In accordance with Article 20 of the Constitution titled “Privacy of Private Life” and Law No. 6698 on the Protection of Personal Data (” Law “) and the provisions of the regulations and notifications in force, ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. The processing of personal data obtained by the Company, the protection of the fundamental rights and freedoms of data owners ( employees, employee candidates, suppliers, interns and other relevant third parties ), especially the right to privacy, and the data controller processing personal data to carry out data processing activities in accordance with the law, The purpose of this Policy is to determine the principles regarding the protection, storage and destruction of personal data when necessary.
Any information regarding an identified or identifiable natural person is treated as personal data by ARER POLİMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or Considering that all kinds of operations, such as preventing the use of data processing, are considered as data processing activities. FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Establishing the procedures and principles of the data processing activity carried out by us determines the scope of this Policy.
Your personal data has been prepared for the purposes described in this policy text and in accordance with the Regulation on the Protection of Privacy, relevant regulations and the rules shown in the regulations, notifications, decisions and guides published by the Board, especially Law No. 6698. FROM ARER POLİMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. If there is a change in the Law or other relevant legislation after the date of publication of the Policy and the Policy becomes incompatible with the change in question, the amended provisions and rules will be applicable. All notifications, decisions published by the Board and ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. and the rules stipulated in the Policy are kept up to date.
Policy, FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. It was published on the website https://arerpolimer.com/index.php and entered into force on the date of publication.
2.1. Ensuring the Security of Personal Data
According to Article 12 of Law No. 6698, the data controller;
It is obliged to take all necessary administrative and technical measures to ensure the appropriate level of security for this purpose .
For the reasons explained, ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. implements security measures to prevent personal data from being processed unlawfully, transferred and disclosed to third parties, unauthorized access and security deficiencies arising through other means . Explanations regarding the administrative and technical measures taken VI. It is included in the ADMINISTRATIVE AND TECHNICAL MEASURES TAKEN FOR THE PROTECTION OF PERSONAL DATA section.
2.2. Protection of Special Personal Data
Special categories of personal data may be processed by persons or authorized institutions and organizations under confidentiality obligations for financial planning and management purposes. In addition, all special personal data, regardless of type, can only be processed in accordance with the law if adequate measures are taken as determined by KVKK.
company activities; FROM ARER POLİMER with automatic or non-automatic methods. SPEED. SINGING. AND TRADE LTD. ŞTİ. For the purposes of planning and management of the financing provided by; Obtaining, recording, storing and changing through all channels, including social media applications such as websites, surveys, social responsibility, verbal, written, visual or electronic media, hotline/call center, website, verbal, written and similar channels, are rearranged and collected. Any operation performed on data within the scope of KVKK is considered “processing of personal data”.
In addition, your personal data may be processed when you use our hotline or website for service delivery, information, appointment, complaint or other purposes, or when you visit our clinic or website and browse this site.
Data that is sensitive due to its nature and that may cause victimization or discrimination to data owners if it falls into the hands of third parties are accepted as “Special” Qualified Personal Data” within the scope of the Law. Special personal data consists of data regarding the person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, criminal conviction and security measures, as well as biometric and genetic data . Sensitive personal data cannot be processed without the explicit consent of the data owner. FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. All necessary precautions are taken to protect special personal data, and it is essential that such data is not obtained and processed as much as possible.
III. ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Accordance with the Principles Provided in the Legislation
In accordance with Article 4 of the Law, the principles to be applied in the processing of your personal data are as follows:
3.2. Conditions for Processing Personal Data
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Personal data obtained by us cannot be processed without the explicit consent of the relevant person, except for the exceptions stipulated in the Law. Your personal data may be processed without explicit consent in the following cases:
3.3. Exceptions to the Obligation to Obtain Explicit Consent
One of the conditions for data processing is that it is clearly prescribed by law. Provisions in the law regarding the processing of personal data may constitute a condition for data processing. In such a case, explicit consent of the relevant person is not required.
In cases where it is necessary to protect the life or physical integrity of a person who is unable to express his or her consent due to actual impossibility or whose consent is not legally valid, the personal data of the person concerned may be processed without his or her explicit consent.
If data processing is deemed mandatory during the establishment or execution of a contract to which the data owner is a party, personal data may be processed without explicit consent.
ARER POLİMER DAN as the data controller. SPEED. SINGING. AND TRADE LTD. ŞTİ. Personal data may be processed without explicit consent in order to fulfill the legal obligations that must be fulfilled by .
Personal data that has been made public by the data owner, in other words, personal data that has been disclosed to the public in any way, can be processed without explicit consent. Even in this case, personal data that has been made public cannot be used for purposes other than its intended purpose.
In cases where it is mandatory for the establishment, exercise or protection of a right, it is possible to process the personal data of the relevant person without his/her explicit consent.
If the processing of personal data is mandatory for the data controller and the data processing activity will not harm the fundamental rights and freedoms of the relevant person, personal data may be processed without obtaining explicit consent.
The legitimate interest of the data controller is aimed at the interest and benefits that will be obtained as a result of the processing to be carried out. The benefit to be obtained by the data controller; It must be legitimate, related to a sufficiently effective, specific and existing interest that can compete with the fundamental rights and freedoms of the person concerned. It must be a transaction that is related to the current activities carried out by the data controller and will benefit him/her in the near future.
3.4. Processing of Special Personal Data
Processing of special categories of personal data is subject to Article 6 of the Law and processing is prohibited without the express consent of the relevant person.
Data regarding individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data of special quality is personal data. The data within this scope is limited and cannot be expanded through interpretation.
Due to its nature, personal data of special nature are data that may cause discrimination and victimization of the relevant person if learned. For this reason, they need to be protected much more strictly than other personal data.
3.5. Enlightening and Informing the Personal Data Owner
While obtaining personal data, ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. Data owners are informed in the capacity of data controller or by persons authorized by them. The procedures and principles regarding the information provided are from ARER POLİMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. About the Protection of Personal Data published by It is stated in the Information Texts and the information briefly includes the following elements:
According to Article 10 of the Law, data owners (employees, employee candidates, suppliers,
interns and other relevant third parties) are collected from ARER POLİMER DAN as the data controller. SPEED. SINGING. AND TRADE LTD. ŞTİ. is being processed and the contact of the relevant unit is info@arerpolimer.com email address or https://arerpolimer.com/index.php can be obtained from.
Processing of personal data is carried out for specific, clear and legitimate purposes and is based on the principle of informing data owners. The purposes for which your data are processed are determined by the Policy V. ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. It is included in the CATEGORIZATION AND PROCESSING PURPOSES section of PERSONAL DATA PROCESSED BY .
Within the framework of the data controller’s obligation to inform the data owner, the persons to whom personal data is transferred and the purposes of transfer must be clearly stated. Personal data cannot be transferred to third parties without the explicit consent of the data owner. FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Recipient groups to whom personal data is transferred and the purposes of transfer IV. It is shown in the TRANSFER OF PERSONAL DATA section.
In accordance with Articles 5 and 6 of the Law, the data controller must clearly state on which of the personal data processing conditions it is processed. Data collection method and medium are determined by the data controller. The conditions for processing personal data, that is, their compliance with the law, are listed in a limited number in the Law (Art. 5-6), and these conditions cannot be expanded.
The data controller is ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. It evaluates whether the purpose of the personal data processing activity is primarily based on one of the processing conditions other than explicit consent. If this purpose does not meet at least one of the conditions other than explicit consent specified in the Law, in this case, the person’s explicit consent is sought for the continuation of the data processing activity.
4.1. Domestic Transfer
Personal data cannot be transferred without the explicit consent of the relevant person. However:
If one of the specified conditions is met, it may be transferred without the express consent of the relevant person.
Accordingly, provided that (1) it is clearly foreseen by law, it is mandatory to protect the life or physical integrity of a person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not legally valid, (2) and is directly related to the establishment or execution of a contract, the contract may be concluded. It is necessary to process the personal data of the parties (3), it is mandatory for the data controller to fulfill its legal obligation (4), it is made public by the relevant person himself (5), data processing is mandatory for the establishment, exercise or protection of a right (6), If data processing is necessary for the legitimate interests of the data controller, personal data of the relevant person may be transferred to third parties without obtaining explicit consent, provided that the fundamental rights and freedoms of the relevant person are not harmed.
Your personal data and the purposes explained in this policy text and within the framework of the Personal Data Protection Law No. 6698, the Privacy Protection Regulation and relevant regulations;
In order to fulfill our contractual and legal obligations and to carry out the administrative, commercial and economic activities of our clinic, the Social Security Institution, the General Directorate of Security and other law enforcement agencies, CİMER, SABİM, the Ministry of Labor, the General Directorate of Population, courts and enforcement offices, regulatory and supervisory institutions, insurance is transferred to companies and other centers and their systems.
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Information about the recipient groups to which your personal data processed by is transferred is included in ANNEX 4 – Third Parties to whom Personal Data is Transferred and Purposes of Transfer of this Policy.
4.2. International Transfer
Personal data cannot be transferred abroad without the explicit consent of the relevant person. Provided that one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 of the Law is present and in the foreign country to which the personal data will be transferred;
It may be transferred abroad without the express consent of the person concerned .
Data subject contact persons ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. The data categorization obtained by and the purposes pursued in the processing of personal data are shown in the relevant sections of the information texts on our website for each category of relevant person.
ARER POLİMER DAN for safe storage of personal data and prevention of unlawful processing and access to personal data. SPEED. SINGING. AND TRADE LTD. ŞTİ. Administrative and technical measures are taken by the company.
To ensure personal data security, ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. ŞTİ. It is aimed to determine what all personal data processed by and the possibility of risks that may arise regarding the protection of these data; When determining these risks, whether personal data is special personal data (1), what level of confidentiality it requires due to its nature (2), and the nature and quantity of damage that may occur to the relevant person in the event of a security breach (3) are taken into account.
After identifying and prioritizing these risks; control and solution alternatives to reduce or eliminate such risks; It should be evaluated in line with the principles of cost, applicability and usefulness, and the necessary technical and administrative measures are planned and implemented.
6.1. Administrative Measures
It is of great importance to ensure personal data security that employees make the first response to attacks that may harm personal data security and cyber security, even if they have limited knowledge. For this reason, awareness and information activities are carried out in our internal organization as the data controller.
Providing necessary training to employees on issues such as not disclosing and sharing personal data unlawfully, carrying out awareness studies for employees and creating an environment where security risks can be identified; The roles and responsibilities of everyone working for the data controller, regardless of their position, regarding personal data security are determined in their job descriptions and it is ensured that employees are aware of their roles and responsibilities in this regard.
On the other hand, confidentiality agreements are signed as part of the recruitment process of employees, and a disciplinary process is implemented if employees do not comply with security policies and procedures.
there are any changes in the policies and procedures applied regarding personal data security, training is provided to inform and explain the change to employees and information about data security and security-related threats is kept up to date.
Personal data must be accurate and up-to-date when necessary in accordance with paragraphs (b) and (d) of Article 4 of the Law, and must be kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed. In this context, the data processed are processed in accordance with the principles and rules that must be observed in data processing activities, and are kept for the period required for the purpose for which they are processed, FROM ARER POLİMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. The retention periods of personal data processed by are set forth in VIII of this Policy . It is shown in the STORAGE AND DESTRUCTION OF PERSONAL DATA section.
The table below gives a summary of the administrative measures taken to ensure data security:
Administrative Measures |
Preparation of Personal Data Processing Inventory |
Corporate Policies (Access, Information Security, Use, Storage and Destruction, etc.) |
Agreements (Between Data Controller-Data Controller, Data Controller-Data Processor) |
Privacy Commitments |
Internal Periodic and/or Random Audits |
Risk Analysis |
Employment Contract, Disciplinary Regulation (Adding Legal Provisions) |
Corporate Communications (Crisis Management, Board and Relevant Person Informing Processes, Reputation Management, etc.) |
Training and Awareness Activities (Information Security and Law) |
Notification to Data Controllers Registry Information System (VERBİS) |
Personal Data Security Policies and Procedures |
Quick Reporting of Personal Data Security Issues |
Monitoring Personal Data Security |
Establishing Disciplinary Regulations Containing Data Security Provisions for Employees |
Reducing Personal Data as Much as Possible |
Preparation and Implementation of Corporate Policies on Access, Information Security, Use, Storage and Destruction |
Removal of Authorizations in This Area for Employees Who Have Changed Positions or Left Their Jobs |
Including Data Security Provisions in Signed Contracts |
Determining Current Risks and Threats |
Conducting Internal Periodic and/or Random Audits |
Protocols and Procedures for the Security of Special Personal Data have been Determined and Implemented |
Ensuring the Awareness of Data Processing Service Providers on Data Security |
6.2. Technical Measures
Firewalls and gateways are used among the measures taken to protect my information technology systems containing personal data against unauthorized access and threats of third parties over the internet. The firewall used ensures that violations to the information network are stopped, and the gateway restricts employees’ access to websites or online platforms that pose a threat to personal data security.
In addition, regular checks are provided to ensure that software and hardware are functioning properly and whether the security measures taken for the systems are sufficient. Access to systems containing personal data is limited, and within this scope, employees are granted access to the extent necessary for their work and duties, authority and responsibilities, and access to the relevant systems is provided by using a username and password. When creating these passwords, numbers or letter sequences that are associated with personal information and can be easily guessed are avoided as much as possible.
Access authorization and control matrices are created within the data controller organization, and products such as antivirus and antispam are used to regularly scan the information system network and detect threats to protect against malware.
In order to ensure data security, necessary precautions are taken to keep paper documents containing personal data, servers, backup devices, CDs, DVDs, USBs and other similar storage devices accessible only to authorized personnel, and to increase physical security in this regard.
The table below shows the administrative measures taken to ensure data security.
summary is given:
Technical Measures |
Authority Matrix |
Authorization Control |
Access Logs |
User Account Management |
Network Security |
Application Security |
encryption |
Intrusion Detection and Prevention Systems |
Data Loss Prevention Software |
Backup |
Firewalls |
Current Anti-Virus Systems |
Deletion, Destruction or Anonymization |
Key Management |
VII. PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT AT BUILDING, FACILITY ENTRANCES AND WITHIN THE BUILDING AND FACILITY
7.1. Camera Monitoring Activity Conducted at Building and Facility Entrances and Inside
ARER POLİMER DAN within the scope of the Law on Private Security Services. SPEED. SINGING. AND TRADE LTD. ŞTİ. Ensuring security in the building, work areas, common areas, parking lot and surrounding areas, FROM ARER POLİMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Camera monitoring activities are carried out in order to protect the interests of ensuring the safety of people and other people. Camera monitoring activity is carried out in accordance with the Law and is carried out within the scope of the data processing conditions listed both in the Law and in this Policy.
7.2. Tracking of Guest Entrance and Exit at the Building and Facility Entrances and Inside
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. ARER POLİMER DAN in order to control and monitor the entrances and exits of the building and to ensure security . SPEED. SINGING. AND TRADE LTD. ŞTİ. Identity information of visiting guests is subject to personal data processing. Personal data processed within the scope of this activity is limited to the sole purpose of checking in and out of guests, and the relevant personal data is recorded in the data recording system electronically or physically.
VIII. STORAGE AND DESTRUCTION OF PERSONAL DATA
8.1. Storage Periods of Personal Data
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Your personal data held by us is kept for as long as the data processing activity is necessary; If an obligation to delete, destroy or anonymize personal data arises, it will be deleted, destroyed or anonymized within the first periodic destruction period following the date on which this obligation arises.
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. acts in accordance with the general principles set out in Article 4 of the Law and the technical and administrative measures set out in Article 12 when deleting, destroying or anonymizing your personal data.
All transactions regarding the deletion, destruction or anonymization of personal data are recorded by us and are kept for at least 30 years during the processing of personal data in accordance with the legal obligation.
ARER POLİMER DAN regarding the storage and destruction of data. SPEED. SINGING. AND TRADE LTD. ŞTİ. The personal data expert personnel assigned by the company is the person responsible for the execution and supervision of the personal data storage and destruction policy.
8.2. Obligation to Delete, Destroy and Anonymize Personal Data
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Personal data processed by , the reasons that require processing in accordance with Article 7 of the Law and the provisions of the “Regulation on Deletion, Destruction or Anonymization of Personal Data” published in the Official Gazette dated 28 October 2017 and numbered 30224 prepared by the Personal Data Protection Board. If it disappears, it is deleted, destroyed or anonymized ex officio or upon the request of the relevant data owner.
Deletion of personal data is the process of making personal data inaccessible and unusable for the relevant users in any way.
All necessary technical and administrative measures are taken to ensure that deleted personal data are inaccessible and unusable for relevant users.
Destruction of personal data is the process of making personal data inaccessible, irretrievable and unusable by anyone. The data controller is obliged to take all necessary technical and administrative measures regarding the destruction of personal data.
Anonymization of personal data means making it impossible to associate personal data with an identified or identifiable natural person in any way, even if it is matched with other data.
Your personal data will be anonymized from ARER POLİMER DAN. SPEED. SINGING. AND TRADE LTD. Although all necessary technical and administrative measures are taken by ŞTİ, personal data is anonymized by applying methods in accordance with our storage and destruction policy.
8.3. Techniques for Deletion, Destruction and Anonymization of Personal Data
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Techniques for deleting, destroying or anonymizing personal data processed by is shown below, and which of the techniques will be applied may vary depending on the nature of the personal data processed.
For this purpose, first of all, determining the personal data that is subject to deletion, destruction or anonymization (1), identifying the relevant users for each personal data using an access authorization and control matrix or a similar system (2), determining the access of the relevant users, It is necessary to determine the authorizations and methods such as retrieval and reuse (3), and to close and eliminate the access, retrieval and reuse authorizations and methods of the relevant users within the scope of personal data (4).
for deleting personal data is as follows:
for the destruction of personal data is as follows:
9.1. Rights of Personal Data Owner
In accordance with Law No. 6698, as the data owner:
9.2. Exercise of Personal Data Owner’s Rights
Requests made by the data subject regarding the implementation of the Law, contact e-mail info@arerpolimer.com or AYDINLI MAH BEYOĞLU SAN SİT E1 BLOK NO: 26 – Tuzla / İSTANBUL FROM ARER POLİMER in written form to the address. SPEED. SINGING. AND TRADE LTD. It should be forwarded to ŞTİ. Application requests from ARER POLİMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. It is necessary to use the “Data Owner Application Form” published on the website by .
9.3. FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Responding to Applications
FROM ARER POLİMER as soon as possible, depending on the nature of the application request. SPEED. SINGING. AND TRADE LTD. ŞTİ. It is concluded by. This period cannot exceed 30 days from the date of proper notification of the request to us. However, if the process requires any cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.
APPENDIX – 1: Definitions
Explicit consent: Consent regarding a specific issue, based on being informed and expressed with free will,
Anonymization: Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Recipient group: The category of natural or legal person to whom personal data is transferred by the data controller,
Direct identifiers: Identifiers that, on their own, directly reveal, disclose and make distinguishable the person with whom they are related.
Indirect identifiers : Identifiers that, when combined with other identifiers, reveal, disclose and make distinguishable the person they are in a relationship with,
Relevant person: The real person whose personal data is processed,
Relevant user: Natural or legal persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data,
Destruction: Deletion, destruction or anonymization of personal data,
Law: Personal Data Protection Law No. 6698 dated 24/3/2016,
Blackening: Processes such as scratching, painting and icing all personal data in a way that cannot be associated with an identified or identifiable natural person,
Recording medium: Any environment containing personal data processed by fully or partially automatic or non-automatic means, provided that it is part of any data recording system,
Personal data: Any information regarding an identified or identifiable natural person,
Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system, Any operation performed on data such as classifying or preventing its use,
Board : Personal Data Protection Board,
Institution : Personal Data Protection Authority,
Data processor : Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
Data recording system: The recording system in which personal data is structured and processed according to certain criteria,
Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Identity Information : Your name, surname, TR ID number, passport number or temporary TR ID number, place and date of birth, marital status, gender, and other identification data by which we can identify you;
Contact Information : Your address, telephone number, e-mail address and other contact data, voice call records kept by customer representatives in accordance with call center standards, and your personal data obtained when you contact us via e-mail, letter or other means;
Accounting Information : Your financial data such as your bank account number, IBAN number, credit card information, billing information; Your private data for the purpose of financing and planning services; If you visit our company, your camera recordings are kept for security and control purposes,
ANNEX – 2: Personal Data Owners (Relevant Persons)
Data Owner Categories | Explanation |
Worker | It refers to the people working within the company . |
Employee Candidate | It refers to real persons who apply for a job by sending a CV to the Company or by other methods. |
Intern | It refers to people who practically use the profession they received training within the company to increase their professional knowledge. |
Supplier | It refers to real persons and legal entity employees from whom services are supplied. |
Other Related Third Parties | It refers to people other than those who apply to or communicate with the Company . |
ANNEX – 3: Third Parties to whom Personal Data is Transferred
Transferred Person/Unit | Purpose of Transfer |
Social Security Institution | Transfer of information for the purpose of carrying out the transactions of employees and candidate employees within the scope of Social Security. |
Authorized Public Institutions and Organizations | Limited sharing/transfer of information and documents requested by the Company to relevant public institutions and organizations . |
Suppliers | Transfer of personal data on a limited basis for the purpose of providing services received from suppliers. |
FROM ARER POLYMER. SPEED. SINGING. AND TRADE LTD. ŞTİ. Any personal data obtained by us may be processed for the purposes listed; confirming your identity, protection of public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of its financing, planning and management of the functioning of our clinic and daily operations, supply of medicines, informing you about the appointment if you make an appointment, risk management and quality improvement making evaluations, conducting research, fulfilling legal and regulatory requirements in order to improve the performance of its activities, confirming your relationship with the institutions contracted with the Company , invoicing for our services, sharing the requested information with companies within the scope of financing the services, relevant public institutions and organizations in accordance with the relevant legislation. sharing the requested information with, responding to all your questions and complaints regarding our services, taking all necessary technical and administrative measures within the scope of data security of our clinic’s systems and applications, analyzing your use of the services and storing your data in order to develop and improve the services we offer, with regulatory and supervisory institutions, Providing the necessary information in line with the requests and inspections of the official authorities, training and development of our employees, monitoring and preventing abuse and unauthorized transactions and reversing the transactions, preserving information regarding your data that must be kept in accordance with the relevant legislation, providing financial reconciliation with the institutions we have agreements with regarding the services provided to you, Measuring customer satisfaction and including but not limited to the execution, development and financing planning and management of medical diagnosis, treatment and care services, increasing customer satisfaction, research and similar purposes.
ANNEX-5: Durations
Personal Data Category | Storage Period | Legal Basis |
All Records Regarding Accounting and Financial Transactions | 10 years | Law No. 6102, Law No. 213 |
Cookies and Logs | 6 Months – Maximum 2 Years | Internet Law No. 5651 |
Personal Data Regarding Suppliers | 10 Years after the legal relationship ends | Law No. 6102, Law No. 6098 and Law No. 213 |
Personal Data Protection Board Procedures | 10 years | Personal Data Protection Agency Personal Data Storage and Destruction Policy Published by KVKK |
Contracts | 10 Years from Termination of Contract | Law No. 6102 and Law No. 6098 |
Human Resources Processes | 10 Years from the End of the Activity | Labor Law No. 4857 and Related Legislation |
Data Regarding the Personnel File Kept Within the Scope of the Labor Law | 10 Years from the termination of the Business Relationship | Labor Law No. 4857 and Related Legislation and Turkish Code of Obligations No. 6098 |
Data kept within the scope of SSI Legislation (Employment declarations, bonus/service documents, etc.) | 10 Years from the termination of the Business Relationship | Social Insurance No. 5510 and Related Legislation |
Job Application: If the Application is Not Accepted, Data Regarding Candidate Applications (CV, Resume, Cover Letter, Application Form , etc.) | 1 year | Sectoral practices apply. |
Personal Data Processed in Contractual Relationships | 10 Years Following the Termination of the Contract | Turkish Code of Obligations No. 6098 |
Personal Data Regarding Tax Records | 5 years | Tax Procedure Law No. 213 |
Personal Data Processed for Security Purposes Pursuant to CCTV Cameras (Camera Recordings) | 90 Days | Sectoral Custom |
Traffic Information Processed During the Use of the Service Internet Network, Internet Login and Remote Connection (IP address, start and end time of the service provided, type of service used, amount of data transferred and subscriber identification information, if any, etc.) | 2 years | Law No. 5651 on Regulating Publications Made on the Internet and Combating Crimes Committed Through These Publications |
