FRIG DENT PERSONAL DATA PROCESSING, PROTECTION, AND PRIVACY POLICY
A. PURPOSE AND SCOPE
As FRIGDENT operates under the frig dent brand, it recognizes that the legal framework is one of the cornerstones of social life. Since its establishment, frig dent has been committed to complying with general legal principles and making maximum efforts to protect the rights and interests of individuals. The frig dent personal data processing, protection, and privacy policy establish the fundamental principles for compliance with the regulations in the turkish personal data protection law No. 6698 (kvkk law) regarding the processing of personal data and it sets out what frig dent must fulfill within this framework. The implentation of the regulations in the frig dent kvkk policy will ensure the sustainability of the data security principles adopted by frig dent. The frig dent kvkk policy serves as a guide for the implementation of regulations set forth by the kvkk law and relevant legislation. This policy applies to all record media where personal data owned by or managed by frig dent is processed and activities related to the processing of personal data for employees,job applicants, visitors, patients, patient relatives, and third parties with whom institutions or organizations have a relationship as service providers.
B. DEFINITIONS
The terms used in the legislation and also in the frig dent kvkk policy are listed below :
I. Personal Data : Any kind of information related to a specificc or identifiable real person.
II. Personal Data of Special Nature : Data related to race, ethnicity, political opinion, philosophical belief, religion, sect, or other beliefs, clothing, membership of associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
III. Data Subject/Relevant Person: The real person whose personal data is processed. For example, employees.
IV. Explicit Consent: Consent given for a specific subject, based on prior information, and declared with free will.
V. Processing of Personal Data: Any operation carried out on personal data, wholly or partially by automatic means or non-automatic means provided that it is a part of any data recording system, such as obtaining, recording, maintaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of data.
VI. Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
VII. De-Identification : Processing personal data in a way that it cannot be associated with a specific or identifiable real person, provided that technical and administrative measures are taken, and it is stored separately from other data in a different environment.
VIII. Anonymization : Rendering personal data in such a way that it cannot be associated with a specific or identifiable real person in any way, even when matched with other data.
IX. KVKK Law : The personal data protection law No. 6698 published in the Official Newspaper dated April 7,2016, and numbered 29677, dated March 24,2016.
X. KVKK Board : Personal data protection board.
XI. KVKK Institution: Personal data protection Institution.
C. IMPLEMENTATION OF THE POLICY AND RESPONSIBILITIES
All staff throughout frig dent, patients, patient relatives, visitors, and relevant third parties are responsible for adhering to the frig dent kvkk policy and ensuring compliance with the frig dent kvkk policy to monitor risks.
D. POLICY PRINCIPLES
1.Basic Principles Adopted by Frig Dent
The following basic principles are adopted to ensure compliance with the data protection legislation and its continuity :
a. Personal data includes all kinds of information related to a specific or identifiable person and, therefore, its protection serves the overriding interest of the data subject. It should be acted upon with awareness that it is an obligation tı prioritize the data subject’s right to know which data is processed for what purpose and whether the data is transferred.
b. Data processing activities should be conducted in accordance with the law and honesty.
c. Ensuring that the processed personal data is accurate and up-to-date when necessary, and correcting/updating the data if it is correct.
d. Personal data is processed only for specific, explicit, and legitimate purposes and to the extent required for the purpose of processing. Excessive data should not be processed under the assumption of future use, and the data subject’s rights should be considered in conjunction with the purpose of processing.
e. Processed personal data should be kept for a period specified in the relevant legislation or for the period required for the purpose of processing.Compliance with the time limit stipulated by the Turkish Penal Code Article 138 and the KVKK Law Articles 4 and 7, in particular, is ensured. When the statutory period expires or the reasons requiring the processing of personal data cease to exist, frig dent deletes, destroys, or anonymizes personal data.
- Compliance with KVKK in Personal Data Processing Activities
While conducting personal data processing activities, it is essential to comply with the fundamental principles and act in accordance with the data processing conditions specified in the KVKK law, Article 5 and Article 6, as well as the regulation on the processing of personal health data. The following steps should be followed in the data processing acitivity :
- Data subjects should be informed. In cases where explicit consent (signature) is required to process data, information should be provided before obtaining consent(signature), and it should be explained which data will be processed for what purpose. In cases where data is processed by capturing camera images, written warning signs should be placed in necessary locations.
- Determination should be made whether the data processing conditions exist, and if the conditions do not exist, personal data processing activity should not be carried out. Data processing conditions are accepted to exist in the following cases, and no consent is required :
when explicitly provided in the laws (e.g., the obligation to obtain the identity information of the employee due to the obligation to notify to SGK.)
when it is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract(e.g., it is necessary to obtain the name and surname and bank account information of the person to pay the price of the product purchased.)
for the fulfillment of the legal obligation of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, the data processing is necessary for the establishment, use, or protection of a right.
except for the above cases or during the processing of “special categories of data” such as health data, EXPRESS CONSENT MUST BE OBTAINED. - The amount of data to be processed should be limited to ” as required” and excessive data should not be processed for each processing purpose.
- Frig Dent staff should comply with the rules set forth in the Turkish Constitution, including the Turkish Penal Code, KVKK law, and other relevant legislation and the rules set forth in the Frig Dent KVKK Policy in the context of personal data processing activities. In this context, in Frig Dent, personal data processing activities, including personal data processing conditions and purposes specified in KVKK law, Article 5 and Article 6, and below, will be carried out;
Patient, patient relative, and business partner data;
Data processing for contractual relations can be carried out without the need for consent, especially when it is not necessary to obtain explicit consent, for the establisment, implementation, and termination of the contract. Before the contract is concluded and at the beginning of the contract, personal data can be processed for the purpose of preparing a quotation, preparing a purchase form, or meeting the demands of the data subject related to the implementation of the contract.
Data processing carried out due to frig dent’s legal obligation or as explicitly provided in law;
Personal data may be processed without obtaining consent if the processing is clearly specified in the relevant legislation or is necesssary for the fulfillment of a legal obligation specified in the legislation. The type and scope of data processing must be necessary for the data processing activity permitted by law and must comply with the relevant legal provisions.
Processing of data based on frig dent’s legitimate interests; personal data may be processed without obtaining consent when it is necessary for a legitimate interest. - Compliance with KVKK in Personal Data Transfer
In personal data transfers to be carried out by frig dent (actively sharing personal data with third parties or granting third parties access to personal data) compliance with the personal data transfer conditions regulated in Articles 8 and 9 of the KVKK Law must be ensured. Data other than individuals’ race, ethnic origin, political opinion, philosophical belief, religion,sect, or other beliefs, dress and clothing, association, foundation, or union membership, health, sexual life, criminal convictions, and security measures-related data, as well as biometric and genetic data, may be transferred in the following cases :
when explicitly provided in the laws (e.g., the obligation to report the identity information of the employee to the SGK due to SGK regulations.)
when it is necessary for the establishment or performance of a contract, provided that it is directly related to the parties of the contract (e.g., the transfer of the seller’s name,surname, and acoount information to the bank section for payment of the purchased product is mandatory.)
for the fulfillment of the legal obligation of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, the data processing is necessary for the establishment, use, or protection of a right, and data processing is necessary for the legitimate interests of the data controller, except in cases where the data subject has made it public. (e.g., in necessary cases, the transfer of data related to employees’ use of medications or, if applicable, their illnesses to healthcare staff is mandatory.)
personal data may not be transferred abroad without the explicit consent of the data subject.
- Ensuring the Security of Personal Data
Frig dent must take all necessary measures, according to the nature of the data to be protected, to prevent the unlawful disclosure, transfer, or unauthorized access to personal data, as well as any security vulnerabilities that may occur. This includes both administrative and technical measures, the establishment of an audit system within the company, and the initiation of processes defined in the KVKK Law in case of unlawful disclosure of personal data.
a. Administravite Measures Taken to Ensure the Lawful Processing, Transfer, and Prevention of Unauthorized Access to Personal Data:
Frig dent educates and raises awareness among its employees regarding the protection of personal data.
Records are added to contracts with parties to whom personal data is transferred, indicating the obligations of the part receiving the personal data to ensure data security. There records should include a commitment from the receiving party that they will take all necessary measures to protect personal data and ensure the implementation of these measures within their organizations.
Processes carried out by employees are thoroughly, and the personal data processing activities within each unit are identified. Steps to ensure compliance with the personal data processing conditions specified in the KVKK Law are determined for each data processing activity.
b. Technical Measures Taken to Ensures the Lawful Processing, Transfer, and Prevention of Unauthorized Access to Personal Data:
Regarding the protection of personal data, technical measures have been taken to the extent technology allows, and these measures should be updated and improved in parallel with developments. Regular audits are conducted to ensure the implementation of the measures. Security software and systems that ensure security are updated. Access to personal data by employees is restricted to the relevant subject employee basen on the specified processing purpose.
c. Conducting Audit Activities Related to Personal Data Protection:
Frig Dent conducts audits of the technical measures , and practices taken for the protection and security of personal data to ensure compliance with relevant legislation, policies, procedures, and instructions. The results of the audit activities are reported. Activities to improve and enhance the measures taken for the protection of data are carried out by the relevant unit, not limited to the audit results.
d. Measures to be Taken in Case of Unauthorized Disclosure of Personal Data :
If personal data being processed by frig dent is obtained by unauthorized individuals in violation of the law, the situtation should be reported to the KVKK Board and the relevant data owners without delay. Simultaneously, the Data Breach Notification Procedure should be applied.
- Responsibilities Related to Personal Data Processing Activities
Frig Dent must comply with the obligations prescribed by the KVKK Law for data controllers.
a. Obligation to Register with the Data Controllers Registry (VERBIS): The information that must be submitted to the Data Controllers Registry in the registration application is as follows;
identity and addresses of the data controller and, if any, their representative
purpose of processing personal data
information about the groups of data subjects and the processed personal data categories related to these individuals,
persons or groups to whom personal data may be transferred,
maximum retention period required by the purpose of processing personal data
measures taken for the security of processed personal data.
b.Obligation to Inform Data Subjects : The information that must be provided to data subjects under the obligation to inform includes the following :
identity of the data controller and, if any, their representative
the purpose for which personal data will be processed
to whom and for what purpose personal data may be transferred
the method and legal reason for collecting personal data
rights of the data subject specified in Article 11 of the KVKK Law.
c. Obligation to Collect and Transfer Personal Data Legally : Data subjects should be informed about why their data is being processed and whether the data is being transferred.Collected data must be processed in accordance with the law and fairness.
d. Obligation to Ensure the Security of Personal Data : To prevent any harm to data subjects, frig dent must take the necessary technical and administrative measures to ensure the appropriate level of security for the personal data processed, to prevent the unlawful processing of personal data, and to maintain the security of personal data.
e. Obligation to Comply with Decisions by the KVKK Board : Frig Dent must act in accordance with the decisions made by the KVKK Board in order to ensure that personal data is processed in a manner compatible with fundamental rights and freedoms.
f. Obligation to Respond to Data Subject Requests: As a data controller, frig dent must respond to written requests of data subjects regarding their personal data within the shortest time and no later than thirty days, depending on the nature of the request. Data subjects may request the following regarding their personal data:
to learn whether personal data is being processed
to request information if personal data has been processed
to learn the purpose of processing personal data and whether it is used in accordance with its purpose
to know third parties to whom personal data is transferred domestically or abroad
to request the correction of personal data if it is incomplete or incorrect
to request the deletion or destruction of personal data within the framework of the conditions specified in Article 7 of the KVKK Law
to request notifications of the correction or deletion/destruction of personal data to third parties to whom it has been transferred
to object to the processing of personal data and request its correction or deletion/destruction if processed exclusively by automated systems
E. PUBLISHING and ARCHIVING of the POLICY
The policy document is published in two different formats, wet signed (printed paper) and electronically, and is made publicly available on the website. A printed paper copy is also kept in the files by the DATA CONTROLLER CONTACT PERSON.
F. UPDATING THE POLICY
It becomes effective from the moment it is approved by the Board of Directors. This policy is reviewed as needed, and the necessary sections are updated. Application rules specifying how the matters mentioned in this policy will be executed for specific topics will be added to relevant regulations. The Frig Dent Personal Data Protection Policy has been published on the internet site and made available to the public. In case of a conflict between the regulations in force, primarily the Personal Data Protection Law and the provisions in this policy, the provisions of the legislation shall apply.
INFORMATION REGARDING the PROCESSING of PERSONAL DATA
Operating under the brand frig dent, is considered a “data controller” within the scope of the personal data protection law no.6698 (KVKK). This text has been prepared for the purpose of informing about personal data processing activities carried out in accordance with Article 10 of the KVKK.
What Personal Data Do We Process ?
Your personal data is collected by our company through various channels and for compliance with legislation and company policies to carry out our activities. Your personal data may be processed and transferred for the purposes specified in this information text within the scope of the personal data processing conditions and purposes specified in Article 5 and 6 of the KVKK. In this context, the following personal data is processed :
identity information (name, place of birth, date of birth, age, gender, ID number, passport information, etc.)
contact information (e-mail address, telephone number, mobile phone number, address)
health records related to previous treatments
photographs
financial information related to payments
health records created at our institution
Your collected personal data is processed within the framework of the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK, and in compliance with the basic principles defined by the KVKK :
to perform business and transactions as a result of signed contracts and protocols
to ensure the fulfillment of legal obligations in the way that legal regulations require or obligate
to manage human resources processes
to ensure corporate communication
to provide institutional security
to conduct statistical studies
to establish contact with individuals/entities in business relations with the company
to prepare legal reports
to fulfill the obligation of proof in case of legal disputes that may arise in the future
How do we collect personal data ?
Personal data is collected, either completely or partially, through automated means or non-automated means, provided that it is a part of any data recording system. We would like to emphasize that permissions have been obtained for all personal data processing activities except for cases where the relevant legislation allows processing without explicit consent from the related individual.
To whom and for what purposes are personal data transferred ?
Your collected personal data may be transferred by our institution to our business partners, suppliers, legally authorized public institutions, and private people within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, in compliance with the basic principles defined by the KVKK, for the following purposes :
to perform business and transactions as a result of signed contracts and protocols
to ensure the fulfillment of legal obligations in the way that legal regulations require or obligate
to carry out necessary studies by relevant business units and to conduct related business strategies
ensuring the legal, technical and commercial business security of individuals/entities in business relations with our institution
to conduct financial, accounting, and legal affairs
performing legal reporting
for the purpose of fulfilling the obligation of proof in case of legal disputes that may arise in the future
How long is your personal data retained ?
Although no specific period is set for the retention of personal data within the scope of the KVKK, it is essential to keep personal data for the period required for the purpose of processing personal data. In this regard, our company conducts an evaluation by taking into consideration the current legislation and the purpose of the relevant data processing in order to determine the retention periods in compliance with general principles. In this context, our company retains personal data until the legal obligations arising from the relevant law and other regulations are completed, and in any case, until the statue of limitations expire. Our company anonymizes, deletes, or destroys personal data in acoordance with the law when the purpose of processing personal data becomes obsolete, including the expiry of the periods mentioned above. Anonymization is defined as making personal data inaccessible, unrelated to an identified or identifiable real person, even if matched with other data, as stipulated by the relevant legislation, and our company carries out anonymization activities in compliance with the current legislation.
your rights as a data subject and exercise of rights
as a data subject under the KVKK, you have the following rights ;
a. to learn whether personal data is processed or not
b. to request information about the processing if personal data have been processed
c. to learn the purpose of processing personal data and whether they are used in accordance with their purpose
d. to know the third parties in the country or abroad to whom personal data have been transferred
e. to request the rectification of personal data in case personal data have been processed incompletely or inaccurately
f. to request the deletion or destruction of personal data within the framework of the conditions set out in Article 7 of the KVKK
g. to request notification of the operations made as a result of rectification,deletion, or destruction to third parties to whom personal data have been processed
h. to object to the occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems
i. to claim compensation for the damage arising from the unlawful processing of personal data
Your requests regarding the implementation of KVKK can be communicated to our institution in writing, personally, through notary, or with other methods determined by the personal data protection board. Our company will conclude the requests included in the application as soon as possible, at the latest within thirty days, depending on the nature of the request, from the date the request reaches us and will notify you in writing or electronically. Our company reserves the right to charge a fee according to tariff set by the personal data protection board, if any. You can send your requests regarding KVKK using the KVKK Application Form on www.yildizdis.com
Protection of Your Information
In order to prevent unlawful processing of your personal data, unauthorized access to personal data, and to ensure the protection of personal data, necessary measures have been taken by our company within the technological possibilities and cost factors in information and transaction nature. Our company conducts internal audits under Article 12 of the KVKK. Necessary information has been provided to the staff processing data within the scope of the KVKK, and awareness-raising activities hava been the protection of personal data.
This notice is respectfully shared with all members of the frig dent family.
ESTHETIC DENTISTRY
Esthetic dentistry is a branch of dentistry focused on improving the appearance and aesthetic aspects of teeth. Dentists who specialize in this field apply various treatment methods to correct issues related to the color, shape, size, alignment, and other aesthetic factors of a patient’s teeth. Esthetic dentistry offers a range of treatment options to address various aesthetic problems with teeth. These can include :
Teeth bleaching : A procedure used to lighten and whiten the color of teeth. It can help remove stains, discoloration, or yellowing of teeth.
Porcelain veneers or zirconium crowns : Thin porcelain or zirconium coverings bonded to the front surface of the front teeth. These coverings can improve the color, shape and alignment of teeth, resulting in an aesthetic smile.
Porcelain crowns :Restorations that cover the entire tooth. They are used to repair damaged, decayed, or misshapen teeth while providing an aesthetic appearance.
Dental fillings: Materials used to repair cavities or correct tooth shape. Composite fillings that match the natural tooth color are preferred over traditional amalgam fillings.
Dental implants: Artificial tooth roots used to replace missing teeth. Implants, when combined with esthetic restorations that match natural teeth, can provide an aesthetic smile.
Orthodontic Treatmens: Options for aligning and correcting crooked teeth. Different orthodontic appliances such as traditional braces, clear aligners, or lingual braces can be used for esthetic tooth alignment.
Esthetic dentistry is an important option for individuals who want to enhance their self-confidence , improve their smiles, and achieve an overall aesthetic appearance. These treatments are typically performed by an aesthetic dentist or cosmetic dentist.