PERSONAL DATA PROTECTION POLICY OF AYDINLAR SAĞLIK HİZMETLERİ A.Ş.
PURPOSE AND SCOPE
In accordance with the Law on the Protection of Personal Data No. 6698 (hereinafter to be referred as "KVKK"), your personal data can be processed by Aydınlar Sağlık Hizmetleri A.Ş. (hereinafter to be referred as “Company”) under the title of Data Supervisor and limited to our commercial activities through recording, archiving, updating, transferring and/or classifying as explained below in order to carry out medical health services, to ensure maximum customer satisfaction, and to resolve your questions and problems quickly; limited to our commercial activity.
We would like to point out that in accordance with the laws and regulations prepared to protect the fundamental rights and freedom of individuals, personal data and especially the privacy of private life, our Company takes all necessary technical and administrative measures by providing the maximum level of security in order to prevent unlawful processing of your personal data, to avoid unlawful access to your personal data and ensuring its protection.
The policy on the protection of these personal data covers the legal personality of our Company, its partners and executives, employees, clients and third parties.
METHODS OF OBTAINING YOUR PERSONEL DATA
- Using certain parts of while browsing our Company’s web site
- Filling of certain forms
- Information sharing by yourselves while reaching our Company via telephone or e-mail address on our web site.
- Your personal data are obtained for the purpose of applying the existing Company policies and procedures by methods like (including but not limited to) using our website or sharing data with our Company via e-mail or mobile applications. However, the methods mentioned are just examples and the methods of obtaining your data are not limited to these.
YOUR PERSONEL DATA PROCESSED BY OUR COMPANY
Your personal data which is processed by our Company under the title of Data Supervisor and considered as personal data with regards to KVKK (the Law on the Protection of Personal Data No. 6698) are shown below. However, the mentioned data are not limited to these.
- Your identity data such as your name, your surname, Turkish Republic (TR) ID Number, your passport or temporary TR ID number in case you are not a Turkish citizen, place and date of birth, marital status, gender and photocopy of your TR ID Card, Passport or Driver’s License,
- Your contact data such as address, phone number and e-mail,
- Your data such as profession, bank account number or IBAN,
- Your private health insurance and Social Security Institution data for the purpose of financing and planning your healthcare services,
- Browsing data, IP address and browser information obtained during the use of our Company web site and mobile application.
In addition to your personal data listed above, your sensitive personal data which are listed below but not limited to them are also processed by our Company.
- Your health data obtained during the execution of medical diagnosis, treatment and care services such as test results, examination data and prescription details
- Images recorded by our closed-circuit camera system during your visit to our clinics
- Oral and Dental Before and After photos
- Panoramic X-ray and tomography images
- Your Anamnesis Information and Treatment Planning
OUR PURPOSE OF PROCESSING YOUR PERSONAL DATA AND LEGAL BASES
Your personal data are processed for the purpose of
- Informing you about your appointment,
- Confirming your ID,
- Confirming your relationship with the contracted institutions
- Financing of your health services, covering of your examination, diagnosis and treatment expenses, sharing your requested information with private insurance companies,
- Making analysis for the purpose of improving our healthcare services, training our employees,
- Performing quality improvement activities,
- Responding to all your questions and complaints regarding health services,
- Taking all necessary technical and administrative measures within the context of your data security
- Participating in the campaigns and providing campaign information
- Measuring, increasing, and researching patient satisfaction
within the framework of the Law on the Protection of Personal Data No. 6698 (KVKK), The Basic Law of Health Services No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Private Hospitals Regulation, the Regulation on the Processing of Personal Health Data and Protection of Privacy, the Regulations of the Ministry of Health and other related legislation provisions.
Your healthcare data, which is under the scope of private personal data, is processed by our physicians who are under confidentiality obligation for the purpose of protecting public health, carrying out preventive medicine and medical diagnosis, treatment, and care services.
Our Company processes your data primarily based on the explicit consent it receives from you. However, in cases where explicit consent is not mandatory and according to cases listed under Article 5 of the KVKK Law No. 6698, your data can also be processed without your special consent.
Data like individual’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothes, association, foundation and union membership, health, sexual life, criminal conviction, and security measures as well as biometric and genetic data all sensitive personal data. Sensitive personal data are limited to these. Your personal data with sensitive nature mentioned above cannot be processes without your explicit consent. In cases listed under the Article 6 of the KVKK Law No. 6698 can also processed without your special consent.
METHOD OF COLLECTING AND STORING YOUR PERSONAL DATA
Your personal data that you share with our Company can be collected through offices, branches, website, verbally, in writing or electronically, by automatic and non-automatic methods. Your personal data will be stored in electronic and/or physical platforms. The design of the necessary business processes and technical security infrastructure improvements are implemented by our Company to make sure that your personal data obtained and stored by our Company are not exposed to unauthorized access, are not manipulated, are not lost and damaged in the platforms where they are stored.
Your personal data will be stored and processed by taking all necessary security measures provided that they are not used outside the purposes and content notified to you and also will be stored and processed during the legal storing period, or if such a period is not foreseen, during the period required by the processing purpose. When this period is over, your personal data will be removed from our Company’s data flows by deleting, destructing, and anonymizing.
TRANFERING YOUR DATA WITHIN THE COUNTRY AND ABROAD
Within framework of the Law on the Protection of Personal Data No. 6698 (KVKK), The Basic Law of Health Services No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Private Hospitals Regulation, the Regulation on the Processing of Personal Health Data and Protection of Privacy, the Regulations of the Ministry of Health and other related legislation provisions and in line with the purposes explained above, your personal data can be shared with:
- The Ministry of Health, sub-units affiliated with the Ministry and Family (Primary) Healthcare Centers,
- Private insurance companies (healthcare, life insurance and etc.)
- Social Security Institution
- General Directorate of Security and other law enforcement authorities
- General Directorate of Population
- Turkey Pharmacists Association
- Judicial authorities
- Laboratories, medical centers, medical device and health service institutions, within Turkey or abroad, that we cooperate with for medical diagnosis and treatment
- Health institutions that you applied, or you are referred to in case of referral
- Your authorized legal representatives
- Regulatory and Supervisory institutions and official authorities
- Your employer in case the billing will be made to your employer
- Your suppliers, support service providers and business partners whose services you benefit from or cooperate with.
Your personal data cannot be transferred into third parties within the country, without your explicit consent. However, it can be transferred without your consent if one of the conditions mentioned in the third clause of the Article 6 of KVKK Law No. 6698, provided that sufficient measures are taken according to second clause of the Article 5 of same law.
The personal data can be transferred abroad if you provide your explicit consent. It cannot be transferred without your consent. However, the personal data of the related person can be transferred abroad without explicit consent; based on the existence of one the conditions mentioned in the second clause of Article 5 and third clause of Article 6 of the KVKK Law No.6698 and also, provided that a) there is adequate protection in the foreign country where the data will be transferred b) (when there is no adequate protection) Data Supervisors in Turkey and the relevant foreign country undertake the responsibility of adequate protection in writing and along with the approval of the Council.
STORAGE PERIOD OF YOUR PERSONEL DATA
To fulfil the obligations arising from the nature of commercial activity between you and our company and to carry out the rules of the workplace, your personal data will be stored for the period required for the purpose for which they have been processed.
In addition to this, if the processed data is processed due to the result of work contract signed later, in case of any dispute arising from the business contract or commercial contract, limited to the purpose of making necessary defenses within the scope of the dispute and as per the relevant legislation, after the termination of business and trade relationship, the Company will be able to store personal data during 10 (ten) year limitation period.
THE PRINCIPLES WHICH OUR COMPANY PREDICATES WHILE PROCESSING YOUR DATA
Our Company observes the following principles while processing your data:
- Processing your personal data in line with the law and righteousness
- Correct personal data processing
- Certain scope of data processing
- Processing for legitimate purposes
- Making sure that processing is limited and measured to the purposes for which the data was collected and reprocessed
- Up-to-date personal data
- Keeping your data for the period required for the purpose for which it has been processed.
OUR MEASURES AND COMMITMENTS RELATED TO DATA SECURITY
Our Company undertakes to protect your data, which it processes in accordance with the KVKK Law No. 6698, in a safe and reasonable manner. It carries out all technical and administrative measures through various technologies to ensure the adequate level of security technologies to avoid unlawful processing and access to your personal data and to ensure the protection of your personal data. Moreover, your sensitive personal data of are processed by the taking special measures stipulated by the Board.
The Company will not reveal the personal data it obtained to anyone in violation of this clarification text and provisions of KVKK Law No. 6698 and will not use it for purposes other than processing. The Company proclaims that in the event that your personal data is shared with outsource service providers in accordance with the provisions of this information text, the outsource service providers in question will also comply with the commitments under this article.
STORING YOUR PERSONAL DATA IN SECURE ENVIRONMENT
In line with its technological and financial means, our Company takes the following technical and administrative measures to store your personal data in secure platforms and to prevent them from being destroyed, lost, or amended for unlawful purposes. According to this;
- Systems suitable for technological developments are used to store your personal data in secure platforms,
- Specialist staff in technical issues are employed,
- Technical security systems are established for storage platforms, technical measures taken are reported to the relevant person in case of need, necessary technological solutions are produced by re-evaluating the risky situations,
- Back-up programs in line with the law are used to make sure that your personal data is stored securely,
- Access to data storage platforms in which your personal data is located are logged and inappropriate accesses or access attempts are instantly reported to the relevant people,
- Our Company employees are trained to make sure that your personal data is stored securely,
- Your personal data will be transferred in accordance with the law in case an outsource service is received by our Company due to technical necessities regarding the storage of your personal data. The contracts concluded with relevant companies include provisions stating that the people to whom your personal data are transferred will also take necessary security measures to protect your personal data and same security measures will be followed in their own institutions too.
PROTECTION OF YOUR SENSITIVE PERSONAL DATA
The Law has also declared some further regulations regarding the processing and protection of sensitive personal data. According to the Law, data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothes, association, foundation and union membership, health, sexual life, criminal conviction, security measures as well as biometric and genetic data all sensitive personal data. We pay special attention to the legal and lawful processing and protection of your sensitive personal data. In this context all technical and administrative measures are taken by our Company to protect your personal data and necessary audits are performed periodically. Your health data are processed by our physicians who are obliged to keep your data confidential.
PROCESSING DURATION OF YOUR PERSONAL DATA AND DESTRUCTING METHODS
Our Company determines the storing periods of your personal data by considering the legislation in force and the purpose of processing the necessary data. Your personal data which has been processed in accordance with the legislation will be deleted, destructed, or anonymized by our Company when the purpose of processing in accordance with Article 7 clause 1 of the KVKK Law No.6698 no disappears and/or all periods including the limitation period for which we were required to process your data in line with legislation have expired.
Deletion: Deletion of your personal data is the process of making your data inaccessible and unavailable for the related user, in any case.
Destruction: Destruction of your personal data is the process of making your data inaccessible, irreversible, and reusable in any case, by anyone.
Anonymization: Anonymization of your personal data is the process of making your data unrelated to a certain or identifiable person under any circumstances even if they match with some other data. Our Company will destruct your personal data using these methods listed.
In addition, through necessary controls every six months, our Company will destruct your personal data which are not required to be stored, in line with the regulation on the Deletion, Destruction or Anonymization of the Personal Data.
AYDINLAR SAĞLIK HİZMETLERİ ANONİM ŞİRKETİ (COMPANY)