“Smileest Clinic”, of which Dr. Ayşegül Girgin and Dr. İsmail Metin Hoşer are authorized, undertakes to comply with the principles and rules set forth by the Constitution of the Republic of Turkey, the Personal Data Protection Law No. 6698 (KVKK) and other legislation regarding the protection of personal data and to protect the rights and freedoms of individuals whose data are processed by Smilest Clinic. For this purpose, the Board of Directors has adopted a written personal data protection policy and system to be implemented and developed.
The policy provisions cover all information systems and sub-information, contracts, environmental and physical areas involved in the processing of personal data in the fields of activity and work of Smilest Clinic, and the systems and regulations produced for all these.
The purpose of the Personal Data Protection Policy and System is to fulfill the obligations that Smilest Clinic is subject to in accordance with international agreements, the Constitution, laws, contracts and professional rules in the field of personal data protection and to protect the interests of individuals in the best possible way.
Smilest Clinic will comply with the personal data protection legislation and data protection principles. The data protection principles adopted by Smilest Clinic include:
Smilest Clinic informs the Personal Data Protection Board (“PDP Board”) about which personal data it is the data controller and which categories of personal data it processes in this capacity.
In order to detect potential changes that may occur in the notification made, Smilest Clinic reviews its data processing activities and changes therein and, if necessary, informs the KVKK Board.
All employees of Smilest Clinic and personnel of companies providing support services will be sanctioned for any actions that violate this policy.
Smilest Clinic’s solution partners who have access to or are likely to access personal data and all third parties working with Smilest Clinic are invited to read and comply with this policy.
Explicit consent: Consent based on information and expressed with free will on a specific subject.
Anonymization: Making personal data in a way that it cannot be associated with an identified or identifiable natural person, even when matched with other data.
Relevant person: The natural person whose personal data is processed,
Personal data: Any information relating to an identified or identifiable natural person,
Sensitive personal data: Data regarding individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Processing of personal data: Any operation performed on personal data, such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, in whole or in part, by automatic means or non-automatic means provided that it is part of any data recording system.
KVKK: Personal Data Protection Law No. 6698,
KVKK Board: Personal Data Protection Board,
KVKK Authority: Personal Data Protection Authority,
Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority granted to him,
Data recording system: The recording system in which personal data is structured and processed according to certain criteria.
Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
expresses.
Smilest Clinic is the data controller in accordance with the KVKK.
All personnel, especially Dr. Ayşegül Girgin and Dr. İsmail Metin Hoşer, are responsible for developing and promoting correct practices in the processing of personal data within the Smilest Clinic, as well as other obligations related to this issue, as stated in their individual job descriptions.
All Smilest Clinic personnel who process personal data are responsible for acting in accordance with the Personal Data Protection legislation.
Smilest Clinic is responsible for providing the necessary notifications and training to ensure that all personnel are aware of their responsibilities in the field of protection of personal data and have the necessary awareness.
Smilest Clinic personnel are responsible for ensuring the accuracy and up-to-dateness of all personal data provided to Smilest Clinic by them or relating to them.
All personal data processing activities must be carried out in accordance with the following data protection principles. Smilest Clinic’s policies and procedures aim to ensure compliance with these principles:
Personal data is processed in a transparent manner and in accordance with the law and the rule of honesty.
In this context, Smilest Clinic includes information texts in data collection channels and related areas regarding the personal data processing activities it carries out. The areas where these notifications, which include clear and understandable information about which data is processed by Smilest Clinic and for what purposes, will be included and announced are determined. The following points are included in these notifications:
Personal data may only be processed for specified, explicit and legitimate purposes.
The grounds/purposes for processing personal data are determined and personal data cannot be used for purposes other than those specified without another legal justification or the explicit consent of the data owner.
Personal data must be appropriate and relevant, and processed to a limited extent for the purpose.
Smilest Clinic is obliged to ensure that personal data that is not explicitly necessary for the processing purpose is not collected and processed.
Smilest Clinic is responsible for stopping the data processing activity and securely destroying the processed data in respect of personal data that it determines to be inappropriate, irrelevant or excessive in terms of the processing purpose.
Personal data must be accurate and up-to-date.
Data kept for long periods of time should be reviewed for accuracy and timeliness.
The accuracy and up-to-dateness of the data kept regarding personnel is the responsibility of the relevant personnel.
Employees/customers and other relevant persons must inform Smilest Clinic to update the processed personal data.
Personal data should only be processed if it is necessary for the purpose of data processing.
It must be ensured that personal data is not processed after the periods determined in accordance with legal regulations.
Data subjects have the following rights regarding data processing activities and records concerning them at Smilest Clinic:
To learn whether your personal data is being processed,
To request information regarding the processing of personal data,
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
To know the third parties to whom personal data is transferred, either domestically or abroad,
To request correction of personal data if it is processed incompletely or incorrectly,
Request the deletion or destruction of personal data for which there is no legal justification or basis for processing in accordance with the KVKK or this policy,
To request that the correction or deletion processes made upon request be notified to third parties to whom personal data has been transferred,
To object to a result that is to the detriment of the person himself/herself, as a result of the analysis of the processed data exclusively through automatic systems,
To request compensation in case of damages due to unlawful processing of personal data.
Data owners may request access to their personal data and exercise their rights listed above. These requests will be responded to within 30 days.
Data owners can submit their requests by filling out the KVKK Application Form to the address Acıbadem Mh, Şeyh Galip Sk, Elysium Elit Konutları, B Blok D: 29 Koşuyolu, Kadıköy / İstanbul, via a notary public or by confirming their identity via registered mail.
Smilest Clinic accepts the consent given by the data owner to certain data processing activities, based on information and with free will, expressing his/her will regarding the processing of data about him/her, through a written/oral declaration or clear confirmatory action, as express consent.
All staff are responsible for ensuring that personal data processed by Smilest Clinic, which is their responsibility, is kept secure.
The security of personal data is ensured in accordance with Smilest Clinic’s KVK Policy and related documents.
Personal data can only be shared with third parties in accordance with law and equity. Accordingly, in order for personal data to be shared, one of the following conditions must be met:
Personal data may only be transferred abroad provided that the above conditions are met, adequate protection is provided in the target country, and the explicit consent of the data subject for such transfer is obtained.
When transferring personal data abroad, the list of countries with adequate protection determined by the Personal Data Protection Board is taken into account.
Personal data cannot be kept for longer than the period necessary for the purposes for which it is processed. The classification of records containing personal data and their storage periods are determined.
Personal data that has expired or is necessary for the purposes of processing is anonymised or deleted or destroyed in a way that prevents the identification of the data subject or the data subject from being identified upon the legitimate request of the data owner.
