SOLARIS IMAGING CENTER TRADE A.Sh.
PERSONAL DATA TRANSFER POLICY
1.entry
1.1 PURPOSE
Personal Data Transfer Policy (“Policy”), Established in Turkey, Headquarters; Ataköy 8-8-9-10 Section Mah. Çobançeşme E5 Side Road No:16/1 A Inner Door No: 20 Located at Ataköy-Bakırköy-Istanbul, 0773073379200001 mersis no, Bakırköy Tax Office, taxpayer Solaris Imaging Center Trade A no: 7730733792 .Sh. It has been prepared in order to determine the procedures and principles regarding the business and transactions related to the transfer activities of the processed personal data carried out by (the “COMPANY”).
THE COMPANY; With its sensitive approach to the protection of personal data, T of the personal data belonging to COMPANY employees, employee candidates, suppliers, patients, visitors and other third parties.C. The Constitution, international conventions, the Law on the Protection of Personal Data numbered 6698 (the “Law”) and other relevant legislation in accordance with the processing and ensuring the effective use of the rights of the persons concerned has determined as a priority. The works and transactions related to the transfer of personal data are carried out in accordance with the Policy prepared by the COMPANY in this direction.
1.2 SCOPE
Personal data belonging to COMPANY employees, employee candidates, service providers, patients, visitors and other third parties are within the scope of this Policy and this Policy is applied in all recording environments where personal data owned or managed by the COMPANY are processed and in the transfer process for personal data processing activities.
This Policy is based on Articles 8 and 9 of the Personal Data Protection Law No. 6698. to determine the principles to be applied and to be complied with by the Company about the real or legal person responsible for the domestic and international transfer of personal data contained in the “relevant regulation”, which will be created as a result of and in accordance with the articles.
2.TRANSFER OF DATA
2.1. TRANSMISSION IN THE PHYSICAL ENVIRONMENT
It covers the transfer of all personal data except electronic media. Employees carry out transfers in a physical environment in accordance with this Policy. The transfer of data without explicit consent is valid only in cases where the exceptions specified in the law (the second paragraph of Article 8) are provided. In all cases except for these exceptions, personal data cannot be transferred without the explicit consent of the relevant person. In addition to providing the necessary conditions, the transfer of personal data in the physical environment within the country is carried out directly from the sender to the recipient whenever possible. The transfer of personal data in the physical environment abroad can only be made to the safe countries specified in the Regulation.
2.2. TRANSMISSION IN ELECTRONIC MEDIA
It covers all personal data that can be read using an electronic device and the data owner can be identified. Employees carry out transfers in electronic environment in accordance with this Policy. The transfer of data without explicit consent is valid only in cases where the exceptions specified in the law (the second paragraph of Article 8) are provided. In all cases except for these exceptions, personal data cannot be transferred without the explicit consent of the relevant person. Personal data is transferred electronically only with recipients authorized to process data. Due to the company’s use of the Outlook e-mail service infrastructure belonging to Microsoft located abroad and the provision of storage services from this company, if the person concerned has explicit consent, Jul can transfer abroad in accordance with the provisions of Article 9 of the Law for the purpose of Storage and Archive Activities by taking the necessary technical and administrative measures.
Transmission by E-Mail
In the transfer of personal data by e-mail, it is determined whether the recipient is authorized to process data or not, and that the data transfer is carried out within the purpose and limits of the transfer. The head of the department is also mentioned among the recipients.Dec. It is also stated that there is personal data in the text and the buyer is warned about this.
Portable Media
Portable media covers all electronic platforms on which electronic media can be physically transported to hard disks, CDs, DVDs, tapes, USB sticks, USB hard disks, memory cards and similar. When transferring personal data with portable media, portable media are encrypted. The employee who makes the data transfer then performs the destruction of the data inside the portable media. Without destroying the personal data contained in the portable media, the media cannot be used for any other transaction.
The physical transfer of portable media is made directly from the sender to the receiver. In cases where this transfer cannot be made directly, the transfer is carried out using a minimum intermediary. Cargo service can be used during the transfer.
Cloud Sharing (Cloud)
Cloud sharing covers all the shares in which the personal data are uploaded to an online storage space by the sender and the recipient obtains the data from here Jul. The transfer made by this method is carried out by encryption and is made using company equipment and network via secure servers located abroad.
Sharing Over The Network
Personal data can be shared within and/or between departments using the Company’s common areas.Dec. In the exchanges to be made over the network, personal data is transferred only in encrypted form and cryptographic protocols are applied during the transfer. After the completion of the exchange, the recipient destroys the personal data over the network and provides information to the sender. The sender who receives the information checks that the personal data no longer exists in the public area on the network.
3. DATA TRANSFER ABROAD
The transfer of personal data abroad by the company can be carried out if the person concerned has explicit consent. However, in case the following conditions are fulfilled, the transfer of personal data abroad will also be possible.
If the data to be transferred is not special personal data;
In order for a transfer to be made abroad, the existence of one of the conditions specified in paragraph 2 of Article 5 of the Law No. 6698 is required.
Clearly stipulated in the laws,
A person who is unable to disclose his consent due to actual impossibility, or whose consent is not legally valid, is required to protect the life or body integrity of himself or someone else,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,
It is mandatory for the data controller to be able to fulfill his/her legal obligation,
The fact that the relevant person has been publicly identified by himself,
Data processing is mandatory for the establishment, use or protection of a right,
Mandatory data processing for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned
If the data to be transferred is personal data of a special nature;
In order for a transfer to be made abroad, the existence of one of the conditions specified in paragraph 3 of Article 6 of the Law No. 6698 is required. These conditions are;
Personal data of a special nature other than health and sexual life, if it is clearly stipulated in the law,
Private personal data related to health and sexual life may only be transferred to one of the countries with adequate protection without seeking the explicit consent of the relevant person if they are processed by persons or authorized institutions and organizations under the obligation to keep secrets for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health services and financing.
4. PUBLICATION AND STORAGE OF THE POLICY
The policy is published electronically and disclosed to the public on the website. The policy is reviewed as needed and the necessary sections are updated.
5.ENTRY INTO FORCE AND REPEAL OF THE POLICY
The policy is considered to have entered into force after its publication on the COMPANY’s website. If a decision is made to repeal it, it is canceled and signed by the COMPANY (by striking the cancellation stamp or writing the cancellation) and stored for at least 5 years.