Privacy & Cookies Policy
Personal Data Protection and Processing Policy
Data controller Private Aksın Polyclinic (Aksın Istanbul Sağlık Hizmetleri Ltd. Şti) is responsible for the superior service quality, respect for the rights of individuals, transparency and honesty principles, and in line with the regulations determined by the Personal Data Protection Law, personal data belonging to its customers, employees and other real persons with whom it is in contact. conservation is of great importance. We attach great importance to patient privacy and the preservation of all personal data of our patients by processing them in the best possible way and with care. This policy has been prepared in order to protect and process the personal data of our patients, as well as companions, visitors and employees of institutions and organizations we cooperate with, within the framework of the basic principles in the legislation.
The purpose of this Policy is to ensure transparency by informing the persons whose personal data is processed, especially our patients, companions, visitors, employees and institution officials, employees of the institutions we cooperate with, officials and third parties within the scope of the personal data processing activity carried out by our polyclinic in accordance with the legislation. In this context, administrative and technical measures are taken to process and protect personal data in accordance with the Law No. 6698 and the relevant legislation. Within the scope of this policy, natural persons whose personal data are processed are defined as Data Subject, Relevant Person or Personal Data Owner.
Explicit Consent: Consent about a specific subject, based on information and expressed with free will.
Anonymization: It is the change of personal data in such a way that it loses its quality as personal data and this situation cannot be undone. For example masking, aggregation, data corruption etc. making personal data incapable of being associated with a natural person, by means of techniques. It is possible to anonymize personal data for various purposes, but in accordance with the request and / or consent of the person concerned, without violating the scope of KVKK and express consent. Necessary measures will be taken in our polyclinic so that the personal data that has been anonymized is not made identifiable by various methods.
Employees, Shareholders and Officials of the Institutions We Collaborate with: Refers to the real persons, including the shareholders and officials of these institutions, who work in the institutions (such as but not limited to business partners, suppliers) with which we have any business relationship.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, means all kinds of operations performed on data such as classification or prevention of use.
Personal Data: It means any information relating to an identified or identifiable natural person. All information that makes the person identifiable is arranged as personal data, and information such as TR Identity Number, Name and Surname, e-mail address, telephone number, residence address, date of birth, bank account number can be given as examples of personal data.
Special Qualified Personal Data: Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data refers to data of special nature.
Third Party: Refers to the third party real persons who are associated with the above-mentioned parties in order to ensure the security of commercial transactions or to protect the rights of the said persons and to obtain benefits. (For example, employees or officials of the company from which service is received, Companion etc.)
Data Processor: Refers to the natural and legal person who processes personal data on behalf of the data controller based on the authority given by him. For example, the IT firm that holds our Data.
Data Controller: It refers to the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).
Within the scope of KVKK, our polyclinic has the title of data controller and has been registered in the VERBIS system. A team (Personal Data Supervisor Team) has been established from our company. In cases where a decision needs to be taken, the Personal Data Officer team takes the opinion of a lawyer/lawyer who is an expert on personal data, and after the approval of the management, the decision taken is put into practice.
Although the personal data processed may vary depending on the health services provided, they are collected by physical and/or digital methods. Our patients, physicians, healthcare personnel, etc. Special quality personal data and general quality personal data, especially health data collected verbally, in writing or digitally, through our employees, subcontractors and their employees and companies engaged in all kinds of commercial activities, our call center, the website of our polyclinic, online services and similar means is processed for the following and other purposes that may arise in the future:
- Execution of medical diagnosis, treatment and care services,
- Protection of public health,
- Planning and management of preventive medicine health services and financing,
- To inform our patients about the appointment
- Planning and managing internal procedures,
- Analyzing for the purpose of improving the fulfillment of health services in accordance with the legislation,
- Carrying out risk management and quality improvement activities,
- Conducting research,
- Fulfilling legal and regulatory requirements,
- Invoicing for our services,
- Confirmation of your identity
- Confirmation of your relationship with the contracted institutions,
- Sharing all kinds of information requested by private insurance companies within the scope of financing health services,
- To be able to answer all your questions and complaints about our health services,
- Taking all necessary technical and administrative measures within the scope of data security,
- Ensuring financial reconciliation regarding the health services offered to you with the institutions we have contracted with, banks and all institutions (public and private) from which health expenditures are collected,
- Sharing the requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation,
- Measuring patient satisfaction, increasing patient satisfaction,
- It may be collected and processed for purposes such as fulfilling our contracts and legal obligations.
CATEGORIZATION OF PROCESSED PERSONAL DATA
Identity Information: All information regarding the identity of the person in documents such as driver’s license, identity card, passport, attorney’s ID, marriage certificate.
Contact Information: Information for contacting the data owner such as phone number, address, residence, e-mail
Location Data: Data that clearly belongs to an identified or identifiable natural person and is included in the data recording system, which is used to determine the location of the data owner.
Family Members and Relatives: Information about the family members and relatives of the personal data owner, which is clearly belonging to an identified or identifiable natural person, is included in the data recording system, and is processed in order to protect the legal interests of the relevant Institution and the data owner.
Physical Space: Records such as camera recordings, fingerprint records and personal data related to documents, visual and audio recordings
Transaction Security Information: Personal data processed to ensure our technical, administrative, legal and commercial security while conducting our activities
Financial Information: Personal data processed for information, documents and records showing all kinds of financial results
Employee Candidate Information: Personal data processed about individuals who have applied to be an employee (cv or resume information)
Personnel Information: Payroll Information, Disciplinary Investigation, SGK information, employment entry-exit document records, property declaration information, resume information, information about performance evaluation reports, interview results, content of the employment contract, information about starting work, information about termination of employment. personal data
Legal Action: Personal data processed within the scope of our legal obligations, determination and follow-up of our legal receivables and rights and the performance of our debts
The above personal data are included in the Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Hospitals, Regulation on Personal Health Data and regulations of the Ministry of Health, etc. It can be processed within the framework of the provisions of the legislation and transferred to the physical archives and information systems of our polyclinic and/or our suppliers.
Our company accepts that personal data will be processed in accordance with the following principles:
- Compliance with the law and the rule of honesty,
- Ensuring that personal data is accurate and up-to-date when necessary,
- Processing for specific, explicit and legitimate purposes,
- Being connected, limited and restrained with the purpose for which they are processed,
- Preservation for the period required by the relevant legislation or for the purpose for which they are processed.
The express consent of the personal data owner is only one of the legal bases that allow the processing of personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity may be only one of the conditions stated below, or more than one of these conditions may be the basis of the same personal data processing activity. In case the processed data is special quality personal data, the following conditions apply:
- Finding the Explicit Consent of the Personal Data Owner,
- Clearly Provided in Laws,
- Failure to Obtain Explicit Consent of the Related Person Due to Actual Impossibility
- Being Directly Related to the Establishment or Performance of the Contract
- Fulfilling the Company’s Legal Obligation:
- Publicizing the Personal Data of the Personal Data Owner:
- Mandatory Data Processing for the Establishment or Protection of a Right:
- Obligatory Data Processing for the Legitimate Interest of Our Company, (The expression of the legitimate interests of the company cannot under any circumstances be contrary to the principles determined by the KVKK, the purpose of processing personal data, and cannot interfere with the essence of the right guaranteed by the Constitution.)
Special categories of personal data are processed by our company in the following cases, provided that adequate measures to be determined by the Personal Data Protection Board are taken:
- If the personal data owner has express consent, or,
- If there is no explicit consent of the personal data owner; Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,
- The personal data of the personal data owner regarding his health and sexual life are only for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, or persons or authorized institutions under the obligation of confidentiality. processed by organizations.
TECHNICAL AND ADMINISTRATIVE MEASURES
Our company takes the necessary technical and administrative measures according to the technological possibilities and implementation costs regarding the following issues in accordance with the provisions of Article 12 of the KVKK and the provisions of the Regulation, the general principles stated above, and the decisions of this Policy and Personal Data Protection Board:
- Required software and hardware have been determined. Strong passwords are used on computers and e-mail accounts.
- What needs to be protected in terms of protecting customer information was conveyed to our personnel through trainings, and their responsibilities with business contracts were written. (Confidentiality Agreements) This obligation continues even after the persons concerned leave their positions.
- Necessary infrastructure has been established for the backup of all data.
• Employees who can access data on computers have been identified.
- Customer files and information are only given to the relevant persons themselves, to their relatives to whom they have given written consent, to the relevant public institutions and organizations within the framework of the legislation, and to the competent judicial authorities in judicial cases.
- Before starting to process personal data, the Authority fulfills its obligation to inform the relevant persons.
- Personal data processing inventory has been prepared.
- The personal data owners in question are enlightened on these issues through texts posted in our polyclinic or made available to guests in other ways.
Your personal data shall be processed by our polyclinic, the Ministry of Health, its sub-units and family medicine centers, private insurance companies (health, pension and life insurance, etc.), Social Security Institution, General Directorate of Security and other law enforcement agencies, General Directorate of Population, Pharmacists Association of Turkey, prosecutor’s office and courts, laboratories in Turkey or abroad that we cooperate for medical diagnosis, medical centers and third parties providing health services, the health institution to which the patient is referred or the patient himself applies, your representatives duly authorized, third parties we receive consultancy from, regulatory and supervisory institutions and official authorities, our suppliers whose services we benefit from or cooperate with, support service providers. It can be shared with our t providers within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law. Your personal data is not shared with foreign countries.
Regarding the processed personal data, the person concerned, learning whether personal data is processed, requesting information about it if it has been processed, accessing and requesting personal health data, learning whether it is used in accordance with the purpose, learning the third parties to which it is transferred, requesting correction in case of wrong processing, personal data have the right to request deletion or destruction, to request corrections to third parties in case of incorrect processing, to object to the adverse result by analyzing through automated systems, to demand the compensation of the damage suffered due to the unlawful processing of personal data. By applying to our company with a petition. , the rights described above can be used.
Our Company carries out personal data processing by using security cameras and recording images at guest entrances and exits. In this context, our polyclinic acts in accordance with the Personal Data Protection Law and security legislation.
Only authorized employees and/or supplier company employees have access to the records recorded and maintained in the digital environment. Camera records are kept for 2 months.
This Policy is deemed to have entered into force after its publication on the website.