{"id":16838,"date":"2025-01-06T13:20:15","date_gmt":"2025-01-06T10:20:15","guid":{"rendered":"https:\/\/www.alfa3dtasarim.com.tr\/durdanekeskin\/?page_id=16838"},"modified":"2025-01-10T18:45:28","modified_gmt":"2025-01-10T15:45:28","slug":"kvkk-policy","status":"publish","type":"page","link":"https:\/\/www.durdanekeskin.com\/english\/kvkk-policy\/","title":{"rendered":"KVKK Policy"},"content":{"rendered":"<div class=\"site-main\">\n<div class=\"container maincontent \">\n<div class=\"cat-content\">\n<p>1.INTRODUCTION<\/p>\n<p>1.1 Purpose<\/p>\n<p>Personal Data Retention and Disposal Policy (\u201cPolicy\u201d), \u201cOp.Dr.D\u00fcrdane Keskin\u201d (\u201cThe Institution\u201d) has been prepared in order to determine the procedures and principles regarding the work and transactions related to the storage and destruction activities being carried out.<\/p>\n<p>Institution; Institution employees, employee candidates, patients, suppliers, service providers, visitors and other third parties personal data belonging to T.R. Its Constitution prioritizes processing in accordance with international conventions, the Law on the Protection of Personal Data No. 6698 (\u201cLaw\u201d) and other relevant legislation, and ensuring that the relevant persons use their rights effectively. Works and transactions regarding the storage and destruction of personal data are carried out in accordance with the Policy prepared by the Institution in this direction.<\/p>\n<p>1.2 Scope<\/p>\n<p>The personal data of the Institution\u2019s employees, employee candidates, patients, suppliers, service providers, visitors and other third parties are within the scope of this Policy, and this Policy is applied in all recording environments where personal data owned or managed by the Institution are processed, and in activities for personal data processing.<\/p>\n<p>1.3 Abbreviations and Definitions<\/p>\n<p>Recipient Group:\u00a0The natural or legal person category to which personal data is transferred by the data controller.<\/p>\n<p>Explicit Consent:\u00a0Consent on a specific subject, based on information and expressed with free will.<\/p>\n<p>Anonymization:\u00a0Making personal data cannot be associated with an identified or identifiable natural person in any way, even by matching with other data.<\/p>\n<p>Employee:\u00a0\u201cOp.Dr.D\u00fcrdane Keskin\u201d\u00a0\u00a0 Institution personnel.<\/p>\n<p>Patient\u00a0:\u00a0The person receiving health and medical treatment services from \u201cOp.Dr.D\u00fcrdane Keskin\u201d.<\/p>\n<p>Electronic Media:\u00a0The environments where personal data can be created, read, changed and written with electronic devices.<\/p>\n<p>Non-Electronic Media:\u00a0All written, printed, visual, etc. other than electronic media. other environments.<\/p>\n<p>Service Provider: A natural or legal person who provides services within the framework of a certain contract with the Personal Data Protection Authority.<\/p>\n<p>Relevant Person :\u00a0The natural person whose personal data are processed.<\/p>\n<p>Relevant User:\u00a0Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for technical storage, protection and backup of the data.<\/p>\n<p>Destruction:\u00a0Deletion, destruction or anonymization of personal data.<\/p>\n<p>Law : Law on Protection of Personal Data No. 6698.<\/p>\n<p>Recording Environment:\u00a0Any environment in which personal data is processed wholly or partially automatically or non-automatically provided that it is a part of any data recording system.<\/p>\n<p>Personal Data:\u00a0Any information relating to an identified or identifiable natural person.<\/p>\n<p>Personal Data Processing Inventory:\u00a0Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which they have created by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group and the data subject group, by explaining the maximum storage period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries, and the measures taken regarding data security.<\/p>\n<p>Processing of Personal Data:\u00a0Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data fully or partially automatically or non-automatically provided that it is a part of any data recording system or any kind of operation performed on the data, such as preventing its use.<\/p>\n<p>Special Qualified Personal Data:\u00a0The data regarding the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data and genetic data.<\/p>\n<p>Periodic Destruction:\u00a0The deletion, destruction or anonymization process that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the conditions for processing personal data in the law are eliminated.<\/p>\n<p>Policy:\u00a0Personal Data Storage and Disposal Policy<\/p>\n<p>Data Processor:\u00a0The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.<\/p>\n<p>Data Registration System:\u00a0The registration system in which personal data is processed and structured according to certain criteria.<\/p>\n<p>Data Controller :\u00a0The real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.<\/p>\n<p>Data Controllers\u00a0Registry Information System:\u00a0An information system created and managed by the Presidency, accessible over the internet, to be used by data controllers in their application to the Registry and other related transactions related to the Registry.<\/p>\n<p>VERBIS :\u00a0Data Controllers Registry Information System<\/p>\n<p>Regulation: The Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.<\/p>\n<p>2. DISTRIBUTION OF RESPONSIBILITIES AND DUTIES<\/p>\n<p>All units and employees of the institution, by the responsible units, the necessary implementation of the technical and administrative measures taken within the scope of the Policy, increasing the training and awareness of the unit employees, monitoring and continuous inspection of personal data, preventing the illegal processing of personal data, preventing unlawful access to personal data and It actively supports the responsible units in taking technical and administrative measures to ensure data security in all environments where personal data is processed in order to ensure that it is stored in accordance with the law. The distribution of the titles, units and job descriptions of those involved in the storage and destruction processes of personal data is given in Table 1.<\/p>\n<p>Table 1: Task distribution of storage and disposal processes<\/p>\n<p>TITLE MISSION<br \/>\nThe Data Manager is responsible for the employees to act in accordance with the policy.<br \/>\nThe Data Manager is responsible for preparing, developing, executing, publishing and updating the Policy in the relevant media, canceling and keeping it with the decision of the Institution.<br \/>\nThe Data Security Officer is responsible for providing the technical solutions needed in the implementation of the Policy.<br \/>\nOther Units are responsible for the execution of the Policy in accordance with their Duties and the duties defined by the internal directive.<\/p>\n<p>3. RECORDING ENVIRONMENTS<\/p>\n<p>Personal data is stored safely by the Institution in the environments listed below, in accordance with the law.<\/p>\n<p>Table 2: Personal data storage environments<\/p>\n<p>Electronic Media Non-Electronic Media<\/p>\n<p>Servers (Domain, backup, email, database, web, file sharing, etc.)<\/p>\n<p>Software (office software, portal, EBYS, VERBIS.)<br \/>\nInformation security devices (firewall, intrusion detection and prevention, log file, antivirus, etc.)<br \/>\nPersonal computers (Desktop, laptop)<br \/>\nMobile devices (phone, tablet, etc.)<br \/>\nOptical discs (CD, DVD, etc.)<br \/>\nRemovable memories (USB, Memory Card etc.)<br \/>\nPrinter, scanner, copier<\/p>\n<p>Paper<br \/>\nManual data recording systems (survey forms, visitor logbook)<br \/>\nWritten, printed, visual media<\/p>\n<p>4. EXPLANATIONS ON STORAGE AND DISPOSAL<\/p>\n<p>By the institution; Personal data belonging to employees of third parties, institutions or organizations that are in contact as employees, employee candidates, patients, suppliers, visitors and service providers are stored and destroyed in accordance with the Law. In this context, detailed explanations regarding storage and disposal are given below, respectively.<\/p>\n<p>4.1 Remarks on Retention<\/p>\n<p>In Article 3 of the Law, the concept of processing personal data is defined, in Article 4 it is stated that the processed personal data should be related to the purpose for which they are processed, limited and measured, and should be kept for the period required for the purpose for which they are processed or as stipulated in the relevant legislation. counted. Accordingly, within the framework of the activities of our Institution, personal data is stored for a period of time stipulated in the relevant legislation or suitable for our processing purposes.<\/p>\n<p>4.1.1 Legal Reasons for Retention<\/p>\n<p>Personal data processed within the framework of its activities in the institution are kept for the period stipulated in the relevant legislation. In this context, personal data;<\/p>\n<p>Law No. 6698 on the Protection of Personal Data,<br \/>\nLaw No. 5651,<br \/>\nTurkish Code of Obligations No. 6098,<br \/>\nTurkish Commercial Code No. 4721,<br \/>\nLaw No. 6563<br \/>\nPrivate Health Insurance regulation and related legislation<br \/>\nPatient Rights Regulation and related legislation<br \/>\nCode of Deontology,<br \/>\nSocial Insurance and General Health Insurance Law No. 5510, insurance legislation<br \/>\nOccupational Health and Safety Law No. 6331,<br \/>\nLaw on Access to Information No. 4982,<br \/>\nLaw No. 3071 on the Use of the Right to Petition,<br \/>\nLabor Law No. 4857,<br \/>\nRetirement Health Law No. 5434,<br \/>\nSocial Services Law No. 2828<br \/>\nRegulation on Health and Safety Measures to be Taken in Workplace Buildings and Attachments,<br \/>\nRegulation on Archive Services<br \/>\nIt is stored as long as the storage periods stipulated in the framework of other secondary regulations in force in accordance with these laws.<\/p>\n<p>4.1.2 Processing Purposes Requiring Storage<\/p>\n<ul>\n<li>The Institution stores the personal data it processes within the framework of its activities for the following purposes.Performance of health service<br \/>\nBilling processes<br \/>\nManaging human resources processes.<br \/>\nTo provide corporate communication.<br \/>\nInstitutional security and control,<br \/>\nTo ensure data security,<br \/>\nEnsuring physical security of the corporate interior,<br \/>\nStaff education,<br \/>\nTo be able to perform work and transactions as a result of signed contracts and protocols.<br \/>\nWithin the scope of VERBIS, to determine the preferences and needs of employees, data controllers, contact persons, data controller representatives and data processors, to organize the services provided accordingly and to update them if necessary.<br \/>\nTo ensure the fulfillment of legal obligations as required or mandated by legal regulations.<br \/>\nTo liaise with real \/ legal persons who have a business relationship with the Institution.<br \/>\nFor information purposes on social media accounts<br \/>\nBeing able to send sms, electronic messages, answer questions and complaints within the scope of health services<br \/>\nProcurement of financial consultancy, legal consultancy services<br \/>\nObligation of proof as evidence in legal disputes that may arise in the future.<\/li>\n<\/ul>\n<p>Personal data;<\/p>\n<p>Changing or repealing the provisions of the relevant legislation, which is the basis for processing,<br \/>\nThe disappearance of the purpose that requires processing or storage,<br \/>\nIn cases where the processing of personal data takes place only on the basis of explicit consent, the data subject withdraws his explicit consent,<br \/>\nIn accordance with Article 11 of the Law, the application made by the Authority regarding the deletion and destruction of personal data within the framework of the rights of the person concerned,<br \/>\nIn the event that the Institution rejects the application made by the person concerned with the request for the deletion, destruction or anonymization of his personal data, finds the answer insufficient or does not respond within the time stipulated in the Law; the person concerned makes a complaint to the Personal Data Protection Authority and this request is approved by the Personal Data Protection Authority,<br \/>\nIn cases where the maximum period requiring the storage of personal data has passed and there is no condition to justify keeping the personal data for a longer period, it is deleted, destroyed or ex officio deleted, destroyed or anonymized by the Institution upon the request of the person concerned.<\/p>\n<p>4.2 Reasons for Disposal<\/p>\n<p>&nbsp;<\/p>\n<p>5. TECHNICAL AND ADMINISTRATIVE MEASURES<\/p>\n<p>In accordance with Article 12 of the Law and the fourth paragraph of Article 6 of the Law, in accordance with the adequate measures determined and announced by the Board for personal data to be stored securely, to prevent unlawful processing and access, and to destroy personal data in accordance with the law, technical and administrative measures are taken.<\/p>\n<p>5.1 Technical Measures<\/p>\n<p>The technical measures taken by the Institution regarding the personal data it processes are listed below:<\/p>\n<p>With the penetration tests, the risks, threats, vulnerabilities and vulnerabilities, if any, regarding the information systems of our Institution are revealed and necessary precautions are taken.<br \/>\nAs a result of real-time analysis with information security incident management, risks and threats that will affect the continuity of information systems are constantly monitored.<br \/>\nNecessary measures are taken for the physical security of the information systems equipment, software and data of the institution.<br \/>\nIn order to ensure the security of information systems against environmental threats, hardware (access control system that allows only authorized personnel to enter the system room, 24\/7 employee monitoring system, physical security of the edge switches that make up the local area network, fire extinguishing system, air conditioning system, physical data storage system) The keys of the media (archive, accounting, patient files, etc.) are only available to the authorized person, etc.) and software (firewalls, attack prevention systems, anti-virus software, log tracking system, network access control, systems that prevent malware, etc.) precautions is taken.<br \/>\nRisks to prevent unlawful processing of personal data are determined, appropriate technical measures are taken to ensure that these risks are taken, technical controls are carried out for the measures taken, and data processing support is received regularly.<br \/>\nBy establishing access procedures within the institution, reporting and analysis studies are carried out regarding access to personal data.<br \/>\nInappropriate access or access attempts are kept under control by recording the accesses to the storage areas where personal data is stored.<br \/>\nThe Institution takes the necessary measures to ensure that the deleted personal data is inaccessible and reusable for the relevant users.<br \/>\nIn case personal data is obtained by others unlawfully, a system and infrastructure has been established by the Authority to notify the relevant person and the Board.<br \/>\nSecurity vulnerabilities are monitored, appropriate security patches are installed and information systems are kept up-to-date.<br \/>\nStrong passwords are used in electronic environments where personal data is processed.<br \/>\nSecure record keeping (logging) systems are used in electronic environments where personal data is processed.<br \/>\nData backup programs are used to keep personal data safe.<br \/>\nAccess to personal data stored in electronic or non-electronic media is limited according to access principles.<br \/>\nNecessary disclosures have been made for special quality personal data, and express consent has been obtained when deemed necessary by law.<br \/>\nSpecial quality personal data security trainings have been provided for employees involved in special quality personal data processing, confidentiality agreements have been made, and the authorizations of users who have access to data have been defined.<br \/>\nAdequate security measures are taken for the physical environments where sensitive personal data is processed, stored and\/or accessed, and unauthorized entries and exits are prevented by ensuring physical security.<br \/>\nIf sensitive personal data needs to be transferred via e-mail, it is transferred in encrypted form with a corporate e-mail address or by using a KEP account. If it needs to be transferred via media such as portable memory, CD, DVD, it is encrypted with cryptographic methods and the cryptographic key is kept in a different environment. If transferring is carried out between servers in different physical environments, data transfer is carried out by establishing a VPN between servers or by FTP method. If it is required to be transferred via paper media, necessary precautions are taken against the risks such as theft, loss or viewing of the document by unauthorized persons, and the document is sent in a \u201cconfidential\u201d format.<\/p>\n<p>5.2 Administrative Measures<\/p>\n<p>Administrative measures taken by the Institution regarding the personal data it processes are listed below:<\/p>\n<p>In-house trainings are provided to improve the quality of employees, to prevent the illegal processing of personal data, to prevent illegal access to personal data, and to ensure the protection of personal data.<br \/>\nRegarding the activities carried out by the institution, the employees and the suppliers, etc. from which the service is purchased. Confidentiality agreements are signed by private and legal persons.<br \/>\nLegal action is taken against employees who do not comply with security policies and procedures.<br \/>\nKVKK Disciplinary Policy has been prepared.<br \/>\nKVKK Institutional Internal Directive has been prepared.<br \/>\nKVKK Cookie Policy has been prepared.<br \/>\nKVKK Application Form has been prepared.<br \/>\nBefore starting to process personal data, the Authority fulfills the obligation to inform the relevant persons, and obtains the consent of the relevant persons when deemed necessary by the law.<br \/>\nClarification and Consent Forms have been prepared.<br \/>\nIn-office\/Physical place KVK information is available.<br \/>\nPersonnel Contracts are in compliance with KVK.<br \/>\nPersonal data processing inventory has been prepared.<br \/>\nPeriodic and random audits are carried out within the institution.<br \/>\nInformation security trainings are provided for employees.<br \/>\nPhysical environments containing personal data are secured against external risks (fire, flood, etc.).<br \/>\nPersonal data is reduced as much as possible.<br \/>\nProtocols and procedures for special quality personal data security have been determined and implemented.<br \/>\nKVKK measures required by the pandemic process have been taken, and necessary illumination and information are provided to our patients and staff.<\/p>\n<p>6. PERSONAL DATA DISPOSAL TECHNIQUES<\/p>\n<p>At the end of the storage period required for the period stipulated in the relevant legislation or for the purpose for which they are processed, personal data is destroyed by the Institution ex officio or upon the application of the relevant person, again in accordance with the provisions of the relevant legislation, with the following techniques.<\/p>\n<p>6.1 Deletion of Personal Data<\/p>\n<p>Personal data is deleted with the methods given in Table-3.<\/p>\n<p>Table 3: Deletion of Personal Data<\/p>\n<p>Data Recording Media Description<br \/>\nPersonal Data on the Servers For the personal data on the servers that require their storage, the system administrator removes the access authorization of the relevant users and deletes them.<br \/>\nPersonal Data in the Electronic Media The personal data in the electronic media, which require their storage, are rendered inaccessible and non-reusable in any way for other employees (related users) except the database administrator.<br \/>\nPersonal Data in the Physical Environment Personal data kept in the physical medium is rendered inaccessible and unusable in any way for other employees, except for the unit manager responsible for the document archive, for those whose period has expired. In addition, the process of blackening is applied by drawing\/painting\/erasing in a way that cannot be read.<br \/>\nPersonal Data in Portable Media Among the personal data kept in Flash-based storage media, the ones that have expired are encrypted by the system administrator and the access authorization is given only to the system administrator, and they are stored in secure environments with encryption keys.<\/p>\n<p>6.2 Destruction of Personal Data<\/p>\n<p>Personal data is destroyed by the methods given in Table-4 by the Institution.<\/p>\n<p>Table 4: Destruction of Personal Data<\/p>\n<p>Personal Data in the Physical Media Personal data in the paper media, which require storage, are irreversibly destroyed.<br \/>\nPersonal Data in Optical \/ Magnetic Media Among the personal data in optical media and magnetic media, physical destruction is applied, such as melting, burning or pulverizing the expired personal data. In addition, magnetic media is passed through a special device and exposed to a high magnetic field, making the data on it unreadable.<\/p>\n<p>6.3 Anonymization of Personal Data<\/p>\n<p>Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.<\/p>\n<p>In order for personal data to be anonymized; Personal data must be rendered unrelated to an identified or identifiable natural person, even by using appropriate techniques for the recording medium and the relevant field of activity, such as returning personal data by the data controller or third parties and\/or matching the data with other data.<\/p>\n<p>7. STORAGE AND DISPOSAL TIMES<\/p>\n<p>Regarding the personal data being processed by the Institution within the scope of its activities;<\/p>\n<p>Personal data-based storage periods for all personal data within the scope of activities carried out in connection with processes are in the Personal Data Processing Inventory;<br \/>\nStorage periods on the basis of data categories are recorded in VERBIS;<br \/>\nProcess-based retention periods are included in the Personal Data Retention and Disposal Policy.<\/p>\n<p>If necessary, updates are made on the said retention periods by the Institution Manager. For personal data whose storage period has expired, ex officio deletion, destruction or anonymization is carried out by the Data Security Officer.<\/p>\n<p>Table 5: Process-based storage and disposal times table<\/p>\n<p>Preparation and Performance of Contracts 10 years following the expiry of the contract In the first periodic destruction period following the end of the storage period<\/p>\n<p>Execution of Corporate Communication Activities 10 years following the end of the activity In the first periodic destruction period following the end of the storage period<\/p>\n<p>PROCESS STORAGE TIME DISPOSAL TIME<br \/>\nExecution of patient registration and diagnosis and treatment processes 20 years from the completion of the process In the first periodic destruction period following the end of the storage period<br \/>\nExecution of services (communication, etc.) outside the institution\u2019s treatment processes Preparation of contracts 10 years from the completion of the process 10 years from the completion of the process In the first periodical destruction period following the end of the storage period In the first periodical destruction period following the end of the storage period<br \/>\nAccounting Processes 10 years from the completion of the process In the first periodic destruction period following the end of the retention period<br \/>\nExecution of Human Resources Processes Severance pay, notice pay payments, documents, payroll information of the personnel leaving the job 10 years from the completion of the process 5 years from the date of termination of the employment contract In the first periodical destruction period following the end of the storage period In the first periodical destruction period following the end of the storage period<\/p>\n<p>Log Log Tracking SystemsExecution of Hardware and Software Access Processes<\/p>\n<p>Camera Recordings<\/p>\n<p>Data on Customers and Potential Customers (cookies, cookies)<\/p>\n<p>IYS Records<\/p>\n<p>2 years from completion of the process 2 years<\/p>\n<p>1 month after registration<\/p>\n<p>13 Months<\/p>\n<p>For 3 years from the date of registration<\/p>\n<p>In the first periodic destruction period following the end of the storage period In the first periodic destruction period following the end of the storage period<\/p>\n<p>At the first periodic disposal period following the end of the storage period<\/p>\n<p>At the first periodic disposal period following the end of the storage period<\/p>\n<p>At the first periodic disposal period following the end of the storage period<\/p>\n<p>PERIODIC DISPOSAL TIME<\/p>\n<p>Pursuant to Article 11 of the Regulation, the Authority has determined the period of periodic destruction as 6 months. Accordingly, periodic destruction is carried out at the Institution in June and December each year.<\/p>\n<p>9. PROCESSING OF SPECIAL QUALITY PERSONAL DATA<\/p>\n<p>9.1\u00a0Special sensitivity is shown in the processing of Personal Data of Special Quality, whose protection is believed to be of more critical importance for the Data Owner in various aspects.<\/p>\n<p>Special Quality Personal Data are processed in accordance with the Law, provided that adequate measures to be determined by the Board are taken, in the presence of the following conditions:<\/p>\n<p>If the Data Owner has express consent, or<br \/>\nIf there is no explicit consent of the Data Owner; Special quality personal data other than the health and sexual life of the Data Owner, in cases stipulated by the laws, the personal data of the Data Owner regarding his health and sexual life can only be used for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, health It is processed by persons or authorized institutions and organizations under the obligation of secrecy for the purpose of planning and managing its services and financing.<\/p>\n<p>MEASURES REGARDING THE PROCESSING OF SPECIAL QUALITY PERSONAL DATA<\/p>\n<p>Pursuant to the Board\u2019s decision dated 31.01.2018 and numbered 2018\/10, the following measures are taken, in the capacity of data controller, in the processing of Special Quality Personal Data, which is included in Article 6 of the Law:<\/p>\n<p>This Policy has been determined to be systematic, clearly defined, manageable and sustainable for the security of sensitive personal data. For employees involved in the processing of special categories of personal data,<\/p>\n<p>Confidentiality agreements are made,<br \/>\nThe scope and duration of authorization of users who have access to data are clearly defined,<br \/>\nPeriodic authorization checks are carried out.<br \/>\nProtocols and procedures for special quality personal data security have been determined and implemented.<br \/>\nEmployees who have a change of job or quit their job are immediately removed from their authority in this field. In this context, it receives the inventory allocated to it by the Data Controller.<br \/>\nThe environments in which Sensitive Personal Data are processed, stored and\/or accessed, and the physical environment;<br \/>\n* Adequate security measures are taken (against electrical leakage, fire, flood, theft, etc.)<br \/>\n* Unauthorized access is prevented by ensuring the physical security of these environments.<\/p>\n<p>10. TRANSFER OF SPECIAL QUALITY PERSONAL DATA<\/p>\n<p>Special Quality Personal Data obtained in accordance with the law are not transferred to third parties for the purposes of data processing, Special Quality Personal Data of the Data Owner.<\/p>\n<p>PUBLICATION AND STORAGE OF THE POLICY<\/p>\n<p>The policy is published in two different media, with wet signature (printed paper) and electronically, and is disclosed to the public on the website. The printed paper copy is also kept in its file by the data manager.<\/p>\n<p>12. POLICY UPDATE PERIOD<\/p>\n<p>The policy is reviewed as needed and the necessary sections are updated.<\/p>\n<p>13. ENFORCEMENT AND REVOCATION OF THE POLICY<\/p>\n<p>The policy is deemed to have entered into force on the date written below. In the event that it is decided to be revoked, old copies of the Policy with wet signatures are canceled and signed by the data manager (with the cancellation stamp or written cancellation) and are kept by the data manager for at least 5 years. 10.12.2021<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>1.INTRODUCTION 1.1 Purpose Personal Data Retention and Disposal Policy (\u201cPolicy\u201d), \u201cOp.Dr.D\u00fcrdane Keskin\u201d (\u201cThe Institution\u201d) has been prepared in order to determine the procedures and principles regarding the work and transactions related to the storage and destruction activities being carried out. Institution; Institution employees, employee candidates, patients, suppliers, service providers, visitors and other third parties personal [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","footnotes":""},"class_list":["post-16838","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/pages\/16838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/comments?post=16838"}],"version-history":[{"count":0,"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/pages\/16838\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.durdanekeskin.com\/english\/wp-json\/wp\/v2\/media?parent=16838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}