General Data Protection Regulation
Privacy Notice for Processing of Personal Data
"Privacy Notice" In accordance with the provisions of Law No. 6698 on the Protection of Personal Data ("KVKK") and the General Data Protection Regulation of the European Union (GDPR), as the Data Controller, we hereby inform you about the processing of your personal information within the framework described below, by Dr. Tuğba Korkmaz's surgery located at Mansuroğlu Mah. 1593/1 Street, No:2 Lider Centrio A Block Floor:4 Apartment:39 Bayraklı - İZMİR (Hereinafter referred to as Physician/Clinic/Employer).
Within the scope of the legal regulations, we will record, store, update, classify, and process your personal information as described below; and disclose, transfer, classify, and process it in the manners specified in the KVKK and GDPR, informing you about our mutual rights and obligations within the framework of the aforementioned legal regulations.
Under the legal framework, we will record your personal information necessary for establishing the Physician-Patient relationship and providing healthcare services (diagnosis, treatment, care services, etc.) in line with your health benefit and public health at our surgery, including but not limited to, the Physician/Clinic's obligation to identify the patient's information for the provision of healthcare services, such as identity, address, telephone, medical history, and all other necessary information; and to keep all records and documents in the medical patient file, whether in electronic or paper form, as required by the Private Hospitals Law, Private Hospitals Regulation, Health Implementation Communique, Patient Rights Regulation, and other relevant legislation. -We hereby inform you that your personal data may be shared with relevant authorities and individuals, including but not limited to the Ministry of Health, Provincial Health Directorates, Public Health Centers, and other units affiliated with the Ministry of Health, the Social Security Institution, and your private health insurance company, upon request by authorized institutions, individuals appointed by competent authorities, or within the scope of our notification and/or reporting obligations.
PURPOSES OF PROCESSING PERSONAL DATA, METHODS OF COLLECTION, AND LEGAL BASIS
Your personal data will be processed within the scope of the establishment, performance, and fulfillment of contractual obligations of the Physician-Patient relationship, in order to provide you with the services we can offer; to record the information of the person conducting/requesting the transaction, including but not limited to identity, address, tax number, and personal health data; to arrange all records and documents serving as the basis for processing, as well as to comply with the information storage, reporting, and disclosure obligations prescribed by legislation, competent authorities, and other regulators; to improve marketing and statistical activities and service quality; and for other products/services requested. Special categories of personal data are processed within the contractual relationship for communication, information provision, and similar processes.
Your Personal Data, related to the healthcare service provided;
By coming to the Physician and surgery for examination and treatment purposes, through the health reports you submit for the evaluation of the treatment to be applied to you, your laboratory and imaging results, your tests, your health reports, and the statements you provide regarding your health data, By filling out the "Patient Information and Consent Form" regarding the treatment to be applied by the Physician and surgery, By filling out the contact form on the corporate website of the Physician and surgery, By sending electronic mails to the corporate e-mail address of the Physician and surgery, By means of photographs/video recordings taken before, during, and/or after the medical procedure applied to you within the surgery, Upon your request and if necessary; In order to carry out your diagnoses and controls online via remote access, by using the service providers of remote connection applications (whatsapp/zoom.us/facetime/skype/messenger/google/instagram/facebook, etc.) through which you accept their Privacy Policies and Overseas Transfer Principles and send written/voice/visual (photograph and/or video recording) messages to the Physician and surgery and make online voice/video calls through these applications, By directly sending messages to the profile accounts of the Physician and surgery on social media platforms (Instagram, YouTube, Facebook, Twitter, LinkedIn, etc.) whose servers are located abroad, of which you are already a user and accept their Privacy Policies and Overseas Transfer Principles, and/or by commenting on their posts, Through the panels such as "contact us" or "get information" in the promotions and advertisements made by the Physician and surgery on social media platforms (Instagram, YouTube, Facebook, Twitter, LinkedIn, Google, etc.), allowing the automatic processing of your information by accepting their Privacy Policies and Overseas Transfer Principles, your data is being processed.
Exceptions that enable the lawful processing of personal data are regulated in Article 5/2 of the KVKK. Accordingly, the surgery may process personal data without explicit consent if one of the following conditions (exceptions) is present. The basis of personal data processing can be only one of the conditions listed below, or more than one of these conditions can be the basis of the same personal data processing activity.
These are: Explicitly Stipulated in the Law, It is mandatory to process personal data for the protection of the life or bodily integrity of the data subject or another person who is unable to express his/her consent due to actual impossibility or whose consent is not deemed valid, Directly related to the establishment or performance of a contract, Fulfillment of the surgery's Legal Obligations, Making Personal Data Public by the Data Subject, Processing of Data is Mandatory for the Establishment or Protection of a Right, Processing of Personal Data for the Legitimate Interests of the surgery, provided that it does not harm the fundamental rights and freedoms of the data subject.
In addition, according to GDPR Article 9/2/h, Article 6/1/b, and Article 6/1/f, your data can be processed without the need for explicit consent in the following situations:
In order to carry out medical diagnosis, treatment, and care services, Health Data, which is considered as Special Category Personal Data, will be processed by the surgery, which is obliged to keep confidentiality, without the need for explicit consent, in accordance with the Law.
In order to conduct follow-ups after medical diagnosis and treatment processes, to communicate with you directly, and to manage appointment processes, your Personal Data will be processed by the surgery without the need for explicit consent. In order to manage patient satisfaction and requests, your Personal Data will be processed by the surgery without the need for explicit consent.
According to GDPR Article 6/1/c, your Personal Data will be processed without the need for explicit consent in the following cases due to legal obligations:
Establishment of patient files. Retention of information regarding your health data that must be kept according to the relevant legislation. Checking your payments to issue invoices. Execution of tax payments. Fulfillment of obligations under the Legislation of the Ministry of Health. Fulfillment of obligations under the Health Tourism Legislation. Ensuring your data security. Fulfillment of legal obligations before Judicial Authorities. Fulfillment of administrative obligations before Administrative Institutions and Organizations.
RECIPIENTS TO WHOM PERSONAL DATA MAY BE TRANSFERRED:
The individuals and public institutions and organizations, private public institutions and organizations, physicians, clinics' contracted polyclinics and medical laboratories, and the relevant individuals, institutions, and organizations with which the Surgery is in consultation, in accordance with the legal regulations are the persons to whom personal data may be transferred. Special category personal data may be transferred to locations within and outside the country where services are received for the purposes specified in the privacy contracts and required by the legislation we are subject to, in order to perform insurance and financial activities and to perform insurance and financial services. Personal and special category personal data are stored in a secure environment that is not publicly accessible and is under no circumstances shared with third parties without authorization or unless required by a legal obligation.
In accordance with the provisions of Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data (KVKK), your Personal Data and Special Category Personal Data collected in line with the conditions and purposes specified within the scope of KVKK Articles 8 and 9 will be processed by the surgery in compliance with Articles 8 and 9 of KVKK and will be transferred to third parties, if necessary, by signing necessary confidentiality agreements, ensuring all necessary administrative and technical security measures in accordance with the legislation.
In this context, your Personal Data processed by the surgery may be transferred to:
Other specialist physicians for consultation purposes, Insured Employees, Suppliers, Financial Advisors, Tax and Finance Consultants and Auditors, Legal Advisor, Data Base (Server) Providers, "Surgery Management Software" Service Providers, Web Consultants, Translators, Data Protection Officer, IT Consultants, Travel Agencies, Authorized Public Institutions and Organizations within the framework of laws.
STORAGE OF PERSONAL DATA
The method of collecting personal data; Personal data may be collected verbally, in writing, or electronically through various digital channels such as questions sent to our website, messages, and phone calls. The obtained personal data are securely stored physically or electronically within an appropriate period to fulfill the activities of the Physician and Surgery. Within the scope of the said activities, the Physician and Surgery act in accordance with all relevant obligations stipulated by the legislation regarding the protection of personal data.
Except for cases where longer retention of personal data is permitted or required by relevant legislation, when the purposes of processing personal data cease to exist, your personal data will be deleted, destroyed, or anonymized by the Surgery ex officio or upon the request of the data subject, and by using different techniques available, which will render the data unusable and irretrievable. After the expiration of the mentioned retention period, personal data will be deleted, destroyed, or anonymized in accordance with the aforementioned procedure, and such data will be permanently destroyed in a way that cannot be reused or retrieved.
SECURITY MEASURES FOR DATA PROTECTION
The Surgery takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data. The measures envisaged in Article 12(1) of the KVKK are as follows: Preventing personal data from being processed unlawfully, Preventing unauthorized access to personal data, Ensuring the retention of personal data.
"Privacy Notice" In accordance with the provisions of Law No. 6698 on the Protection of Personal Data ("KVKK") and the General Data Protection Regulation of the European Union (GDPR), as the Data Controller, we hereby inform you about the processing of your personal information within the framework described below, by Dr. Tuğba Korkmaz's surgery located at Mansuroğlu Mah. 1593/1 Street, No:2 Lider Centrio A Block Floor:4 Apartment:39 Bayraklı - İZMİR (Hereinafter referred to as Physician/Clinic/Employer).
Within the scope of the legal regulations, we will record, store, update, classify, and process your personal information as described below; and disclose, transfer, classify, and process it in the manners specified in the KVKK and GDPR, informing you about our mutual rights and obligations within the framework of the aforementioned legal regulations.
Under the legal framework, we will record your personal information necessary for establishing the Physician-Patient relationship and providing healthcare services (diagnosis, treatment, care services, etc.) in line with your health benefit and public health at our surgery, including but not limited to, the Physician/Clinic's obligation to identify the patient's information for the provision of healthcare services, such as identity, address, telephone, medical history, and all other necessary information; and to keep all records and documents in the medical patient file, whether in electronic or paper form, as required by the Private Hospitals Law, Private Hospitals Regulation, Health Implementation Communique, Patient Rights Regulation, and other relevant legislation. -We hereby inform you that your personal data may be shared with relevant authorities and individuals, including but not limited to the Ministry of Health, Provincial Health Directorates, Public Health Centers, and other units affiliated with the Ministry of Health, the Social Security Institution, and your private health insurance company, upon request by authorized institutions, individuals appointed by competent authorities, or within the scope of our notification and/or reporting obligations.
PURPOSES OF PROCESSING PERSONAL DATA, METHODS OF COLLECTION, AND LEGAL BASIS
Your personal data will be processed within the scope of the establishment, performance, and fulfillment of contractual obligations of the Physician-Patient relationship, in order to provide you with the services we can offer; to record the information of the person conducting/requesting the transaction, including but not limited to identity, address, tax number, and personal health data; to arrange all records and documents serving as the basis for processing, as well as to comply with the information storage, reporting, and disclosure obligations prescribed by legislation, competent authorities, and other regulators; to improve marketing and statistical activities and service quality; and for other products/services requested. Special categories of personal data are processed within the contractual relationship for communication, information provision, and similar processes.
Your Personal Data, related to the healthcare service provided;
By coming to the Physician and surgery for examination and treatment purposes, through the health reports you submit for the evaluation of the treatment to be applied to you, your laboratory and imaging results, your tests, your health reports, and the statements you provide regarding your health data, By filling out the "Patient Information and Consent Form" regarding the treatment to be applied by the Physician and surgery, By filling out the contact form on the corporate website of the Physician and surgery, By sending electronic mails to the corporate e-mail address of the Physician and surgery, By means of photographs/video recordings taken before, during, and/or after the medical procedure applied to you within the surgery, Upon your request and if necessary; In order to carry out your diagnoses and controls online via remote access, by using the service providers of remote connection applications (whatsapp/zoom.us/facetime/skype/messenger/google/instagram/facebook, etc.) through which you accept their Privacy Policies and Overseas Transfer Principles and send written/voice/visual (photograph and/or video recording) messages to the Physician and surgery and make online voice/video calls through these applications, By directly sending messages to the profile accounts of the Physician and surgery on social media platforms (Instagram, YouTube, Facebook, Twitter, LinkedIn, etc.) whose servers are located abroad, of which you are already a user and accept their Privacy Policies and Overseas Transfer Principles, and/or by commenting on their posts, Through the panels such as "contact us" or "get information" in the promotions and advertisements made by the Physician and surgery on social media platforms (Instagram, YouTube, Facebook, Twitter, LinkedIn, Google, etc.), allowing the automatic processing of your information by accepting their Privacy Policies and Overseas Transfer Principles, your data is being processed.
Exceptions that enable the lawful processing of personal data are regulated in Article 5/2 of the KVKK. Accordingly, the surgery may process personal data without explicit consent if one of the following conditions (exceptions) is present. The basis of personal data processing can be only one of the conditions listed below, or more than one of these conditions can be the basis of the same personal data processing activity.
These are: Explicitly Stipulated in the Law, It is mandatory to process personal data for the protection of the life or bodily integrity of the data subject or another person who is unable to express his/her consent due to actual impossibility or whose consent is not deemed valid, Directly related to the establishment or performance of a contract, Fulfillment of the surgery's Legal Obligations, Making Personal Data Public by the Data Subject, Processing of Data is Mandatory for the Establishment or Protection of a Right, Processing of Personal Data for the Legitimate Interests of the surgery, provided that it does not harm the fundamental rights and freedoms of the data subject.
In addition, according to GDPR Article 9/2/h, Article 6/1/b, and Article 6/1/f, your data can be processed without the need for explicit consent in the following situations:
In order to carry out medical diagnosis, treatment, and care services, Health Data, which is considered as Special Category Personal Data, will be processed by the surgery, which is obliged to keep confidentiality, without the need for explicit consent, in accordance with the Law.
In order to conduct follow-ups after medical diagnosis and treatment processes, to communicate with you directly, and to manage appointment processes, your Personal Data will be processed by the surgery without the need for explicit consent. In order to manage patient satisfaction and requests, your Personal Data will be processed by the surgery without the need for explicit consent.
According to GDPR Article 6/1/c, your Personal Data will be processed without the need for explicit consent in the following cases due to legal obligations:
Establishment of patient files. Retention of information regarding your health data that must be kept according to the relevant legislation. Checking your payments to issue invoices. Execution of tax payments. Fulfillment of obligations under the Legislation of the Ministry of Health. Fulfillment of obligations under the Health Tourism Legislation. Ensuring your data security. Fulfillment of legal obligations before Judicial Authorities. Fulfillment of administrative obligations before Administrative Institutions and Organizations.
RECIPIENTS TO WHOM PERSONAL DATA MAY BE TRANSFERRED:
The individuals and public institutions and organizations, private public institutions and organizations, physicians, clinics' contracted polyclinics and medical laboratories, and the relevant individuals, institutions, and organizations with which the Surgery is in consultation, in accordance with the legal regulations are the persons to whom personal data may be transferred. Special category personal data may be transferred to locations within and outside the country where services are received for the purposes specified in the privacy contracts and required by the legislation we are subject to, in order to perform insurance and financial activities and to perform insurance and financial services. Personal and special category personal data are stored in a secure environment that is not publicly accessible and is under no circumstances shared with third parties without authorization or unless required by a legal obligation.
In accordance with the provisions of Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data (KVKK), your Personal Data and Special Category Personal Data collected in line with the conditions and purposes specified within the scope of KVKK Articles 8 and 9 will be processed by the surgery in compliance with Articles 8 and 9 of KVKK and will be transferred to third parties, if necessary, by signing necessary confidentiality agreements, ensuring all necessary administrative and technical security measures in accordance with the legislation.
In this context, your Personal Data processed by the surgery may be transferred to:
Other specialist physicians for consultation purposes, Insured Employees, Suppliers, Financial Advisors, Tax and Finance Consultants and Auditors, Legal Advisor, Data Base (Server) Providers, "Surgery Management Software" Service Providers, Web Consultants, Translators, Data Protection Officer, IT Consultants, Travel Agencies, Authorized Public Institutions and Organizations within the framework of laws.
STORAGE OF PERSONAL DATA
The method of collecting personal data; Personal data may be collected verbally, in writing, or electronically through various digital channels such as questions sent to our website, messages, and phone calls. The obtained personal data are securely stored physically or electronically within an appropriate period to fulfill the activities of the Physician and Surgery. Within the scope of the said activities, the Physician and Surgery act in accordance with all relevant obligations stipulated by the legislation regarding the protection of personal data.
Except for cases where longer retention of personal data is permitted or required by relevant legislation, when the purposes of processing personal data cease to exist, your personal data will be deleted, destroyed, or anonymized by the Surgery ex officio or upon the request of the data subject, and by using different techniques available, which will render the data unusable and irretrievable. After the expiration of the mentioned retention period, personal data will be deleted, destroyed, or anonymized in accordance with the aforementioned procedure, and such data will be permanently destroyed in a way that cannot be reused or retrieved.
SECURITY MEASURES FOR DATA PROTECTION
The Surgery takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data. The measures envisaged in Article 12(1) of the KVKK are as follows: Preventing personal data from being processed unlawfully, Preventing unauthorized access to personal data, Ensuring the retention of personal data.
