Data officer Dr. Esra Bayri’s office is responsible for keeping your personal data in compliance with the general principles and regulations set forth in this Personal Data Retention and Disposal Policy, which is prepared in accordance with the Constitution, the Personal Data Protection Law No. 6698, the Regulation on the Deletion, Destruction or Anonymization of Personal Data and other relevant legislation. properly stored and disposed of.

With this Policy, it is aimed to reveal the general principles and principles regarding the storage and destruction of real person data subject to personal data processing activities within the scope of the practice KVKK and to fulfill the obligations determined by the legislation.

Explicit Consent: Consent on a specific subject, based on information and expressed with free will,

Recipient Group: The natural or legal person category to which personal data is transferred by the data controller,

Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data.

Relevant User: Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data,

Destruction: Deletion, destruction or anonymization of personal data,

Personal Data: Any information relating to an identified or identifiable natural person (e.g. name-surname, TCKN, e-mail, address, date of birth, credit card number, bank account number)

Relevant Person: The natural person whose personal data is processed,

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use,

Special Quality Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. data,

Periodic Destruction: The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in this Policy, in case all of the personal data processing conditions in the KVKK are eliminated,

REGISTRATION ENVIRONMENTS REGULATED BY POLICY

It covers all personal data subject to data processing activities within the scope of KVKK. In addition, the documents referred to by the Policy cover both physical and digital copies.

It stores all personal data subject to data processing activities within the scope of KVKK in the following environments where personal data is fully or partially automated or processed by non-automatic means provided that it is a part of any data recording system:

Practice computers, e-mail accounts, desktop computers, employees’ tools (e.g. mobile phone), backup areas, paper files, folders, guest book, CD, DVD, USB, Hard disks, printer, copier, etc.

REASONS REQUESTING THE STORAGE AND DISPOSAL OF PERSONAL DATA

Personal data processing activities are based on the following principles:

Compliance with the law and the rule of honesty,

•Ensuring that personal data is accurate and up-to-date when necessary,

• Processing for specific, explicit and legitimate purposes,

• Being connected, limited and restrained with the purpose for which they are processed,

• To keep for the period required by the relevant legislation or for the purpose for which they are processed.

Our practice stores and uses personal data for the purposes of personal data processing and in accordance with the processing conditions of personal data in Articles 5 and 6 of the KVKK stated below. destroys at the request of the personal data owner:

Finding the Explicit Consent of the Personal Data Owner: The first condition for the processing of personal data is the explicit consent of the owner.

Explicitly Provided in Laws: The personal data of the data owner may be processed in accordance with the law without obtaining his explicit consent, provided that it is expressly stipulated in the Laws.

Failure to Obtain the Explicit Consent of the Personal Data Owner due to Actual Impossibility: If the personal data of the person who is unable to express his/her consent due to actual impossibility or whose consent cannot be validated is required to be processed in order to protect the life or bodily integrity of himself or another person, the personal data of the data owner may be processed.

Directly Related to the Establishment or Performance of a Contract:

If it is necessary to process the personal data of the parties to the contract, it is possible to process the personal data.

Legal Obligation: If data processing is necessary for our practice to fulfill its legal obligations, the data of the personal data owner may be processed.

Making Personal Data Public by the Personal Data Owner: If the data owner has made his personal data public by himself, the relevant personal data may be processed limited to the publicization.

Obligatory Data Processing for the Establishment or Protection of a Right: If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.

Obligatory Data Processing for the Legitimate Interest of Our Practice: Provided that the fundamental rights and freedoms of the personal data owner are not harmed, the personal data of the data subject may be processed if data processing is mandatory for the legitimate interests of our practice.

PROCESS STORAGE TIME DISPOSAL TIME

Preparation of Contracts 10 years from the end of the contract In the first periodic destruction period following the end of the storage period

Execution of Human Resources Processes 10 years from the end of the activity In the first periodic destruction period following the end of the storage period

Execution of Hardware and Software Access Processes 5 years In the first periodic destruction period following the end of the storage period

Registration of Visitors and Meeting Participants 5 years At the first periodic destruction period following the expiry of the retention period

For the period specified in the Personal Health Data Record Legislation In the first periodic destruction period following the end of the retention period

For the period specified in the Identity Data Legislation In the first periodic destruction period following the end of the storage period

Camera Images are kept for at least 2 months in accordance with Private Hospitals Regulations. At the first periodic disposal period following the end of the storage period

This Policy is deemed to have entered into force after its publication on the website.