Protection of Personal Data
DISCLOSURE TEXT ON THE PROCESSING OF PERSONAL DATA
(For Patients and Relatives)
As ORT-HOS HEALTH SERVICES TRADE LTD.ŞTİ - ("Private Medisun Çayyolu Hospital"), we show maximum sensitivity to the security of your personal data. With this awareness, as Private Medisun Çayyolu Hospital, in accordance with the Law No. 6698 on the Protection of Personal Data ("KVKK") and the "Regulation on the Processing of Personal Health Data and Ensuring Privacy", as a health institution, we will record, archive, share with authorized 3rd Persons / Institutions when necessary, and process your personal information necessary to provide you with health services in the ways listed in the KVKK. For this reason, we believe that it is necessary to inform you about our mutual rights and obligations.
Definitions:
Open Reza : Consent on a specific subject, based on information and expressed with free will
Anonymization : Personal data will lose the quality of personal data and this situation
is to change it in such a way that it cannot be retrieved. For example, masking, aggregation, data corruption, etc. techniques to make personal data impossible to associate with a natural person
Employees, Shareholders and Authorities of the Institutions we cooperate with: Natural persons, including, but not limited to, employees, shareholders and officials of the organizations with which our organization has all kinds of business relations (such as business partners, suppliers, etc.)
Processing of Personal Data : Personal data may be fully or partially automated or
Any operation performed on the data such as obtaining, recording, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of the data by non-automatic means, provided that it is part of any data recording system
Personal Data Owner : The natural person whose personal data is processed. For example, patients, relatives and
employees
Personal Data : Any information relating to an identified or identifiable natural person. Therefore, the processing of information on legal persons is not covered by the Law. For example, name, surname, TRKN, e-mail, address, date of birth, credit card number, bank account number, etc.
Patient: A person who applies to our institution for examination and treatment and receives outpatient or inpatient treatment
Sensitive Personal Data : Race, ethnic origin, political opinion, philosophical belief, religion, sect or
other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data
Authorized Officer of the Institution : General Manager of the Institution and other authorized real persons
Third Party : Our organization's commercial relations with the above-mentioned parties
third-party natural persons (e.g. employees or officials of the company from which the service is received, Companions, etc.) who are associated with these persons in order to ensure transaction security or to protect the rights of the aforementioned persons and to provide benefits
Data Processor : A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller. For example, the IT company that keeps the data of our organization, all employees who enter patient data into the system
Data Controller The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system)
Visitor: Natural persons who have entered the physical areas owned by our organization for various purposes or who visit our websites
Data Controller and Representative
Pursuant to the Law No. 6698 on the Protection of Personal Data, your personal data; as the data controller, registered with the Ankara Trade Registry with the registration number 233837, 6470318648 tax number, Mutlukent Mah. 1920. Cad. No:61 Çayyolu /ANKARA, ORT-HOS Sağlık Hiz. Tic. Ltd. Şti. within the scope described below.
Purpose for which Personal Data will be Processed
As Private Medisun Çayyolu Hospital, in order to provide you with health services in the capacity of data controller, we may process your personal data specified below as an example for you:
Your identity information (Name, Surname, Turkish ID Number, Passport Number or Temporary Turkish ID Number for non-Turkish citizens, Place and Date of Birth, Marital Status, Gender information and a photocopy of the Turkish ID Card or Driver's License)
Your contact information (such as address, telephone number, e-mail address)
Patient number and protocol number,
Your bank account/ Iban number, financial information regarding payment and invoicing,
Private health insurance or Social Security Institution data,
If you have private health and/or complementary health insurance, your health data obtained within the scope of medical treatment, diagnosis and care,
Your association/foundation/union membership data within the scope of campaign and promotional activities,
Your health data obtained as a result of the service provided in our hospital, including but not limited to your laboratory and imaging results, test results, examination data, check-up information, prescription information,
Your closed circuit camera system image recording in the general areas of the hospital,
Your voice call recording if you contacted our Call Center to use our online services (e-appointment, filling out questionnaires, etc.),
Vehicle license plate information if you used parking and valet service,
Suggestions, comments and survey answers you share to evaluate our services,
Your personal information, including your IP address, which we obtain during the use of our website and mobile applications, as explained extensively in the content of our Cookie Policy, your browsing data obtained during use, especially your browser information, and your medical data that you transmit with your consent via the mobile application,
Your personal data collected;
Protection of public health, medical diagnosis, treatment and care services,
Sharing the information requested with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation,
If you make an appointment, you will be informed about your appointment,
Planning and managing the internal functioning of the hospital,
Analysis to improve health services,
Ensuring the financing of health services, invoicing for the services provided and sharing data with insurance companies and foundations/trade unions/institutions and organizations of which you are a member,
Verification of your identity, verification of your relationship with contracted institutions,
Confirmation of your identity as a relative,
Newborn baby notification,
Financial reconciliation with our contracted institutions (insurance companies, member foundations, etc.) regarding the health services provided to you,
Increasing patient satisfaction,
Responding to your questions or complaints regarding our services, (Filling out questionnaires, etc.)
Supply of medicines and medical devices,
Taking all necessary technical and administrative measures within the scope of data security of our hospital's systems and applications,
Analyzing your use of health services and storing your health data limited to the legal period in order to develop and improve the health services offered to you,
Participation in campaigns and providing campaign information, filling out surveys, designing and communicating special content, tangible and intangible benefits on web and mobile channels by Marketing, Media and Communications, Call Center departments,
Taking video recordings for advertising and promotional purposes by the Marketing, Media and Communication departments, including whether you feel well before and after medical diagnosis, treatment and care (surgery, etc.) services provided at our hospital and your treatment processes,
For the purposes of carrying out health services properly within the framework of the purposes for which they are processed, they will be processed for the maximum period specified in the relevant legislation or required for the purpose for which they are processed, and in any case for the statutory statute of limitations.
It should be noted that; Personal health data; for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, persons under the obligation of confidentiality or authorized institutions and organizations
can be processed without seeking your explicit consent. We would like to state that your prior explicit consent is required for processing activities other than these purposes, and that no processing activity will be carried out if your explicit consent is not given by you.
Detailed information about the purposes of processing your personal data by Private Medisun Çayyolu Hospital; You can access the Personal Data Protection and Processing Policy shared with the public at https://medisunhastanesi.com.
To whom and for what purpose the processed personal data can be transferred
Your personal data collected for the purposes of public health and preventive medicine services, the execution of medical diagnosis, treatment and care services, and the planning and management of health services and financing, and subject to the conditions in the KVKK, for your safety and for our Hospital to fulfill its obligations under the law, limited to the purposes listed above, in accordance with the conditions specified in Articles 8 and 9 of the Law;
In the event that your personal data is requested by the competent authorities, including but not limited to the Ministry of Health of the Republic of Turkey and Provincial Health Directorates, Public Health Centers and other units affiliated to the Ministry of Health, the Pharmacists Association of Turkey, by persons appointed by the competent authorities or within the scope of e-nabız and similar systems established or within the scope of our notification and / or reporting obligation imposed on us, your personal data with the relevant authorities and persons,
With our direct/indirect shareholders, subsidiaries and/or affiliates,
With our business partners, (e.g. contracted laboratories, physical therapy and imaging centers, foundations and unions you are a member of, etc.)
With the consultants, auditors, legal representatives and third parties, including lawyers in case of dispute, with whom we receive consultancy, legal representatives and third parties that we have authorized,
Domestic/foreign organizations and other third parties and their legal representatives from whom we contractually receive services and cooperate in order to carry out our activities,
If you use your private insurance with the Social Security Institution for patients subject to SSI, with your insurance company you are a member of, and with your institution if your invoicing will be made to the institution you work for,
If you have private insurance, you can share your treatment data with your contracted institution in order to receive authorization from your contracted institution,
Laboratories, ambulances, medical devices and health service providers in Turkey or abroad with which we cooperate for medical diagnosis and treatment,
With the relevant health institution in case you need to be referred,
If any, it can be shared with the legal representatives you have authorized.
These transfers mentioned above may be transferred within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, limited to the purposes specified in the Personal Data Protection and Processing Policy shared with the public at https://medisunhastanesi.com.
Method and Legal Grounds for Collecting Personal Data
Your personal data are collected by Private Medisun Çayyolu Hospital; for the purposes of protecting public health, preventive medicine, records related to your applications to our health institutions, medical diagnosis, treatment and care services, planning and management of health services and financing; oral,
in written, visual or electronic media, online through the SSI system, from the records shared in case of benefiting from the private insurance company or the foundations / syndicates / institutions and organizations you are a member of, through the records of other health institutions in case you come to our health institutions by referral, through the mails (e-mails) you send, call center call records, website, verbal, written and similar channels, limited to the purposes specified above.
Your personal data will be deleted, destroyed or anonymized when the purpose that requires the processing of your personal data in accordance with Article 7/f.1. of the KVK Law disappears and/or the statute of limitations/retention periods that we are required to process your data in accordance with the legislation expire.
The legal reasons for the processing of your personal data are the cases clearly stipulated in the Private Hospitals Law No. 2219 and the Basic Law on Health Services No. 3359 and the fulfillment of our legal obligations arising from the relevant secondary legislation such as the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations, Private Hospitals Regulation, Health Implementation Communiqué, Patient Rights Regulation, and the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing; Your data herein are "mandatory for the data controller to fulfill its legal obligation" and "data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject" in Article 5 of the KVKK. "it is mandatory for the data controller to fulfill its legal obligation" and "data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject" and 6. "Personal data relating to health and sexual life are processed automatically only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality, without seeking the explicit consent of the person concerned".
Transfer of Personal Data Abroad
Pursuant to Article 9 of the KVKK, personal data cannot be transferred abroad without the explicit consent of the person concerned as a main rule. In case of consent, personal data may be shared with our affiliates abroad in proportion to the legitimate requirements arising from service activities, and personal data may be transferred taking into account the list of safe countries to be published by the Personal Data Protection Board.
In cases where the data subject does not have explicit consent for the transfer of personal data abroad, processing and transfers permitted under the LPPD and relevant legislation may be carried out in terms of processing and transfer of personal data.
Data Security
As Private Medisun Çayyolu Hospital, we attach the utmost importance to the protection and security of your personal data, we protect it in full compliance with all technical and administrative security controls that must be taken in accordance with information security standards and procedures, we act with the awareness that personal data security is at the forefront in all our products and services we offer to you, we would like to state that the security measures in question are implemented by taking into account all possible risks, taking into account technological possibilities, and that all necessary sensitivity is shown in this regard. Also;
Our employees are trained on information security, patient privacy and protection of personal data.
Corporate policies and procedures on personal data security have been written and are available on our website https://medisunhastanesi.com.
Personal data is destroyed when the purpose of use and the legal retention period is no longer valid
Our systems containing personal data are routinely audited.
Contracts are made with data processors from whom services are received and/or data controllers in case of data transfer.
Up-to-date software is used, we have a security network organized against cyber-attacks.
Access to systems containing personal data is limited; antivirus and anti-spam programs are used, information networks are constantly monitored for security issues, and tests are conducted to identify system weaknesses.
You have a system of institutional reporting on issues.
In case of misuse of the systems, evidence will be collected and reported to the Personal Data Protection Authority and a criminal complaint will be filed to the Prosecutor's Office; protection measures have been taken against natural disasters such as fire, flood, etc. in our physical environments where personal data are located, and these environments are kept locked and entrances / exits are under control.
In addition to all these, additional security measures determined by the Personal Data Protection Board are also taken in the processing of special categories of personal data.
Rights of the Personal Data Owner listed in Article 11 of Law No. 6698
Your personal data is meticulously protected within the technical and administrative possibilities and the necessary security measures are provided at a level suitable for possible risks, taking into account the technological possibilities.
You can submit your requests within the scope of KVKK by filling out the "Data Owner Application Form" on the website https://medisunhastanesi.com according to the "Communiqué on the Procedures and Principles of Application to the Data Controller";
Mutlukent Mah. 1920. Cad. No:61 Çayyolu /ANKARA address by delivering it in person,
Through a notary,
Ort-hos@hs01.kep.tr with secure electronic or mobile signature,
or via your electronic e-mail address registered in our system
It is also possible to submit your requests to our Company by using other methods determined by the Personal Data Protection Board.
In order to use your rights mentioned above, if you submit your request to our Hospital by specifying which of your rights specified in Article 11 of the KVKK, together with the necessary information identifying your identity and your explanations regarding your right you want to use, your application regarding your request will be answered free of charge as soon as possible and within 30 (thirty) days at the latest.
However, if the transaction requires an additional cost, our hospital will charge the applicant the fee in the tariff determined by the Personal Data Protection Board.
We would like to remind you that any special categories of personal data (e.g. religious information or blood type information) should not be included in the attachment of your application.
ORT-HOS HEALTH SERVICES TRADE LTD.