loader
 Results    

Storage and Destruction Policy

  1. Home
  2. Storage and Destruction Policy

1. PURPOSE OF THE POLICY

The purpose of this policy is; Deletion of personal data, which has been issued based on the Law (Law) on Protection of Personal Data numbered 6698 and published on 28.10.2017 in the official Gazette numbered 30224, in accordance with Articles 5 and 6 of the Regulation on the destruction or anonymization of Personal Data, “ENTO EAR NOSE and THROAT SPECIAL HEALTH SERVICES TRADE A.Ş.” (HEREINAFTER referred to as “ENTO KBB”) for the fulfillment of the obligations related to the storage and destruction of Personal Data and other obligations specified in the Regulation. identify roles and responsibilities with rules to be applied throughout.

2. SCOPE OF THE POLICY

Personal data and personal data of special quality, which are held in the policy “ENTO KBB”, all employees of “ENTO KBB”, managers, consultants and their affiliates in all cases where personal data sharing is concerned, it covers external service providers and real and legal persons with whom “ENTO KBB” has a legal relationship.

The Policy covers the personal data contained in the systems in which the data is processed by means that are fully or partially automated or are part of any data recording system.

Unless otherwise stated in the policy, personal data and personal data of a special nature together will be referred to as “personal data”.

3. IDENTIFYING

  • Anonymization: Even if the personal data is paired with other data, it is not possible to associate it with an identifiable or identifiable real person in any way,
  • Destruction: Deletion, destruction or anonymization of personal data,
  • Personal Data: Any information relating to an identified or identifiable natural person,
  • Personal Data retention Table: The table showing the periods during which personal data will be kept in the “ENTO KBB”,
  • Personal Data processing Inventory: The personal data processing activities of the data controllers, which they carry out depending on the business processes; The inventory they have created by relating personal data processing purposes, data category, transferred recipient group and data subject group and detailed by explaining the maximum time required for the purposes for which personal data are processed, the personal data that is transferred to foreign countries and the measures taken regarding data security,
  • Deletion of personal data: The process of making personal data inaccessible and unusable again for the relevant users,
  • Destruction of personal data: The process of making the personal data not accessible, retrievable and unusable by anyone in any way,
  • Personal Data of special quality: Race, ethnicity, political thought, philosophical belief, religion, data on sect or other beliefs, disguise and clothing, association, foundation or union membership, health, sex life, criminal conviction and security measures, and biometric and genetic data,
  • Periodic destruction: In case of the disappearance of all the conditions for processing of personal data in the law, the deletion, destruction or anonymization of the personal data will be carried out at repeated intervals as specified in the storage and destruction policy,
  • Data recording system: The recording system in which personal data is structured and processed according to certain criteria,

4.REGISTRATION MEDIUMS UNDER REGULATION WITH POLICY

Any medium in which personal data is fully or partially automated or processed in non-automatic ways, whether as part of any data recording system, is covered by the recording medium.

5 DUTIES AND POWERS OF THE PERSONAL DATA PROTECTION COMMITTEE

  • Committee on Protection of Personal Data following the announcement of the Policy to the relevant business units and the fulfillment of its requirements by the “ENTO KBB” units
  • The Personal Data Protection Committee shall make the necessary announcements and notifications for the relevant business units to follow the legal changes related to the protection of personal data, the regulatory actions and decisions of the Board, court decisions or changes in the process, practices and systems and, if necessary, to update the business processes,
  • Committee for the Protection of Personal Data; The law and its secondary arrangements and the decisions and regulations of the Board shall determine the processes for the examination, evaluation, follow-up and conclusion of the decisions and/or requests of the court and other competent authorities, and shall

6.IF THE CONDITIONS FOR PROCESSING OF PERSONAL DATA ARE ELIMINATED

  • In case of the disappearance of the object for processing personal data, the withdrawal of explicit consent or the disappearance of all the conditions for processing of personal data in Articles 5 and 6 of the Law or a situation in which none of the exceptions in the mentioned articles can be applied, the conditions of processing are eliminated, by the relevant business unit, taking into account the business needs, within the scope of Articles 7, 8, 9 or 10 of the Regulation, the justification of the method applied is deleted, destroyed or anonymized by explaining it. However, in the event of a finalized court decision, the method of destruction determined by the court decision must be applied.
  • All users who process or store personal data and the data subject “ENTO ENTO ENBB” units will review whether the conditions related to processing have been eliminated in the data recording environment they use within four months at the latest. Upon the application of the personal data owner or the notification of the Board or a court, the relevant users and units shall carry out this review in the data recording environments they use, regardless of the period of periodic inspection.
  • When it is determined that the data processing conditions have disappeared as a result of the periodic reviews or at any time, the relevant user or data owner will decide to delete, destroy or anonymize the relevant personal data from the recording medium located in its own jurisdiction in accordance with this policy. In cases of doubt, the relevant data subject business unit will be taken into consideration. When a decision is made on the destruction of multi-stakeholder data in central information systems, the opinion of the Personal Data Protection Committee will be taken and the decision of the data owner business unit regarding the storage or deletion, destruction or anonymization of the data in accordance with this policy will be taken
  • All transactions related to the deletion, destruction or anonymization of personal data are recorded and such records are kept for at least three years, excluding other legal obligations.
  • In accordance with Article 7.4 of the Regulation, the methods applied for the deletion, destruction and anonymization of personal data will be published and disclosed after the entry into force of the Policy.
  • Deletion, destruction or anonymization of personal data in accordance with the general principles in Article 4 of the Law and the technical and administrative measures to be taken under Article 12, the relevant legislation provisions, the decisions of the Board and the decisions of the court
  • When a natural person who owns a personal data requests the deletion, destruction or anonymization of his personal data by applying to “ENTO KBB” pursuant to Article 13 of the Law, the relevant data subject business unit examines whether all the conditions for processing personal data have been eliminated. If all conditions of processing have disappeared; deletes, destroys or anonymizes the personal data subject to request. In this case, the details are as set out in the ISO 27001:203 information Security Management System Data destruction procedure; The request is concluded no later than thirty days from the date of application and the person concerned is informed through the KVKK team assigned by the KVKK Officer. If all the conditions for processing personal data have been eliminated and the personal data subject to request has been transferred to third parties, the relevant data subject business unit will immediately notify the third party to the transfer and ensure that the necessary actions are taken under the Regulation before the third party
  • In cases where all the conditions for processing personal data have not been eliminated, the requests of the personal data owners for the deletion or destruction of their data may be rejected by “ENTO KBB” in accordance with Article 13, paragraph 3 of the Law. The rejection response shall be notified to the relevant person in writing or electronically within 30 days at the latest.
  • Requests for the deletion or destruction of personal data will only be considered if the person concerned has been identified. In the requests to be made outside of these channels, the relevant persons will be directed to the channels where identification or verification can be made.

7.POLICY ENFORCEMENT, INFRINGEMENT CONDITIONS AND SANCTIONS

  • This Policy will come into effect by announcing to all employees and on the website of “ENTO KBB” and in effect, all business units, consultants, customers, insurance companies, external service providers and other FIRM A.Ş. it will be binding on everyone who processes personal data.
  • The monitoring of whether the “ENTO KBB” employees meet the requirements of the Policy will be the responsibility of the supervisors of the employees concerned. If any contrary behavior is detected, the matter will be immediately reported to a senior supervisor, who is affiliated with the supervisor of the employee concerned. If the exclusion is significant, information will be given to the Personal Data Protection Committee without losing time by the top supervisor.
  • The necessary administrative action will be taken after the evaluation by Human resources about the employee who acts contrary to the policy.
  • By the “ENTO KBB” in order to fulfill the policy requirements; All necessary security measures are taken within the scope of the information Security Management System and Law No. 6698 of the KVK.

8. PERSONS TO BE INVOLVED IN THE PROCESS OF STORAGE AND DESTRUCTION OF PERSONAL DATA AND THEIR RESPONSIBILITIES

In fulfilling the requirements for the destruction of the data specified by Law, Regulation and Policy within the “ENTO KBB”, all employees, customers, insurance companies, consultants, external service providers and otherwise everyone who stores and processes personal data in the “ENTO KBB” is responsible for fulfilling these requirements.

Each business unit is responsible for storing and protecting the data it generates in its own business processes; however, if the data produced is found only in information systems outside the control and authority of the business unit, the data in question will be stored by the units responsible for the information systems.

Periodic destruction, which will affect business processes and cause data integrity to deteriorate, data loss and results contrary to legal regulations, will be carried out by the relevant information systems departments taking into account the type of personal data, the systems in which it is included and the business unit that owns the data.

9.RETENTION AND DESTRUCTION OF PERSONAL DATA

The Table showing the periods of retention and destruction of Personal Data is located in Appendix: 1. In the case of periodic destruction or on-demand destruction, such storage and disposal periods shall be taken into account. Table showing the periods of retention and destruction of Personal Data “ENTO KBB” will be updated by the business units of the processes to be included in the personal data inventory, taking the evaluations of the Personal Data Protection Committee in case of hesitation.

10.PERIODIC DESTRUCTION PERIODS

The period of periodic destruction of personal data is determined and determined by the relevant business units of the data owner; however, in any case, this period cannot exceed 1 (one) years.

11 THE WALK

  • Walk through the policy with the date of publication
  • It is the responsibility of the Committee on Protection of Personal Data to announce the policy throughout the “ENTO KBB” and to make the necessary updates.

ANNEX-1 Table of retention and destruction of Personal Data

In contrast, unless there is a finalized court order or a precautionary measure, the personal data will be retained for the periods specified in the following table, taking into account the issues set out in Article 6 of the Policy, and will be destroyed at the end of the period:

DATA OWNER DATA CATEGORY DATA RETENTION TIME
Employee The employment documents and the Social Security Institution carried out; personal data based on service duration and remuneration notifications The service is maintained for 50 (fifty) years after the contract and from the end of the speech.
Employee The employment documents and the Social Security Institution carried out; personal data other than personal data based on service duration and remuneration notifications In the continuation of the service contract and the calendar year following its pronunciation shall be maintained for a period of 10 (ten) years from the beginning of the year.
Employee Data in the workplace Personal Health File The service shall be maintained for 30 (thirty) years after the contract and its pronouncement.
Partner/solution Partner/Advisor Credentials, contact information, financial information, voice recordings received on phone calls, Partner/solution Partner/Consultant data on the execution of the business relationship between the Partner/solution Partner/Consultant Business Partner/ solution Partner/ Consultant, during and after the end of the business/ commercial relationship with “ENTO KBB”, is stored for 10 (ten) years in accordance with the Turkish Code of obligations M.146 and the Turkish Commercial Code M.82.
Visitor Name, surname, T.C.K.N., camera recordings with vehicle license plate, voice recordings taken in phone calls it is stored for 2 (two) years.
Website Visitor Website Visitor's name, surname, e-mail address, navigation information it is stored for 2 (two) years.
Employee candidate Information on the employee candidate's resume and application form It is kept for a maximum of 2 (two) years until the resume loses its current status.
Intern (Student) Information contained in the intern file In the continuation of the internship relationship and the calendar year following its pronunciation, it is maintained for 10 (ten) years from the beginning of the year.
Customer Customer's name, surname, T.C.K.N., contact information, payment information and methods, navigation activity information, voice recordings received on phone calls, product/service preferences, transaction history, special day information From the delivery of each product/service purchased by the Customer, it is stored for a period of 10 (ten) years in accordance with the Turkish Code of obligations, MD.146 and the Turkish Commercial Code, MD.82.
Customer Camera images, vehicle license plate information it is stored for 2 (two) years.
Lead Identification, contact information, financial information, voice recordings received during contract negotiations for establishing a commercial relationship between the prospective customer and the “ENTO KBB it is stored for 2 (two) years.
Companies in which “ENTO KBB” is cooperating (Supplier, contract manufacturer, Dealer/Franchise Identity information, contact information, financial information, voice recordings taken in telephone calls, data of the institution/companies in which “ENTO KBB” is cooperating with and “ENTO KBB “ENTO KBB” is in cooperation with the institutions/firms, during the business/commercial relationship with “ENTO KBB” and after the end of the Turkish Code of obligations, MD.146 and Turkish Commercial Code MD.82 are stored for a period of 10 (ten) years.
footer_logo

Established in Izmir in 2001, ENTO Surgical Medical Center provides healthcare services to its patients with its expert and experienced physicians in many specialties such as Ear Nose Throat, Rhinoplasty, Dental, Chest Polyclinic, Sleep Problems, Sleep Apnea, Snoring, Hearing Tests with its advanced technologies.

Contact Information

img

Links

img

Other

img
© Private Ento Surgical Medical Center 2025 - Design and SEO: Kepler Media
WhatsApp
Hemen Ara
Randevu Al