Personal Data Protection and Processing Policy
ÜNLÜ AKADEMİ DENTAL POLYCLINIC JOINT STOCK COMPANY
PERSONAL DATA PROTECTION AND PROCESSING POLICY
Table of Contents…………………………………………………………………………………………………….. 1
1. PURPOSE AND SCOPE…………………………………………………………………………………………… 1
2. OBJECTIVE………………………………………………………………………………………………………….. 2
3. DEFINITIONS AND ABBREVIATIONS……………………………………………………………………………… 2
4. RESPONSIBILITIES………………………………………………………………………………………………… 3
5. PROCEDURES AND PRINCIPLES REGARDING THE PROTECTION OF PERSONAL DATA……………… 3
5.1 GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA………………………… 3
5.1.1 Processing Personal Data in Compliance with Law and the Principle of Good Faith…… 3
5.1.2 Ensuring Accuracy and Currency of Personal Data…………………………………… 3
5.1.3 Processing for Specific, Explicit and Legitimate Purposes……………………………… 4
5.1.4 Being Relevant, Limited and Proportionate…………………………………… 4
5.1.5 Retention for the Period Required by Legislation or Purpose……………………………… 4
5.2 Conditions for Processing Personal Data…………………………………………………………………….. 4
5.3 Processing of Special Categories of Personal Data………………………………………………………… 5
5.4 Transfer of Personal Data…………………………………………………………………… 5
5.4.1 Transfer of Personal Data Domestically………………………………. 6
5.4.2 Transfer of Personal Data Abroad……………………………. 6
5.5 Company’s Obligation to Inform………………………………………………………… 6
5.6 Rights of the Data Subject………………………………………………………………………………. 7
5.7 Measures Taken for Data Security………………………………………………………… 8
5.7.1 Administrative Measures……………………………………………………………………………….. 9
5.7.2 Technical Measures………………………………………………………………………………….. 9
6. IMPLEMENTATION OF THE POLICY AND RELEVANT LEGISLATION……………………………………… 10
7. EFFECTIVENESS AND UPDATING OF THE POLICY…………………………………………………………………. 10
1. PURPOSE AND SCOPE
This Personal Data Protection and Processing Policy of ÜNLÜ AKADEMİ DENTAL POLYCLINIC JOINT STOCK COMPANY (“Company”) sets forth the principles to be adopted and implemented by the Company regarding the protection and processing of personal data.
The Policy aims to define the framework and coordination of compliance activities to be carried out by the Company in order to ensure compliance with the Law No. 6698 on the Protection of Personal Data (“KVKK”). The objective is to maintain operations in accordance with the principles of lawfulness, integrity, and transparency adopted since the establishment of the Company.
2. OBJECTIVE
The objective of the Company’s KVKK Policy is to establish the necessary systems and ensure regulatory compliance by creating awareness regarding lawful processing and protection of personal data within the Company.
This Policy serves as guidance for the implementation of the provisions introduced by the KVKK and relevant legislation.
3. DEFINITIONS AND ABBREVIATIONS
The key definitions used in this Policy are as follows:
EXPLICIT CONSENT: | Consent relating to a specific matter, based on information, and expressed freely. |
ANONYMIZATION: | Rendering personal data incapable of identifying a person irreversibly. |
DATA SUBJECT: | The real person whose personal data is processed. |
PERSONAL DATA: | Any information relating to an identified or identifiable real person. |
SPECIAL CATEGORY PERSONAL DATA: | Data relating to race, ethnicity, political opinion, religious belief, health, sexual life, biometric and genetic data. |
DATA CONTROLLER: | The person or entity determining the purposes and means of data processing. |