PDPL

Chapter 1 – Preamble

Introduction

In DR. LİDA ÇİTELİ, we show sensitivity towards the safety of your personal data. It is our priority to process and keep any types of personal data belonging to persons related to us, including our patients and clients, in conformity with the Personal Data Protection Law No. 6698 (KVKK).

Objective

The objective of this Policy is to protect and process personal data in conformity with legal legislation and to determine the principles and procedures regarding deletion, disposal, and anonymization of processed personal data.

Scope

This Policy applies to personal data of our patients, clients, website users, employees, candidates, and business partners processed automatically or non-automatically as part of any data recording system.

Enforcement

This Policy became effective on 01.01.2021. It may be updated due to legal changes or changes in the data processing operations of the office.

Chapter 2 – General Considerations Regarding Processing

DR. LİDA ÇİTELİ acts in conformity with the following principles:

• Lawfulness and Good Faith: Processing is conducted transparently and legally.
• Accuracy and Timeliness: Data is kept accurate and updated as required.
• Specific and Legitimate Purposes: Processing purposes are clearly defined.
• Relevance and Proportionality: Processing is limited to what is necessary for the purpose.
• Storage Limitation: Data is stored only for the period laid down by legislation or required for the purpose.

Chapter 3 – Categories and Purposes

Personal Data Categories

• ID Data: Name-surname, ID number, sex, nationality, birth details.
• Contact Data: Phone number, address, email.
• Financial Data: Bank details, IBAN, payment records.
• Special Categories: Health data, biometric data, blood group.
• Process Security: IP addresses, log records.

Processing Purposes

• Planning and execution of medical and aesthetic services.
• Managing advertisement and marketing activities.
• Handling requests, suggestions, and complaints.
• Fulfilling legal reporting obligations to public institutions.

Chapter 4 – Data Protection Measures

Technical Measures

• Use of secure software, firewalls, and anti-virus systems.
• Access authority is limited and regularly reviewed.
• Security tests are conducted to identify and resolve vulnerabilities.
• Encrypted transfer of data from portable media (USB/CD/DVD).

Administrative Measures

• Establishment of a Personal Data Protection Committee.
• Regular training of employees on data privacy laws.
• Inclusion of data security provisions in contracts with third parties.

Chapter 5 – Retention and Disposal

Personal data is stored in secure electronic and physical environments. Data is disposed of when the processing purpose ends or the legal storage period expires. Periodic disposal occurs every 6 months.

Disposal Methods

• Deletion: Rendering data inaccessible to relevant users.
• Physical Disposal: Incineration or shredding of physical documents.
• Anonymization: Rendering data impossible to associate with an identifiable person.

Chapter 6 – Rights of the Data Subject

In accordance with Article 11 of KVKK, you have the right to:

• Learn whether your personal data is processed.
• Request information if processed.
• Learn the purpose of processing.
• Know the third parties to whom data is transferred.
• Request correction of incomplete or incorrect data.
• Request deletion or destruction under legal conditions.
• Object to results generated exclusively via automated systems.
• Request compensation for damages due to unlawful processing.

Annex-1 – Retention and Disposal Periods