GOAL
This policy is about the General Data Protection Regulation (GDPR) DentNis Implantology and Aesthetic Dental Clinic (Abdulkadir Narin) (hereinafter referred to as “DentNis Implantology and Aesthetic Dental Clinic (Abdulkadir Narin)” or “DentNis”) has been created within the scope of the legal requirements and this policy is governed; , to share information about our prospective customers, employees, employees, company communications, partners, employees with whom we cooperate, and third parties.
GDPR As DentNis, while performing our commercial activities, the basic principles regarding how to comply with the Personal Data Protection Law No.6698 in terms of the comprehensive fulfillment of the personalized and personalized needs in the KVKK and the personalized processing and examination of all the facts we are in another company. and we are determining the road map to be followed. In this context, our customers, potential customers, customer candidates, employee candidates, company officials, company officials, our opinion, outside the institutions we cooperate with, as well as their business and officials and third parties are informed and informed by our personal privacy company and to ensure transparency.
SCOPE GDPR
This Policy applies to all DentNis processes and processes that need regulation. DentNis employees, employee candidates, active and potential customers, customer candidates, users, suppliers, dealers, and all other natural persons in relationship with DentNis.
3-LEGAL LEGISLATION (GDPR)
Law No. 6698 on the Protection of Personal Data and its regulations
PROCEDURE AND PRINCIPLES REGARDING THE PROTECTION OF PERSONAL DATA GENERAL PRINCIPLES
(GDPR)
DentNis operates in accordance with the procedures and principles stipulated in the personal purpose KVKK and other related laws. The processed data can be processed with KVK, to be in accordance with the following issues and their honesty, Being accurate and up-to-date, “ being processed for a clear and legitimate verbal, Being related to the processing, and being measured
Personal data processed by DentN are kept accurate and up-to-date only for the time required by the relevant legislation or required for the purpose for which they are processed, in accordance with the law and honesty, but for specific and legitimate protection.
If there is a period stipulated for storage in the relevant legislation, DentNis complies with this period; The aim of maintaining such a period only lasts as long as they have been processed. DentNis is not to store data for its existence in the future possibility.
PROTECTION OF PERSONAL DATA AND PRIVACY CONDITIONS OF PROCESSING PERSONAL DATA
(GDPR)
Except for the exceptions listed in the Law, DentNis only processes personal data to obtain the explicit consent of the data owners. Personal data can be processed even without the explicit consent of the data owner, in case of the aforementioned conditions listed in the Law. These are: Stipulation of viewing in laws, Being unable to disclose his consent due to inactivity or being obligatory for himself or someone else’s life or body integrity, whose consent is not legally valid, that it is necessary to process personal consent of the parties of the contract, provided that a contract is directly related to the travel or execution It is obligatory for the data controller to fulfill it, The data controller must be made public by himself, The data processing is mandatory to teach a right, the password is mandatory, It must be processed for the legitimate interests of the data controller, provided that it harms the fundamental rights and freedoms of the data owner.
DentNis shows sensitivity in the processing of special quality personal data, which is more critical for the protection of data owners in various aspects. In this context, in addition to the condition of not processing personal data of special nature without the explicit consent of the data owners, it is also possible to comply with the rule of taking adequate measures determined by the board. Such data are processed / attached without the explicit consent of the data owners. These data; Biometric and genetic data regarding race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures. By DentNis in line with the relevant provisions of KVKK; Special quality personal data can only be processed with the explicit consent of the personal data owner, provided that adequate measures are taken by the KVK Board.
If the personal data owner does not have express consent, then:
Special quality personal data other than the health and sexual life of the personal data owner, in exceptional cases stipulated by the law,
Personal data of special quality related to the health and sexual life of the personal data owner, but only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, persons or authorized institutions and organizations under the obligation of confidentiality. It is processed by.
PURPOSE OF PROCESSING PERSONAL DATA
(GDPR)
Your personal data obtained by DentNis can be processed within the scope described below:
HR operations, In-house operations,
Activities with legal, technical and administrative consequences,
Strategy, planning and business partners / supplier, customer management,
Planning and execution of corporate communication activities and events,
Planning and execution of in-company training programs,
Company Workplace Safety,
Worker and Occupational Health and Safety Protection,
Performing after sales services,
Execution of Technical Services
Fulfilling the requirements of dealership contracts,
Performing collection transactions,
To customers; Providing various advantages through product-service promotion, information, personalized advertising, campaign and other benefits, sending commercial electronic messages, surveys and tele-sales applications, statistical analysis,
Conducting studies to improve service quality and providing better service,
Issuing invoices for our services,
Outsourcing services,
Providing customers with the benefits of organizations that are specialized in their fields in order to receive services and technology services that are not within their field of expertise, and to benefit due to the requirements of company activities.
Identity confirmation,
Answering questions and complaints,
Taking necessary technical and administrative measures within the scope of data security,
Financial agreement on products and services offered with relevant business partners and other third parties,
Provision of necessary information in line with the demands and audits of regulatory and supervisory institutions and official authorities,
Preserving information on data that should be kept in accordance with the relevant legislation,
Providing control over the consistency of information,
Measuring customer satisfaction,
In terms of employees; Establishing a personal file, determining whether he is qualified to fulfill the requirements of the job continuously, making private health insurance, creating a health file, taking occupational safety measures, making travel planning.
In terms of employee candidates: Managing and planning the process of evaluating the eligibility for open positions.
Publishing the visual and audio data of DentNis and its Employees and their booths obtained in competitions, organizations, fairs, works and other activities within the scope of its field of activity for the purpose of developing and sharing the work.
Harmonization of dealer operations and policies in the dealer chain,
Fulfillment of legal obligations,
Execution / follow-up of DentNis financial reporting and risk management processes,
Execution / follow-up of legal affairs,
Creating and tracking visitor records.
Planning the use of machinery and equipment by employees, execution Planning, execution of sales transactions, planning and execution of Procurement Operations Planning and execution of collection procedures
Planning the use of the company’s internet, common network, computer usage in accordance with the laws
Planning and execution of DentNis fair, activity, social projects, product and corporate promotion
The numbered purposes are for informative purposes, and other additions will be announced by us with updates to enable DentNis to carry out its future commercial and operational activities.
STORAGE OF PERSONAL DATA
(GDPR)
The personal data we obtain are securely stored in physical or electronic media for an appropriate period of time in order for DentNis to carry out its commercial activities. Within the scope of these activities, DentNis acts in accordance with the obligations stipulated in all relevant legislation, especially KVKK, regarding the protection of personal data.
In accordance with the relevant legislation, with the exception of cases where the storage of personal data is permitted or required for a longer period, in the event of the termination of the purposes of processing personal data, the data will be deleted, destroyed, or at the request of the data owners, either ex officio or upon the request of the data owner and the request of the data subject. will be anonymized. In case of deletion of personal data through the aforementioned methods, these data will be destroyed in a way that they cannot be used and retrieved in any way.
In cases where the data controller has a legitimate interest, personal data may be stored provided that the purpose of processing and the periods specified in the relevant laws expire provided that the law permits this, provided that the fundamental rights and freedoms of the data owners are not harmed. After the expiry of the aforementioned limitation period, personal data will be deleted, destroyed or anonymized according to the procedure mentioned above.
TRANSFER OF PERSONAL DATA TO DOMESTIC PEOPLE
Physical destruction, permanent deletion from software, masking, data derivation, aggregation, data hash, expert deletion, etc.
DentNis complies with the conditions set out in the KVKK regarding the sharing of personal data with third parties, without prejudice to the provisions of other laws. In this context, DentNis does not transfer personal data to third parties in cases where it cannot be transferred without the explicit consent of the data owner. However, the situations where Personal Data can be transferred without the explicit consent of the data owner are regulated in the KVKK as follows:
It is clearly stipulated in the laws, It is necessary for the protection of the life or physical integrity of the person or someone else who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, Provided that it is directly related to the establishment or execution of a contract, the processing of personal data of the parties to the contract , It is mandatory for the data controller to fulfill his legal obligation, It is made public by the data owner himself, Data processing is mandatory for the establishment, use or protection of a right, Provided that it does not harm the fundamental rights and freedoms of the data owner, data processing is mandatory for the legitimate interest of the data subject.
Provided that adequate precautions are taken; For the purposes of protection of public health, Preventive medicine, Medical diagnosis, Treatment and care services, Planning and management of health services and financing, for the purposes of protection of public health, in terms of special quality personal data other than health and sexual life, Persons under the obligation of secrecy or authorized institutions and organizations, without the express consent of the person concerned.
In the transfer of special quality personal data, the conditions specified in the processing conditions of special personal data and the determination of the law are also complied with.
5.5 TRANSFER OF PERSONAL DATA ABROAD
(GDPR)
Regarding the transfer of personal data abroad, Personal data cannot be transferred abroad without the express consent of the data subject If there are conditions permitted to process personal data without the explicit consent of the data owner, DentNis without seeking the explicit consent of the data owner in the foreign country to which the personal data will be transferred, provided that sufficient protection is present. personal data can be transferred abroad by. If the country to be transferred is not determined by the Board among the countries with sufficient protection, DentNis and the data controller / data processor in the relevant country will undertake adequate protection in writing and the board’s permission will be required.
As clearly stated in the Law, Personal data is subject to the existence of one of the conditions specified in the second paragraph of Article 5 of the Law and the third paragraph of Article 6 of the Law and in the foreign country where personal data will be transferred; a) there is adequate protection, b) if adequate ka rb the lack of adequate protection for the presence of permission and the Council to commit in writing to the responsible data in the current ibili foreign countries, Turkey transferred abroad person’s explicit consent without seeking for the record. Countries with sufficient protection are determined and announced by the Board.
Personal data, without prejudice to the provisions of international conventions, Turkey or in the interests of the person concerned will suffer a serious condition, but considering the views of relevant public institutions and organizations or transferred abroad with the permission of the Board. The provisions of other laws regarding the transfer of personal data abroad are reserved.
DentNis will ensure that the necessary procedures that will comply with the enumerated provision of the Law in foreign transfer are carried out. LIABILITY OF DentNis Within the scope of Article 10 of the KVKK, data subjects should be enlightened before or at the latest during the acquisition of personal data. The information to be conveyed to the data owners within the framework of the disclosure obligation are as follows: Identity of the data controller and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, the rights enumerated in Article 11 of KVKK. .
DentNis has prepared lighting statements in order to fulfill its lighting obligation. After the disclosure statements are submitted to the data owners, explicit consent statements have been prepared for data processing activities and data categories that require the explicit consent of the data owner in order for DentNis to carry out its commercial activities. These statements contain the purposes for which the data will be processed, to whom and for what purpose, the method of collection and the rights of the data owner.
DentNis can fulfill its responsibility of illumination by all methods in accordance with the law, which are suitable for obtaining consent.
KVKK’s 5/2. Article provides exceptions that make it possible to process personal data in accordance with the law. DentNis may also process personal data in the presence of one of the other conditions (exceptions) listed below, apart from express consent. The basis of the personal data processing activity can be only one of the conditions stated below, and more than one of these conditions can also be the basis of the same personal data processing requirement.
Being stubbornly prescribed in laws,
In order to protect the life or body integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent cannot be validated, or another person’s personal data must be processed.
Being Directly Related to the Establishment or Execution of the Contract,
DentNis’ Fulfilling its Legal Obligation,
Making Personal Data Public of Personal Data Owner,
Data Processing is Mandatory for the Establishment or Protection of a Right,
Obligation of Data Processing for the Legitimate Interest of DentNis, provided that it does not harm the fundamental rights and freedoms of the data owner.
RIGHTS OF THE DATA OWNER
(GDPR)
Necessary information and measures have been taken by DentNis to exercise the rights granted to data owners in Article 11 of the KVKK. In case of such a request, it will be fulfilled in accordance with the Laws. These rights are:
- a) Learning whether personal data is being processed,
- b) To request information if personal data has been processed,
- c) Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
- d) To know the third parties to whom personal data is transferred domestically or abroad,
- e) To request correction of personal data in case of incomplete or incorrect processing,
- f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
- g) Request notification of the transactions made pursuant to articles (e) and (f) above to third parties to whom personal data have been transferred,
- h) Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- i) To request the compensation of the damage in case of damage due to the processing of personal data illegally.
Pursuant to paragraph 1 of Article 13 of the KVKK, Personal Data Right Owners request the following methods and information in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller” published in the Official Gazette No. 30356 dated March 10, 2018 can realize with.
Necessary information in the application content;
Name and Surname of the applicant.
If the applicant is a citizen of the Republic of Turkey together with the ID number if you do not have the nationality, passport number or ID number.
The applicant’s place of residence or workplace address for notification.
The applicant’s notification e-mail address, telephone or fax.
Subject of the applicant’s request.
Information and documents based on the applicant’s subject of request.
Application methods that the person concerned can use;
The applicant can fill in the application request to the company address of Meşrutiyet Mahallesi Vali Konağı Caddesi Narin Apartment No: 167/4 Şişli / Istanbul with the above explanations in accordance with KVKK 13, and deliver on the sealed envelope and envelope with the note “Request for the Requirement of the Law on Protection of Personal Data” with a hand-held report. .
The applicant can send a notification to the address of the company through a notary, and the note “Request for the Protection of Personal Data Law” must be attached to the notification envelope.
With the “Secure Electronic Signature” defined in the Electronic Signature Law No. 5070, the applicant can personally apply to our Company’s Registered Electronic Mail info@dentnis.com address with the “Request for the Law on Protection of Personal Data.
DentNis will deliver the answer to the relevant applications physically or electronically to the relevant data owner. Depending on the nature of the request, DentNis will conclude the request as soon as possible and within thirty (30) days at the latest, free of charge. However, if the transaction requires an additional cost, the fee in the tariff determined by DentNis by the Board will be collected from those concerned. In addition, DentNis may request additional information or documents from the applicants during the process of finalizing the data owners’ requests. (GDPR)
However, KVKK’s 28 (2). Except for the right to compensate the damage, the above rights listed in Article 11 of the KVKK will not be applied in the following cases:
Processing of personal data is necessary for the prevention of crime or for criminal investigation, Processing of personal data that has been made public by the data owner himself, Discipline with the execution of supervision or regulation duties by authorized and authorized public institutions and organizations and professional organizations that are public institutions based on the authorization of the personal data processing. investigation
Personal data processing is necessary for the protection of the economic and financial interests of the State regarding budget, tax and financial issues.
MEASURES TAKEN FOR DATA SECURITY
DentNis takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data. KVKK’s 12 (1). The measures stipulated in the article are as follows: To prevent the processing of personal data unlawfully, To prevent unlawful access to personal data, To ensure the protection of personal data.
The measures DentNis has taken in this context are listed below:
Administrative Measures
DentNis provides the necessary training to ensure that its employees, who are responsible for the processing and storage of data, have the necessary knowledge about the Law in order to ensure the implementation of the provisions of the Law. It determines the organizational structure of the unit assigned for this purpose, its members and working system. It ensures that the Company Attorney and Legal Department provide the necessary information about the process. In case the processed personal data is obtained by others through illegal means, it shall notify the relevant person and the Board as soon as possible. Regarding the sharing of personal data, DentNis signs framework contracts with the persons with whom personal data is shared, provides data security with the provisions to be added to the contracts and commitment agreements. It makes the necessary assignments to monitor the fulfillment of the procedures in this way. It employs knowledgeable and experienced personnel about the processing of personal data and provides the necessary KVK training to its personnel. It prepares the documents, records and other transactions of its employees duly and ensures that they are kept. It creates the committee and the fields of duty to work on this issue by assigning personnel to carry out these works.
Technical Measures
DentNis employs knowledgeable and experienced people in order to ensure data security and provides necessary KVK training to its personnel. In this context, it makes necessary internal controls and risk analysis.
It ensures that the technical infrastructure that will prevent and / or observe the leakage of personal data outside the institution is provided and that whatever needs to be done is completed, and that all the necessary actions are in place and complete. It ensures that the employees in information technology units, those who can access personal data, and their authorization to access personal data are kept under control.
It ensures that the technical programs used have the protection of personal data.
PROCESSING IMAGE RECORDS
In order to ensure the general and commercial security of the Company’s facilities and businesses, DentNis records images of visitors, employees and other relevant persons in accordance with the basic principles stipulated in the KVKK and in this Policy, and these records are physically or securely stored electronically.
At the entrances to the place where the image is recorded, a warning that the image has been recorded is visible in order to inform the data owners. In areas where privacy is required, images are definitely not taken. Within the scope of these activities, DentNis acts in accordance with the obligations stipulated in all relevant legislation, especially KVKK, regarding the protection of personal data.
KEEPING RECORDS OF DentNis’ INTERNET ACCESS TO OUR VISITORS
Internet access can be provided by our company to our visitors who request during their stay at our workplaces. In this case, the log records regarding your internet access are recorded in accordance with the Law No. 5651 and the governing provisions of the legislation regulated according to this Law; These records are only processed when requested by the authorized public institutions and organizations or to fulfill our legal obligation in the audit processes to be carried out within the Company.
Only a limited number of DentNis employees have access to the log records obtained within this framework. Employees of the Company, who have access to the aforementioned records, only access these records for use in the request or audit processes from the authorized public institutions and organizations, and share them with legally authorized persons who undertake to protect the confidentiality of the data they access in a limited number.
MONITORING OF GUEST ENTRANCE AND EXIT AT AND WITHIN THE ENTRANCE OF DentNis
By our company; Personal data processing activities are carried out in order to ensure security and to monitor guest entries and exits in DentNis buildings and facilities for the stated purposes.
The personal data owners are clarified within this scope when obtaining the names and surnames of the guests who come as guests, or by means of texts posted by the Company or made available to the guests in other ways. The data obtained for the purpose of tracking guest entry and exit are processed for this purpose only, and the relevant personal data are recorded in the data recording system in physical and / or electronic media.
PROCESSING THE PERSONAL DATA OF BUSINESS PARTNERS
Within the scope of fulfilling the commercial activities that DentNis has established with business partners such as dealers, distributors, the personal data of the business partners’ employees are obligatory for the performance of the business or the commercial operation can be achieved for the purposes specified in this Policy, the human resources objectives and policies can be fulfilled, It can operate in order to fulfill the legal and commercial security of the work.
DentNis PERSONAL DATA PROTECTION ORGANIZATIONAL STRUCTURE
The Personal Data Protection Committee will be appointed within DentNis to manage this policy and other policies related to this policy, which is responsible for carrying out the actions determined by the senior management for compliance.
To make a written report to the Board of Directors, which can be changed by an administrative decision to be taken later, to ensure that the company acts in accordance with the KVKK legislation in administrative and technical terms, to ensure data security and to suggest all kinds of measures and actions to be taken within the framework of the KVKK legislation, to ensure that the necessary audits are carried out, and to work under the Plant Manager, to inform the senior management through written reporting from all familiarization processes, and to make these people responsible for Human Resources and IT departments, which can be changed and added later.
In this context, the Committee must fulfill all the measures required by the KVKK legislation, including but not limited to the following: To determine the basic policies regarding the processing and protection of personal data and the things to be done to comply with the legislation,
To submit the determined basic policy and action steps for the approval of the senior management; To observe its implementation and to ensure its coordination,
To decide how the policies regarding the processing and protection of personal data will be implemented and how the audit will be done, to make the necessary assignments after receiving the approval of the senior management,
To identify the risks that may arise in the personal data processing activities of the company and to ensure that the necessary measures are taken; submit improvement suggestions to the approval of senior management,
To ensure that employees are trained on the protection of personal data and Company policies,
To decide the applications of personal data owners at the highest level,
Required approval, commitment from third parties, etc. ensuring that the relevant procedures are followed,
To make necessary arrangements within the company in order for the company to fulfill its obligations within the scope of KVKK, to follow developments in the protection of personal data; To advise senior management on what to do within the scope of these developments,
Managing the relations with the Institution and the Board
Suggesting regulations that need to be made, applying.
To ensure that the necessary inspections are carried out.
DISTRIBUTION
The policy is published on the DentNis website and at the Company headquarters via various communication tools and announced to third parties and Company employees.
COOKIES
We use cookie / information blocks technology on our website. Cookies are pieces of information that the website transmits to keep records on an individual’s computer. When you open our website, we can place cookies on your computer. This will improve your online experience by enabling you to save your preferences while visiting the site. Cookies do not collect any personal information about you, they do not transmit any personal information for us to contact you, nor do they transmit any information from your computer. We use cookies to identify the sections of our site that interest you the most and to offer you more of them on our page.
Temporary cookies are used to determine the number of times you visit our site and are deleted when you exit your web browser. A persistent cookie, on the other hand, is used to inform you whether you have visited the site before, when you enter the page through your web browser. (GDPR)
The “help” section of the toolbar in most web browsers explains how your web browser can be protected from new cookies, how your web browser can alert you when a new cookie is encountered, or how to block all cookies. Do not forget that Turkey’s dentnis cookies allow you to benefit from the new features on the website and therefore you should keep clear of cookies.(GDPR)
REVISION AND TERMINATION (GDPR)
This Policy is reviewed and updated by DentNis Legal Consultancy in accordance with the new communiqué, secondary legislation and legal regulations. In case of inconsistency between the provisions of the KVKK and other relevant legislation and this Policy, the provisions of the KVKK and other relevant legislation will be applied first. (GDPR)
FORCE
This Policy prepared by DentNis has been renewed with its latest updates and entered into force on 21.07.2020. (GDPR)
DEFINITIONS AND ABBREVIATIONS
The explanations and abbreviations of some definitions in the text are also used as a reflection of the statements in the law and their explanations are given below. (GDPR)
Explicit Consent: Consent that is based on information and expressed with free will regarding a specific subject. (GDPR)
Destruction: Deletion, destruction or anonymization of personal data. (GDPR)
Law / KVKK Law No. 6698 on Protection of Personal Data. (GDPR)
Recording Media: Any medium that contains personal data that is fully or partially automated or processed non-automatic, provided that it is a part of any data recording system.
Abbreviation Definition (GDPR)
Personal Data: All kinds of information regarding an identified or identifiable natural person. (GDPR)
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, through fully or partially automatic means of personal data or non-automatic means provided that they are part of any data recording system Any action taken on data, such as classification or prevention of use. (GDPR)
Making Personal Data Anonymous: Making personal data unidentifiable or unrelated to a natural person, even by matching with other data. (GDPR)
Deletion of Personal Data: Deletion of personal data; making personal data inaccessible and unavailable in any way for Relevant Users. (GDPR)
Destruction of Personal Data The process of making personal data inaccessible, retrieved and reusable by anyone. (GDPR)
Board Personal Data Protection Board. (GDPR)
Special Qualified Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures and biometric and their genetic data. (GDPR)
Periodic Destruction: The process of deletion, destruction or anonymization to be carried out ex officio at repetitive intervals specified in the personal data storage and destruction policy in the event that all the conditions for processing personal data in the Law are eliminated. (GDPR)
Data Owner / Relevant Person: Real person whose personal data is processed. (GDPR)
Data Processor: Based on the authority given by the data controller, the person on his behalf ensures that the technical programs used have the protection of personal data. The natural or legal person who processes hand data. Data Supervisor
A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Regulation Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on October 28, 2017.
Communiqué “Communiqué on the Procedures and Principles of Application to the Data Controller”, published in the Official Gazette No.
DentNis Implantology and Aesthetic Dental Clinic (Abdulkadir Narin) (GDPR)