PERSONAL DATA PROTECTION LAW NO. 6698 (GDPR) INFORMATION AND CLARIFICATION TEXT
”ÖZEL SALİHLİ GUVEN HEALTH HIZ. A.Ş.” as; We pay utmost attention to the processing and protection of your personal data. In accordance with the Personal Data Protection Law, Health Services Fundamental Law, Regulation on Personal Health Data, Private Hospitals Regulation, Patient Rights Regulation and relevant legislation, as the data controller; All necessary technical and administrative measures are taken to prevent unlawful processing of personal data, to prevent unlawful access to personal data, and to ensure the preservation of personal data.
In accordance with Article 10 of the Personal Data Protection law; We inform you with this information text and the policies created to cover our patients, patient companions, patient relatives, visitors, suppliers, service providers, managers and employees, business/solution partners, public institutions and organizations with which we are in contact, employees of private law entities and relevant third parties.
This clarification text is in accordance with Article 10 of the Personal Data Protection Law (“Law”), Article 5/8 of the Regulation on Personal Health Data. and “ÖZEL SALİHLİ GÜVEN SAĞLIK HİZ” as the data controller within the scope of the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation. Prepared by A.Ş.
1- Data Controller:
Zafer Mah. Located at 629 Sokak No: 27 Salihli/MANİSA, Tax Number 6860414419, Mersis Number 0686041441900014, ‘ÖZEL SALİHLİ GÜVEN SAĞLIK HİZ.’ A.Ş. will hereinafter be referred to as “PRIVATE MEDİGÜNEŞ HOSPITAL”.
It processes your personal data as “Data Controller” as defined in Article 3 of the Personal Data Protection Law.
2- Purposes for which Personal Data will be processed:
Your personal data collected in accordance with the Personal Data Protection Law, the Health Services Fundamental Law, the Regulation on Personal Health Data, the Private Hospitals Regulation, the Patient Rights Regulation and the relevant legislation, in whole or in part, automatically or as part of any data recording system, in accordance with the principles stipulated in the law. It is obtained, recorded, stored, changed, rearranged and processed by non-automatic means.
Your personal data is processed within the scope of Hospital activities for the following purposes in accordance with Articles 4, 5, 6 of the Law and relevant legislation:
▪ Protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and managing the financing of health services,
▪ In accordance with the relevant legislation to which we are subject, to share the information we have obtained regarding health services with the Ministry of Health, Social Security Institution and other relevant public institutions and organizations, to respond to the requests of the institutions, to make necessary notifications to the relevant public institutions and organizations, to fulfill legal obligations,
▪ Ensuring that the data that must be kept in accordance with the legislation within the scope of the health service we provide is preserved,
▪ To confirm your identity, to confirm your legal contact with contracted institutions within the scope of the health services provided, to ensure billing and financial reconciliation, to make notifications arising from the legislation to relevant institutions and organizations such as birth, death, and judicial cases,
▪ Making an appointment within the scope of our health services, creating an appointment, providing the necessary information, ensuring patient, patient relatives and visitor satisfaction, following the request and complaint processes, making examinations and evaluations required for the health services provided,
▪ To improve hospital services, to continue corporate development activities, to continue advertising and marketing activities, to maintain the hospital’s financial and accounting, administrative, legal and technical business processes, to carry out risk management and quality improvement processes,
▪ Establishing and ensuring the execution of contracts made or to be made between our hospital and patients, suppliers, service providers and consultants with whom it has legal relations, relevant institutions and organizations, and third parties,
▪ The hospital’s obligation to prove evidence in legal disputes with third parties,
▪ To ensure communication between our hospital and relevant persons and organizations, to ensure the necessary contact through our website, online applications, social media accounts, to maintain the necessary processes for filling out the relevant electronic and physical forms, to ensure the transaction security of the relevant persons,
▪ Providing necessary information to regulatory and supervisory official institutions and private law legal entities,
▪ To ensure the supply of medical drugs, materials or devices, and the invoicing and payment transactions for the services provided;
▪ Monitoring the security of our patients, visitors and relevant third parties through the closed circuit camera recording system, ensuring legal, technical and commercial occupational safety, and preventing criminal behavior of third parties,
In line with the above-mentioned purposes and limited to Hospital activities, your personal data listed below is processed.
▪ Your Identity Information (T.R. identity / foreign identity number, name and surname, place and date of birth, mother and father’s name, marital status, gender, passport, foreign identity document, identity information on your driver’s license, your population identity document or identity sharing other population identification information on the system, patient number for patients, patient protocol number)
▪ Your contact information (phone numbers, contact address, e-mail address)
▪ Financial Information (Billing and payment information, bank account number, IBAN number, credit card information, private insurance information within the scope of financial payment, policy information, General Health Insurance information, financial information received within the scope of notifications to be made to SSI and the Ministry of Health, payroll, expenses advance payment information, tax identification number, tax office information, invoices, delivery notes, signature circulars, personal information on delivery receipt documents, information in annexes to contracts made with third parties)
▪ Legal Transaction Information (Legal contact with relevant persons and services provided, personal information in correspondence with courts, prosecutor’s offices, mediators, arbitral tribunals, judicial authorities within the scope of legal disputes, information in case and enforcement files, notification to police departments for identity verification purposes in terms of patients and companions Identity, communication, patient, patient relatives, personal information entered into the system in the required legal notifications, personal information contained in the minutes and forms kept in cases of torts, legal disputes and other cases that occur during visitors’ visits to our hospital,
▪ Your location information (location information of your current location)
▪ Visual and Audio Records (Health reports prepared within the scope of hospital activities, your photographs on the documents, making appointments, printed forms filled in electronic and physical environments, photographic information on your documents and official identity documents, protection of public health, medical diagnosis, treatment and your photographs, videos/images in camera recordings shared on the hospital website, our social media accounts or written and visual media, third party social media channels for the purpose of carrying out care services, promotion and information)
▪ Physical Space Security Information (Your video camera recording information, information on the forms kept),
▪ Within the scope of hospital activities, in accordance with the legitimate interests of the hospital, for promotion, advertising and information purposes, on the hospital website, social media accounts, mobile applications, promotional brochures, promotion, information,
▪ For the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, by persons under the obligation of confidentiality or authorized institutions and organizations, with the express consent of the relevant person, in written, visual media, on the website. images, personal data of patients in the photos and videos shared on our social media accounts,
▪ Request and Complaint Information (Information and records collected from electronic and physical environments of the relevant persons, evaluation of requests and complaints received through the internet and social media, call center, and information on the management process)
▪ Health Information (Processed within the scope of the activities of protecting public health, preventive medicine, medical diagnosis, treatment and care services for patients; examination, all kinds of laboratory, imaging and test results, patient diagnosis, diagnosis, treatment, prescription, drug information, doctor analysis and comments, patient history (anamnesia) information, check-up information, examination information, diagnosis and prescription information, health reports, nutrition, diet information and all health information received within the scope of health services, medical board reports, your personal data regarding diagnosis and treatment procedures. being processed)
▪ Sexual Life and Genetic Data (personal data within the scope of all kinds of sexual life and genetic data of patients, limited to the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing within the scope of health services provided )
3- To whom and for what purpose the processed personal data can be transferred
Your personal data processed by our hospital is transferred to real and legal persons for the following purposes in accordance with the relevant legislation to which our hospital is subject and Articles 8 and 9 of the Personal Data Protection Law:
In order to fulfill the legal obligations stipulated in the relevant legislation, the Ministry of Health, its sub-units, family medicine centers, the Social Security Institution, the General Directorate of Security and its affiliated organizations, other law enforcement forces, the General Directorate of Population and Citizenship Affairs, the Turkish Pharmacists Association, the Revenue Administration, the Tax Administration. All relevant public institutions and organizations, including departments, and professional organizations that are public institutions,
▪ University hospitals, public hospitals, private hospitals, medical faculties, laboratories, medical centers and third parties providing health services, other health institutions with which we cooperate for the purpose of performing medical diagnosis, examination, treatment and referral procedures,
▪ In order to carry out the occupational health and safety processes of the relevant people, within the scope of occupational health and safety measures, the health information of the employees is transferred to the persons and organizations from which relevant health services are received, private insurance companies,
▪ For the protection of public health, execution of medical diagnosis, treatment and care services, promotion and information, your photographs, videos/images in camera recordings taken based on your explicit consent will be shared with written and visual media organs, relevant press institutions and organizations, third party websites, social media. to its channels,
▪ To banks, financial institutions, public and private legal entities, public officials, in order to carry out the financial transactions of relevant persons,
▪ To prosecutors’ offices, courts, mediators, enforcement offices and relevant legal institutions and organizations, upon request and limited to the purpose of request in accordance with the legislation, in matters related to public security and legal disputes,
▪ Software, hardware, informatics and technology companies at home and abroad for the purpose of installing computer operating systems and computer programs used in our hospital, ensuring the security of electronic data, and performing maintenance and repair operations of the programs,
▪ In order to carry out hospital activities and fulfill mutual obligations; ”PRIVATE MEDİGÜNEŞ HOSPITAL” to our business/solution partners, service providers, suppliers,
▪ Together with the relevant person groups listed above, to our hospital’s employees, legal, financial and tax consultants, regulatory and supervisory institutions, auditors and official authorities, relevant ministries, authorized public institutions and organizations, persons, institutions and organizations permitted by the payment service legislation provisions,
▪ In terms of personal data of special nature, in accordance with the legal regulation, with explicit consent when necessary, in accordance with the legislation and limited to the purpose of transfer, for the purpose of protecting public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and financing, without seeking the express consent of the relevant person. Your personal data is transferred including:
4. Duration
Your personal data is stored by the Company for 25 (twenty-five) years, provided that it is not less than the statute of limitations of the legal relationship to which the data is subject. Our hospital’s general physical space security information will be stored for 3 (three) months, or for 12 (twelve) months if you use the emergency service. After the period has passed, your personal data will be deleted, destroyed and/or anonymized by the Company or upon your request, using methods within the scope of the Personal Data Protection Law and relevant regulations. You can always withdraw your consent for the processing of personal data other than data that must be processed by law.
Data Transfer Abroad:
4/2 of the Personal Data Protection Law. In accordance with the principles set out in the article, by obtaining explicit consent texts regarding the personal data of the relevant persons processed in accordance with the principles set out in Article 5/2., 6/3 of the Law. In the cases stipulated in the articles, after foreign countries with sufficient protection to be determined by the Personal Data Protection Board (“Board”) are declared, in accordance with the rules in Article 9 of the Law, without explicit consent, only to persons and organizations resident in these countries are determined and declared as not having sufficient protection. For the countries where data is transferred, it can be transferred provided that it is limited to hospital activities, provided that the data controllers in Turkey and the relevant foreign country undertake to provide adequate protection in writing and the necessary permissions are obtained from the Personal Data Protection Board for the relevant transfer. Within the framework of the limits stipulated by the legislation, by taking all necessary measures, within the scope of your legal relationship and activity with our hospital, in accordance with the legislation and limited to the purpose of transferring the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing. identity, communication, transaction security, service area/customer transaction information, financial information, visual and audio data, health information, sexual life information, genetics of the relevant persons through the applications used, software programs, website, mobile applications, social media accounts. Your personal information of relevant persons such as data, protocol number, patient number may be transferred abroad.
6. Method and Legal Reasons for Collecting Personal Data:
Your personal data; The services we offer are in line with the personal data processing purposes stated above; using software and hardware programs offered in electronic environments, using call center, live support services, filling out forms on the website through our mobile applications, call center, social media accounts, e-mail channels, creating memberships, using online services, receiving patient applications, registration. transactions, arranging printed forms, performing medical diagnosis, treatment and health services within the scope of health services, creating personnel files, arranging and executing contracts, processing accounting, finance, financial and legal transaction information, fully or partially automatic or any data processing. Your personal data is processed and collected by non-automatic means, provided that it is part of the registration system.
Your personal data and special personal data; It is processed based on the explicit consent of the relevant person, in accordance with the legal regulations to which our hospital is subject. In addition, your personal data is processed based on the legal reasons stated below, without explicit consent. According to this; your personal data,
▪ Since it is clearly stipulated in the law,
▪ It is necessary for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity.
▪ It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or execution of contracts between our hospital and real and legal persons,
▪ The personal data has been made public by the relevant person himself,
▪ Data processing is mandatory for the establishment, exercise or protection of a right,
▪ For the reasons that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person,
Articles 5 and 6 of the Personal Data Protection Law, Article 5/1-h of the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation. It is processed, collected and transferred limited to the specified purposes in accordance with the article. Your personal data is kept within the scope of hospital activities for the period specified in the relevant legislation.
Rights of the Personal Data Owner (Right of Application):
As the data controller, you can submit your requests within the scope of Article 11 of the Personal Data Protection Law, which “regulates the rights of the relevant person”, in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller;
“PRIVATE MEDİGÜNEŞ HASTANESİ” (Zafer Mah. 629 Sokak No: 27 Salihli/MANİSA) by the relevant person who is the personal data owner, by filling out the APPLICATION FORM at https://www.medigunes.com.tr/ and submitting a signed copy of the form. You can personally deliver a copy to the hospital address along with documents that identify you, or by sending an e-mail to ozelsalihli.mediguven@hs02.kep.tr by using a secure electronic signature, mobile signature or the e-mail address you have notified to our hospital and registered in our hospital system, and by making a personal application. , You can submit your application through a notary or through the methods determined by the Personal Data Protection Authority.
In accordance with Article 11 of the Law; Everyone can contact the data controller regarding himself/herself;
a. Learning whether personal data is processed or not,
b. Requesting information if personal data has been processed,
c. Learning the purpose of processing personal data and whether they are used for their intended purpose,
D. Knowing the third parties to whom personal data is transferred at home or abroad,
to. Requesting correction of personal data if it is incomplete or incorrectly processed,
f. Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
g. In case of correction, deletion or destruction of personal data, request that these transactions be notified to third parties to whom personal data have been transferred,
h. Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
i. Kişisel verilerin kanuna aykırı olarak işlenmesi sebebiyle zarara uğraması hâlinde zararın giderilmesini talep etme, haklarına sahiptir.
KVK Law No. 6698 13/1. In accordance with the article, you must submit your applications to our Hospital in writing or by the above-mentioned methods determined by the KVKK Institution, in order to exercise your above-mentioned rights. Our hospital will finalize your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board will be charged. In this context, if the application of the relevant person is responded to in writing, no fee will be charged for up to ten pages, and a processing fee of 1 TL will be charged for each page over ten pages. If the response to the application is given in an electronic recording medium such as a CD or flash memory, the fee that may be requested by our hospital will not exceed the cost required by the recording medium.
In accordance with Article 10 of the Personal Data Protection Law No. 6698 titled “Information Obligation of the Data Controller”, who will process my personal data and for what purpose, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and Article 11 of the Law. I have read and understood this Clarification Text prepared regarding my rights in the article, and I have been informed in detail about this by “PRIVATE MEDİGÜNEŞ HOSPITAL”, which has the title of data controller.