PERSONAL DATA PROTECTION LAW
PATIENT AND PATIENT RELATIVES INFORMATION
As Gazi Medikal Klinik, we may need to learn your personal information and health data in order to carry out the services I will provide to you and to record and store them within the limits required by the
PERSONAL DATA PROTECTION LAW
PATIENT AND PATIENT RELATIVES INFORMATION
As Gazi Medikal Klinik, we may need to learn your personal information and health data in order to carry out the services I will provide to you and to record and store them within the limits required by the service to be provided.
Your health data that we have to record in order to provide health services to you is considered as special quality personal data by law. In this context, in accordance with the provision in the second paragraph of Article 6 of the Personal Data Protection Law No. 6698, “It is prohibited to process sensitive personal data without the explicit consent of the person concerned.” Since personal health data can only be processed and transferred with the explicit consent of the person, except for the special conditions specified in the law, it has become obligatory to obtain this consent from you.
CLARIFICATION TEXT ON THE LAW ON THE PROTECTION OF PERSONAL DATA
1- Data Controller:
Gazi Medikal Klinik (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, Konak/İzmir) processes your personal data in the capacity of “Data Controller” as defined in Article 3 of the Law No. 6698 on the Protection of Personal Data.
2- Purpose for which Personal Data will be Processed:
Pursuant to the Law No. 6698 on the Protection of Personal Data, your personal data that you share with our company is processed by the data controller by obtaining, recording, storing, storing, modifying, rearranging, and rearranging your personal data in whole or in part, automatically or by non-automatic means provided that it is part of any data recording system. The Data Controller processes the personal data it processes within the scope of its activities in accordance with the relevant legislation for the following purposes.
In this context, it covers your personal data that you provide to us verbally, in writing, visually, or electronically in our examination, and your personal data that you transmit to us via internet and mobile applications or electronically or obtained in our office (analysis result, prescription, camera recording, video, photo, etc.).
In this sense, personal health data that are necessary for the execution of the services we will provide to you and obtained for this purpose, in particular, your name, surname, Turkish ID number, (if you are not a Turkish citizen, your passport number or temporary Turkish ID number), place and date of birth, marital status, gender information, various identity documents, contact data such as your address, telephone number, e-mail address, financial data such as your bank account number, IBAN number, Your medical history in your clinical file, information showing your disease history, examination data, data regarding the procedures applied to you, prescription information, your health and sexual life data obtained during the execution of medical diagnosis, treatment and care services such as your photographs, all kinds of images, audio / camera recordings, laboratory and imaging results, test results, your data regarding private health insurance and your Social Security Institution data, etc. are considered personal data.
Within the framework of the Personal Data Protection Law No. 6698 and the relevant legislation, your personal data will be recorded only to the extent required by the health service to be provided to you and will be stored in our system / archive ‘…not exceeding the period required to fulfill the purposes for which it was recorded’. Your data processed within this scope will be protected as a professional secret and its confidentiality will be ensured.
3- To whom and for what purpose the processed personal data can be transferred:
We kindly remind you that in cases where the privacy of personal medical records should be limited for the protection of public health, such as the obligation to notify the competent authorities of infectious diseases regulated in Article 58 of the Public Hygiene Law No. 1593, or in cases of legal obligation, such as the obligation to report a crime, it may be necessary to notify the competent authorities in a limited and measured manner, or it may be shared with another physician for consultation (exchange of opinions) regarding your health status.
Requests from public institutions, judicial authorities and other official authorities to transmit your data to them will be evaluated in terms of the purpose of the request, whether the requested data and the purpose to be achieved coincide, whether it can be concretely demonstrated, whether the only way to achieve the stated purpose is to transmit your data without anonymization, whether data transmission is necessary in a democratic society, and data transmission requests that do not meet all of these elements will not be fulfilled.
4- Data Transfer Abroad:
In accordance with the principles set out in the second paragraph of Article 4 of the Personal Data Protection Law No. 6698, our practice obtains Explicit Consent Texts from employees, employee candidates, customers and suppliers, service providers, and visitors separately regarding the personal data processed. In addition, in the Personal Data Protection Law No. 6698; In cases stipulated in the second paragraph of Article 5 and the third paragraph of Article 6 of the Personal Data Protection Law No. 6698, without seeking explicit consent, in accordance with the rules in Article 9, after the foreign countries with adequate protection to be determined by the Personal Data Protection Board are announced, only to persons and organizations residing in these countries, and for the countries where it is determined and announced that there is no adequate protection, it can be transferred provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and obtain the necessary permissions from the Personal Data Protection Authority in terms of the relevant transfer and on a limited basis.
5- Method and Legal Grounds for Collecting Personal Data:
Your personal data is collected and processed in all kinds of verbal, written, visual or electronic media in order to carry out all kinds of work within the scope of the above-mentioned purposes and activities within the legal framework and to fulfill its contractual and legal obligations as a data controller in this context. The legal reason for collecting your personal data;
- Law No. 6698 on the Protection of Personal Data,
- Basic Law No. 3359 on Health Services,
- Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations,
- Regulation on Processing and Protection of Privacy of Personal Health Data,
- Ministry of Health regulations and other legislative provisions.
In addition, as stated in the third paragraph of Article 6 of the Law, personal data on health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject.
When you enter our practice as a guest, your data is processed by our guest services staff for the purpose of registering you in the examination archive based on the legal reason that “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory for the data controller to fulfill its legal obligation”.
The data of our guests whose registration process has been completed will be processed by our healthcare personnel and physicians who are under the obligation of confidentiality during the provision of the health service they have requested and due to the nature of this service, by our healthcare personnel and physicians who are under the obligation of confidentiality, primarily for the legal reason of “conducting medical diagnosis, treatment and care services”, based on the cases clearly stipulated in the Health Services Basic Law No. 3359 and the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Affiliated Institutions, the Health Implementation Communiqué and the Patient Rights Regulation and the Turkish Code of Obligations No. 6098, and the information will be recorded through the cloud clinical program.
After the medical services of our guests are completed, their data are processed for the purpose of receiving the medical service fee from our guests and issuing invoices according to the relevant situation and based on the legal reason that “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory for the data controller to fulfill its legal obligation”.
6- Rights of the Personal Data Owner in accordance with the Law No. 6698 on the Protection of Personal Data (Right of Application):
As the data controller, as per the Communiqué on the Procedures and Principles of Application to the Data Controller, you may submit your requests regarding your data recorded by us within the scope of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Council of Europe Convention No. 108), Article 8 of the European Convention on Human Rights, Article 20 of the Constitution, Article 11 of the Law No. 6698 on the Protection of Personal Data “regulating the rights of the data subject”;
Gazi Medikal Klinik (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, Konak/İzmir), to the address of the relevant person who is the Personal Data Owner, by filling out the attached Application Form, you can personally deliver a signed copy of the form to the company address with documents identifying your identity, Secure Electronic Signature, mobile signature or by using the e-mail address you have notified to our practice and registered in our company’s system info@gazimedicalclinic.com address, by sending an e-mail, by personal application, by application through a notary public or by the methods determined by the Personal Data Protection Board.
Pursuant to Article 11 of the Law No. 6698 on the Protection of Personal Data; everyone can apply to the data controller regarding him/her;
- To learn whether your personal data is processed and the scope of your processed data,
- If your personal data has been processed, to obtain information about it, to access this data and to take samples from them,
- To learn the purpose of processing your personal data and whether they are used in accordance with their purpose, whether they are transferred to a third person or institution at home or abroad, and to request notification of any changes in your personal data to the persons or institutions with whom the data is shared,
- To request correction of your personal data in case of incomplete or incorrect processing, (We were informed that this right can be exercised by applying to our office address in person or in writing).
- You have the right to request that some of your data be hidden, deleted or destroyed.
Pursuant to the first paragraph of Article 13 of the Law No. 6698 on the Protection of Personal Data, you are required to submit your applications to our company in writing or by the above-mentioned methods determined by the Personal Data Protection Board. Our Company will finalize your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board will be charged.
PATIENT (CUSTOMER) DECLARATION OF EXPLICIT CONSENT
I have read and understood the Personal Data Clarification and Consent Text prepared by Gazi Medikal Klinik, and that I have been verbally informed about the subject,
I have been informed about the purposes, collection methods and legal reasons for the processing of my personal data “Health Data”, which are detailed in the Personal Data Clarification text, my rights to protect my personal data, mandatory situations where my data can be transferred, data security and my application rights,
Recording, storing and sharing my health data by Gazi Medikal Klinik and its employees within the framework of the above principles,
In addition, Gazi Medical Clinic will be able to access my contact data specified below by mobile devices, over the internet or by mail to my address, etc.
I ACCEPT WITH MY EXPRESS CONSENT. I DO NOT ACCEPT*
* In this statement, we hereby inform you that if you do not accept the consent declaration for the processing of your personal data, including your relevant sensitive personal data, we will not be able to provide you with the necessary and sufficient service in terms of our processes that require your explicit consent, and that your commercial and operational activities will be adversely affected, except for the cases permitted to be processed in accordance with the KVKK legislation.
Patient Name Surname : Date: ……./……./………
Address : Time: …………..
E-mail :
Tel :
Signature :
The patient is under 18 years of age or unconscious:
Patient’s Relative Name Surname :
Signature : Date: ……./……./………
Degree of Proximity : Watch: ………….
Write “I understood what I read” in your own handwriting:
…………………………………………………………………..
PERSONAL DATA STORAGE AND DESTRUCTION POLICY
Telephone: 5017335707 | |
E-mail: info@gazimedicalclinic.com | |
Address: Alsancak, Kahramanlar Mahallesi, Nevzat Guzelirmak Sk. No:29, Konak/ Izmir | |
Mersis No: | |
Tax Office | |
Tax Number: | |
Trade Registry No: | |
Effective Date: | |
Update Date: |
As Gazi Medical Clinic (Practice), we attach great importance to the processing and protection of all kinds of personal data belonging to all persons, including customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, partners and employee relatives, visitors, public institutions and organizations, employees of private law legal entities and relevant third parties, in accordance with the Law No. 6698 on the Protection of Personal Data (KVKK). For this purpose, our practice takes the necessary administrative and technical measures in accordance with the legal regulations and decisions taken.
- INTRODUCTION
Law No. 6698 on the Protection of Personal Data and the Personal Data Retention and Destruction Policy prepared within the scope of the relevant legislation; The Personal Data Protection Law No. 6698 (Law) and the Regulation on the Deletion, Destruction or Anonymization of Personal Data have been prepared by Gazi Medikal Klinik (Practice) as the data controller.
1.1. Objective
With this policy text prepared by our practice, Gazi Medikal Clinic, in line with the principles set out in the Law; personal data belonging to customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, public institutions and organizations, employees of private law legal entities and relevant third parties; It is aimed to process the decisions published by the KVK Authority, the principles determined, the Constitution of the Republic of Turkey, International Conventions, the Law No. 6698 on the Protection of Personal Data and the relevant legislation and to ensure that the relevant persons use their rights effectively. The works and transactions regarding the storage and destruction of personal data are carried out in accordance with this policy.
1.2. Scope
Personal data belonging to customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, public institutions and organizations, employees of private legal entities and relevant third parties; This policy is within the scope of this policy, and this policy is applied in all recording media where personal data processed by automatic methods or non-automatic means are processed by our Muayenehane and in all activities of the Muayenehane for personal data processing.
1.3. Abbreviations and Definitions
Open Consent | Consent on a specific subject, based on information and expressed with free will |
Buyer Group | The category of natural or legal person to whom personal data is transferred by the data controller |
Anonymization | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data |
Employee | Includes Gazi Medical Clinic Employees |
Employee Candidate | Those who fill out the job application form and apply for a job by using the website, through job search platforms on the internet or by coming to the workplace in person |
Electronic Media | Environments where personal data can be created, read, changed and written with electronic devices |
Non-Electronic Environment | All written, printed, visual, etc. media other than electronic media |
Service Provider | A natural or legal person who provides services under a specific contract with the practice |
Related User | Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data |
Contact Person | Natural person whose personal data is processed |
Recording Media | Any medium containing personal data that is fully or partially automated or processed by non-automatic means, provided that it is part of any data recording system |
Personal Data | Any information relating to an identified or identifiable natural person |
Personal Data Processing Inventory | It is the inventory that data controllers create by associating the personal data processing activities they carry out depending on their business processes, the purposes and legal grounds for processing personal data, the data category, the group of recipients transferred and the group of data subjects, and detail the maximum retention period required for the purposes for which personal data are processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security. |
Processing of Personal Data | All kinds of operations performed on personal data such as obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system |
Law | Law No. 6698 on the Protection of Personal Data |
Board | Personal Data Protection Board |
Institution | Personal Data Protection Authority |
Personal Data Protection Committee | A unit consisting of more than one member responsible for supervision and oversight in the protection and processing of personal data, established by the decision of the Board of Directors of the Practice |
Personal Data Contact Person | The real person notified to the Registry by the data controller for natural and legal persons resident in Turkey and by the representative of the data controller for natural and legal persons not resident in Turkey, in order to ensure communication with the Authority regarding their obligations under the Law and the secondary regulations to be issued based on this Law |
Destruction of Personal Data | Deletion, destruction or anonymization of personal data |
Deletion of Personal Data | The process of making personal data inaccessible and non-reusable in any way for the relevant users |
Destruction of Personal Data | The process of making personal data inaccessible, irretrievable and reusable by anyone in any way |
Sensitive Personal Data | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data |
Periodic Disposal | Deletion, destruction or anonymization to be performed ex officio at recurring intervals specified in the personal data retention and destruction policy in the event that all of the conditions for processing personal data specified in the law disappear |
Politics | Personal Data Processing, Storage and Destruction General Policy |
Interns | Students who receive applied vocational training and work for this purpose in the practice |
Trainee Candidates | Students applying to the practice for internship |
Medical Practice | Gazi Medical Clinic |
Data Processor | Natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller |
Data Recording System | A recording system where personal data is structured and processed according to certain criteria. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system |
Data Controllers Registry Information System | The information system created and managed by the Presidency, accessible via the internet, which data controllers will use in the application to the Registry and other related transactions regarding the Registry. |
VERBIS | Data Controllers Registry Information System |
Board of Directors | Practice Management Board |
Regulation | Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017 |
- DISTRIBUTION OF RESPONSIBILITIES AND TASKS
Pursuant to Law No. 6698 and the relevant legislation, within the scope of ensuring, maintaining and maintaining compliance with the personal data protection legislation, the “Practice PDP Committee (Committee)” in order to ensure the necessary coordination within the Practice determined. The titles, units and job descriptions of those involved in the storage and destruction of personal data are shown in Table 1.
TABLE 1- Distribution of Responsibilities and Duties
STAFF | TASK | RESPONSIBILITY |
Doctor Manager |
Personal Data Contact Person, KVKK application officer | To carry out the KVKK process as a contact person on behalf of the Data Controller, to carry out the necessary controls, to ensure coordination between the units, to manage the storage and destruction processes, to make the information system technically compatible with the KVKK, to carry out audit and training activities. |
Nurse/Secretary | KVKK implementation officer | The Data Controller is to carry out the KVKK processes under the supervision and supervision of the contact person, to carry out this task instead of the contact person in cases where it is not possible for the contact person to continue this task for any reason, to ensure compliance with the storage period and method of data storage and to carry out the process of destruction of personal data. |
Technical and administrative measures to ensure data security in all environments where personal data is processed are carried out by the responsible units in order to ensure the proper implementation of the technical and administrative measures taken within the scope of this policy, to increase the training and awareness of the relevant unit employees, to prevent the unlawful processing and access of personal data and to ensure that personal data is stored in accordance with the law.
- MEDIA WHERE PERSONAL DATA ARE STORED
Personal data kept by our practice are securely stored in the environments specified in Table-2 in accordance with the Law No. 6698 and the relevant legislation and international data security principles. Your personal data, in whole or in part, automatically or by non-automatic means, provided that it is part of any data recording system, by obtaining, recording, storing, storing, changing, rearranging, subject to any kind of processing performed on your personal data is processed by our Muayenehanemiz.
TABLE 2- Environments where Personal Data are Recorded
Electronic Media | Non-Electronic (Physical) Media | |
|
|
|
|
|
|
|
||
|
||
|
||
|
||
|
||
|
- PROCESSING OF PERSONAL DATA AND GENERAL PRINCIPLES
4.1. Confidentiality Principle
As explained in this policy, the data of both employees and all relevant persons who have personal data in contact with our practice are confidential. Within the scope of this policy and the measures taken, no one can use, reproduce, copy, copy, transfer to others and use the data of individuals for other purposes other than the purposes specified in the law.
4.2. Basic Principles
Personal Data processed by our practice is processed in accordance with the principles specified in Article 4 of Law No. 6698. The practice processes personal data in accordance with the procedures and principles stipulated in the law, according to the principles written below in the processing, protection, deletion and destruction processes of the data.
- Compliance with the law and good faith,
- Accurate and, where necessary, up to date,
- Processing for specific, explicit and legitimate purposes,
- Being relevant, limited and proportionate to the purpose for which they are processed,
- Retention for the period stipulated in the legislation or required for the purpose for which they are processed.
4.3. Terms of Processing Personal Data
Personal data processed by our practice is processed in accordance with Article 5 of Law No. 6698. Personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the principles we have stated below, it is possible to process personal data without seeking the explicit consent of the person concerned.
- (Principle of legality) Explicitly stipulated in the law,
- (Actual impossibility) It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
- (Performance of a contract) Processing of personal data of the parties to a contract is necessary, provided that it is directly related to the conclusion or performance of the contract,
- (Legal obligation) It is mandatory for the data controller to fulfill its legal obligation,
- (Publicity) The personal data has been made public by the data subject himself/herself,
- (Obligation) Data processing is mandatory for the establishment, exercise or protection of a right,
- (Legitimate interest) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
4.4. Conditions for Processing Sensitive Personal Data
Sensitive Personal Data processed by our practice is processed in accordance with Article 6 of Law No. 6698. Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data are personal data of special nature.
It is regulated by the article of the law that the processing of sensitive personal data without the explicit consent of the data subject is prohibited. Accordingly, Special Categories of Personal Data cannot be processed without the explicit consent of the data subject. However, as written in the article of the law; personal data other than health and sexual life listed in the first paragraph of Article 6 of the law may be processed without the explicit consent of the data subject in cases stipulated by law.
Personal data relating to health and sexual life can only be accessed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing,
It can be processed without seeking the explicit consent of the data subject. Our practice is processed in accordance with the Law No. 6698 and the relevant legislation and also by taking adequate measures determined by the Board in the processing of sensitive personal data.
- EXPLANATIONS ON PERSONAL DATA STORAGE AND DISPOSAL
With this policy created by our practice, personal data belonging to customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, employees of public institutions and organizations and private law legal entities and relevant third parties; It is stored and destroyed in accordance with the laws and relevant legislation. Detailed explanations regarding storage and destruction are set out below.
5.1. Storage of Personal Data
Article 3 of the Law No. 6698 defines the processing of personal data, and Article 4 stipulates that the personal data processed must be linked, limited and measured for the purpose for which they are processed and must be retained for the period stipulated in the relevant legislation or for the purpose for which they are processed. In Articles 5 and 6 of the Law No. 6698, the processing conditions of personal data are listed. Accordingly, within the scope of the activities of the Practice, personal data are stored in accordance with the relevant legislation or in accordance with our processing purposes; by taking administrative and technical measures for the required period of time.
5.2. Processing Purposes Requiring Retention of Personal Data
The practice stores the personal data it processes for the following purposes, limited to the activities of the practice, in accordance with the relevant legislation. Accordingly; the processing purposes that require storing personal data are determined in the following items.
- To improve the products and services of the practice and to continue growth and development activities,
- Maintaining the financial and accounting affairs of the practice,
- To maintain the commercial activities and service procurement transactions of the practice with third parties,
- To fulfill legal obligations within the scope of practice activities,
- Planning and execution of human resources processes, fulfillment of work and internship application processes,
- Creating personnel files, fulfilling financial obligations,
- To make and fulfill the contracts and protocols that the practice has made or will make with its customers, suppliers, employees and third parties with whom it has a legal relationship,
- Maintaining marketing activities,
- Ensuring institutional communication with the practice,
- To ensure the institutional quality of the practice, to ensure the safety of the relevant persons with whom it is in contact,
- To carry out the works and transactions and processes before the PDP Authority within the scope of the PDP Law,
- To liaise with real and legal persons with whom the practice has a legal relationship within the scope of its activities,
- In accordance with the legislation; to make the necessary legal notifications to the relevant public institutions and organizations,
- To fulfill the practice’s burden of proof as evidence in legal disputes with third parties,
- Participating in trainings, seminars or organizations organized by the practice to ensure corporate and personal development,
- To maintain the necessary processes for your contact with our practice, your use of our website regarding the activities of the practice, your contact with the practice contact information, filling out the forms on our website,
- To ensure the safety of customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, employees of public institutions and organizations and private law legal entities and relevant third parties, the building and annexes of the practice, as well as the control of the entrance and exit of the practice building,
Your personal data is processed in accordance with the conditions and purposes determined in accordance with Articles 5 and 6 of the Law. Your personal data is not used for any other purpose other than the activities of our Practice, which is the data controller, and is not shared with third parties except in cases determined by policies,
5.3. Reasons for Retaining Personal Data
Your personal data is kept within the framework of the activities of the Practice. In this context, Personal data;
International regulations, the Constitution, the Personal Data Protection Law, the Code of Obligations, the Labor Law, the Turkish Criminal Code, the Turkish Criminal Procedure Code, the Tax Procedure Law and the relevant financial legislation, the Law on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications, the Regulation on the Procedures and Principles on the Regulation of Publications on the Internet, Regulation on Processing and Ensuring the Privacy of Personal Health Data, Law on the Regulation of Electronic Commerce, Electronic Signature Law, Electronic Communication Law, Regulation on Consumer Rights in the Electronic Communication Sector, Regulation on the Processing of Personal Data and Protection of Privacy in the Electronic Communication Sector, Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, Regulation on Commercial Communication and Commercial Electronic Messages, Law on Police Duties and Powers, Turkish Statistics Law, Social Security Institution Law, Law on Prevention of Laundering Proceeds of Crime, Communiqué on Electronic General Assembly System to be Applied in General Assemblies of Joint Stock Companies, Trade Registry Regulation, Regulation on Private Employment Agencies, Regulation on Websites to be opened by Capital Companies, Communiqué on Processes and Technical Criteria Related to Registered Electronic Mail System, Patient Rights Regulation, Regulation on Internal Systems of Banks, other relevant laws, regulations and communiqués.
In line with the above-mentioned purposes, based on your explicit consent and limited to these purposes only, it is collected, processed and stored within the framework of the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, provided that the legal obligation arising from the legislation, the execution and performance of the contracts made with our Muayenehan, the publicization of personal data, the necessity of data processing for the establishment, exercise or protection of a right, and the fundamental rights and freedoms of the person concerned.
5.4. Reasons Requiring Destruction of Personal Data
Personal data shall be deleted, destroyed or anonymized by the Muayenehane in accordance with the procedures and principles stipulated in the policy, law and regulation upon the request of the person concerned for the reasons stated below, by filling out the application form. Accordingly
- In the event that the purpose requiring the processing or storage of personal data by the practice disappears,
- Amendment or repeal of the relevant legislation provisions that are the basis for the processing of personal data,
- In cases where the processing of personal data by the practice is made only on the basis of explicit consent, the data subject’s withdrawal of explicit consent,
- Pursuant to Article 11 of the Law No. 6698, the application made by the person concerned regarding the deletion and destruction of personal data within the scope of the application rights to the practice is accepted by the KVK Institution,
- In cases where the PDP Board rejects the application made by the person concerned with the request for the deletion, destruction or anonymization of his personal data, finds the answer insufficient or does not respond within the period stipulated in Law No. 6698; In case he makes a complaint to the PDP Board and this request is approved by the PDP Board,
- Pursuant to the relevant legal regulation, the maximum period that requires the retention of personal data has expired and there is no reason to retain personal data,
In such cases, it shall be deleted, destroyed or ex officio deleted, destroyed or anonymized by the Practice upon the request of the person concerned.
- TECHNICAL AND ADMINISTRATIVE MEASURES FOR THE STORAGE AND DESTRUCTION OF PERSONAL DATA
Within the scope of the regulations determined by the Policy, for the safe and proper storage of personal data, prevention of unlawful processing, access, prevention of data leaks and the destruction of personal data in accordance with the law, within the framework of the provision “In the processing of personal data of special nature, it is also necessary to take adequate measures determined by the Board.” regulated in Article 6 of Law No. 6698 and the necessary adequate measures determined and announced by the Board in order to ensure the security of personal data specified in Article 12 of the same law; Written technical and administrative measures are taken by the Practice as the data controller.
Administrative and Technical Measures have been determined and announced in detail at https://www.kvkk.gov.tr. These measures are given in Table-3.
TABLE 3 – Technical and Administrative Measures
Technical Measures | Administrative Measures |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6.1. Technical Measures
Regarding the technical measures specified in the table above and announced by the KVK Institution, the necessary measures written below have been taken by the Practice as the data controller.
- In the event that personal data is unlawfully obtained by others, the necessary policies have been established by the Practice in order to notify the relevant person and the Board,
6.2. Administrative Measures
Regarding the administrative measures specified in the table above and announced by the KVK Institution, the necessary measures written below have been taken by the Muayenehane as the data controller.
- In order to improve the quality of employees, necessary trainings are provided to prevent unlawful processing of personal data, to ensure the protection of personal data and to raise awareness, and in-house periodic and random audits are carried out,
- Confidentiality agreements are signed by employees regarding the activities carried out by the practice,
- Before starting to process personal data, the Muayenehane fulfills its obligation to inform the relevant persons. A policy regarding this has been created and communicated to the relevant persons,
- A personal data processing inventory has been prepared and necessary updates are made by the Muayenehane as the data controller,
- A Disclosure and Information Text was prepared, an application form was prepared and published on the website,
- Personal data protection, processing, storage and destruction policy has been determined and its implementation is ensured by the KVKK Committee within the Practice,
- The PDP Committee was established, its powers and responsibilities were determined and communicated to the relevant parties,
- Separate explicit consent texts were created according to the groups of people concerned,
- Work has been initiated to fulfill the retention and destruction requirements for personal data,
- Necessary actions have been taken to ensure compliance with the KVK Law, and the practice contracts and texts containing personal data have been scanned and harmonized with the KVKK,
- EXPLANATIONS ON PERSONAL DATA DESTRUCTION TECHNIQUES
As written in the policy and personal data inventory created by our practice, at the end of the period stipulated in the relevant legislation regarding the personal data processed or at the end of the required retention period for the purpose for which they are processed; Personal data are destroyed by the authorized units of the practice spontaneously or upon the application of the relevant personal data owner to our practice, in accordance with Law No. 6698 and the relevant legislation, by the following methods and techniques.
7.1. Deletion of Personal Data
Personal Data on Servers: For the personal data on the servers, deletion is made by the system administrator by removing the access authorization of the relevant users for those whose retention period has expired.
Personal Data in Electronic Media: The personal data in electronic media that expire after the expiration of the period for which they are required to be stored shall be made inaccessible and non-reusable in any way for employees (relevant users) other than the database administrator.
Personal Data in Physical Environment: For the personal data kept in physical media, those that have expired for the period required to be kept are rendered inaccessible and non-reusable in any way for other employees, except for the unit manager responsible for the document archive. In addition, the blackout process is also applied by scratching/painting/erasing in a way that cannot be read.
Personal Data on Portable Media: Personal data stored on flash-based storage media, which expire after the period of time required for storage, are encrypted by the system administrator and access authorization is given only to the system administrator and stored in secure environments with encryption keys.
7.2. Destruction of Personal Data
Personal Data in Physical Media: The personal data in paper media that expire after the period of time required for their retention are irreversibly destroyed in paper shredding machines.
Personal Data on Optical / Magnetic Media: Personal data contained in optical media and magnetic media are physically destroyed, such as melting, incinerating or pulverizing those whose retention period has expired. In addition, the magnetic media is passed through a special device and the data on it is rendered unreadable by exposing it to a high magnetic field.
7.3. Anonymization of Personal Data
Anonymization of personal data is the removal of the identity of the person concerned from being identified or identifiable and making it impossible to link it to a natural person in any way, even when personal data is matched with other data.
In order for personal data to be anonymized; personal data cannot be linked/associated with an identified or identifiable natural person even through the use of appropriate techniques in terms of the recording medium and the relevant field of activity, such as the return of personal data by the data controller or third parties and / or matching the data with other data.
- PERSONAL DATA STORAGE AND DESTRUCTION PERIODS
Regarding the personal data of the practice being processed within the scope of this policy and the relevant legislation,
- Retention periods on personal data basis for all personal data within the scope of the activities carried out depending on the processes in the Personal Data Processing Inventory;
- Retention periods based on data categories are recorded in VERBIS;
- Process-based retention periods are defined in the Personal Data Retention and Destruction Policy.
takes place.
These periods are shown in the table in the Personal Data Retention and Destruction Policy of the practice. The retention and destruction periods of personal data are included in the table, taking into account the legitimate interest of the practice and the establishment and execution processes of the contracts made and to be made with the relevant data owner, the lawsuit and legal proceedings that may be filed.
TABLE 4- Personal Data Retention and Destruction Periods by Process
Process | Storage Time | Destruction Period |
Information on employees | 10 Years from the end of the contract | During the first audit period following the end of the retention period, within 180 days at the latest |
Information in the CVs and job application forms of employee candidates, trainee candidates | 1 year from the finalization of the request | Within 30 days from the date of request and within 180 days at the latest during the first audit period following the end of the retention period |
Interns (student) | 10 years from the beginning of the calendar year following the end of the internship | During the first audit period following the end of the retention period, within 180 days at the latest |
Service Providers Suppliers/Customers | 10 years from the termination of the contract and employment relationship | During the first audit period following the end of the retention period, within 180 days at the latest |
Visitors | 1 Year | During the first audit period following the end of the retention period, within 180 days at the latest |
Customers, Customer Relatives | 10 Years from the End of the Purpose of Data Processing | During the first audit period following the end of the retention period, within 180 days at the latest |
- PERIODIC DESTRUCTION PERIOD OF PERSONAL DATA
Pursuant to Article 11 of the Regulation, the Practice has set the periodic destruction period as 6 months. Accordingly, the periodic destruction process is carried out in February and August every year in the Practice.
- DELETION AND DESTRUCTION PERIODS UPON APPLICATION OF THE PERSON CONCERNED
The periods for deletion and destruction of personal data upon the application of the data subject are regulated in Article 12 of the Regulation as written below.
Accordingly, if all the conditions for processing personal data are no longer applicable, the data controller shall delete, destroy or anonymize the personal data subject to the request. The data controller shall finalize the request of the data subject within thirty days at the latest and inform the data subject. If all the conditions for processing personal data have disappeared and the personal data subject to the request have been transferred to third parties, the data controller shall notify the third party of this situation and ensure that the necessary actions are taken before the third party within the scope of this Regulation. If all the conditions for processing personal data have not been eliminated, this request may be rejected by the data controller by explaining the reason in accordance with the third paragraph of Article 13 of the Law and the rejection response shall be notified to the data subject in writing or electronically within thirty days at the latest.
- SITUATIONS WHERE THE PERSONAL DATA OWNER CANNOT ASSERT HIS RIGHTS
Pursuant to the first paragraph of Article 28 of the Law No. 6698, the following matters are excluded from the scope of application of the law (exceptions) and personal data owners cannot assert their rights listed in the law.
- Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data are not disclosed to third parties and the obligations regarding data security are complied with,
- Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
- Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public safety, public order, economic security, privacy of private life or personal rights or does not constitute a crime,
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
- Processing of personal data by judicial or enforcement authorities in relation to investigations, prosecutions, trials or executions,
Pursuant to the second paragraph of Article 28 of the Law No. 6698, Article 10 regulating the data controller’s obligation to disclose, Article 11 regulating the rights of the data subject, except for the right to claim compensation for the damage, and Article 16 regulating the obligation to register with the registry of data controllers, provided that it is appropriate and proportionate to the purpose and basic principles of this law, shall not apply in the following cases:
- Processing of personal data is necessary for the prevention of crime or criminal investigation,
- Processing of personal data made public by the data subject himself/herself,
- Personal data processing is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,
- Processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and fiscal matters.
- PUBLICATION, STORAGE AND UPDATING OF THE POLICY
This policy, prepared by the Practice, is available in a wet-signed (printed paper) environment inside the Practice and https://www.gazimedicalclinic.com/ is published on the website. It will be deemed to be disclosed to the public with the publication of the policy. The printed paper copy is kept in the PDP file. This policy is reviewed by the designated committee members within the scope of their powers and responsibilities, as needed, and the relevant sections will be updated as necessary.
- ENTRY INTO FORCE AND REPEAL OF THE POLICY
This policy, written in the articles above, shall be deemed to have entered into force on 31.12.2021.
If it is decided to abolish the policy with the approval of the data controller and the decision of the personal data committee, the old wet signed copies of the policy are canceled by the committee (by stamping or writing cancellation) and signed by the committee and kept by the data contact person in the “Accounting Unit / Department” by the committee for at least 5 years.
Website and Social Media Accounts
Personal Data Sharing
Explicit Consent Form
Dear Patient/Guardian/Guardian;
Gazi Medikal Klinik (“Practice”) takes photographs of customers before and after surgery, aesthetic operations, hair transplantation, birth, etc. during processes. Your personal data (photo, video) may be published on the website and social media accounts of the practice and the doctor performing the operation for promotional and advertising purposes. You can access our detailed clarification text on the protection of Personal Data from our practice secretariat / our website (https://www.gazimedicalclinic.com/ ) is available.
As the person concerned, you can access the application form from our secretariat / corporate section of our website under the Personal Data Protection menu https://www.gazimedicalclinic.com/ you can access.
To publish my personal data (photo, video) for the purposes listed above on the website and social media accounts of the practice and the doctor who performed the operation and to store them unless I request deletion
I give permission I do not give permission
I Read/Approve
Date:………../……./20…..
Name Surname
Signature:
Gazi Medical Clinic
PERSONAL DATA SUBJECT APPLICATION FORM
Article 11 of the Law No. 6698 on the Protection of Personal Data stipulates that the data subject may exercise the following rights by applying to the data controller. The application procedures and principles of natural persons whose personal data are processed (Data Subject) to the data controller are regulated by the “Communiqué on Application Procedures and Principles to the Data Controller”. In this context, please mark your requests regarding your rights specified in the table below.
Claimed Rights | Please
Please tick |
a) Learn whether personal data is being processed, | |
b) Request information if personal data has been processed, | |
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose, | |
ç) To know the third parties to whom personal data are transferred domestically or abroad, | |
d) To request correction of personal data in case of incomplete or incorrect processing, | |
e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law, | |
f) To request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred, | |
g) To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems, | |
ğ) In case of damage due to unlawful processing of personal data, to demand compensation for the damage, |
In order to exercise your rights arising from the legal legislation, you can apply using any of the following application methods.
Secure Electronic Signature, mobile signature or by using the Electronic Mail address you have notified to our practice and registered in our practice system info@gazimedicalclinic.com by sending an e-mail to, |
Personal application to be made by the relevant person to (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, Konak/İzmir) by filling out this form completely, |
Application to be made through a notary public or by the methods determined by the KVK Institution |
Please fill out the form below and send your application to our practice, which is the Data Controller, by any of the above methods.
Name-Surname | |
T.C. Identity Number | |
For Citizens of Other Countries
Passport Number |
|
Residential Address for Notification | |
Workplace Address | |
Cell Phone | |
Telephone Number | |
Fax Number | |
Email Address | |
Registered Electronic Mail (KEP) Address |
Please indicate your legal relationship with our practice below.
(Customer, business partner, prospective employee, former employee, third party company employee, shareholder, etc.)
☐ Customer (Patient) ☐ Visitor ☐ Supplier ☐ Shareholder
☐Employee ☐Former Employee ☐Intern Student ☐Candidate Employee
☐Other ………………………………………………….
You have worked in our practice
Unit : …………………………………
Subject : …………………………………
Former Employee : ………………………………….
Years I Worked : …………………………………
Other : …………………………………
I applied for a job : …………………………………
Resume Shared/Date : …………………………………
Third Party Company Employee : …………………………………
Please specify the company and position you work for
…………………………………………………………………………………………………………………………………..
Please specify your request in detail within the scope of KVKK:
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
Please select the method by which you will be notified of our response to your application:
☐ I want it sent to my address. ☐ I want it sent to my e-mail address.
☐ I want to receive it by hand. ☐ I want it sent to my registered e-mail address
This form has been prepared in order to determine your legal relationship with our practice and your personal data processed by our practice, if any, and to respond to your application correctly and within the legal period. In order to prevent legal risks that may arise from illegal and unfair data sharing and to ensure the security of your personal data, our practice reserves the right to request additional documents and clarification information for identification and authorization. In the event that the information regarding your requests you submit within the scope of the Application Form is not correct and up-to-date or an unauthorized application is made, our practice does not accept any responsibility for the requests arising from such incorrect information and unauthorized application. If it is received by proxy, the original or certified copy of the power of attorney, certificate of representation or authorization certificate must be present.
Declaration of the Applicant Contact Person:
As the Personal Data/Applicant, I hereby accept and declare that I have read the general explanations in the application form, that I am aware of my rights and obligations under the PDP Law and the application form, and that all the information I have provided in the application form is correct and complete. I kindly request that I be informed within the legal period regarding this request.
Relevant Person/Applicant
Name Surname :
Application Date :
Signature :
PERSONAL DATA PROTECTION LAW
CLARIFICATION TEXT
Our practice; In accordance with the Law No. 6698 on the Protection of Personal Data, it pays utmost attention to the processing and protection of your personal data. As the data controller; All necessary technical and administrative measures have been taken to prevent unlawful processing and access of personal data and to ensure the protection of personal data.
Pursuant to Article 10 of the Law; we inform you with the policies established and this clarification text, covering customers, suppliers, managers and employees of service providers, Practice partners, employees, employee candidates, interns, visitors, relatives of Practice partners and employees, employees of public institutions and organizations and private law legal entities and relevant third parties.
This clarification text has been prepared by Gazi Medikal Klinik (Practice) in the capacity of data controller within the scope of Article 10 of the Personal Data Protection Law No. 6698 and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation.
1- Data Controller:
Gazi Medical Clinic (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, 35230 Konak/İzmir), Tax Office: BORNOVA VD. 0370232897 Processes your personal data in the capacity of “Data Controller” as defined in Article 3 of the Personal Data Protection Law No. 6698.
2- Purpose for which Personal Data will be Processed:
Pursuant to the Law No. 6698 on the Protection of Personal Data, your personal data that you share with our Muayenehane is processed by our Muayenehane by obtaining, recording, storing, storing, changing, rearranging, subject to any kind of processing performed on your personal data, in whole or in part, automatically or by non-automatic means provided that it is part of any data recording system. The Muayenehane processes the personal data it processes within the scope of its activities in accordance with the relevant legislation for the following purposes.
In this direction;
- Your identity information (T.R. Identity Number, your first and last name, place and date of birth, mother and father’s name, marital status, identity card or other identity information on the identity sharing system),
- Your contact information (Address No, telephone numbers, residential address, contact address, e-mail address),
- Personal Information (Salary information, payroll information, disciplinary investigation information, employment document records, resume information, personnel performance evaluation reports, family members and relationship information),
- Legal Transaction Information (Personal information in correspondence with judicial authorities, information in litigation and enforcement files),
- Customer Transaction Information (Identity information such as Name, Surname, T.R. ID, written and electronic mail, telephone contact information),
- Finance Information (Bank account information, Invoice information),
- Professional experience information (education information, diploma information, reference information, courses attended, on-the-job training information, certificates, information in reported forms),
- Audiovisual Records (Photographic information on the forms received),
- Health Information (Health Reports, Prescription Information, blood type information, personal health and physical disability status information, device and prosthesis information, laboratory and imaging results, test results, examination data (Diagnosis, Decision, Opinions), personal health information),
- Records related to security measures (Criminal Records),
Your personal data such as your personal data, your personal data that you will share directly or indirectly with our Muayenehane are processed and protected in accordance with the Personal Data Protection Law No. 6698 and the relevant legislation, limited to the activities of the Muayenehane. The purposes of personal data processing by our practice are set out below.
- Execution of emergency management processes, Management of information security processes,
- Conducting employee candidate / intern / student selection and placement processes,
- Carrying out the application processes of employee candidates
- Execution of employee satisfaction and loyalty processes,
- Fulfillment of employment contractual and regulatory obligations for employees,
- Execution of fringe benefits and benefits processes for employees,
- Conducting audit/ethics activities,
- Conducting training activities, Execution of access authorizations,
- Execution of activities in accordance with the legislation,
- Preparation of various reports, researches and presentations, planning of emergency management processes, follow-up of financial and accounting affairs, to ensure security in our practice,
- Conducting financial and accounting affairs,
- Sending SMS and e-mails for the promotion and information of our products and services,
- Execution of company / product / service loyalty processes,
- Ensuring physical space security, Execution of assignment processes,
- Follow-up and execution of legal affairs,
- Conducting internal audit / investigation / intelligence activities,
- Conducting communication activities,
- Planning of human resources processes,
- Execution/supervision of business activities,
- Conducting occupational health / safety activities,
- Receiving and evaluating suggestions for improving business processes,
- Carrying out activities to ensure business continuity,
- Execution of logistics activities,
- Execution of goods / service procurement processes, execution of sales processes, execution of after-sales support services,
- Execution of goods/service production and operation processes,
- Execution of customer relationship management processes,
- Conducting activities for customer satisfaction,
- Organization and event management,
- Execution of advertising / campaign / promotion processes,
- Carrying out the activities of storage and archive processes,
- Provision of Health Services
- Creating and Tracking Appointment Records
- Prescription Issuance
- Execution of Activities Related to Patient Satisfaction
- Providing Support and Information After Health Care Services
- Planning and Management of Health Services and Financing,
- Health Service Provision for the Person Concerned,
- Execution of Medical Diagnosis, Treatment and Care Services,
For its purposes, your personal data is processed in accordance with the conditions and purposes determined in accordance with Articles 4, 5 and 6 of the Law No. 6698 on the Protection of Personal Data. Your personal data will not be used for any other purpose other than the activities of our Practice.
3- To whom and for what purpose the processed personal data can be transferred:
Your personal data processed by our practice is transferred to the relevant real and legal persons for the purposes written below in accordance with Articles 8 and 9 of the Personal Data Protection Law No. 6698. Accordingly
- To our customers, service providers, suppliers, performance assistants and subcontractors in order to carry out the activities of the practice and to fulfill mutual obligations,
- To the relevant public institutions and organizations, including the Ministry of Health, Revenue Administration, Tax Offices, Social Security Institution and Municipalities, in order to fulfill the legal obligations stipulated in the relevant legislation and to ensure security,
- In order to carry out the occupational health and safety processes of the relevant persons, within the scope of occupational health and safety measures, the health information of the employees to the relevant health service providers and insurance companies,
- Banks, financial institutions, public and private legal entities, public officials in order to carry out financial transactions of the persons concerned,
- In matters related to public security and legal disputes, upon request and limited to the purpose of the request in accordance with the legislation, to prosecutor’s offices, courts, enforcement offices and relevant legal institutions and organizations,
- In the domestic transfer of sensitive personal data, your personal data can be transferred by obtaining the explicit consent of the person concerned, and in terms of sensitive personal data other than health and sexual life, your personal data can be transferred in cases stipulated by law.
In summary, together with the relevant groups of persons listed above, it is transferred to authorized public institutions and organizations such as employees of our Practice, legal, financial and tax consultants, auditors, service providers within the scope of Practice activities, ministries, judicial authorities. In addition, your personal data is transferred to persons, institutions and organizations permitted by the provisions of the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions in accordance with the legislation and limited to the purpose of transfer.
4- Data Transfer Abroad:
In accordance with the principles regulated in the second paragraph of Article 4 of the Personal Data Protection Law No. 6698, our practice obtains Explicit Consent Texts regarding the personal data processed separately from employees, employee candidates, customers and suppliers, service providers and visitors. In addition, in the Personal Data Protection Law No. 6698; In cases stipulated in the second paragraph of Article 5 and the third paragraph of Article 6 of the Personal Data Protection Law No. 6698, without seeking explicit consent, in accordance with the rules in Article 9, after the foreign countries with adequate protection to be determined by the Personal Data Protection Board are announced, only to persons and organizations residing in these countries, and for the countries where it is determined and announced that there is no adequate protection, it can be transferred provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and obtain the necessary permissions from the Personal Data Protection Authority in terms of the relevant transfer and on a limited basis.
5- Method and Legal Grounds for Collecting Personal Data:
Within the scope of practice activities; Contracts made with our Practice, legal relations established, application forms, forms filled out on the website, application forms, forms filled out on the website, personal data written in the application form received for the maintenance of human resources processes, documents requested for the personnel file created with the personal data written in the application form received for the maintenance of human resources processes, accounting, financial information received for the establishment and maintenance of financial and social rights, including customers, suppliers, managers and employees of service providers, employees, employee candidates, visitors, relatives of employees, employees of public institutions and organizations and private legal entities and relevant third parties, Personal data processed for the purposes of procurement, marketing, planning, quality and corporate development, personal information forms, training forms, job application forms processed during trainings, personal information processed by automatic or non-automatic methods during your visit to the practice building and its annexes and internet web page, electronically stored data or image records, your personal data processed through electronic automation systems due to your explicit consent or obligation arising from legislation, are collected within the scope of the law and the legal reasons stated below.
Your personal data, in order to carry out the necessary activities and processes by our Practice; International regulations, Constitution, Code of Obligations, Labor Law, Turkish Commercial Code, Tax Procedure Law and related financial legislation, Turkish Criminal Code, Turkish Criminal Procedure Law, Law on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications, Law on the Regulation of Electronic Commerce, Electronic Signature Law, Law on Electronic Communications, Law on Police Duties and Powers, Turkish Statistics Law, Law on Social Security Institution, Law on Prevention of Laundering Proceeds of Crime, Regulation on the Procedures and Principles for the Regulation of Publications on the Internet, Regulation on the Processing of Personal Health Data and Ensuring Privacy, Regulation on Consumer Rights in the Electronic Communications Sector, Regulation on the Processing of Personal Data and Protection of Privacy in the Electronic Communications Sector, Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, Regulation on Commercial Communication and Commercial Electronic Messages, Communiqué on the Electronic General Assembly System to be Applied in the General Assemblies of Joint Stock Companies, Trade Registry Regulation, Regulation on Private Employment Agencies, Regulation on the Websites to be opened by Capital Companies, Communiqué on Processes and Technical Criteria Related to Registered Electronic Mail System, Regulation on Patient Rights, Regulation on Internal Systems of Banks. In addition, it is collected in accordance with the laws, regulations, communiqués and other relevant legislation in force that cannot be listed here and in accordance with the legal reasons specified in Articles 5 and 6 of the Personal Data Protection Law No. 6698. Accordingly
- Obtaining explicit consent from data subjects whose personal data are processed,
- Provided that it is directly related to the establishment or performance of contracts between our practice and third real and legal persons, it is necessary to process personal data belonging to the parties to the contract,
- It is mandatory for the practice to fulfill its legal obligation,
- The personal data has been made public by the data subject himself/herself,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,
- Because it is expressly provided for in the law,
Personal data processed within the scope of the activities of our practice are kept and stored for the periods determined by our practice according to the nature of the personal data processed and for the period written in the relevant legislation, as specified in the Personal Data Retention and Destruction Policy prepared.
6- Rights of the Personal Data Owner in accordance with the Law No. 6698 on the Protection of Personal Data (Right of Application):
Your requests within the scope of Article 11 of the Law No. 6698 on the Protection of Personal Data “regulating the rights of the person concerned”, as the data controller according to the Communiqué on the Procedures and Principles of Application to the Data Controller;
Gazi Medical Clinic (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, 35230 Konak/İzmir) address, by filling out the attached Application Form of the relevant person who is the Personal Data Owner, you can personally deliver a signed copy of the form to the address of the Muayenehane with documents identifying your identity, Secure Electronic Signature, mobile signature or by using the e-mail address you have notified to our Muayenehane and registered in the system of our Muayenehane info@gazimedicalclinic.com address, by sending an e-mail, by personal application, by application through a notary public or by the methods determined by the Personal Data Protection Board.
Pursuant to Article 11 of the Law No. 6698 on the Protection of Personal Data; everyone can apply to the data controller regarding him/her;
- Learn whether personal data is being processed,
- Request information if their personal data has been processed,
- To learn the purpose of processing personal data and whether they are used for their intended purpose,
- To know the third parties to whom personal data is transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing,
- To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
- In case of correction, deletion or destruction of personal data, to request that these transactions be notified to third parties to whom personal data are transferred,
- To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
- In case of damage due to unlawful processing of personal data, to demand compensation for the damage,
rights.
Pursuant to the first paragraph of Article 13 of the Law No. 6698 on the Protection of Personal Data, you are required to submit your applications to our Practice in writing or by the above written methods determined by the Personal Data Protection Board in order to exercise your rights mentioned above. Our practice will finalize your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board will be charged.
Cookies:
Our Experience Enhancement services collect information about visitors to our website www.gazimedicalclinic.com using cookies. A cookie is a string of information that a website has stored on a visitor’s computer and that the visitor’s browser provides to the website each time the visitor returns. Most Internet browsers automatically accept cookies, but by editing their options, you can instruct your browser to accept cookies by accepting instructions, to stop accepting cookies, or to ask before accepting a cookie from websites you visit.
All such collected information is collected on behalf of Gazi Medical Clinic. Except for legal processes, it is not transferred, sold or shared with any 3rd institution or person.
Gazi Medikal Klinik reserves the right to change the Privacy Policy at any time.
service to be provided.
Your health data that we have to record in order to provide health services to you is considered as special quality personal data by law. In this context, in accordance with the provision in the second paragraph of Article 6 of the Personal Data Protection Law No. 6698, “It is prohibited to process sensitive personal data without the explicit consent of the person concerned.” Since personal health data can only be processed and transferred with the explicit consent of the person, except for the special conditions specified in the law, it has become obligatory to obtain this consent from you.
CLARIFICATION TEXT ON THE LAW ON THE PROTECTION OF PERSONAL DATA
1- Data Controller:
Gazi Medikal Klinik (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, Konak/İzmir) processes your personal data in the capacity of “Data Controller” as defined in Article 3 of the Law No. 6698 on the Protection of Personal Data.
2- Purpose for which Personal Data will be Processed:
Pursuant to the Law No. 6698 on the Protection of Personal Data, your personal data that you share with our company is processed by the data controller by obtaining, recording, storing, storing, modifying, rearranging, and rearranging your personal data in whole or in part, automatically or by non-automatic means provided that it is part of any data recording system. The Data Controller processes the personal data it processes within the scope of its activities in accordance with the relevant legislation for the following purposes.
In this context, it covers your personal data that you provide to us verbally, in writing, visually, or electronically in our examination, and your personal data that you transmit to us via internet and mobile applications or electronically or obtained in our office (analysis result, prescription, camera recording, video, photo, etc.).
In this sense, personal health data that are necessary for the execution of the services we will provide to you and obtained for this purpose, in particular, your name, surname, Turkish ID number, (if you are not a Turkish citizen, your passport number or temporary Turkish ID number), place and date of birth, marital status, gender information, various identity documents, contact data such as your address, telephone number, e-mail address, financial data such as your bank account number, IBAN number, Your medical history in your clinical file, information showing your disease history, examination data, data regarding the procedures applied to you, prescription information, your health and sexual life data obtained during the execution of medical diagnosis, treatment and care services such as your photographs, all kinds of images, audio / camera recordings, laboratory and imaging results, test results, your data regarding private health insurance and your Social Security Institution data, etc. are considered personal data.
Within the framework of the Personal Data Protection Law No. 6698 and the relevant legislation, your personal data will be recorded only to the extent required by the health service to be provided to you and will be stored in our system / archive ‘…not exceeding the period required to fulfill the purposes for which it was recorded’. Your data processed within this scope will be protected as a professional secret and its confidentiality will be ensured.
3- To whom and for what purpose the processed personal data can be transferred:
We kindly remind you that in cases where the privacy of personal medical records should be limited for the protection of public health, such as the obligation to notify the competent authorities of infectious diseases regulated in Article 58 of the Public Hygiene Law No. 1593, or in cases of legal obligation, such as the obligation to report a crime, it may be necessary to notify the competent authorities in a limited and measured manner, or it may be shared with another physician for consultation (exchange of opinions) regarding your health status.
Requests from public institutions, judicial authorities and other official authorities to transmit your data to them will be evaluated in terms of the purpose of the request, whether the requested data and the purpose to be achieved coincide, whether it can be concretely demonstrated, whether the only way to achieve the stated purpose is to transmit your data without anonymization, whether data transmission is necessary in a democratic society, and data transmission requests that do not meet all of these elements will not be fulfilled.
4- Data Transfer Abroad:
In accordance with the principles set out in the second paragraph of Article 4 of the Personal Data Protection Law No. 6698, our practice obtains Explicit Consent Texts from employees, employee candidates, customers and suppliers, service providers, and visitors separately regarding the personal data processed. In addition, in the Personal Data Protection Law No. 6698; In cases stipulated in the second paragraph of Article 5 and the third paragraph of Article 6 of the Personal Data Protection Law No. 6698, without seeking explicit consent, in accordance with the rules in Article 9, after the foreign countries with adequate protection to be determined by the Personal Data Protection Board are announced, only to persons and organizations residing in these countries, and for the countries where it is determined and announced that there is no adequate protection, it can be transferred provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and obtain the necessary permissions from the Personal Data Protection Authority in terms of the relevant transfer and on a limited basis.
5- Method and Legal Grounds for Collecting Personal Data:
Your personal data is collected and processed in all kinds of verbal, written, visual or electronic media in order to carry out all kinds of work within the scope of the above-mentioned purposes and activities within the legal framework and to fulfill its contractual and legal obligations as a data controller in this context. The legal reason for collecting your personal data;
- Law No. 6698 on the Protection of Personal Data,
- Basic Law No. 3359 on Health Services,
- Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations,
- Regulation on Processing and Protection of Privacy of Personal Health Data,
- Ministry of Health regulations and other legislative provisions.
In addition, as stated in the third paragraph of Article 6 of the Law, personal data on health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject.
When you enter our practice as a guest, your data is processed by our guest services staff for the purpose of registering you in the examination archive based on the legal reason that “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory for the data controller to fulfill its legal obligation”.
The data of our guests whose registration process has been completed will be processed by our healthcare personnel and physicians who are under the obligation of confidentiality during the provision of the health service they have requested and due to the nature of this service, by our healthcare personnel and physicians who are under the obligation of confidentiality, primarily for the legal reason of “conducting medical diagnosis, treatment and care services”, based on the cases clearly stipulated in the Health Services Basic Law No. 3359 and the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Affiliated Institutions, the Health Implementation Communiqué and the Patient Rights Regulation and the Turkish Code of Obligations No. 6098, and the information will be recorded through the cloud clinical program.
After the medical services of our guests are completed, their data are processed for the purpose of receiving the medical service fee from our guests and issuing invoices according to the relevant situation and based on the legal reason that “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory for the data controller to fulfill its legal obligation”.
6- Rights of the Personal Data Owner in accordance with the Law No. 6698 on the Protection of Personal Data (Right of Application):
As the data controller, as per the Communiqué on the Procedures and Principles of Application to the Data Controller, you may submit your requests regarding your data recorded by us within the scope of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Council of Europe Convention No. 108), Article 8 of the European Convention on Human Rights, Article 20 of the Constitution, Article 11 of the Law No. 6698 on the Protection of Personal Data “regulating the rights of the data subject”;
Gazi Medikal Klinik (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, Konak/İzmir), to the address of the relevant person who is the Personal Data Owner, by filling out the attached Application Form, you can personally deliver a signed copy of the form to the company address with documents identifying your identity, Secure Electronic Signature, mobile signature or by using the e-mail address you have notified to our practice and registered in our company’s system info@gazimedicalclinic.com address, by sending an e-mail, by personal application, by application through a notary public or by the methods determined by the Personal Data Protection Board.
Pursuant to Article 11 of the Law No. 6698 on the Protection of Personal Data; everyone can apply to the data controller regarding him/her;
- To learn whether your personal data is processed and the scope of your processed data,
- If your personal data has been processed, to obtain information about it, to access this data and to take samples from them,
- To learn the purpose of processing your personal data and whether they are used in accordance with their purpose, whether they are transferred to a third person or institution at home or abroad, and to request notification of any changes in your personal data to the persons or institutions with whom the data is shared,
- To request correction of your personal data in case of incomplete or incorrect processing, (We were informed that this right can be exercised by applying to our office address in person or in writing).
- You have the right to request that some of your data be hidden, deleted or destroyed.
Pursuant to the first paragraph of Article 13 of the Law No. 6698 on the Protection of Personal Data, you are required to submit your applications to our company in writing or by the above-mentioned methods determined by the Personal Data Protection Board. Our Company will finalize your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board will be charged.
PATIENT (CUSTOMER) DECLARATION OF EXPLICIT CONSENT
I have read and understood the Personal Data Clarification and Consent Text prepared by Gazi Medikal Klinik, and that I have been verbally informed about the subject,
I have been informed about the purposes, collection methods and legal reasons for the processing of my personal data “Health Data”, which are detailed in the Personal Data Clarification text, my rights to protect my personal data, mandatory situations where my data can be transferred, data security and my application rights,
Recording, storing and sharing my health data by Gazi Medikal Klinik and its employees within the framework of the above principles,
In addition, Gazi Medical Clinic will be able to access my contact data specified below by mobile devices, over the internet or by mail to my address, etc.
I ACCEPT WITH MY EXPRESS CONSENT. I DO NOT ACCEPT*
* In this statement, we hereby inform you that if you do not accept the consent declaration for the processing of your personal data, including your relevant sensitive personal data, we will not be able to provide you with the necessary and sufficient service in terms of our processes that require your explicit consent, and that your commercial and operational activities will be adversely affected, except for the cases permitted to be processed in accordance with the KVKK legislation.
Patient Name Surname : Date: ……./……./………
Address : Time: …………..
E-mail :
Tel :
Signature :
The patient is under 18 years of age or unconscious:
Patient’s Relative Name Surname :
Signature : Date: ……./……./………
Degree of Proximity : Watch: ………….
Write “I understood what I read” in your own handwriting:
…………………………………………………………………..
PERSONAL DATA STORAGE AND DESTRUCTION POLICY
Telephone: 5017335707 | |
E-mail: info@gazimedicalclinic.com | |
Address: Alsancak, Kahramanlar Mahallesi, Nevzat Guzelirmak Sk. No:29, Konak/ Izmir | |
Mersis No: | |
Tax Office | |
Tax Number: | |
Trade Registry No: | |
Effective Date: | |
Update Date: |
As Gazi Medical Clinic (Practice), we attach great importance to the processing and protection of all kinds of personal data belonging to all persons, including customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, partners and employee relatives, visitors, public institutions and organizations, employees of private law legal entities and relevant third parties, in accordance with the Law No. 6698 on the Protection of Personal Data (KVKK). For this purpose, our practice takes the necessary administrative and technical measures in accordance with the legal regulations and decisions taken.
- INTRODUCTION
Law No. 6698 on the Protection of Personal Data and the Personal Data Retention and Destruction Policy prepared within the scope of the relevant legislation; The Personal Data Protection Law No. 6698 (Law) and the Regulation on the Deletion, Destruction or Anonymization of Personal Data have been prepared by Gazi Medikal Klinik (Practice) as the data controller.
1.1. Objective
With this policy text prepared by our practice, Gazi Medikal Clinic, in line with the principles set out in the Law; personal data belonging to customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, public institutions and organizations, employees of private law legal entities and relevant third parties; It is aimed to process the decisions published by the KVK Authority, the principles determined, the Constitution of the Republic of Turkey, International Conventions, the Law No. 6698 on the Protection of Personal Data and the relevant legislation and to ensure that the relevant persons use their rights effectively. The works and transactions regarding the storage and destruction of personal data are carried out in accordance with this policy.
1.2. Scope
Personal data belonging to customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, public institutions and organizations, employees of private legal entities and relevant third parties; This policy is within the scope of this policy, and this policy is applied in all recording media where personal data processed by automatic methods or non-automatic means are processed by our Muayenehane and in all activities of the Muayenehane for personal data processing.
1.3. Abbreviations and Definitions
Open Consent | Consent on a specific subject, based on information and expressed with free will |
Buyer Group | The category of natural or legal person to whom personal data is transferred by the data controller |
Anonymization | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data |
Employee | Includes Gazi Medical Clinic Employees |
Employee Candidate | Those who fill out the job application form and apply for a job by using the website, through job search platforms on the internet or by coming to the workplace in person |
Electronic Media | Environments where personal data can be created, read, changed and written with electronic devices |
Non-Electronic Environment | All written, printed, visual, etc. media other than electronic media |
Service Provider | A natural or legal person who provides services under a specific contract with the practice |
Related User | Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data |
Contact Person | Natural person whose personal data is processed |
Recording Media | Any medium containing personal data that is fully or partially automated or processed by non-automatic means, provided that it is part of any data recording system |
Personal Data | Any information relating to an identified or identifiable natural person |
Personal Data Processing Inventory | It is the inventory that data controllers create by associating the personal data processing activities they carry out depending on their business processes, the purposes and legal grounds for processing personal data, the data category, the group of recipients transferred and the group of data subjects, and detail the maximum retention period required for the purposes for which personal data are processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security. |
Processing of Personal Data | All kinds of operations performed on personal data such as obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system |
Law | Law No. 6698 on the Protection of Personal Data |
Board | Personal Data Protection Board |
Institution | Personal Data Protection Authority |
Personal Data Protection Committee | A unit consisting of more than one member responsible for supervision and oversight in the protection and processing of personal data, established by the decision of the Board of Directors of the Practice |
Personal Data Contact Person | The real person notified to the Registry by the data controller for natural and legal persons resident in Turkey and by the representative of the data controller for natural and legal persons not resident in Turkey, in order to ensure communication with the Authority regarding their obligations under the Law and the secondary regulations to be issued based on this Law |
Destruction of Personal Data | Deletion, destruction or anonymization of personal data |
Deletion of Personal Data | The process of making personal data inaccessible and non-reusable in any way for the relevant users |
Destruction of Personal Data | The process of making personal data inaccessible, irretrievable and reusable by anyone in any way |
Sensitive Personal Data | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data |
Periodic Disposal | Deletion, destruction or anonymization to be performed ex officio at recurring intervals specified in the personal data retention and destruction policy in the event that all of the conditions for processing personal data specified in the law disappear |
Politics | Personal Data Processing, Storage and Destruction General Policy |
Interns | Students who receive applied vocational training and work for this purpose in the practice |
Trainee Candidates | Students applying to the practice for internship |
Medical Practice | Gazi Medical Clinic |
Data Processor | Natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller |
Data Recording System | A recording system where personal data is structured and processed according to certain criteria. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system |
Data Controllers Registry Information System | The information system created and managed by the Presidency, accessible via the internet, which data controllers will use in the application to the Registry and other related transactions regarding the Registry. |
VERBIS | Data Controllers Registry Information System |
Board of Directors | Practice Management Board |
Regulation | Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017 |
- DISTRIBUTION OF RESPONSIBILITIES AND TASKS
Pursuant to Law No. 6698 and the relevant legislation, within the scope of ensuring, maintaining and maintaining compliance with the personal data protection legislation, the “Practice PDP Committee (Committee)” in order to ensure the necessary coordination within the Practice determined. The titles, units and job descriptions of those involved in the storage and destruction of personal data are shown in Table 1.
TABLE 1- Distribution of Responsibilities and Duties
STAFF | TASK | RESPONSIBILITY |
Doctor Manager |
Personal Data Contact Person, KVKK application officer | To carry out the KVKK process as a contact person on behalf of the Data Controller, to carry out the necessary controls, to ensure coordination between the units, to manage the storage and destruction processes, to make the information system technically compatible with the KVKK, to carry out audit and training activities. |
Nurse/Secretary | KVKK implementation officer | The Data Controller is to carry out the KVKK processes under the supervision and supervision of the contact person, to carry out this task instead of the contact person in cases where it is not possible for the contact person to continue this task for any reason, to ensure compliance with the storage period and method of data storage and to carry out the process of destruction of personal data. |
Technical and administrative measures to ensure data security in all environments where personal data is processed are carried out by the responsible units in order to ensure the proper implementation of the technical and administrative measures taken within the scope of this policy, to increase the training and awareness of the relevant unit employees, to prevent the unlawful processing and access of personal data and to ensure that personal data is stored in accordance with the law.
- MEDIA WHERE PERSONAL DATA ARE STORED
Personal data kept by our practice are securely stored in the environments specified in Table-2 in accordance with the Law No. 6698 and the relevant legislation and international data security principles. Your personal data, in whole or in part, automatically or by non-automatic means, provided that it is part of any data recording system, by obtaining, recording, storing, storing, changing, rearranging, subject to any kind of processing performed on your personal data is processed by our Muayenehanemiz.
TABLE 2- Environments where Personal Data are Recorded
Electronic Media | Non-Electronic (Physical) Media | |
|
|
|
|
|
|
|
||
|
||
|
||
|
||
|
||
|
- PROCESSING OF PERSONAL DATA AND GENERAL PRINCIPLES
4.1. Confidentiality Principle
As explained in this policy, the data of both employees and all relevant persons who have personal data in contact with our practice are confidential. Within the scope of this policy and the measures taken, no one can use, reproduce, copy, copy, transfer to others and use the data of individuals for other purposes other than the purposes specified in the law.
4.2. Basic Principles
Personal Data processed by our practice is processed in accordance with the principles specified in Article 4 of Law No. 6698. The practice processes personal data in accordance with the procedures and principles stipulated in the law, according to the principles written below in the processing, protection, deletion and destruction processes of the data.
- Compliance with the law and good faith,
- Accurate and, where necessary, up to date,
- Processing for specific, explicit and legitimate purposes,
- Being relevant, limited and proportionate to the purpose for which they are processed,
- Retention for the period stipulated in the legislation or required for the purpose for which they are processed.
4.3. Terms of Processing Personal Data
Personal data processed by our practice is processed in accordance with Article 5 of Law No. 6698. Personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the principles we have stated below, it is possible to process personal data without seeking the explicit consent of the person concerned.
- (Principle of legality) Explicitly stipulated in the law,
- (Actual impossibility) It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
- (Performance of a contract) Processing of personal data of the parties to a contract is necessary, provided that it is directly related to the conclusion or performance of the contract,
- (Legal obligation) It is mandatory for the data controller to fulfill its legal obligation,
- (Publicity) The personal data has been made public by the data subject himself/herself,
- (Obligation) Data processing is mandatory for the establishment, exercise or protection of a right,
- (Legitimate interest) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
4.4. Conditions for Processing Sensitive Personal Data
Sensitive Personal Data processed by our practice is processed in accordance with Article 6 of Law No. 6698. Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data are personal data of special nature.
It is regulated by the article of the law that the processing of sensitive personal data without the explicit consent of the data subject is prohibited. Accordingly, Special Categories of Personal Data cannot be processed without the explicit consent of the data subject. However, as written in the article of the law; personal data other than health and sexual life listed in the first paragraph of Article 6 of the law may be processed without the explicit consent of the data subject in cases stipulated by law.
Personal data relating to health and sexual life can only be accessed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing,
It can be processed without seeking the explicit consent of the data subject. Our practice is processed in accordance with the Law No. 6698 and the relevant legislation and also by taking adequate measures determined by the Board in the processing of sensitive personal data.
- EXPLANATIONS ON PERSONAL DATA STORAGE AND DISPOSAL
With this policy created by our practice, personal data belonging to customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, employees of public institutions and organizations and private law legal entities and relevant third parties; It is stored and destroyed in accordance with the laws and relevant legislation. Detailed explanations regarding storage and destruction are set out below.
5.1. Storage of Personal Data
Article 3 of the Law No. 6698 defines the processing of personal data, and Article 4 stipulates that the personal data processed must be linked, limited and measured for the purpose for which they are processed and must be retained for the period stipulated in the relevant legislation or for the purpose for which they are processed. In Articles 5 and 6 of the Law No. 6698, the processing conditions of personal data are listed. Accordingly, within the scope of the activities of the Practice, personal data are stored in accordance with the relevant legislation or in accordance with our processing purposes; by taking administrative and technical measures for the required period of time.
5.2. Processing Purposes Requiring Retention of Personal Data
The practice stores the personal data it processes for the following purposes, limited to the activities of the practice, in accordance with the relevant legislation. Accordingly; the processing purposes that require storing personal data are determined in the following items.
- To improve the products and services of the practice and to continue growth and development activities,
- Maintaining the financial and accounting affairs of the practice,
- To maintain the commercial activities and service procurement transactions of the practice with third parties,
- To fulfill legal obligations within the scope of practice activities,
- Planning and execution of human resources processes, fulfillment of work and internship application processes,
- Creating personnel files, fulfilling financial obligations,
- To make and fulfill the contracts and protocols that the practice has made or will make with its customers, suppliers, employees and third parties with whom it has a legal relationship,
- Maintaining marketing activities,
- Ensuring institutional communication with the practice,
- To ensure the institutional quality of the practice, to ensure the safety of the relevant persons with whom it is in contact,
- To carry out the works and transactions and processes before the PDP Authority within the scope of the PDP Law,
- To liaise with real and legal persons with whom the practice has a legal relationship within the scope of its activities,
- In accordance with the legislation; to make the necessary legal notifications to the relevant public institutions and organizations,
- To fulfill the practice’s burden of proof as evidence in legal disputes with third parties,
- Participating in trainings, seminars or organizations organized by the practice to ensure corporate and personal development,
- To maintain the necessary processes for your contact with our practice, your use of our website regarding the activities of the practice, your contact with the practice contact information, filling out the forms on our website,
- To ensure the safety of customers, suppliers, managers and employees of service providers, employees, employee candidates, interns, visitors, employees of public institutions and organizations and private law legal entities and relevant third parties, the building and annexes of the practice, as well as the control of the entrance and exit of the practice building,
Your personal data is processed in accordance with the conditions and purposes determined in accordance with Articles 5 and 6 of the Law. Your personal data is not used for any other purpose other than the activities of our Practice, which is the data controller, and is not shared with third parties except in cases determined by policies,
5.3. Reasons for Retaining Personal Data
Your personal data is kept within the framework of the activities of the Practice. In this context, Personal data;
International regulations, the Constitution, the Personal Data Protection Law, the Code of Obligations, the Labor Law, the Turkish Criminal Code, the Turkish Criminal Procedure Code, the Tax Procedure Law and the relevant financial legislation, the Law on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications, the Regulation on the Procedures and Principles on the Regulation of Publications on the Internet, Regulation on Processing and Ensuring the Privacy of Personal Health Data, Law on the Regulation of Electronic Commerce, Electronic Signature Law, Electronic Communication Law, Regulation on Consumer Rights in the Electronic Communication Sector, Regulation on the Processing of Personal Data and Protection of Privacy in the Electronic Communication Sector, Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, Regulation on Commercial Communication and Commercial Electronic Messages, Law on Police Duties and Powers, Turkish Statistics Law, Social Security Institution Law, Law on Prevention of Laundering Proceeds of Crime, Communiqué on Electronic General Assembly System to be Applied in General Assemblies of Joint Stock Companies, Trade Registry Regulation, Regulation on Private Employment Agencies, Regulation on Websites to be opened by Capital Companies, Communiqué on Processes and Technical Criteria Related to Registered Electronic Mail System, Patient Rights Regulation, Regulation on Internal Systems of Banks, other relevant laws, regulations and communiqués.
In line with the above-mentioned purposes, based on your explicit consent and limited to these purposes only, it is collected, processed and stored within the framework of the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, provided that the legal obligation arising from the legislation, the execution and performance of the contracts made with our Muayenehan, the publicization of personal data, the necessity of data processing for the establishment, exercise or protection of a right, and the fundamental rights and freedoms of the person concerned.
5.4. Reasons Requiring Destruction of Personal Data
Personal data shall be deleted, destroyed or anonymized by the Muayenehane in accordance with the procedures and principles stipulated in the policy, law and regulation upon the request of the person concerned for the reasons stated below, by filling out the application form. Accordingly
- In the event that the purpose requiring the processing or storage of personal data by the practice disappears,
- Amendment or repeal of the relevant legislation provisions that are the basis for the processing of personal data,
- In cases where the processing of personal data by the practice is made only on the basis of explicit consent, the data subject’s withdrawal of explicit consent,
- Pursuant to Article 11 of the Law No. 6698, the application made by the person concerned regarding the deletion and destruction of personal data within the scope of the application rights to the practice is accepted by the KVK Institution,
- In cases where the PDP Board rejects the application made by the person concerned with the request for the deletion, destruction or anonymization of his personal data, finds the answer insufficient or does not respond within the period stipulated in Law No. 6698; In case he makes a complaint to the PDP Board and this request is approved by the PDP Board,
- Pursuant to the relevant legal regulation, the maximum period that requires the retention of personal data has expired and there is no reason to retain personal data,
In such cases, it shall be deleted, destroyed or ex officio deleted, destroyed or anonymized by the Practice upon the request of the person concerned.
- TECHNICAL AND ADMINISTRATIVE MEASURES FOR THE STORAGE AND DESTRUCTION OF PERSONAL DATA
Within the scope of the regulations determined by the Policy, for the safe and proper storage of personal data, prevention of unlawful processing, access, prevention of data leaks and the destruction of personal data in accordance with the law, within the framework of the provision “In the processing of personal data of special nature, it is also necessary to take adequate measures determined by the Board.” regulated in Article 6 of Law No. 6698 and the necessary adequate measures determined and announced by the Board in order to ensure the security of personal data specified in Article 12 of the same law; Written technical and administrative measures are taken by the Practice as the data controller.
Administrative and Technical Measures have been determined and announced in detail at https://www.kvkk.gov.tr. These measures are given in Table-3.
TABLE 3 – Technical and Administrative Measures
Technical Measures | Administrative Measures |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6.1. Technical Measures
Regarding the technical measures specified in the table above and announced by the KVK Institution, the necessary measures written below have been taken by the Practice as the data controller.
- In the event that personal data is unlawfully obtained by others, the necessary policies have been established by the Practice in order to notify the relevant person and the Board,
6.2. Administrative Measures
Regarding the administrative measures specified in the table above and announced by the KVK Institution, the necessary measures written below have been taken by the Muayenehane as the data controller.
- In order to improve the quality of employees, necessary trainings are provided to prevent unlawful processing of personal data, to ensure the protection of personal data and to raise awareness, and in-house periodic and random audits are carried out,
- Confidentiality agreements are signed by employees regarding the activities carried out by the practice,
- Before starting to process personal data, the Muayenehane fulfills its obligation to inform the relevant persons. A policy regarding this has been created and communicated to the relevant persons,
- A personal data processing inventory has been prepared and necessary updates are made by the Muayenehane as the data controller,
- A Disclosure and Information Text was prepared, an application form was prepared and published on the website,
- Personal data protection, processing, storage and destruction policy has been determined and its implementation is ensured by the KVKK Committee within the Practice,
- The PDP Committee was established, its powers and responsibilities were determined and communicated to the relevant parties,
- Separate explicit consent texts were created according to the groups of people concerned,
- Work has been initiated to fulfill the retention and destruction requirements for personal data,
- Necessary actions have been taken to ensure compliance with the KVK Law, and the practice contracts and texts containing personal data have been scanned and harmonized with the KVKK,
- EXPLANATIONS ON PERSONAL DATA DESTRUCTION TECHNIQUES
As written in the policy and personal data inventory created by our practice, at the end of the period stipulated in the relevant legislation regarding the personal data processed or at the end of the required retention period for the purpose for which they are processed; Personal data are destroyed by the authorized units of the practice spontaneously or upon the application of the relevant personal data owner to our practice, in accordance with Law No. 6698 and the relevant legislation, by the following methods and techniques.
7.1. Deletion of Personal Data
Personal Data on Servers: For the personal data on the servers, deletion is made by the system administrator by removing the access authorization of the relevant users for those whose retention period has expired.
Personal Data in Electronic Media: The personal data in electronic media that expire after the expiration of the period for which they are required to be stored shall be made inaccessible and non-reusable in any way for employees (relevant users) other than the database administrator.
Personal Data in Physical Environment: For the personal data kept in physical media, those that have expired for the period required to be kept are rendered inaccessible and non-reusable in any way for other employees, except for the unit manager responsible for the document archive. In addition, the blackout process is also applied by scratching/painting/erasing in a way that cannot be read.
Personal Data on Portable Media: Personal data stored on flash-based storage media, which expire after the period of time required for storage, are encrypted by the system administrator and access authorization is given only to the system administrator and stored in secure environments with encryption keys.
7.2. Destruction of Personal Data
Personal Data in Physical Media: The personal data in paper media that expire after the period of time required for their retention are irreversibly destroyed in paper shredding machines.
Personal Data on Optical / Magnetic Media: Personal data contained in optical media and magnetic media are physically destroyed, such as melting, incinerating or pulverizing those whose retention period has expired. In addition, the magnetic media is passed through a special device and the data on it is rendered unreadable by exposing it to a high magnetic field.
7.3. Anonymization of Personal Data
Anonymization of personal data is the removal of the identity of the person concerned from being identified or identifiable and making it impossible to link it to a natural person in any way, even when personal data is matched with other data.
In order for personal data to be anonymized; personal data cannot be linked/associated with an identified or identifiable natural person even through the use of appropriate techniques in terms of the recording medium and the relevant field of activity, such as the return of personal data by the data controller or third parties and / or matching the data with other data.
- PERSONAL DATA STORAGE AND DESTRUCTION PERIODS
Regarding the personal data of the practice being processed within the scope of this policy and the relevant legislation,
- Retention periods on personal data basis for all personal data within the scope of the activities carried out depending on the processes in the Personal Data Processing Inventory;
- Retention periods based on data categories are recorded in VERBIS;
- Process-based retention periods are defined in the Personal Data Retention and Destruction Policy.
takes place.
These periods are shown in the table in the Personal Data Retention and Destruction Policy of the practice. The retention and destruction periods of personal data are included in the table, taking into account the legitimate interest of the practice and the establishment and execution processes of the contracts made and to be made with the relevant data owner, the lawsuit and legal proceedings that may be filed.
TABLE 4- Personal Data Retention and Destruction Periods by Process
Process | Storage Time | Destruction Period |
Information on employees | 10 Years from the end of the contract | During the first audit period following the end of the retention period, within 180 days at the latest |
Information in the CVs and job application forms of employee candidates, trainee candidates | 1 year from the finalization of the request | Within 30 days from the date of request and within 180 days at the latest during the first audit period following the end of the retention period |
Interns (student) | 10 years from the beginning of the calendar year following the end of the internship | During the first audit period following the end of the retention period, within 180 days at the latest |
Service Providers Suppliers/Customers | 10 years from the termination of the contract and employment relationship | During the first audit period following the end of the retention period, within 180 days at the latest |
Visitors | 1 Year | During the first audit period following the end of the retention period, within 180 days at the latest |
Customers, Customer Relatives | 10 Years from the End of the Purpose of Data Processing | During the first audit period following the end of the retention period, within 180 days at the latest |
- PERIODIC DESTRUCTION PERIOD OF PERSONAL DATA
Pursuant to Article 11 of the Regulation, the Practice has set the periodic destruction period as 6 months. Accordingly, the periodic destruction process is carried out in February and August every year in the Practice.
- DELETION AND DESTRUCTION PERIODS UPON APPLICATION OF THE PERSON CONCERNED
The periods for deletion and destruction of personal data upon the application of the data subject are regulated in Article 12 of the Regulation as written below.
Accordingly, if all the conditions for processing personal data are no longer applicable, the data controller shall delete, destroy or anonymize the personal data subject to the request. The data controller shall finalize the request of the data subject within thirty days at the latest and inform the data subject. If all the conditions for processing personal data have disappeared and the personal data subject to the request have been transferred to third parties, the data controller shall notify the third party of this situation and ensure that the necessary actions are taken before the third party within the scope of this Regulation. If all the conditions for processing personal data have not been eliminated, this request may be rejected by the data controller by explaining the reason in accordance with the third paragraph of Article 13 of the Law and the rejection response shall be notified to the data subject in writing or electronically within thirty days at the latest.
- SITUATIONS WHERE THE PERSONAL DATA OWNER CANNOT ASSERT HIS RIGHTS
Pursuant to the first paragraph of Article 28 of the Law No. 6698, the following matters are excluded from the scope of application of the law (exceptions) and personal data owners cannot assert their rights listed in the law.
- Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data are not disclosed to third parties and the obligations regarding data security are complied with,
- Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
- Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public safety, public order, economic security, privacy of private life or personal rights or does not constitute a crime,
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
- Processing of personal data by judicial or enforcement authorities in relation to investigations, prosecutions, trials or executions,
Pursuant to the second paragraph of Article 28 of the Law No. 6698, Article 10 regulating the data controller’s obligation to disclose, Article 11 regulating the rights of the data subject, except for the right to claim compensation for the damage, and Article 16 regulating the obligation to register with the registry of data controllers, provided that it is appropriate and proportionate to the purpose and basic principles of this law, shall not apply in the following cases:
- Processing of personal data is necessary for the prevention of crime or criminal investigation,
- Processing of personal data made public by the data subject himself/herself,
- Personal data processing is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,
- Processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and fiscal matters.
- PUBLICATION, STORAGE AND UPDATING OF THE POLICY
This policy, prepared by the Practice, is available in a wet-signed (printed paper) environment inside the Practice and https://www.gazimedicalclinic.com/ is published on the website. It will be deemed to be disclosed to the public with the publication of the policy. The printed paper copy is kept in the PDP file. This policy is reviewed by the designated committee members within the scope of their powers and responsibilities, as needed, and the relevant sections will be updated as necessary.
- ENTRY INTO FORCE AND REPEAL OF THE POLICY
This policy, written in the articles above, shall be deemed to have entered into force on 31.12.2021.
If it is decided to abolish the policy with the approval of the data controller and the decision of the personal data committee, the old wet signed copies of the policy are canceled by the committee (by stamping or writing cancellation) and signed by the committee and kept by the data contact person in the “Accounting Unit / Department” by the committee for at least 5 years.
Website and Social Media Accounts
Personal Data Sharing
Explicit Consent Form
Dear Patient/Guardian/Guardian;
Gazi Medikal Klinik (“Practice”) takes photographs of customers before and after surgery, aesthetic operations, hair transplantation, birth, etc. during processes. Your personal data (photo, video) may be published on the website and social media accounts of the practice and the doctor performing the operation for promotional and advertising purposes. You can access our detailed clarification text on the protection of Personal Data from our practice secretariat / our website (https://www.gazimedicalclinic.com/ ) is available.
As the person concerned, you can access the application form from our secretariat / corporate section of our website under the Personal Data Protection menu https://www.gazimedicalclinic.com/ you can access.
To publish my personal data (photo, video) for the purposes listed above on the website and social media accounts of the practice and the doctor who performed the operation and to store them unless I request deletion
I give permission I do not give permission
I Read/Approve
Date:………../……./20…..
Name Surname
Signature:
Gazi Medical Clinic
PERSONAL DATA SUBJECT APPLICATION FORM
Article 11 of the Law No. 6698 on the Protection of Personal Data stipulates that the data subject may exercise the following rights by applying to the data controller. The application procedures and principles of natural persons whose personal data are processed (Data Subject) to the data controller are regulated by the “Communiqué on Application Procedures and Principles to the Data Controller”. In this context, please mark your requests regarding your rights specified in the table below.
Claimed Rights | Please
Please tick |
a) Learn whether personal data is being processed, | |
b) Request information if personal data has been processed, | |
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose, | |
ç) To know the third parties to whom personal data are transferred domestically or abroad, | |
d) To request correction of personal data in case of incomplete or incorrect processing, | |
e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law, | |
f) To request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred, | |
g) To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems, | |
ğ) In case of damage due to unlawful processing of personal data, to demand compensation for the damage, |
In order to exercise your rights arising from the legal legislation, you can apply using any of the following application methods.
Secure Electronic Signature, mobile signature or by using the Electronic Mail address you have notified to our practice and registered in our practice system info@gazimedicalclinic.com by sending an e-mail to, |
Personal application to be made by the relevant person to (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, Konak/İzmir) by filling out this form completely, |
Application to be made through a notary public or by the methods determined by the KVK Institution |
Please fill out the form below and send your application to our practice, which is the Data Controller, by any of the above methods.
Name-Surname | |
T.C. Identity Number | |
For Citizens of Other Countries
Passport Number |
|
Residential Address for Notification | |
Workplace Address | |
Cell Phone | |
Telephone Number | |
Fax Number | |
Email Address | |
Registered Electronic Mail (KEP) Address |
Please indicate your legal relationship with our practice below.
(Customer, business partner, prospective employee, former employee, third party company employee, shareholder, etc.)
☐ Customer (Patient) ☐ Visitor ☐ Supplier ☐ Shareholder
☐Employee ☐Former Employee ☐Intern Student ☐Candidate Employee
☐Other ………………………………………………….
You have worked in our practice
Unit : …………………………………
Subject : …………………………………
Former Employee : ………………………………….
Years I Worked : …………………………………
Other : …………………………………
I applied for a job : …………………………………
Resume Shared/Date : …………………………………
Third Party Company Employee : …………………………………
Please specify the company and position you work for
…………………………………………………………………………………………………………………………………..
Please specify your request in detail within the scope of KVKK:
……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
Please select the method by which you will be notified of our response to your application:
☐ I want it sent to my address. ☐ I want it sent to my e-mail address.
☐ I want to receive it by hand. ☐ I want it sent to my registered e-mail address
This form has been prepared in order to determine your legal relationship with our practice and your personal data processed by our practice, if any, and to respond to your application correctly and within the legal period. In order to prevent legal risks that may arise from illegal and unfair data sharing and to ensure the security of your personal data, our practice reserves the right to request additional documents and clarification information for identification and authorization. In the event that the information regarding your requests you submit within the scope of the Application Form is not correct and up-to-date or an unauthorized application is made, our practice does not accept any responsibility for the requests arising from such incorrect information and unauthorized application. If it is received by proxy, the original or certified copy of the power of attorney, certificate of representation or authorization certificate must be present.
Declaration of the Applicant Contact Person:
As the Personal Data/Applicant, I hereby accept and declare that I have read the general explanations in the application form, that I am aware of my rights and obligations under the PDP Law and the application form, and that all the information I have provided in the application form is correct and complete. I kindly request that I be informed within the legal period regarding this request.
Relevant Person/Applicant
Name Surname :
Application Date :
Signature :
PERSONAL DATA PROTECTION LAW
CLARIFICATION TEXT
Our practice; In accordance with the Law No. 6698 on the Protection of Personal Data, it pays utmost attention to the processing and protection of your personal data. As the data controller; All necessary technical and administrative measures have been taken to prevent unlawful processing and access of personal data and to ensure the protection of personal data.
Pursuant to Article 10 of the Law; we inform you with the policies established and this clarification text, covering customers, suppliers, managers and employees of service providers, Practice partners, employees, employee candidates, interns, visitors, relatives of Practice partners and employees, employees of public institutions and organizations and private law legal entities and relevant third parties.
This clarification text has been prepared by Gazi Medikal Klinik (Practice) in the capacity of data controller within the scope of Article 10 of the Personal Data Protection Law No. 6698 and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation.
1- Data Controller:
Gazi Medical Clinic (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, 35230 Konak/İzmir), Tax Office: BORNOVA VD. 0370232897 Processes your personal data in the capacity of “Data Controller” as defined in Article 3 of the Personal Data Protection Law No. 6698.
2- Purpose for which Personal Data will be Processed:
Pursuant to the Law No. 6698 on the Protection of Personal Data, your personal data that you share with our Muayenehane is processed by our Muayenehane by obtaining, recording, storing, storing, changing, rearranging, subject to any kind of processing performed on your personal data, in whole or in part, automatically or by non-automatic means provided that it is part of any data recording system. The Muayenehane processes the personal data it processes within the scope of its activities in accordance with the relevant legislation for the following purposes.
In this direction;
- Your identity information (T.R. Identity Number, your first and last name, place and date of birth, mother and father’s name, marital status, identity card or other identity information on the identity sharing system),
- Your contact information (Address No, telephone numbers, residential address, contact address, e-mail address),
- Personal Information (Salary information, payroll information, disciplinary investigation information, employment document records, resume information, personnel performance evaluation reports, family members and relationship information),
- Legal Transaction Information (Personal information in correspondence with judicial authorities, information in litigation and enforcement files),
- Customer Transaction Information (Identity information such as Name, Surname, T.R. ID, written and electronic mail, telephone contact information),
- Finance Information (Bank account information, Invoice information),
- Professional experience information (education information, diploma information, reference information, courses attended, on-the-job training information, certificates, information in reported forms),
- Audiovisual Records (Photographic information on the forms received),
- Health Information (Health Reports, Prescription Information, blood type information, personal health and physical disability status information, device and prosthesis information, laboratory and imaging results, test results, examination data (Diagnosis, Decision, Opinions), personal health information),
- Records related to security measures (Criminal Records),
Your personal data such as your personal data, your personal data that you will share directly or indirectly with our Muayenehane are processed and protected in accordance with the Personal Data Protection Law No. 6698 and the relevant legislation, limited to the activities of the Muayenehane. The purposes of personal data processing by our practice are set out below.
- Execution of emergency management processes, Management of information security processes,
- Conducting employee candidate / intern / student selection and placement processes,
- Carrying out the application processes of employee candidates
- Execution of employee satisfaction and loyalty processes,
- Fulfillment of employment contractual and regulatory obligations for employees,
- Execution of fringe benefits and benefits processes for employees,
- Conducting audit/ethics activities,
- Conducting training activities, Execution of access authorizations,
- Execution of activities in accordance with the legislation,
- Preparation of various reports, researches and presentations, planning of emergency management processes, follow-up of financial and accounting affairs, to ensure security in our practice,
- Conducting financial and accounting affairs,
- Sending SMS and e-mails for the promotion and information of our products and services,
- Execution of company / product / service loyalty processes,
- Ensuring physical space security, Execution of assignment processes,
- Follow-up and execution of legal affairs,
- Conducting internal audit / investigation / intelligence activities,
- Conducting communication activities,
- Planning of human resources processes,
- Execution/supervision of business activities,
- Conducting occupational health / safety activities,
- Receiving and evaluating suggestions for improving business processes,
- Carrying out activities to ensure business continuity,
- Execution of logistics activities,
- Execution of goods / service procurement processes, execution of sales processes, execution of after-sales support services,
- Execution of goods/service production and operation processes,
- Execution of customer relationship management processes,
- Conducting activities for customer satisfaction,
- Organization and event management,
- Execution of advertising / campaign / promotion processes,
- Carrying out the activities of storage and archive processes,
- Provision of Health Services
- Creating and Tracking Appointment Records
- Prescription Issuance
- Execution of Activities Related to Patient Satisfaction
- Providing Support and Information After Health Care Services
- Planning and Management of Health Services and Financing,
- Health Service Provision for the Person Concerned,
- Execution of Medical Diagnosis, Treatment and Care Services,
For its purposes, your personal data is processed in accordance with the conditions and purposes determined in accordance with Articles 4, 5 and 6 of the Law No. 6698 on the Protection of Personal Data. Your personal data will not be used for any other purpose other than the activities of our Practice.
3- To whom and for what purpose the processed personal data can be transferred:
Your personal data processed by our practice is transferred to the relevant real and legal persons for the purposes written below in accordance with Articles 8 and 9 of the Personal Data Protection Law No. 6698. Accordingly
- To our customers, service providers, suppliers, performance assistants and subcontractors in order to carry out the activities of the practice and to fulfill mutual obligations,
- To the relevant public institutions and organizations, including the Ministry of Health, Revenue Administration, Tax Offices, Social Security Institution and Municipalities, in order to fulfill the legal obligations stipulated in the relevant legislation and to ensure security,
- In order to carry out the occupational health and safety processes of the relevant persons, within the scope of occupational health and safety measures, the health information of the employees to the relevant health service providers and insurance companies,
- Banks, financial institutions, public and private legal entities, public officials in order to carry out financial transactions of the persons concerned,
- In matters related to public security and legal disputes, upon request and limited to the purpose of the request in accordance with the legislation, to prosecutor’s offices, courts, enforcement offices and relevant legal institutions and organizations,
- In the domestic transfer of sensitive personal data, your personal data can be transferred by obtaining the explicit consent of the person concerned, and in terms of sensitive personal data other than health and sexual life, your personal data can be transferred in cases stipulated by law.
In summary, together with the relevant groups of persons listed above, it is transferred to authorized public institutions and organizations such as employees of our Practice, legal, financial and tax consultants, auditors, service providers within the scope of Practice activities, ministries, judicial authorities. In addition, your personal data is transferred to persons, institutions and organizations permitted by the provisions of the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions in accordance with the legislation and limited to the purpose of transfer.
4- Data Transfer Abroad:
In accordance with the principles regulated in the second paragraph of Article 4 of the Personal Data Protection Law No. 6698, our practice obtains Explicit Consent Texts regarding the personal data processed separately from employees, employee candidates, customers and suppliers, service providers and visitors. In addition, in the Personal Data Protection Law No. 6698; In cases stipulated in the second paragraph of Article 5 and the third paragraph of Article 6 of the Personal Data Protection Law No. 6698, without seeking explicit consent, in accordance with the rules in Article 9, after the foreign countries with adequate protection to be determined by the Personal Data Protection Board are announced, only to persons and organizations residing in these countries, and for the countries where it is determined and announced that there is no adequate protection, it can be transferred provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and obtain the necessary permissions from the Personal Data Protection Authority in terms of the relevant transfer and on a limited basis.
5- Method and Legal Grounds for Collecting Personal Data:
Within the scope of practice activities; Contracts made with our Practice, legal relations established, application forms, forms filled out on the website, application forms, forms filled out on the website, personal data written in the application form received for the maintenance of human resources processes, documents requested for the personnel file created with the personal data written in the application form received for the maintenance of human resources processes, accounting, financial information received for the establishment and maintenance of financial and social rights, including customers, suppliers, managers and employees of service providers, employees, employee candidates, visitors, relatives of employees, employees of public institutions and organizations and private legal entities and relevant third parties, Personal data processed for the purposes of procurement, marketing, planning, quality and corporate development, personal information forms, training forms, job application forms processed during trainings, personal information processed by automatic or non-automatic methods during your visit to the practice building and its annexes and internet web page, electronically stored data or image records, your personal data processed through electronic automation systems due to your explicit consent or obligation arising from legislation, are collected within the scope of the law and the legal reasons stated below.
Your personal data, in order to carry out the necessary activities and processes by our Practice; International regulations, Constitution, Code of Obligations, Labor Law, Turkish Commercial Code, Tax Procedure Law and related financial legislation, Turkish Criminal Code, Turkish Criminal Procedure Law, Law on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications, Law on the Regulation of Electronic Commerce, Electronic Signature Law, Law on Electronic Communications, Law on Police Duties and Powers, Turkish Statistics Law, Law on Social Security Institution, Law on Prevention of Laundering Proceeds of Crime, Regulation on the Procedures and Principles for the Regulation of Publications on the Internet, Regulation on the Processing of Personal Health Data and Ensuring Privacy, Regulation on Consumer Rights in the Electronic Communications Sector, Regulation on the Processing of Personal Data and Protection of Privacy in the Electronic Communications Sector, Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, Regulation on Commercial Communication and Commercial Electronic Messages, Communiqué on the Electronic General Assembly System to be Applied in the General Assemblies of Joint Stock Companies, Trade Registry Regulation, Regulation on Private Employment Agencies, Regulation on the Websites to be opened by Capital Companies, Communiqué on Processes and Technical Criteria Related to Registered Electronic Mail System, Regulation on Patient Rights, Regulation on Internal Systems of Banks. In addition, it is collected in accordance with the laws, regulations, communiqués and other relevant legislation in force that cannot be listed here and in accordance with the legal reasons specified in Articles 5 and 6 of the Personal Data Protection Law No. 6698. Accordingly
- Obtaining explicit consent from data subjects whose personal data are processed,
- Provided that it is directly related to the establishment or performance of contracts between our practice and third real and legal persons, it is necessary to process personal data belonging to the parties to the contract,
- It is mandatory for the practice to fulfill its legal obligation,
- The personal data has been made public by the data subject himself/herself,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,
- Because it is expressly provided for in the law,
Personal data processed within the scope of the activities of our practice are kept and stored for the periods determined by our practice according to the nature of the personal data processed and for the period written in the relevant legislation, as specified in the Personal Data Retention and Destruction Policy prepared.
6- Rights of the Personal Data Owner in accordance with the Law No. 6698 on the Protection of Personal Data (Right of Application):
Your requests within the scope of Article 11 of the Law No. 6698 on the Protection of Personal Data “regulating the rights of the person concerned”, as the data controller according to the Communiqué on the Procedures and Principles of Application to the Data Controller;
Gazi Medical Clinic (Alsancak, Kahramanlar Mahallesi, Nevzat Güzelırmak Sk. No:29, 35230 Konak/İzmir) address, by filling out the attached Application Form of the relevant person who is the Personal Data Owner, you can personally deliver a signed copy of the form to the address of the Muayenehane with documents identifying your identity, Secure Electronic Signature, mobile signature or by using the e-mail address you have notified to our Muayenehane and registered in the system of our Muayenehane info@gazimedicalclinic.com address, by sending an e-mail, by personal application, by application through a notary public or by the methods determined by the Personal Data Protection Board.
Pursuant to Article 11 of the Law No. 6698 on the Protection of Personal Data; everyone can apply to the data controller regarding him/her;
- Learn whether personal data is being processed,
- Request information if their personal data has been processed,
- To learn the purpose of processing personal data and whether they are used for their intended purpose,
- To know the third parties to whom personal data is transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing,
- To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
- In case of correction, deletion or destruction of personal data, to request that these transactions be notified to third parties to whom personal data are transferred,
- To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
- In case of damage due to unlawful processing of personal data, to demand compensation for the damage,
rights.
Pursuant to the first paragraph of Article 13 of the Law No. 6698 on the Protection of Personal Data, you are required to submit your applications to our Practice in writing or by the above written methods determined by the Personal Data Protection Board in order to exercise your rights mentioned above. Our practice will finalize your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board will be charged.
Cookies:
Our Experience Enhancement services collect information about visitors to our website www.gazimedicalclinic.com using cookies. A cookie is a string of information that a website has stored on a visitor’s computer and that the visitor’s browser provides to the website each time the visitor returns. Most Internet browsers automatically accept cookies, but by editing their options, you can instruct your browser to accept cookies by accepting instructions, to stop accepting cookies, or to ask before accepting a cookie from websites you visit.
All such collected information is collected on behalf of Gazi Medical Clinic. Except for legal processes, it is not transferred, sold or shared with any 3rd institution or person.
Gazi Medikal Klinik reserves the right to change the Privacy Policy at any time.