
Protection Officer
Ø IT
Consultant
Ø Tourism
Agencies
·
Public Institutions and Organizations authorized
within the framework of laws,
·
To the Judiciary.
·
Without
prejudice to the provisions regarding the destruction of personal data in other
laws, Dr. GÖNÜL ATEŞSAÇAN, in accordance with the Personal Data Retention and
Disposal Policy , in case the reasons for processing the personal data that it
has processed in accordance with the provisions of the KVKK and other laws no
longer exist. delete, destroy or
anonymize ex officio or at the request of the person concerned.
·
Deletion
of personal data refers to the process of making personal data inaccessible and
non-reusable for the relevant users.
·
destruction
of data; means the process of making personal data inaccessible, irretrievable
and reusable by anyone in any way.
·
Anonymization
of data, masking of personal data, variable extraction, generalization, etc.
means the process of making it impossible to be associated with an identified
or identifiable natural person under any circumstances, even if it is matched
with other data using techniques.
Dr.
GÖNÜL ATEŞSAÇAN stores personal data in accordance with the periods stipulated
in the laws and other legislation. If there is no storage period stipulated in
laws and other legislation, personal data, Dr. In accordance with GÖNÜL
ATEŞSAÇAN's Personal Data Retention and Disposal Policy , that personal data is
kept for the period required for the purpose of processing , then it is
deleted, destroyed or anonymized within the framework of periodic destruction
periods.
As the Data Owner, your Personal Data is also protected in accordance with the GDPR. The rights of Data Subjects (European citizens or residents of Europe) in the jurisdiction of GDPR are as follows;
·
Right of Access (GDPR article 15): The data subject, Dr. Confirmation by applying to
GÖNÜL ATESSAÇAN , GDPR m. It has the right to learn the details in 15 .
· Right of Rectification (GDPR article 16): Data Owner, Dr. GÖNÜL ATEŞSAÇAN has the right to have the personal data in its possession corrected at any time by applying to us.
· Right to Erase (GDPR article 17): Data Owner, Dr. GÖNÜL ATEŞSAÇAN has the right to request the deletion of the personal data held under his responsibility. If the matters set out in article 17 of GDPR occur, Dr. Your personal data will be deleted by GÖNÜL ATEŞSAÇAN without delay.
·
Right to Restriction of Processing (Article 18 GDPR):
Ø
If the Data Owner objects to the up-to-dateness of the Personal
Data, Dr. Until the accuracy of the Personal Data is confirmed by GÖNÜL
ATEŞSAÇAN, the Data Owner has the right to request the restriction of the use
of the data.
Ø
If the Personal Data processing is illegal and the Data Owner
objects to the deletion of the Personal Data, the Data Owner has the right to
request the restriction of the use of the data.
Ø
Dr. Although we no longer need your personal data by GÖNÜL
ATEŞSAÇAN, if we want to establish and enforce your rights, the Data Owner has
the right to request the restriction of the use of the data.
Ø Dr. Until it is verified whether GÖNÜL ATEŞSAÇAN's legitimate
reasons outweigh the Data Owner 's legitimate reasons, the Data Owner has the
right to request the restriction of the use of the data, if he or she objects
to the processing in accordance with Article 21/1 of GDPR.
·
Right to Data Portion (GDPR article 20): Data Owner, if technically possible, Dr.
GONUL ATEŞSAÇAN reserves the right to request the transfer of the Personal Data
held in its custody to another controller at any time by applying to us.
However, you can exercise this right when data processing is based on your
consent or when required by the contract.
·
Right
of Appeal (GDPR article 21):
Ø
The Data Owner has
the right to object to the processing of Personal Data, including profiling,
within the scope of clauses (e) or (f) of Article 6(1) GDPR, on grounds
relating to his particular situation. Dr. GÖNÜL ATEŞSAÇAN cannot process your
Personal Data if it cannot show a strong legitimate reason such as the
establishment, exercise or protection of a legal right, which is above the
interests, rights and freedoms of the Data Owner.
Ø
Where Personal Data is processed for direct marketing
purposes, the Data Owner has the right to object at any time to the processing
of Personal Data for marketing, including profiling to the extent that it
relates to such direct marketing.
Ø
If the Data Owner objects to the processing of
Personal Data for direct marketing purposes, the Personal Data will no longer
be processed for such purposes.
of natural persons whose Personal
Data are processed pursuant to Article 11 of the KVKK are as follows;
·
Learning whether personal data is processed or not,
·
If personal data has been processed, requesting
information about it,
·
Learning the purpose of processing personal data and
whether they are used in accordance with its purpose,
·
Knowing the third parties to whom personal data is
transferred at home or abroad,
·
Requesting correction of personal data in case of
incomplete or incorrect processing and requesting notification of the
transaction made within this scope to the third parties to whom the personal
data has been transferred,
·
Requesting the deletion or destruction of personal
data in the event that the reasons requiring its processing have disappeared,
although it has been processed in accordance with the provisions of the KVKK
and other relevant laws, and requesting the notification of the transaction
made within this scope to the third parties to whom the personal data has been
transferred,
·
Objecting to the emergence of a result against the
person himself by analyzing the processed data exclusively through automated
systems,
·
To request the compensation of the damage in case of
loss due to unlawful processing of personal data.
In case the data owners have any rights or requests
that they want to use from the rights listed above; Their written application, in
which they clearly and comprehensibly stated which of the rights specified in
Article 11 of the KVKK , they would like to use, with wet signatures and
documents to prove their identity, were submitted to Dr. GÖNÜL ATEŞSAÇAN
MUAYENEHANESİ in person, send it via a notary public or by signing with a
secure e-signature to Dr. GÖNÜL ATEŞSAÇAN 's corporate e-mail address is gonul@gonulatessacan.com They can be
forwarded to the address or they can be sent by other methods specified in the
KVKK . In
the applications, it is obligatory to include the name- surname , signature, TR
identity number / passport number / temporary identity number , residence or
workplace address, e-mail address, telephone and fax number, the subject of the
request, in accordance with the "Communiqué on the Procedures and
Principles of Application to the Data Controller" . .
Dr. GÖNÜL ATEŞSAÇAN will conclude the request free of
charge as soon as possible and within thirty (30) days at the latest, depending
on the nature of the request. However, if the transaction requires an
additional cost, the fee in the tariff determined by the Personal Data
Protection Board will be charged.
EFFECTIVE
DATE : 01.04.2021
UPDATE
DATE : 01.04.2021