Personal Data Protection and Privacy Policy

"Personal Data Protection Law (KVKK)" application formkvkk.gov.tr You can reach us at.

 

Protection of personal data, DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. It is among the most important priorities of LIMITED COMPANY. Necessary sensitivity is shown regarding the security of personal data, great importance is given to patient privacy and to processing and preserving all kinds of personal data of our patients in the best possible way and with care. In addition to our patients, our companions, visitors, all our employees and the employees of the institutions and organizations we cooperate with; In accordance with the Personal Data Protection Law No. 6698 and the regulations and relevant legislation on the Processing and Ensuring the Privacy of Personal Health Data, it has been adopted as the corporate policy to protect personal data within the framework of the following basic principles.

 

• Processing personal data in accordance with the law and the rules of honesty,

• Keeping personal data accurate and updated when necessary,

• Processing personal data for specific, clear and legitimate purposes,

• Limited and measured processing of personal data in connection with the purpose for which they are processed,

• Keeping personal data for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed,

• Kişisel veri sahiplerini aydınlatma ve bilgilendirme,

• Enlightening and informing personal data owners,

• Establishing the necessary system for personal data owners to exercise their rights,

• Taking necessary precautions to preserve personal data,

• Acting in accordance with the relevant legislation and KVK Board regulations in transferring personal data to third parties in line with the requirements of the processing purpose,

• Showing the necessary sensitivity to the processing and protection of special personal data

• Deleting and destroying personal data in a manner and within a defined period in accordance with the law.

 

Aim

 

The main purpose of this Policy is DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. To make statements about the personal data processing activities carried out by LİMİTED ŞİRKETİ in accordance with the law and the actions taken to protect personal data, in this context, to protect personal data, especially our patients, visitors, employees and institution officials, employees, shareholders and officials of the institutions we cooperate with and third parties. To ensure transparency by informing people processed by our clinic. DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. Personal data processed by LIMITED COMPANY may vary depending on the health services provided and are collected by automatic or non-automatic methods. Our patient representatives, physicians, health professionals, etc. Our employees, subcontractors and their employees, and companies engaged in all kinds of commercial activities; Special personal data and general personal data, especially health data collected verbally, in writing or electronically through our call center, website, online services and similar means, can be processed for the following purposes.

 

Execution of medical diagnosis, treatment and care services, protection of public health, planning and management of preventive medicine health services and their financing; Being able to inform our patients about the appointment; Planning and managing the internal procedures of our clinic and making analysis for the purpose of improving health services; training and developing our employees, protecting the personnel processes and legal rights of our employees, monitoring and preventing abuse and unauthorized transactions; carrying out risk management and quality improvement activities; conducting research; fulfillment of legal and regulatory requirements; billing for our services; verifying your identity; Confirming your relationship with the institutions contracted with our clinic; sharing any information requested by private insurance companies within the scope of financing health services; To be able to answer all your questions and complaints regarding our health services; Taking all necessary technical and administrative measures within the scope of data security of our clinic's systems and applications; Analyze your use of healthcare services and store your health data for the purpose of developing and improving the healthcare services we provide to you; To preserve information regarding your health data that must be kept in accordance with the relevant legislation; Providing financial reconciliation regarding the health services provided to you with our contracted institutions, banks and all institutions (public and private) from which health expenses are collected; Sharing requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation; measuring patient satisfaction, increasing patient satisfaction.

 

Personal data can be shared in any verbal, written or electronic environment, for the purposes stated above and in order to provide health services within the specified legal framework and within this framework, DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. LIMITED COMPANY is collected and processed in order to fully fulfill its contracts and legal obligations.

 

Scope

 

This Policy; It covers the personal data defined below, processed automatically or nonautomatically, of our patients, companions, visitors, institution officials, employees, employees, shareholders and officials of persons, organizations and institutions with which we cooperate and have all kinds of legal relations, and third parties.

 

Name, surname, TR ID number, passport number or temporary TR ID number, place and date of birth, gender, marital status, clinic-specific protocol number and other identification data identifying patients; contact data such as address, telephone number, e-mail address, etc., financial data such as payment and billing information; audio and digital information that may be obtained through electronic or non-electronic means; General and special personal data, especially personal health data obtained during the execution of all medical diagnosis, examination, treatment and care services; For the purpose of financing and planning health services, data regarding private health insurance and Social Security Institution data, health and identity data sent via websites, all visual (digital and non-digital) records 

 

The scope of application of this policy according to groups of personal data owners may be the entire policy (such as our patients); There may also be only some provisions (for example, only our employees, suppliers, etc.).

 

Personal data may also be processed when using the call center or website to use online services, on the in-house intranet, during training, participating in events organized by the hospital, or when visiting web pages.

 

Definitions

 

Explicit Consent: Consent regarding a specific issue, based on information and expressed with free will

Anonymization:  It is the alteration of personal data in such a way that it loses its nature as personal data and this situation cannot be reversed. For example, masking, aggregation, data corruption, etc. Making personal data unable to be associated with a real person through techniques

Employees, Shareholders and Officials of the Institutions We Collaborate with: Real persons working in the institutions with which our clinic has all kinds of business relations (such as but not limited to business partners, suppliers), including the shareholders and officials of these institutions.

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking

Personal Data Owner: The real person whose personal data is processed. For example, patients and staff

Personal Data: Any information regarding an identified or identifiable natural person. Therefore, processing of information regarding legal entities is not within the scope of the Law. For example, name and surname, TR ID number, e-mail, address, date of birth, credit card number, bank account number, etc.

Patient:A person who applies to our clinic for examination or treatment and receives outpatient or inpatient treatment

Special Personal Data: Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. special quality data

Institution Official: General Manager of the Institution and other authorized real persons

Third Party: Third party real persons who are associated with these persons in order to ensure the security of commercial transactions between our clinic and the above-mentioned parties or to protect the rights of the mentioned persons and to obtain benefits (For example, employees or officials of the company from which service is received, Companion, etc.)

Data Processor: It is a real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. For example, the IT company that keeps our clinic's data, all employees who enter patient data into the system

Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system).

Visitor: Real persons who have entered the physical areas of our clinic for various purposes or visited our websites

 

Implementation of the Policy and Related Legislation

 

The processing and protection of personal data is carried out within the framework of the relevant legal regulations in force. DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. LIMITED COMPANY Personal Data Protection Policy has been prepared in accordance with current regulations.

 

The policy is made by DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. within the framework of the rules set forth by the relevant legislation. TRADE. It was created by integrating with LIMITED COMPANY applications. It carries out the necessary preparations by adhering to the validity periods stipulated in the KVK Law. When necessary, the above-mentioned personal data may be used in accordance with the Health Services Fundamental Law No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Subsidiaries, the Private Hospitals Regulation, the Regulation on the Processing of Personal Health Data and Protection of Privacy and the Ministry of Health regulations, etc. It will be processed within the framework of the legislative provisions and transferred to the physical archives and information systems of our clinic and/or suppliers. As a result, personal data will be protected both digitally and physically in accordance with the legal periods defined in institutional procedures.

 

Ensuring the Security of Personal Data

 

Our clinic takes the necessary technical and administrative measures to ensure the optimum security level in order to prevent the personal data it processes from being processed unlawfully and to ensure the preservation of the data, and carries out the necessary inspections or has them carried out in this context.

 

The actions and measures taken by our clinic to ensure "data security" in accordance with Article 12 of the KVK Law are stated below.

 

• Our clinic takes technical and administrative measures according to technological possibilities and implementation costs to ensure that personal data is processed in accordance with the law. Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of KVKK or use it for purposes other than the purpose of processing, and that this obligation will continue after they leave office, and the necessary commitments are taken from them in this regard.

• Our clinic takes technical and administrative measures to prevent reckless or unauthorized disclosure, access, transfer, or any other form of unlawful access of personal data.

• Our clinic raises awareness as data processing institutions such as business partners and suppliers to whom personal data is transferred, about preventing the unlawful processing of personal data, preventing unlawful access to data, and ensuring the lawful preservation of data.

• The obligations that our clinic, as the data controller, has to comply with when processing personal data and the obligation to comply with the legal, administrative and technical measures it has developed in this regard. Contracts are made with data processing institutions, with which our clinic has relations in various capacities such as supplier, business partner, in accordance with the nature of the activities they carry out in data processing

• Our clinic carries out the necessary inspections or has them done. These audit results are reported to the relevant department within the scope of the internal functioning of the Institution and the necessary activities are carried out to improve the measures taken.

• Our clinic will handle this situation as soon as possible if personal data processed in accordance with Article 12 of the Personal Data Protection Law is obtained by others through illegal means. It operates the system that ensures notification to the relevant personal data owner and the KVK Board in a timely manner.

 

Rights of the Data Owner; Claiming Rights, Communication Channels and Evaluation of Data Owners' Requests

 

Our clinic carries out the necessary channels, internal operation, administrative and technical regulations in accordance with Article 13 of the Personal Data Protection Law in order to evaluate the rights of personal data owners and to provide the necessary information to personal data owners.

If personal data owners submit their requests regarding their rights listed below to our Clinic in writing, in person and with a specially authorized power of attorney, our Clinic finalizes the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. Personal data owners;
 

• Learning whether personal data is processed or not,

• Requesting information if personal data has been processed,

• Learning the purpose of processing personal data and whether they are used for their intended purpose,

• Knowing the third parties to whom personal data is transferred domestically or abroad,

• Requesting correction of personal data if they are incomplete or incorrectly processed,

• Requesting the deletion or destruction of personal data,

• In case of correction, deletion or destruction of personal data, requesting that these transactions be notified to third parties to whom personal data has been transferred,

• Objecting to the emergence of a result that is unfavorable to the person by analyzing the processed data exclusively through automatic systems,

• They have the right to demand compensation for the damage if they suffer damage due to unlawful processing of personal data.

 

In accordance with the 1st paragraph of Article 13 of the KVK Law, the request for the exercise of the above-mentioned rights must be submitted to our Clinic (data controller) in "writing".

 

In order to exercise the rights specified within the framework of KVK, the request must be forwarded to our Clinic, along with the necessary identifying information and explanations about the rights desired to be used, stating which right specified in Article 11 of the Law relates to the exercise; It will ensure that the application regarding the request is answered more quickly and effectively.

 

Protection of Special Personal Data

 

DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. LIMITED COMPANY protects personal data meticulously with its technical and administrative facilities. The security measures taken by our clinic are provided at an optimum level, taking into account technological possibilities and possible risks.

 

A group of personal data is defined as "personal data of special nature" in the KVK Law due to the risk of causing victimization or discrimination when processed unlawfully.

 

These data; Data regarding race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.

 

Care is taken to protect the data defined above, which are determined as "special nature" by the Personal Data Protection Law and processed in accordance with the law.

 

Enlightening and Informing the Personal Data Owner

 

In accordance with Article 10 of the KVK Law, it informs personal data owners during the acquisition of personal data. In this context, our Clinic informs the personal data owners about the identity of our Clinic during the collection of their personal data, the purpose for which the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason of collecting personal data, and the rights that the personal data owner has within the scope of Article 11 of the Personal Data Protection Law. provides relevant lighting.

 

Article 20 of the Constitution states that everyone has the right to be informed about their personal data. In this regard, in Article 11 of the Personal Data Protection Law, "requesting information" is also included among the rights of the personal data owner. In this context, our clinic provides the necessary information if the personal data owner requests information in accordance with Article 20 of the Constitution and Article 11 of the Personal Data Protection Law.

 

Our clinic informs the relevant parties about personal data processing activities and ensures accountability and transparency within this framework by announcing the institutional policy on the protection of personal data to personal data owners and those concerned through various publicly available documents. In addition, our clinic's contact persons; It also informs people about its activities and the articles of the law through different methods, especially when it requests the "explicit consent" of people.

 

Processing of Personal Data

 

Our clinic, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; accurate and up-to-date, in compliance with the law and the rules of honesty; Pursuing specific, clear and legitimate purposes; engages in personal data processing in a limited and measured manner in connection with the purpose.

 

Our clinic retains personal data for the period stipulated by law or required by the purpose of processing personal data.

 

In accordance with Article 20 of the Constitution and Article 5 of the KVK Law, our clinic processes personal data based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.

 

Our clinic acts in accordance with the regulations stipulated in the processing of special personal data in accordance with Article 6 of the Personal Data Protection Law.

 

In accordance with the 8th and 9th articles of the KVK Law, our clinic complies with the regulations stipulated in the law and put forward by the KVK Board regarding the transfer of personal data.

 

Processing of Personal Data in Accordance with the Principles Provided in the Legislation

 

Processing in Compliance with the Law and the Rules of Honesty

 

Our clinic; It acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. Our clinic takes into account the proportionality requirements in the processing of personal data and does not use personal data for purposes other than its intended purpose.

 

Ensuring Personal Data is Accurate and Up-to-Date When Necessary

 

Our clinic; It takes the necessary measures to ensure that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and its own legal interests.

 

Processing for Specific, Clear and Legitimate Purposes

 

Our clinic clearly and precisely determines the purpose of processing personal data that is legitimate and lawful. Our clinic processes personal data in connection with the service it offers and as much as is necessary for them. The purpose for which personal data will be processed is notified by our clinic before the personal data processing activity begins.

 

Being Related to the Purpose for Processing, Limited and Proportionate

 

Our clinic processes personal data in a manner suitable for achieving the specified purposes and avoids the processing of personal data that is not relevant or needed to achieve the purpose. For example, personal data processing activities are not carried out to meet needs that may arise later.

 

Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed

 

Our clinic retains personal data only for the period specified in the relevant legislation or necessary for the purpose for which they are processed. In this context, our Clinic first determines whether a period of time is stipulated in the relevant legislation for the storage of personal data, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores personal data for the period necessary for the purpose for which they are processed. If the period expires or the reasons requiring processing disappear, personal data is deleted, destroyed or anonymized by our Clinic.

 

Conditions for Processing Personal Data

 

Protection of personal data is a Constitutional right. In accordance with the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by law or with the explicit consent of the person. Our clinic is in this direction and in accordance with the Constitution; It processes personal data only in cases stipulated by law or with the express consent of the person.

 

Although the legal basis for processing personal data by our clinic varies, all kinds of personal data processing activities are carried out in accordance with the general principles specified in Article 4 of Law No. 6698.

 

Explicit consent of the personal data owner is only one of the legal bases that allow personal data to be processed in accordance with the law. Apart from explicit consent, personal data may also be processed if one of the other conditions listed below is met. The basis for personal data processing may be only one of the conditions listed below, or more than one of these conditions may be the basis for the same personal data processing activity. If the processed data is special personal data; The following conditions apply.

 

• Explicit Consent of the Personal Data Owner

• Clearly Provided in Laws

• Failure to Obtain Explicit Consent of the Person Relevant Due to Actual Impossibility

• Being Directly Related to the Establishment or Performance of the Contract

• Fulfillment of the Institution's Legal Obligations

• Personal Data Owner's Publicization of Personal Data

• Data Processing is Necessary for the Establishment or Protection of a Right

• Data Processing is Necessary for the Legitimate Interests of Our Clinic

 

Processing of Special Personal Data

 

Our clinic strictly complies with the regulations stipulated in the KVK Law in the processing of personal data determined as "special nature" by the KVK Law.

 

In Article 6 of the KVK Law, some personal data that poses the risk of causing victimization or discrimination to individuals when processed unlawfully are designated as "special nature". These data; Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.

 

By our Clinic in accordance with the KVK Law; Special categories of personal data are processed in the following cases, provided that adequate measures are taken to be determined by the KVK Board:

 

• If there is explicit consent of the personal data owner, or

• If there is no explicit consent of the personal data owner;

• Special categories of personal data, other than the health and sexual life of the personal data owner, in cases stipulated by law,

• Special personal data regarding the personal data owner's health and sexual life can only be used for the protection of public health, preventive medicine, medical diagnosis, treatment and. It is processed by persons under the obligation of confidentiality or authorized institutions and organizations for the purpose of carrying out care services, planning and management of health services and their financing

 

Transfer of Personal Data

 

Our clinic can transfer the personal data and sensitive personal data of the personal data owner to third parties at home and abroad (third party companies, institutions, group companies, third real parties) by taking the necessary security measures in line with the legal personal data processing purposes. In this regard, our clinic acts in accordance with the regulations stipulated in Article 8 of the KVK Law.

 

Your personal data may be transferred to DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. within the scope of the Law and other legislation and for the purposes stated above. TRADE. LIMITED COMPANY Medical Centers, Group Companies, Universities, Ministry of Health, its sub-units and family medicine centers, private insurance companies (health, retirement and life insurance and similar), Social Security Institution, General Directorate of Security and other law enforcement forces, General Directorate of Population. , Turkish Pharmacists Association, courts and all public institutions and organizations without being bound by this, laboratories in the country or abroad with which we cooperate for medical diagnosis, medical centers and third parties providing health services, the health institution to which the patient is referred or to which the patient himself applies. , your authorized representatives, the institution you are affiliated with and/or you work for, third parties from whom we receive consultancy, including lawyers, tax consultants and auditors, regulatory and supervisory institutions and official authorities, the systems within the country or abroad and/or our Hospital. It can be shared with the companies within the group of companies to which it is affiliated, our suppliers, support service providers and business partners whose services we benefit from or cooperate with (you can contact our Clinic in writing for more detailed information). 

 

 

Personal Data Received for Physical Space Security

 

Building and Facility Entrances, Personal Data Processing Activities Performed within the Building and Facility, and Website Visitors

 

Our clinic complies with the regulations in the KVKK when carrying out camera monitoring activities for security purposes.

 

Personal data processing activities are carried out to monitor the entrance and exit of patients, staff, visitors and supplier company employees through security camera monitoring in our clinic's buildings and facilities.

 

Personal data processing is carried out by our Clinic by using security cameras and recording guest entries and exits. In this context, our Clinic acts in accordance with the Constitution, KVK Law and other relevant legislation.

 

Video recordings of our visitors and audio recordings are taken where necessary through the camera monitoring system at the building, facility entrances and inside the facility of our clinic.

 

Our clinic, within the scope of surveillance activities with security cameras; It aims to improve the quality of the service provided, to ensure its reliability, to ensure the safety of the institution, patients and employees, and to protect the interests of patients regarding the healthcare and other services they receive.

 

The camera monitoring activity carried out by our clinic is carried out in accordance with the Law on Private Security Services and relevant legislation.

 

Only authorized institution employees and/or supplier company employees have access to the records recorded and preserved digitally. Live camera footage can be monitored by outsourced security personnel.

 

Camera recordings are stored for ____.

 

In accordance with Article 12 of the KVK Law, our clinic takes the necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring activities.

 

Conditions for Deletion, Destruction and Anonymization of Personal Data

 

Even though it has been processed in accordance with the provisions of the relevant law, as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data will be deleted, destroyed or anonymized in accordance with the relevant procedures of our Clinic or upon the request of the personal data owner, in case the reasons requiring processing are eliminated. is brought.

 

In this context, our Clinic trains, assigns and raises the awareness of relevant business units in order to fulfill its relevant obligations. While the names and surnames of the people who come to our clinic buildings are obtained, or through texts posted at the Institution or made available to guests in other ways, the personal data owners in question are clarified in this context.

To ensure the security of our clinic and for the purposes specified in this Policy; Our Clinic can provide internet access to our Visitors upon request during their stay in our Buildings and Facilities. In this case, log records regarding internet access are recorded in accordance with Law No. 5651 and the mandatory provisions of the legislation issued in accordance with this Law; These records are processed only upon request by authorized public institutions and organizations or to fulfill our legal obligations during audit processes to be carried out within the Institution.

 

Only a limited number of Institution employees have access to the log records obtained in this context. Institution employees who have access to the aforementioned records access these records only for use in requests or audit processes from authorized public institutions and organizations and communicate with legally authorized persons.

 

shares. A limited number of people who have access to the records declare with a confidentiality agreement that they will protect the confidentiality of the data they access.

 

On the websites owned by our clinic; To ensure that people visiting these sites carry out their visits on the sites in accordance with the purposes of their visit; Internet movements within the site are recorded by technical means in order to show them customized content and engage in online promotional activities.

 

Detailed explanations regarding the protection and processing of personal data regarding these activities carried out by our clinic are included in the "Website Privacy Policy" texts of the relevant websites.

 

Policy Going into Force

 

DTO ÖZEL SAĞLIK HİZMETLERİ TURİZM İNŞ. TRADE. LIMITED COMPANY Personal Data Protection and Processing Policy comes into force on 18.08.2021. In case the entire Policy or certain articles are renewed, the effective date of the Policy is the date on which that article is revised for the renewed article.

 

Policy, is published. of our clinic Internet on the site www.thepearlclinicantalya.com is published