Çalışma Saatlerimiz Hafta içi: 09:30–20:00 Cumartesi: 09:30–20:00 Pazar: Kapalı
Working Hours Weekdays: 09:30–20:00 Saturday: 09:30–20:00 Sunday: Closed
Çalışma Saatlerimiz Hafta içi: 09:30–20:00 Cumartesi: 09:30–20:00 Pazar: Kapalı
Working Hours Weekdays: 09:30–20:00 Saturday: 09:30–20:00 Sunday: Closed
PERSONAL DATA RETENTION AND DESTRUCTION POLICY
Dentadent Oral and Dental Health Center, acting as the Data Controller, retains and destroys personal data in accordance with the Constitution of the Republic of Türkiye, the Turkish Personal Data Protection Law No. 6698 (“KVKK”), the Regulation on the Deletion, Destruction or Anonymization of Personal Data, and other applicable legislation, pursuant to the general principles and provisions set forth in this Personal Data Retention and Destruction Policy.
The purpose of this Policy is to define the general principles regarding the retention and destruction of personal data processed within the scope of KVKK and to ensure fulfillment of the obligations imposed by applicable legislation.
Definitions
Explicit Consent: Consent given freely, based on information and relating to a specific subject.
Recipient Group: The category of natural or legal persons to whom personal data is transferred by the data controller.
Anonymization: Rendering personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data.
Relevant User: Persons who process personal data within the data controller’s organization or under its authority and instructions, excluding those responsible solely for technical storage, protection, and backup.
Destruction: Deletion, destruction or anonymization of personal data.
Personal Data: Any information relating to an identified or identifiable natural person (e.g., name-surname, ID number, email, address, date of birth, credit card number, bank account number).
Data Subject: The natural person whose personal data is processed.
Processing of Personal Data: Any operation performed on personal data, whether fully or partially automated or non-automated as part of a data recording system.
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association/foundation/union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
Periodic Destruction: Deletion, destruction or anonymization carried out ex officio at recurring intervals when all conditions for lawful processing cease to exist.
DATA RECORDING ENVIRONMENTS COVERED BY THE POLICY
This Policy covers all personal data subject to processing activities under KVKK, including both physical and digital copies.
Personal data processed fully or partially by automated means or non-automated means as part of a data recording system is retained in the following environments:
Clinic computers and servers,
Email accounts,
Desktop computers,
Employee devices (e.g., mobile phones),
Backup storage areas,
Paper files and folders,
Visitor logbooks,
CDs, DVDs, USB drives,
Hard drives,
Printers and photocopy machines.
REASONS REQUIRING RETENTION AND DESTRUCTION OF PERSONAL DATA
The following principles are observed in personal data processing activities:
Compliance with law and good faith principles,
Ensuring accuracy and up-to-date data where necessary,
Processing for specific, explicit and legitimate purposes,
Being relevant, limited and proportionate to the purpose,
Retention for the period stipulated by legislation or required for processing purposes.
The Clinic retains personal data in accordance with Articles 5 and 6 of the KVKK and destroys such data ex officio or upon request of the data subject when all legal grounds cease to exist.
DELETION, DESTRUCTION OR ANONYMIZATION OF PERSONAL DATA
Personal data shall be deleted, destroyed or anonymized when the legal basis for processing ceases to exist, the purpose of processing is eliminated, explicit consent is withdrawn where processing is based solely on consent, or the maximum retention period has expired.
Unless otherwise decided by the Personal Data Protection Board, the Clinic determines the appropriate destruction method based on technological feasibility and cost. Where requested by the data subject, justification for the selected method shall be provided.
TECHNICAL AND ADMINISTRATIVE MEASURES
Necessary software and hardware infrastructure has been established; strong passwords are used for computers and email accounts.
Personnel are informed of confidentiality obligations through training and written agreements.
Backup systems are established to protect stored data.
Authorized personnel with access rights are determined.
Data is shared only with authorized persons and competent public authorities.
Data subjects are informed prior to processing activities.
A Personal Data Processing Inventory has been prepared.
RETENTION AND DESTRUCTION PERIODS
Personal data is retained only for the period required by legislation or for the purpose of processing.
If a data subject requests destruction of their personal data:
If all legal grounds have ceased: the request is fulfilled within thirty (30) days and third parties are notified where applicable.
If legal grounds continue: the request may be rejected with justification pursuant to Article 13 of KVKK, and the data subject is informed within thirty (30) days.
PERIODIC DESTRUCTION PERIODS
Where the obligation to destroy personal data arises, destruction shall be carried out in the first periodic destruction cycle. Periodic destruction is conducted at six (6) month intervals.
PROCESS
RETENTION PERIOD
DESTRUCTION PERIOD
Contract Preparation
10 years after contract termination
First periodic destruction following retention expiry
Human Resources Processes
10 years after termination of activity
First periodic destruction following retention expiry
IT Access Management
5 years
First periodic destruction following retention expiry
Visitor Records
5 years
First periodic destruction following retention expiry
Health Data Records
15 years (as per legislation)
First periodic destruction following retention expiry
Identity Data
15 years (as per legislation)
First periodic destruction following retention expiry
CCTV Footage
15 years (as per legislation)
First periodic destruction following retention expiry
Hello 👋 Welcome to Dentadent. You can contact us via WhatsApp to book an appointment or get more information.