loader
 Results    

Special Personal Data Policy

  1. Home
  2. Special Personal Data Policy

SCOPE

  1. The Special Personal Data Policy  covers all departments, employees and 3rd party companies and their employees that process all personal data within the body of “ ENTO EAR NOSE THROAT ÖZEL SAĞLIK HİZMETLERİ TİCARET A.Ş.  “  (hereinafter  referred to as “ENTO KBB”  ).
  2. The Special Personal Data Policy  will define the rules for the security of special personal data of "ENTO KBB"  and will cover all activities to ensure management in this area and will be implemented at every step of the process.
  3. The Special Personal Data Policy will not apply to all data that is not Special Personal Data.
  4. In case the legislation is determined or the relevant legislation is updated regarding the subject,  the requirements will be complied with by ensuring that the "ENTO KBB"  Special Personal Data policy is updated in line with the relevant legislation.
  5. In cases where it is deemed that there is a legal impediment to the implementation  of the Special Personal Data Policy  by "ENTO KBB" , "ENTO KBB"  may re-determine the steps to be taken and this Policy in question, if deemed necessary, in consultation with the Senior Management.

DEFINITIONS

Law Personal Data Protection Law No. 6698
Regulations Regulation on the Deletion, Destruction or Anonymization of Personal Data
Related Decision This is the decision of the KVK Board dated 31/01/2018 and numbered 2018/10 regarding “Adequate Measures to be Taken by Data Controllers in the Processing of Special Personal Data”.
The Board Personal Data Protection Board
Recording medium It is the name given to any environment in which personal data is processed by fully or partially automatic means or non-automatic means provided that it is part of any data recording system.
Personal data It is any information relating to an identified or identifiable real person and covers all aspects of the person that enable their identification as a result of carrying a concrete content expressing the person's physical, economic, cultural, social or psychological identity or being associated with any record such as an identity number or tax number.
Personal data processing inventory It is the inventory that creates and details the personal data processing activities carried out by data controllers in connection with their business processes, the purposes of processing personal data, the data category, the recipient group to which it is transferred and the data subject by associating them with the person group.
Special Personal Data Special Personal Data specified in this law are data that carry the risk of causing discrimination against their owners if they are processed.
Record The Data Controllers Registry (VERBiS) is kept by the Presidency.
Data recording system It is a recording system in which personal data is structured and processed according to certain criteria.
Data Controller It is the natural or legal person who determines the purposes and rules of processing personal data and is responsible for the establishment and management of the data recording system.
Buyer group The category of real or legal persons to whom personal data is transferred by the data controller.
Related User The person responsible for the technical storage, protection and backup of data or the persons who process data in accordance with the authorization and instructions of the data controller.

 The definitions in the Personal Data Protection and Processing Policy, Storage and Destruction Policy and other policies and procedures established within the body of “ENTO KBB” are valid within this policy.

AIM

This Policy in question will be applied to the real and legal persons responsible for the "Conditions for Processing of Special Personal Data" in the Regulation established in accordance with Article 6 of the Personal Data Protection Law No. 6698 and   will determine the principles to be complied with by "ENTO KBB"  and  third parties that "ENTO KBB"  has contractually made responsible.

According to the decision of the KVK Board dated 31/01/2018 (published in the Official Gazette on 07/02/2018)   , "ENTO KBB"  is a Data Controller who is obliged to register with the Registry (VERBIS), therefore it is obliged to process and store the Special Personal Data in its possession in accordance with the Personal Data Processing Inventory, to define the rules for ensuring the security of the said data and to prepare a policy covering all the activities to be provided by the senior management and to act in accordance with this policy.

The following rules will apply to the storage and destruction of personal data.

  • The general principles in Article 4 of the Personal Data Protection Law No. 6698 will be complied with.
  • ” ENTO KBB ”  accepts, declares and undertakes that it will act in accordance with the security measures included in Article 12 of the KVK Law No. 6698, as well as the provisions in the relevant legislation, the decisions to be taken by the KVK Board, the administrative and technical measures as specified in the Data Security Guide and the Policy when storing, deleting, destroying or anonymizing personal data.
  • ” ENTO KBB ”  accepts that by preparing this Policy, it does not mean that Personal Data has been deleted, destroyed or Anonymized in accordance with the Regulation, Relevant Legislation and Law.
  • During the deletion, destruction or anonymization of personal data obtained in whole or in part by automatic means or processed by non-automatic means as part of any registration system,  "ENTO KBB"  acts in accordance with this Policy.

RECORDING MEDIA

The media containing personal data specified below, as well as personal data in other media that may arise in addition to these, agree to be included within the scope of the said Policy.

  • Computers/servers/mobile devices used in the name of "ENTO KBB"
  • Storage areas of computers/servers/mobile devices used in the name of "ENTO KBB"
  • Magnetic Tape, Optical Disk, Micro Fiche
  • Network Devices
  • USB Hard Disk, USB Memory
  • Peripherals such as Printer, Fingerprint, Face Reading
  • Paper
  • Shared / non-shared Drives for data storage and backup on the network

SPECIAL NATURE PERSONAL DATA

  1. General Principles Regarding the Processing of Special Personal Data

"ENTO KBB"  takes all administrative and technical measures regarding the safe storage of personal data, prevention of unlawful processing and prevention of access.

” ENTO KBB ”  undertakes to process data in accordance with the manner specified in the Personal Data Protection Law No. 6698.

” ENTO KBB ”   In cases where there are no exceptions to the conditions for processing Special Personal Data as per Article 6, Paragraph 3 of the KVK Law No. 6698;

  1. In cases where "ENTO KBB"  stores Special Personal Data, it processes the data in question in accordance with the legislation and  with the knowledge of "ENTO KBB"  's KVKK Team, provided that Explicit Consent is obtained.
  2. Except for the exceptions specified in the Personal Data Protection Law No. 6698, it is prohibited to store the personal data in question in cases where the Explicit Consent of the Data Owner is not obtained.
  3. Special Personal Data Processed by ” ENTO KBB ”
  4. Personal data related to Health and Sexual Life can only be processed without the explicit consent of the data owner by persons or authorized institutions and organizations that are under a confidentiality obligation for the purposes of Preventive Medicine, Health Services, Protection of Public Health, Carrying out medical diagnosis, treatment and care services, planning and management of health services and financing.
  5. Special personal data other than health and sexual life, ethnic origin, political opinion, race, sect, religious belief, philosophical view or other belief, association, foundation or union membership, dress code, criminal conviction and security-related data, genetic and biometric data may be processed without the explicit consent of the data owner in cases stipulated by law.
  • Personal data  is processed by "ENTO KBB"  with the explicit consent of the personal data owner and is processed as specified in the "General Principles on Data Processing" section of this Policy.  It varies and diversifies according to the type, kind and nature of the relationship between "ENTO KBB"  and the data owner, the communication models used and the aforementioned purpose. These data are also specified in the Personal Data Inventory.
  1. Purposes of Processing Special Personal Data

Special Personal Data is processed within the scope of the purposes specified in the Personal Data Processing Inventory and may be stored for the periods stipulated by the relevant laws within the scope of these purposes.

  1. Transfer of Special Personal Data

” ENTO KBB ” performs domestic and international data transfers within the framework of the purposes specified in the “ Purposes of Processing Special Personal Data”  section  of the said Policy   , as specified in Articles 8 and 9 of the KVK No. 6698. The said personal data can be processed and stored in the servers and electronic environments used within this scope.

 The parties to whom data is transferred are also specified in the Personal Data Inventory prepared by  ” ENTO KBB ” . The nature of these data transfers and the parties to whom the data is shared vary depending on the type, nature and type of relationship between the Data Owner and ” ENTO KBB ”  , the purpose of the transfer and the relevant legal basis. In addition, other conditions are defined in the KVK Privacy Policy and the measures and actions specified here are valid.

In accordance with the decision of the Personal Data Protection Board dated 31/1/2018 published in the Official Gazette dated 07/03/2018  , if "ENTO KBB" will transfer Special Personal Data;

  • If the data is transferred via e-mail, it is transferred in encrypted form via the corporate e-mail address or via KEP (Registration Electronic Mail).
  • If it is transferred via media such as portable USB memory, CD, DVD, it is transferred using cryptographic methods,
  • If a transfer is to be made between physical servers located in different locations, data is transferred between the servers in question using VPN or SFTP methods.
  • If data is transferred via paper, the documents are transferred by converting them into confidential documents, taking into account risks such as theft, loss or seizure by unauthorized persons.
  1. Elimination of Data Processing Conditions

” ENTO KBB ”  is responsible for keeping the Special Personal Data Processing conditions up to date and shares this responsibility with all data processors.

“ENTO KBB”  employees cannot continue to process data in cases where the data processing conditions are eliminated.

” ENTO KBB ”  accepts that the conditions for processing Special Personal Data have been eliminated according to the list below and the situations specified in the Regulation;

  • Processing personal data is against the law and the principle of honesty,
  • The purpose requiring the processing of personal data disappears,
  • In cases where personal data processing is carried out only based on the conditions of Explicit Consent, if the relevant person withdraws his/her Explicit Consent,

In this context,   the measures defined in the Storage and Destruction Policy by "ENTO KBB" and the actions to be taken within this framework will be valid.

  1. Security of Special Personal Data

In the processing of Special Personal Data, it is essential to take adequate measures determined by the Personal Data Protection Board. The security of Special Personal Data has been determined as follows in accordance with the decision of the Personal Data Protection Board dated 31/1/2018 and published in the Official Gazette on 07/03/2018.

  • Confidentiality agreements are made between the Data Controller and the Employees,
  • The authorization scopes and durations of users authorized to access data are defined,
  • Regular training is provided to employees on all matters related to the laws, legislation and regulations regarding the processing of Special Personal Data, and all decisions and guides to be published by the Personal Data Protection Board.
  • Authorization Checks are carried out periodically,
  • In case of a change of duty or resignation, the existing authorizations in this area are checked and immediately closed, and those allocated to them by the data controller with the debit form are taken back in accordance with the relevant procedure.

If the environments where Special Personal Data are stored, processed and/or accessed are digital environments (electronic);

  • Personal data is protected using cryptographic methods and passwords are stored in secure and separate environments.
  • The security of all transactions made on personal data is ensured by keeping logs (audit trails of the transactions made).
  • The security of all environments where personal data is located is ensured and necessary follow-ups regarding updates are carried out according to the relevant procedure,
  • If personal data is accessed through software, authorizations for this software are made, and security tests of this software are also carried out at certain periods.
  • In case of remote access to personal data, at least a 2-stage authentication system is used (such as VPN or SFTP).

In the physical environments where Special Personal Data is processed, stored and/or accessed;

  • Unauthorized entry and exit to physical environments where Special Personal Data is located is prevented,
  • Adequate security measures appropriate to the nature of the environments where Special Personal Data is located (measures against fire, flood, theft, electricity leakage, etc.) have been taken,

This Policy  will come into force as of the date of approval by the “ENTO KBB”   KVK Committee (Team List) Chairman of the Board of Directors and will be published in relevant places. The necessary work to put into effect the changes that need to be made to the policy will be carried out by the “KVK Committee (Team List)” and will come into force after being approved by the Chairman of the Board of Directors.

ENTO KBB reserves the right to review this Policy and, if necessary, update, change or eliminate the Policy and create a new Policy in line with changes in legislation, changes in a referred technical standard, the procedures of the Personal Data Protection Board and/   or decisions and court decisions.

"ENTO KBB"  will share and make accessible all changes made to the Policy in its latest updated version with its employees via e-mail and/or corporate intranet.

Policy Effective Date: 01/11/2019             

footer_logo

Established in Izmir in 2001, ENTO Surgical Medical Center provides healthcare services to its patients with its expert and experienced physicians in many specialties such as Ear Nose Throat, Rhinoplasty, Dental, Chest Polyclinic, Sleep Problems, Sleep Apnea, Snoring, Hearing Tests with its advanced technologies.

Contact Information

img

Links

img

Other

img
© Private Ento Surgical Medical Center 2025 - Design and SEO: Kepler Media
WhatsApp
Hemen Ara