Instagram Whatsapp Envelope

Personal Data Destruction Policy

Personal Data Destruction Policy

The data controller, **MUDA HEALT TOURISM AND TRAVEL AGENCY LIMITED COMPANY**, stores and destroys your personal data in accordance with the **Constitution**, **Law No. 6698 on the Protection of Personal Data (KVKK)**, the **Regulation on the Deletion, Destruction, or Anonymization of Personal Data**, and other relevant legislation. This is done in compliance with the general principles and regulations specified in this **Personal Data Retention and Destruction Policy**. The purpose of this Policy is to establish the general principles regarding the retention and destruction of personal data processed within the scope of KVKK and to fulfill the obligations determined by legislation.

Definitions

Explicit Consent: Consent that is given based on information and is freely expressed for a specific subject. Recipient Group: The category of natural or legal persons to whom personal data is transferred by the data controller. Anonymization: The process of making personal data impossible to associate with an identified or identifiable individual, even by matching it with other data. Relevant User: Individuals who process personal data within the data controller’s organization or under the authority and instructions received from the data controller, excluding those responsible for technically storing, protecting, and backing up the data. Destruction: The deletion, destruction, or anonymization of personal data. Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, surname, ID number, email address, home address, date of birth, credit card number, bank account number). Data Subject: The natural person whose personal data is processed. Processing of Personal Data: Any operation performed on personal data, wholly or partly by automated means or non-automated means that form part of a data recording system, including collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or preventing the use of data. Special Categories of Personal Data: Data related to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, security measures, as well as biometric and genetic data. Periodic Destruction: The scheduled deletion, destruction, or anonymization of personal data when the processing conditions specified in KVKK cease to exist, as specified in this Policy.

DATA STORAGE ENVIRONMENTS REGULATED BY THE POLICY

This Policy applies to all personal data processing activities covered by KVKK. Additionally, documents referenced in the Policy include both physical and digital copies. The company stores all personal data processed automatically or non-automatically as part of a data recording system in the following environments: – Company computers, email accounts, desktop computers, employee devices (e.g., mobile phones), backup storage, paper files, folders, visitor logs, CDs, DVDs, USB drives, hard disks, printers, photocopiers, etc.

REASONS FOR STORING AND DESTROYING PERSONAL DATA

The following principles are observed in personal data processing activities:
  • Compliance with laws and good faith principles.
  • Ensuring personal data is accurate and, when necessary, kept up to date.
  • Processing for specified, explicit, and legitimate purposes.
  • Ensuring data is relevant, limited, and proportionate to the processing purposes.
  • Retention for the period specified in relevant legislation or as necessary for the purpose of processing.
Our company processes and stores personal data based on the **personal data processing conditions specified in Articles 5 and 6 of KVKK**. If all the conditions cease to exist, personal data is destroyed either automatically or upon request by the data subject. Conditions for Processing Personal Data: – **Explicit Consent of the Data Subject:** Personal data can be processed with the explicit consent of the data subject. – **Processing Required by Law:** If the law explicitly requires the processing of personal data, consent is not necessary. – **Impossibility of Obtaining Consent:** If the data subject cannot express consent due to physical impossibility and the processing is necessary to protect their or another person’s life or physical integrity, the data can be processed. – **Contractual Necessity:** If processing is required for the establishment or execution of a contract, personal data can be processed. – **Legal Obligations:** If the processing of data is necessary for our company’s legal obligations, it can be processed. – **Publicly Available Data:** If the data subject has made personal data public, it may be processed accordingly. – **Legal Claims and Rights:** If processing is necessary for the establishment, exercise, or protection of a legal right, data can be processed. – **Legitimate Interests:** If processing is necessary for the legitimate interests of our company, provided it does not harm fundamental rights and freedoms of the data subject, it can be processed.

DELETION, DESTRUCTION, OR ANONYMIZATION OF PERSONAL DATA

Personal data is deleted, destroyed, or anonymized in the following cases: – When relevant legal provisions are repealed or amended. – When the purpose of data processing or storage no longer exists. – When processing relies solely on explicit consent and the data subject withdraws consent. – When the maximum retention period for personal data has expired, and no legal justification exists for further storage. Our company selects the appropriate deletion, destruction, or anonymization method based on technological capabilities and application costs. Upon request, the company explains the chosen method to the data subject.

TECHNICAL AND ADMINISTRATIVE MEASURES

Our company takes the following technical and administrative measures in compliance with **KVKK Article 12** and relevant regulations:
  • Necessary software and hardware are identified, and strong passwords are used for computers and email accounts.
  • Personnel are trained on data protection, and confidentiality agreements are signed. This obligation continues even after the termination of employment.
  • A backup infrastructure is established.
  • Employees who have access to data are identified and restricted as necessary.
  • Personal data is shared only with authorized individuals, relevant public institutions, or competent judicial authorities.
  • Before processing personal data, the company fulfills its obligation to inform data subjects.
  • A personal data processing inventory has been prepared.

DATA RETENTION AND DESTRUCTION PERIODS

Our company retains and destroys personal data only for the duration required by applicable legislation or the purpose of processing. If a **data subject** requests the deletion of their personal data: – If all conditions for processing no longer exist: The request is fulfilled within **30 days**, and the data subject is informed. If data was shared with third parties, they are also notified to take necessary actions. – If processing conditions still exist: The request may be rejected with a written explanation within **30 days**.

PERIODIC DESTRUCTION PROCEDURES

Personal data is destroyed in the first **scheduled destruction cycle** after the necessity to process data ceases. In this regard, personal data is destroyed in **6-month periods**.
Process Retention Period Destruction Period
Contract Preparation 10 years after contract termination First periodic destruction after retention period
Human Resources Operations 10 years after termination First periodic destruction after retention period
Access to Hardware & Software 5 years First periodic destruction after retention period
Visitor & Meeting Records 5 years First periodic destruction after retention period
Health Data As specified by regulations First periodic destruction after retention period
Identity Data As specified by regulations First periodic destruction after retention period
Camera Footage At least 2 months (as per Private Hospital Regulations) First periodic destruction after retention period
This Policy comes into effect upon publication on the company’s website.

Contact Me!

0545 460 10 00

WhatsApp

Click to message

Contact us

Click for our location.

Redefining beauty under the guidance of science in plastic and aesthetic surgery, Muda Health Tourism Clinic has been offering trust and professionalism for years with the motto of ‘Be Beautiful with Science, Not with Adventure’.

Instagram Whatsapp Envelope
Plastic Surgery
Medical Aesthetics
Muda Health Tourism

Our treatment services are provided at high quality standards in contracted healthcare institutions that have a health tourism authorization certificate.

© 2024 Muda Health Tourism All Rights Reserved | Web Design WpSup

×

Hello!

Click one of our contacts below to chat on WhatsApp

× Whatsapp