CONTACT

Contact Form

Contact Form

Contact Form

  • Phone: +90 536 576 66 66
  • E-mail: bilgi@dratacan.com
  • Instagram: Dr. Ata Can
  • Address: Dikilitaş Neighborhood, Hakkı Yeten Street, No: 10/D, Ground Floor, Room: 010, Beşiktaş / Istanbul

  • Directions: Located beneath the Selenyum Twins residences, next to Real Shopping Mall.
    Spacious parking area available; patients can be dropped off directly in front of the clinic.

İletişim Formu

    PDPL

    CONTACT US

    Policy on Processing of Special Categories of Personal Data

    1. PURPOSE AND SCOPE

    Data Controller Title: Assoc. Prof. Dr. Ata Can
    Data Controller Address: İnönü, Nizamiye Cd. No:9 D:No:1, 34373 Şişli/İstanbul
    Data Controller Phone: +90 536 576 66 66
    Data Controller E-mail: atababay@yahoo.com
    Data Controller Website: https://dratacan.com

    The data controller acts with the utmost sensitivity regarding the protection of special categories of personal data processed.

    This Policy has been prepared in order to explain the security measures taken pursuant to Article 6(4) of the Law on the Protection of Personal Data (Law No. 6698), which states: “In processing special categories of personal data, adequate measures determined by the Board must also be taken.” It sets out the procedures and principles regarding the protection and processing of such data.

    2. DEFINITIONS

    • Explicit Consent: Consent based on information regarding a specific matter, declared freely.

    • Law: The Law on the Protection of Personal Data No. 6698, dated 24.03.2016.

    • Recording Medium: Any environment where personal data is processed, whether fully or partially automatic, or non-automatic provided it forms part of a data recording system.

    • Special Categories of Personal Data: Data relating to a person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire, association/foundation/union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.

    • Processing of Personal Data: Any operation performed on personal data, whether fully or partially automatic, or by non-automatic means forming part of a data recording system, such as collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or preventing use.

    • Board: The Personal Data Protection Board.

    • Data Subject: The natural person whose personal data is processed.

    • Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

    3. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

    3.1 Principles

    Special categories of personal data are processed in accordance with the Law and this Policy, and by taking all necessary technical and administrative measures. Accordingly, such data shall:

    • Be processed lawfully and in accordance with the principle of good faith,

    • Be accurate and, where necessary, kept up to date,

    • Be processed for specific, explicit, and legitimate purposes,

    • Be relevant, limited, and proportionate to the purposes for which they are processed,

    • Be retained only for the period required by law or for the purpose for which they are processed.

    3.2 Processing Activities

    • Patients’ personal health data are processed by physicians under confidentiality obligations for medical diagnosis, treatment, and care services, as well as for the management of healthcare services, pursuant to Article 6/3 of the Law. These data are processed in both electronic and physical environments by staff trained in KVKK compliance and bound by confidentiality agreements.

    • Health reports obtained from employees under the Occupational Health and Safety Law are processed in accordance with the Law.

    • Criminal record checks of healthcare staff are processed based on explicit legal provisions for the issuance of work permits.

    • For staff not subject to work permits, criminal records are processed with explicit consent provided freely.

    • Healthcare staff attire data are processed under explicit legal provisions of the Law.

    • Health, criminal conviction, and security measure data of job applicants are obtained based on explicit consent, and are deleted immediately if the application is unsuccessful.

    4. PURPOSES OF PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA

    The Center processes special categories of personal data in accordance with the general principles under Article 4 of the Law and the legal grounds in Article 6, for the following purposes:

    • Emergency management,

    • Recruitment processes of candidates,

    • Fulfillment of contractual and statutory obligations of employees,

    • Management of employee benefits and entitlements,

    • Compliance with legal requirements,

    • Legal proceedings,

    • Human resources planning,

    • Occupational health and safety activities,

    • Operational service processes,

    • Archiving and retention activities,

    • Contract management,

    • Security of movable property and resources,

    • Security of data controller operations,

    • Providing information to authorized persons, institutions, and organizations,

    • Protection of public health, medical diagnosis, treatment, and care services.

    5. TRANSFER OF SPECIAL CATEGORIES OF PERSONAL DATA

    5.1 Domestic Transfers

    • Patients’ personal health data may be transferred to:

      • Judicial authorities and attorneys in case of legal disputes,

      • The Ministry of Health’s E-Nabız system,

      • Private insurance companies (for insured patients).

    • Employees’ personal health data may be transferred to:

      • Judicial authorities and attorneys in case of legal disputes,

      • District/provincial health directorates for work permit applications,

      • Authorized software companies for archiving purposes.

    • Personal data obtained from job applicants with explicit consent (health, criminal records, security measures) are deleted and destroyed if the application is unsuccessful.

    5.2 International Transfers

    Special categories of personal data are not transferred abroad.

    6. SECURITY MEASURES FOR PROTECTION OF SPECIAL CATEGORIES OF PERSONAL DATA

    6.1 Measures Taken

    1. A systematic, clear, manageable, and sustainable separate policy and procedure have been established.

    2. Employees involved in processing:

      • Receive regular training on the Law and related regulations,

      • Sign confidentiality agreements,

      • Have clearly defined access authorizations and durations,

      • Undergo periodic access checks,

      • Have their access revoked immediately in case of role change or termination of employment.

    3. For electronic environments:

      • Security updates are regularly applied,

      • Security tests are conducted, documented, and recorded.

    4. For physical environments:

      • Sufficient security measures (against fire, flood, theft, etc.) are taken,

      • Unauthorized physical access is prevented.

    5. For data transfer:

      • Data sent by email is encrypted and transmitted via corporate or KEP addresses,

      • Data transferred in paper form is protected against theft or loss, and sent as “confidential documents.”

    6.2 Administrative Measures

    • Corporate policies on access, information security, storage, and destruction are implemented,

    • Contracts include data security clauses,

    • Data minimization is applied,

    • Periodic or random internal audits are conducted,

    • Risk analyses are carried out and reported,

    • KVKK provisions are added to employment contracts and disciplinary regulations,

    • Monitoring of data security is ensured,

    • Confidentiality agreements are signed with data recipients,

    • A Personal Data Processing Inventory has been prepared,

    • Periodic deletion, destruction, or anonymization is carried out.

    6.3 Technical Measures

    • Network and application security are ensured,

    • IT system procurement, development, and maintenance security measures are applied,

    • Up-to-date antivirus systems are used,

    • Firewalls are implemented,

    • User account management and authorization control systems are enforced and monitored,

    • Access logs are recorded without user interference.

    7. RIGHTS OF DATA SUBJECTS

    7.1 Rights

    Data subjects have the following rights under Article 11 of the Law:

    • To learn whether their data are processed,

    • To request information on the processing,

    • To learn the purpose of processing and whether used accordingly,

    • To request correction if incomplete/incorrect,

    • To request deletion/destruction when conditions are met,

    • To request notification of corrections/deletions to third parties,

    • To object to adverse outcomes through automated systems,

    • To claim compensation if suffering damages due to unlawful processing.

    7.2 Exercising Rights

    Applications may be submitted:

    • In person at our clinic,

    • By post or notary,

    • Or by email from the data subject’s registered email address to the contact email provided above, using the Data Subject Application Form available on our website.

    7.3 Response to Applications

    Applications are finalized free of charge within 30 (thirty) days at the latest. If the process incurs additional costs, fees may be charged in line with the tariff set by the Board.

    8. COORDINATION OF PROCESSES

    The coordination of processing and protection of special categories of personal data is carried out by the clinic director or an appointed staff member.

    9. UPDATES TO THE POLICY

    This Policy may be updated in line with legislative changes, Board decisions, or sectoral/technological developments. Updates are recorded in the amendment table below.

    Amendment Table
    … The Policy on Processing and Protection of Special Categories of Personal Data has entered into force.

    OZEL-NITELIKLI-KISISEL-VERILERI-ISLEME-POLITIKASI

    Phone: 0536 576 66 66

    Mail: docdratacan@gmail.com

    Menu

    Working Hours

    • Week Days: 09:00 - 17:30
    • Weekend: Kapalı

    About

    You can contact Associate Professor Dr. Ata Can, Orthopedics and Traumatology Specialist, to schedule an appointment.

    LOGO.pdf-3-e1752849077746.png

    Copyright 2025 © Doç. Dr. Ata Can Dijital Ajans: Sunrise Global

    Scroll to Top