POLICY ON SPECIAL QUALITY PERSONAL DATA

ALMİNA SPECIAL HEALTH SERVICES EMBERS. SPA TEAM. PRO. FROM. PRIVATE EDUCATION. and TUR. SINGING. TRADE LLC.

POLICY ON SPECIAL QUALITY PERSONAL DATA

SCOPE
The Protection of Special Qualified Personal Data is one of the top priorities for our Almina Private Health Services and Beauty Center, and it strives to comply with all applicable legislation.

In Article 6 of the Law on the Protection of Personal Data No. 6698 ("LAW"), some personal data that have the risk of causing victimhood or discrimination when processed illegally are determined as "SPECIAL QUALITY PERSONAL DATA".

Within the scope of special quality personal data, the race, ethnic origin, political opinion, belief, religion, sect or other beliefs, dress and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures and biometric and it enters the genetic data.

PROCESSING SPECIAL QUALITY PERSONAL DATA
Almina Private Health Services and Beauty Center pays special attention to the processing of Special Qualified Personal Data, which is believed to be more critical in terms of protection for the Data Owner / Relevant Person.

Special Quality Personal Data is processed by Almina Private Health Services and Beauty Center in accordance with the Law, provided that adequate measures are taken by the Board, in the presence of the following conditions:

· Personal data of special nature other than health and sexual life may be processed without the explicit consent of the data owner, if there is an explicit provision regarding the processing of personal data in the law, which is clearly stipulated in the laws. Otherwise, the explicit consent of the data owner will be obtained in order to process such special personal data.


Explicit consent by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of special quality personal data regarding health and sexual life, protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing can be processed without searching. Otherwise, the explicit consent of the data owner will be obtained in order to process such special personal data.

PRECAUTIONS FOR PROCESSING SPECIAL QUALITY PERSONAL DATA
Our Almina Private Health Services and Beauty Center takes the following measures as a data controller in the processing of Special Qualified Personal Data included in Article 6 of the Law, in accordance with the Board's decision dated 31.01.2018 and numbered 2018/10:

This policy, which is systematic, clearly defined, manageable and sustainable for the security of personal data of special nature, has been determined.
For Employees who are involved in the processing of special quality personal data,
Regular trainings are given on the law and related regulations and Special Quality Personal Data security,
Confidentiality agreements are made,
The authorization scopes and durations of users who have access to data are clearly defined,
Periodic authorization checks are carried out,
Employees who have a job change or leave their job are immediately removed from their authority in this field. In this context, it takes back the inventory assigned to it by the Data Controller.
The environments where Special Quality Personal Data is processed, stored and / or accessed, if it is an electronic environment,
Personal Data is stored using cryptographic methods,
Security updates of the environments where Personal Data are located are constantly monitored, necessary security tests are regularly carried out, test results are recorded,
If Personal Data is accessed through a software, user authorizations of this software are made, security tests of these software are carried out regularly, test results are recorded,
The environments where Special Quality Personal Data is processed, stored and / or accessed, if the physical environment;
Adequate security measures (against electrical leakage, fire, flood, theft, etc.) are taken according to the nature of the environment where Special Quality Personal Data is located,
By ensuring the physical security of these environments, unauthorized entries and exits are prevented.
If Special Quality Personal Data will be transferred
If Personal Data is to be transferred via e-mail, it is transferred encrypted using a corporate e-mail address or a Registered Electronic Mail (REP) account,
Portable Memory is encrypted if it needs to be transferred via media such as CDs and DVDs.
If transfer is carried out between servers in different physical environments, data transfer is carried out between servers using encrypted communication method,
Paper medium of Personal DataReal person whose personal data is / can be processed, such as employees of institutions, third parties and other persons including but not limited to those listed here.

Data Supervisor; Almina Private Health Services and Beauty Center, which determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Regulation; The provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017,

Expresses.

3 BASIC PRINCIPLES

The following basic principles have been adopted by our Almina Private Health Services and Beauty Center in the storage and disposal of personal data. According to this:

I- In the event that all the conditions for processing Personal Data specified in Articles 5 and 6 of the Law are eliminated, Personal Data are deleted, destroyed or anonymized by our Almina Private Health Services and Beauty Center either ex officio or upon the request of the Data Owner. Upon the request of the Data Owners reaching our Almina Private Health Services and Beauty Center, our Almina Private Health Services and Beauty Center:

1. If all the conditions for processing Personal Data have been eliminated, our Almina Private Health Services and Beauty Center deletes, destroys or anonymizes the Personal Data subject to the request. In this way, the request of the Data Owner is concluded within thirty (30) days at the latest and he is informed.

2. If the conditions for processing Personal Data are not completely eliminated, the request directed to our Almina Private Health Services and Beauty Center is rejected in accordance with the third paragraph of Article 13 of the Law, by providing justified information about the situation in question. In such a case, our rejection response is notified to the Data Owner within thirty (30) days, in writing or electronically.

3. If all the processing conditions of Personal Data are eliminated but the Personal Data subject to the Data Owner's request has been shared with third parties, the request directed to our Almina Private Health Services and Beauty Center is notified to the third party to whom the data is shared and the third party requests to take the necessary actions within the framework of this Policy and legislation. are provided and even provided.

II- Deletion, destruction and anonymization of Personal Data are carried out in accordance with the provisions of the relevant legislation, Board decisions and this Policy, in particular the technical and administrative measures to be taken within the scope of the principles enumerated in Article 4 and Article 12 of the Law. . In this context, in accordance with Article 4 of the Law:

1. Compliance with the law and good faith,

2. Accuracy and, when necessary, up-to-date,

3. Processing for certainty, clarity and legitimate purposes,

4. Being connected, limited and measured for the purpose for which they are processed,

5. Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed,

Its principles are priority for our Almina Private Health Services and Beauty Center.

Parallel to Article 12 of the Law, our Almina Private Health Services and Beauty Center:

a. To prevent the processing of Personal Data unlawfully,

b. To prevent unlawful access to Personal Data,

c. To ensure the protection of Personal Data,

In order to ensure the appropriate level of security, it takes the technical and administrative measures adopted in this Policy.

III- All transactions related to the deletion, destruction and anonymization of Personal Data are recorded by our Almina Private Health Services and Beauty Center, and these records, except for the other legal obligations of our Almina Private Health Services and Beauty Center, It is kept for the periods specified in the laws.

IV- Unless a contrary decision is taken by the Board, our Almina Private Health Services and Beauty Center selects the appropriate method of ex officio deletion, destruction or anonymization of Personal Data. In addition, at the request of the Data Owner, the appropriate method will be selected by explaining the justification or necessary feedback will be given to the Data Owner regarding why it was not selected.

4. RECORDING MEDIA

Our Almina Private Health Services and Beauty Center stores the Personal Data collected in the light of the general rules and principles regulated in the legislation regarding the privacy of Personal Data and in the light of international principles:

- Our Electronic Recording Media:

· All digital media such as computers, hard or portable discs, optical discs are included in Almina Private Health Services and Beauty Center.

- Our Physical Recording Media:

· Printed / Physical environments These are the environments in which data are kept by printing on paper or microfilms.

Personnel files of our Almina Private Health Services and Beauty Center,

Storage where files belonging to our patients are keptcabinets,

Storage cabinets and safe in our Almina Private Health Services and Beauty Center,

Lockers belonging to related units such as accounting and purchasing in our Almina Private Health Services and Beauty Center,

Archive.

LEGAL, TECHNICAL OR OTHER REASONS REQUIRING STORAGE AND DISPOSAL

Our Almina Private Health Services and Beauty Center can collect Personal Data from written, verbal or electronically transferred sources during personnel recruitment (application + personal file documents), patient examinations. In addition, IP (internet protocol) addresses and web logs are kept for the users who visit our website www.alminapoliklinigi.com, and the use of our website is facilitated through cookies. On the other hand, in order to ensure the legal security of our Almina Private Health Services and Beauty Center, the personal data of real persons or legal persons with whom we have established a contractual relationship are also stored as an annex to the contract.

Personal Data collected by Almina Private Health Services and Beauty Center are stored based on one or more of the personal data processing conditions specified in Articles 5 and 6 of the Law and are processed in accordance with Article 7 of the Law. In this context, Personal Data is stored during the validity of the conditions specified for the processing of Personal Data, when the processing conditions expire or upon the Data Owner's application to our Almina Private Health Services and Beauty Center (after checking other legal obligations that our Almina Private Health Services and Beauty Center must comply with, ) Personal Data stored upon request is deleted, destroyed or anonymized. In this context:

• The legislation is changed or repealed,

• Termination or invalidity of the contract for processing,

• The disappearance of the processing purposes and conditions,

• Withdrawal of consent in processing activities based on explicit consent,

• Application of the Data Owner for deletion-destruction-anonymization and acceptance of this application,

• The decision that the request made by the Personal Data Protection Board as a result of the application of the Data Owner and the rejection of this application should be met,

• The expiry of the storage period,

Periodic destruction operations carried out within the body of Almina Private Health Services and Beauty Center,

As a result, our Almina Private Health Services and Beauty Center deletes, destroys or anonymizes the Personal Data it collects.

The conditions listed in Articles 5 and 6 of the Law regarding the processing mentioned above and the purposes of processing Personal Data of our Almina Private Health Services and Beauty Center are also in the "General Policy on Processing and Protection of Personal Data" published by our Almina Private Health Services and Beauty Center. has been explained. We strongly recommend that you read our General Policy on Processing and Protection of Personal Data.

6. TECHNICAL AND ADMINISTRATIVE MEASURES

Almina Private Health Services and Beauty Center, in order to safely store and process Personal Data, to prevent illegal processing or access, and to delete and / or destroy these data in accordance with the law, has taken technical and administrative measures. In addition, if the legal, technical or other reasons required for the storage and processing of Personal Data are eliminated, the relevant process is meticulously audited and, accordingly, deletion, destruction or anonymization are carried out within the framework of the same technical and administrative measures.

In this context, the technical and administrative measures taken by Almina Private Health Services and Beauty Center according to the nature of the data to be protected, technological possibilities and application costs are as follows.

ADMINISTRATIVE MEASURES

Our Almina Private Health Services and Beauty Center takes the following administrative measures in accordance with the characteristics of the environment where the personal data is stored and the environment where the data is kept:

1. All processes related to data processing activities within our Almina Private Health Services and Beauty Center were analyzed on the basis of business units, and in this context, a "Personal Data Inventory" based on data subject categories and process-based processing was prepared.

With this inventory, our Personal Data processing activities that we carry out in connection with the business processes of our Almina Private Health Services and Beauty Center, our purposes for processing Personal Data, our data categories, our transmitted recipient groups, our data subject groups, our authorized units in data processing, and those required for the purposes for which the data is processed. Necessary details have been made on subjects such as maximum periods.

2.Information security of all employees who have access to personal data,Efforts are made to raise awareness and raise awareness on data and privacy issues.

3. Legal and technical consultancy services are obtained in order to follow developments in the fields of information security, privacy of private life and protection of personal data and to take necessary actions.

4. In case personal data is transferred to third parties due to technical or legal requirements, Confidentiality Agreements are signed with the relevant third parties in order to protect the personal data, and all necessary care is taken to ensure that the relevant third parties comply with their obligations in these protocols.

5. In the storage of Personal Data collected by our Almina Private Health Services and Beauty Center, the principle of limited access has been adopted for the purpose of access and for the personnel required by the job description. In this context, it is also taken into account whether the Personal Data stored in restricting access is of a general or private nature.

6. In the event that the processed Personal Data is illegally seized by third parties, this situation is first reported to the Almina Private Health Services and Beauty Center official (Data Supervisor representative) as soon as possible. Subsequently, the necessary notification is made to the Relevant Person / s and the Board about the situation.

7. Regarding the sharing of Personal Data, the contracts or documents that govern the legal relationship between our employees, business partners, suppliers and customers, and the privacy of shared personal data and how it should be processed and stored, or additional provisions on the "protection of personal data and data security" framework agreements are signed that include these issues, thus ensuring data security.

8.Almina Private Health Services and Beauty Center equips the personnel in the relevant units of Almina Private Health Services and Beauty Center with the necessary legal and technical information about the processing of Personal Data, and in this context, it provides its personnel with the necessary training within the scope of the legislation on protection of personal data and data security.

9. Our Almina Private Health Services and Beauty Center carries out the necessary audits and has them done in order to ensure that the provisions of the Law and the policies regarding data security of our Almina Private Health Services and Beauty Center are implemented before its legal entity. Confidentiality and security vulnerabilities that arise as a result of the audits are eliminated as soon as possible.

TECHNICAL MEASURES

1.Necessary internal controls are regularly carried out regarding the systems established for data security within the Almmina Private Health Services and Beauty Center and the processing, deletion, destruction or anonymization processes carried out within the framework of these systems.

3. In environments where personal data are kept, only up-to-date and secure systems in line with technological developments are used. Security systems are used for the environments where personal data are kept.

2. Within the scope of the established systems, the processes of risk assessment in the dimension of information technologies and realization of the necessary analysis are carried out.

3. It is ensured that the technical infrastructure that will prevent or observe the leakage of Personal Data out of our Almina Private Health Services and Beauty Center is provided and the relevant technical infrastructures are established.

4.Virus related to all electronic data recording systems, especially the security of digital Personal Data such as IP (internet protocol) addresses and web logs, cookies and pixel tags collected in relation to users visiting our www.alminapoliklinigi.com website. The software and hardware including protection systems and firewalls are provided by the relevant hosting company upon contract.

5.Almina Private Health Services and Beauty Center carries out monitoring activities with security cameras in order to establish security in the workplace and buildings. In this context, it acts in accordance with the Constitution, Law and other relevant legislation.

6. The camera recordings taken for security purposes also ensure that the personnel of our employees who are authorized to ensure data security are audited. In this framework, the records are periodically audited and the procedure to be followed about the violations detected within the framework of the relevant legislation and policies is followed.

7. In order to determine whether the stored and processed Personal Data are kept in accordance with the relevant legislation and the policies of Almina Private Health Services and Beauty Center, periodic or if deemed necessary, audits are carried out.

8.In our Almina Private Health Services and Beauty Center, the personnel of the unit who are authorized to access and in this context, especially Almina Private Health Services and Beauty Center employees, give personal data.5000 / 5000
Çeviri sonuçları
It is ensured that the access authorizations to the people are kept under control.

9. Backup programs are used in accordance with the law to ensure the safe storage of Personal Data.

10. All kinds of electronic media where Personal Data is stored are protected by encrypted or cryptographic methods to meet information security requirements. In this context, the information on the Almina Private Health Services and Beauty Center computers is USB, etc. It cannot be transferred to another device and cannot be taken out of Almina Private Health Services and Beauty Center.

7. PROCEDURES OF DELETING, EXTINGUISHING AND ANONYMIZING PERSONAL DATA

Almina Private Health Services and Beauty Center deletes, destroys or anonymizes the Personal Data it collects, either automatically or at the request of the Data Owner, in the event that the reasons for its processing disappear. In accordance with Article 28 of the Law, anonymized personal data can be processed for purposes such as research, planning and statistics. Such transactions carried out after anonymization are outside the scope of the Law, in this case, the explicit consent of the Personal Data Owner is not sought.

In this context, our Almina Private Health Services and Beauty Center selects one or more of the following deletion, destruction or anonymization methods, and the most appropriate method is followed:

Safe Deletion from Software:

Personal Data stored in digital environments within the body of Almina Private Health Services and Beauty Center are deleted from the relevant software in a way to make them inaccessible and unusable in any way for Relevant Users.

The deletion of the data in the electronic recording media in the programs we use, the removal of the access rights of the Related Users on the files on our central server or the directory where the files are located; Data can be deleted by deleting relevant lines in databases with database commands or by deleting Personal Data on removable media (USB, HDD, etc.) using appropriate software.

However, in cases where it is not possible to access some other data in the system due to the deletion of some Personal Data, the Personal Data subject to deletion can be archived by making it not associated with the relevant Data Owner; In this case, the relevant Personal Data is deemed to have been deleted. In such cases, Almina Private Health Services and Beauty Center takes all necessary technical and administrative measures to ensure that Personal Data can only be accessed by authorized persons.

Dimming Personal Data on Paper Media:

Personal Data collected in paper environment such as physical application forms, contracts, personal files collected for the continuation of the commercial activities of our Almina Private Health Services and Beauty Center can also be deleted by making them unreadable in the paper environment they are in. The blackout process is done by cutting the personal data on the relevant documents whenever possible, and making them invisible by using fixed ink in a way that is irreversible and cannot be read with technological solutions in cases where it is not possible.

Physical Destruction:

Personal Data collected by our Almina Private Health Services and Beauty Center and processed by non-automatic means, although it is part of our data recording systems, can also be destroyed by physical destruction of the Personal Data on the environment (paper, microfiche) in a way that does not allow them to be used later.

Overwriting:

Magnetic media and rewritable optical media used in our Almina Private Health Services and Beauty Center are a data destruction method that eliminates the possibility of reading and recovering old data by writing random numerical data through special software. Any reusable magnetic media with Personal Data on it is cleaned irreversibly, using the overwriting method.

Masking:

With the masking method, certain areas of the Personal Data are rendered incompatible with the real person who is the Data Owner by drawing, painting and / or staring. For example, an identity data belonging to the customer within our Almina Private Health Services and Beauty Center is removed from our database, making it impossible to identify the Data Owner.

Data Derivation:

Almina Private Health Services and Beauty Center can use some of the Personal Data, which it stores as a Data Officer, for marketing activities. In the event of situations that require deletion of such data from our database, our Almina Private Health Services and Beauty Center creates a more general content than the content of the Personal Data with the data derivation method and associates the Personal Data with any natural person. It is ensured that

Generalization:

The method of generalization of Personal Data, collecting a lot of data available in the database in our Almina Private Health Services and Beauty Center, making it unrelated to any real person, so that our Almina Private Health Services and Beauty Center is connected to the Data Owners but can follow some results without storing any Personal Data. It is used for the purpose.

8 STORAGE AND DESTRUCTION PERIODS

STORAGE PERIODS
           
Employee Recruitment documents and personal data based on notifications regarding the service period and wages made to the Social Security Institution are kept for 10 years after the termination of the service contract, and until the end of the process if a legal process is in progress.
Employee Recruitment documents made to the Social Security Institution; Personal data excluding personal data based on notifications regarding service period and wages are kept for 10 years after the termination of the service contract, or until the end of the process if a legal process is in progress.

The Data in the Employee Workplace Personal Health File is stored for 10 years after the termination of the service contract, or until the end of the process if a legal process is in progress,

Business Partner / Solution Partner / Consultant Business Partner / Solution Partner / Consultant and Identity information regarding the execution of the commercial relationship between Almina Private Health Services and Beauty Center, contact information, financial information, voice recordings from phone calls, Business Partner / Solution Partner / Consultant employee data are stored for 10 years after the termination of the relationship.
 
Client / Patient Client's name, surname, TRNC, contact information, payment information and methods, navigation information, voice records received from phone calls, product / service preferences, transaction history, special day information are stored for 10 years. If a legal process is underway, it is preserved until the process ends.


Identity information, contact information, financial information etc. obtained during the contract negotiations for the establishment of a commercial relationship between the Potential Customer and Almina Private Health Services and Beauty Center. the information is stored for a period of 2 years.


Institutions / Companies with which Almina Private Health Services and Beauty Center Cooperate (Supplier, Service Procurement etc.) Identity information regarding the execution of the commercial relationship between Almina Private Health Services and the Institution / Companies with which the Beauty Center is in cooperation and Almina Private Health Services and Beauty Center, contact information, financial information, and data of the Institution / Company employee with which Almina Private Health Services and Beauty Center is in cooperation are stored for 10 years after the termination of the contract. If a legal process is underway, it is preserved until the process ends.

NOTE: The fact that a longer period is regulated in accordance with the law and other legislation, or the statute of limitations, limitation periods, retention periods, etc. in accordance with the legislation. In the event that a longer period is stipulated for the purpose, the periods specified in the legislation are accepted as the maximum storage period.

DESTRUCTION TIMES

In the first periodic destruction process following the date when the obligation to delete, destroy or anonymize personal data for which it is responsible pursuant to the Law, other relevant legislation, Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy, after the termination of the service contract, deletes, destroys or anonymizes personal data.

When the person concerned requests the deletion or destruction of his personal data by applying to our Almina Private Health Services and Beauty Center pursuant to Articles 11 and 13 of the Law;
           
If all the conditions for processing personal data have disappeared; Almina Private Health Services and Beauty Center deletes, destroys or anonymizes the personal data subject to the request within 30 (thirty) days from the day it receives the request, by explaining the reason, with the appropriate disposal method.

In order for our Almina Private Health Services and Beauty Center to be deemed to have received the request, the person concerned must have made the request in accordance with the Personal Data Processing and Protection Policy. Our Almina Private Health Services and Beauty Center informs the relevant person about the procedure in any case.

If all the conditions for processing personal data are not eliminated, this request may be rejected by our Almina Private Health Services and Beauty Center by explaining the reason in accordance with the third paragraph of Article 13 of the Law, and the rejection response is notified to the relevant person in writing or by appropriate methods within 30 (thirty) days at the latest.

8. EFFECTIVENESS AND IMPLEMENTATION

In case all or certain articles of the policy are updated, the updates take effect on the date they are published. The policy is published on our website www.alminapoliklinigi.com in its most up-to-date form.

This Policy and our other Almina Private Health Services and Beauty Center policies, Almina Private Health ServicesIt is carried out by the authorities of our beauty center and beauty center. In case of conflict between this Policy and the Law or the relevant legislation, the provisions of the Law and other relevant legislation will be applied first.

regards