Personal Data Protection and Processing Policy
Data officer Dr. Merdan Çelik Practice, within the framework of the determined superior service quality, respect for the rights of individuals, transparency and honesty, in line with the regulations determined by the Personal Data Protection Law, it is of great importance to protect the personal data of its customers, employees and other real persons with whom it is in contact. Great importance is attached to the privacy of the patients and the preservation of all personal data of our patients by processing them in the best possible way and with care. This policy has been prepared in order to protect and process the personal data of our patients, as well as companions, visitors and employees of institutions and organizations we cooperate with, within the framework of the basic principles in the legislation.
The purpose of this Policy is to provide transparency by informing the persons whose personal data is processed, especially our patients, companions, visitors, employees and institution officials, employees of the institutions we cooperate with, officials and third parties within the scope of the personal data processing activity carried out by our practice in accordance with the legislation . In this context, administrative and technical measures are taken to process and protect personal data in accordance with the Law No. 6698 and the relevant legislation. Within the scope of this policy, natural persons whose personal data are processed are defined as Data Subject, Relevant Person or Personal Data Owner.
Explicit Consent: Consent about a specific subject, based on information and expressed with free will.
Anonymization: It is the change of personal data in such a way that it loses its quality as personal data and this situation cannot be undone. For example masking, aggregation, data corruption etc. making personal data incapable of being associated with a natural person with techniques. It is possible to anonymize personal data for various purposes, but in accordance with the request and / or consent of the person concerned, without violating the scope of KVKK and express consent. Necessary measures will be taken in our practice so that the anonymized personal data is not made identifiable by various methods.
Employees, Shareholders and Officials of the Institutions We Collaborate with: Refers to the natural persons, including the shareholders and officials of these institutions, who work in the institutions (such as but not limited to business partners, suppliers) with which we have any business relationship.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data in whole or in part by automatic or non-automatic means, provided that it is a part of any data recording system . means all kinds of operations performed on data such as classification or prevention of use.
Personal Data : Means any information relating to an identified or identifiable real person. All information that makes the person identifiable is arranged as personal data, and information such as TR Identity Number, Name and Surname, e-mail address, telephone number, residence address, date of birth, bank account number can be given as examples of personal data.
Sensitive Personal Data: Data related to race, ethnic origin , political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. data refers to data of special nature.
Third Party: Refers to the third-party real persons who are related to the above -mentioned parties in order to ensure the security of commercial transactions or to protect the rights of the aforementioned persons and to obtain benefits. (For example, employees or officials of the company from which service is received, Companion etc.)
Data Processor: Refers to the real and legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller . For example, the IT firm that holds our Data.
Data Controller: It refers to the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).
Within the scope of KVKK, our practice has the title of data controller and has been registered in the VERBIS system. A team (Personal Data Controller Team) has been established from our practice. In cases where a decision is required, the Personal Data Supervisor team takes the opinion of a legal expert on personal data, and after the approval of the management, the decision taken is put into practice.
Although the personal data processed may vary depending on the health services provided, they are collected by physical and/or digital methods. Our patients, physicians, healthcare personnel, etc. Special quality personal data and general quality personal data, especially health data collected verbally, in writing or digitally, through our employees, subcontractors and their employees and companies engaged in all kinds of commercial activities, our call center, the website of our practice, online services and similar means is processed for the following and other purposes that may arise in the future:
· Execution of medical diagnosis, treatment and care services,
· Protection of public health,
Planning and management of preventive medicine health services and financing ,
· To inform our patients about the appointment
Planning and managing internal procedures,
Making analysis for the purpose of improving the fulfillment of health services in accordance with the legislation,
Performing risk management and quality improvement activities,
· Conducting research,
· Fulfillment of legal and regulatory requirements,
Invoicing for our services,
Confirmation of your identity
Confirming your relationship with contracted institutions,
Sharing all kinds of information requested by private insurance companies within the scope of financing health services ,
· To be able to answer all your questions and complaints about our health services ,
· Taking all necessary technical and administrative measures within the scope of data security ,
Ensuring financial reconciliation regarding the health services offered to you with the contracted institutions, banks and all institutions (public and private) from which health expenditures are collected,
Sharing the requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation,
Measuring patient satisfaction, increasing patient satisfaction,
· It may be collected and processed for the fulfillment of purposes such as fulfilling our contracts and legal obligations.
CATEGORIZATION OF PROCESSED PERSONAL DATA
Identity Information: All information regarding the identity of the person in documents such as driver's license, identity card, passport, attorney's ID, marriage certificate .
Contact Information : Information for contacting the data owner such as phone number, address, residence, e-mail
Location Data: Data that clearly belongs to an identified or identifiable real person and is included in the data recording system, which helps to identify the location of the data owner.
Family Members and Relatives: Information about the family members and relatives of the personal data owner, which is clearly belonging to an identified or identifiable real person, is included in the data recording system, and is processed in order to protect the legal interests of the relevant Institution and the data owner.
Physical Space: Personal data related to records and documents such as camera recordings, fingerprint records, visual and audio recordings
Process Security Information: Personal data processed to ensure our technical, administrative, legal and commercial security while carrying out our activities
Financial Information: Personal data processed for information, documents and records showing all kinds of financial results
Employee Candidate Information : Personal data processed about individuals who have applied to be an employee (cv or resume information)
Personnel Information: Payroll Information, Disciplinary Investigation, SSI information, employment entry -exit document records, property declaration information, resume information, information about performance evaluation reports, interview results, content of the employment contract, information about starting employment, information about termination of employment. personal data
Legal Action: Personal data processed within the scope of our legal obligations with the determination and follow-up of our legal receivables and rights, and the performance of our debts
The above personal data are included in the Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates , Regulation on Private Hospitals, Regulation on Personal Health Data and regulations of the Ministry of Health, etc. It can be processed within the framework of the provisions of the legislation and transferred to the physical archives and information systems of our practice and/or our suppliers.
Our practice accepts that personal data will be processed in accordance with the following principles:
• Compliance with the law and the rule of honesty,
• Ensuring that personal data is accurate and up-to-date when necessary ,
• Processing for specific, clear and legitimate purposes,
• Being limited and proportional to the purpose for which they are processed,
• As long as required by the relevant legislation or for the purpose for which they are processed. preservation
The explicit consent of the personal data owner is only one of the legal bases that allow the processing of personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity may be only one of the conditions stated below, or more than one of these conditions may be the basis of the same personal data processing activity. In case the processed data is special quality personal data, the following conditions apply:
· Finding the Explicit Consent of the Personal Data Owner ,
· Clearly Predicted in Laws ,
· Failure to Obtain the Explicit Consent of the Related Person Due to the Cause of Actual Impossibility
· Directly Related to the Establishment or Performance of the Contract
· Fulfilling the Legal Obligation of the Practice :
· Publicizing the Personal Data of the Personal Data Owner:
· Mandatory Data Processing for the Establishment or Protection of a Right :
· Obligatory Data Processing for the Legitimate Interest of Our Practice, (The expression of legitimate interests of the practice cannot under any circumstances be contrary to the principles determined by the KVKK, the purpose of processing personal data, and cannot interfere with the essence of the right guaranteed by the Constitution.)
Special categories of personal data are processed by our practice in the following cases, provided that adequate measures to be determined by the Personal Data Protection Board are taken:
If the personal data owner has express consent, or
· If the personal data owner does not have express consent; Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,
Special categories of personal data relating to the health and sexual life of the personal data owner , only for the purposes of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, or persons or authorized institutions under the obligation of confidentiality. processed by organizations.
TECHNICAL AND ADMINISTRATIVE MEASURES
Our practice takes the necessary technical and administrative measures according to the technological possibilities and implementation cost regarding the following issues in accordance with the provisions of Article 12 of the KVKK and the Regulations, the general principles stated above, and the decisions of this Policy and the Personal Data Protection Board:
· Required software and hardware have been determined. Strong passwords are used on computers and e-mail accounts .
· What needs to be protected in terms of the protection of customer information has been conveyed to our personnel through trainings, and their responsibilities with employment contracts have been put into writing. (Confidentiality Agreements) This obligation continues even after the persons concerned leave their positions.
· Necessary infrastructure has been established for the backup of all data.
· Employees who can access data on computers have been identified.
· Customer files and information are only given to the persons concerned, to their relatives to whom they have given written consent, to the relevant public institutions and organizations within the framework of their legislation, and to the competent judicial authorities in judicial cases.
· Before starting to process personal data, the Authority fulfills the obligation to inform the relevant persons.
· Personal data processing inventory has been prepared.
These personal data owners are enlightened on these issues through texts posted in our practice or made available to our guests in other ways .
You
Copyright ©2024 All rights reserved
Web design : Webtilian