Data controller Serkan Balta (serkanbalta.com), within the framework of the superior service quality, respect for the rights of individuals, transparency and honesty principles, in line with the regulations determined by the Personal Data Protection Law, it is of great importance to protect the personal data of its customers, employees and other real persons with whom it has a relationship. . We attach great importance to patient privacy and the preservation of all personal data of our patients by processing them in the best possible way and with care. This policy has been prepared in order to protect and process the personal data of our patients, as well as companions, visitors and employees of institutions and organizations we cooperate with, within the framework of the basic principles in the legislation.
The purpose of this Policy is to ensure transparency by informing the persons whose personal data is processed, especially our patients, companions, visitors, employees and institution officials, employees of the institutions we cooperate with, officials and third parties within the scope of the personal data processing activity carried out by our practice in accordance with the legislation. In this context, administrative and technical measures are taken to process and protect personal data in accordance with the Law No. 6698 and the relevant legislation. Within the scope of this policy, natural persons whose personal data are processed are defined as Data Subject, Relevant Person or Personal Data Owner.
Explicit Consent: Consent on a specific subject, based on information and expressed with free will.
Anonymization: It is the change of personal data in such a way that it loses its quality as personal data and this situation cannot be undone. For example masking, aggregation, data corruption etc. making personal data incapable of being associated with a natural person with techniques. It is possible to anonymize personal data for various purposes, but in accordance with the request and / or consent of the person concerned, without violating the scope of KVKK and express consent. Necessary measures will be taken in our practice so that the anonymized personal data is not made identifiable by various methods.
Employees, Shareholders and Officials of the Institutions We Collaborate with: Refers to the real persons, including the shareholders and officials of these institutions, who work in the institutions (such as but not limited to business partners, suppliers) with which we have any business relationship.
Processing of Personal Data: Acquiring, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data fully or partially automatically or non-automatically provided that it is a part of any data recording system, means all kinds of operations performed on data such as classification or prevention of use.
Personal Data: Refers to any information relating to an identified or identifiable natural person. All information that makes the person identifiable is arranged as personal data, and information such as TR Identity Number, Name and Surname, e-mail address, telephone number, residence address, date of birth, bank account number can be given as examples of personal data.
Sensitive Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data refers to data of special nature.
Third Party: Refers to the third party real persons who are related to the above-mentioned parties in order to ensure the security of commercial transactions or to protect the rights of the aforementioned persons and to obtain benefits. (For example, employees or officials of the company from which service is received, Companion etc.)
Data Processor: Refers to the natural and legal person who processes personal data on behalf of the data controller, based on the authority given by him. For example, the IT firm that holds our Data.
Data Controller: Denotes the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).
Within the scope of KVKK, our practice has the title of data controller and has been registered in the VERBIS system. A team (Personal Data Supervisor Team) has been established from our company. In cases where a decision is required, the Personal Data Supervisor team takes the opinion of a lawyer/lawyer who is an expert on personal data, and after the approval of the management, the decision taken is put into practice.
Although the personal data processed may vary depending on the health services provided, they are collected by physical and/or digital methods. Our patient representatives, physicians, healthcare personnel, etc. Special quality personal data and general quality personal data, especially health data collected verbally, in writing or digitally, through our employees, subcontractors and their employees and companies engaged in all kinds of commercial activities, our call center, the website of our practice, online services and similar means is processed for the following and other purposes that may arise in the future:
It can be collected and processed for purposes such as
Categorization of Processed Personal Data
Identity Information: All information regarding the identity of the person contained in documents such as driver’s license, identity card, passport, attorney’s ID, marriage certificate
Contact Information: Information for contacting the data owner such as phone number, address, residence, e-mail
Location Data: Data that clearly belongs to an identified or identifiable natural person and is included in the data recording system, which is used to determine the location of the data owner.
Family Members and Relatives: Information about the family members and relatives of the personal data owner, which is clearly belonging to an identified or identifiable natural person and is included in the data recording system, processed in order to protect the legal interests of the relevant Institution and the data owner.
Physical Space: Personal data regarding records and documents such as camera records, fingerprint records, visual and audio records
Transaction Security Information: Personal data processed to ensure our technical, administrative, legal and commercial security while conducting our activities
Financial Information: Personal data processed for information, documents and records showing all kinds of financial results
Employee Candidate Information: Personal data (cv or resume information) processed about individuals who have applied to be an employee
Personnel Information: Payroll Information, Disciplinary Investigation, SGK information, employment entry-exit document records, property declaration information, resume information, information about performance evaluation reports, interview results, content of the Employment Contract, information about starting employment, information about termination of employment. personal data
Legal Action: Detection and follow-up of our legal receivables and rights, and personal data processed within the scope of our legal obligations
The above personal data are included in the Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Hospitals, Regulation on Personal Health Data and regulations of the Ministry of Health, etc. It can be processed within the framework of the provisions of the legislation and transferred to the physical archives and information systems of our practice and/or our suppliers.
Our company accepts that personal data will be processed in accordance with the following principles:
The express consent of the personal data owner is only one of the legal bases that allow the processing of personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity may be only one of the conditions stated below, or more than one of these conditions may be the basis of the same personal data processing activity. In case the processed data is special quality personal data, the following conditions apply:
Obligatory Data Processing for the Legitimate Interest of Our Company, (The expression of the legitimate interests of the company cannot under any circumstances be contrary to the principles determined by the KVKK, the purpose of processing personal data, and cannot interfere with the essence of the right guaranteed by the Constitution.)
Special categories of personal data are processed by our company in the following cases, provided that adequate measures to be determined by the Personal Data Protection Board are taken:
If the personal data owner has express consent, or
If the personal data owner does not have express consent; Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,
Persons or authorized institutions and organizations that are under the obligation of keeping confidential, for the purpose of protecting public health, providing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, processed by.
Technical and Administrative Measures
Our company takes the necessary technical and administrative measures according to the technological possibilities and implementation costs regarding the following issues in accordance with the provisions of Article 12 of the KVKK and the provisions of the Regulation, the general principles stated above and the decisions of this Policy and Personal Data Protection Board:
Required software and hardware have been determined. Strong passwords are used on computers and e-mail accounts.
What needs to be protected in terms of protecting customer information has been conveyed to our personnel through trainings, and their responsibilities with employment contracts have been put into writing. (Confidentiality Agreements) This obligation continues even after the persons concerned leave their positions.
Necessary infrastructure has been created for the backup of all data.
Employees who can access data on computers have been determined.
Customer files and information are only given to the persons concerned, to their relatives to whom they have given written consent, to the relevant public institutions and organizations within the framework of their legislation, and to the competent judicial authorities in judicial cases.
Before starting to process personal data, the Authority fulfills the obligation to inform the relevant persons.
Personal data processing inventory has been prepared.
The personal data owners in question are enlightened on these issues through texts posted in our practice or made available to our guests in other ways.
Your personal data shall be processed by our practice, the Ministry of Health, its sub-units and family medicine centers, private insurance companies (health, pension and life insurance, etc.), Social Security Institution, General Directorate of Security and other law enforcement agencies, General Directorate of Population, Pharmacists Association of Turkey, prosecutor’s office and courts, laboratories in Turkey or abroad that we cooperate for medical diagnosis, medical centers and third parties providing health services, the health institution to which the patient is referred or the patient himself applies, your representatives duly authorized, third parties we receive consultancy from, regulatory and supervisory institutions and official authorities, our suppliers whose services we benefit from or cooperate with, support service providers. It can be shared with our t providers within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law. Your personal data is not shared with foreign countries.
Regarding the processed personal data, the person concerned, learning whether personal data is processed, requesting information about it if it has been processed, accessing and requesting personal health data, learning whether it is used in accordance with the purpose, learning the third parties to which it is transferred, requesting correction in case of wrong processing, personal data have the right to request deletion or destruction, to request corrections to third parties in case of wrong processing, to object to the adverse result by analyzing through automated systems, to demand the compensation of the damage suffered due to the unlawful processing of personal data. By applying to our company with a petition. , the rights described above can be used.
Personal data processing activities are carried out by our Company by using security cameras and recording images at guest entrances and exits. In this context, our practice acts in accordance with the Personal Data Protection Law and security legislation.
Only authorized employees and/or supplier company employees have access to the records recorded and maintained in the digital environment. Camera records are kept for 2 months.
This Policy is deemed to have entered into force after its publication on the website.