Privacy Policy

www.etemogludis.com

LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA (KVKK)

INFORMATION AND DISCLOSURE NOTICE

As https://etemogludis.com, we exercise the utmost care regarding the processing and protection of your personal data. In accordance with the Law on the Protection of Personal Data, the Basic Law on Health Services, the Regulation on Personal Health Data, the Regulation on Private Health Institutions Providing Oral and Dental Health Services, the Regulation on Private Hospitals, the Patient Rights Regulation, and related legislation, as the data controller; all necessary technical and administrative measures are taken to prevent unlawful processing of personal data, to prevent unlawful access to personal data, and to ensure the protection of personal data.

Pursuant to Article 10 of the Law on the Protection of Personal Data; with the policies created to cover our patients, patient companions, patient relatives, visitors, hospital administrators and employees, job applicants, suppliers, service providers and their managers and employees, business/solution partners, company partners, job applicants, interns, employees of public institutions and organizations and private legal entities with which we are in contact, and relevant third parties, we hereby inform you with this disclosure notice. This disclosure notice has been prepared by https://etemogludis.com as the data controller within the scope of Article 10 of the Law on the Protection of Personal Data (“Law”), Article 5/8 of the Regulation on Personal Health Data, and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform.

1- Data Controller

“https://etemogludis.com” processes your personal data in the capacity of “Data Controller” as defined in Article 3 of Law No. 6698 on the Protection of Personal Data.

2- Purpose of Processing Personal Data

In accordance with the Law on the Protection of Personal Data, the Basic Law on Health Services, the Regulation on Personal Health Data, the Regulation on Private Health Institutions Providing Oral and Dental Health Services, the Regulation on Private Hospitals, the Patient Rights Regulation, and related legislation, your personal data collected in compliance with the principles stipulated by law are processed wholly or partially, automatically, or non-automatically provided that they are part of any data recording system, by being obtained, recorded, stored, altered, reorganized, and processed.

Your personal data are processed in accordance with Articles 4, 5, and 6 of the Law and relevant legislation for the following purposes:

• Protecting public health, preventive medicine, conducting medical diagnosis, treatment, and care services, ensuring the planning and management of the financing of health services,

• Sharing information related to health services obtained in accordance with the relevant legislation with the Ministry of Health, Social Security Institution, and other relevant public institutions and organizations, responding to their requests, making the necessary notifications, fulfilling legal obligations,

• Ensuring the storage of data required by legislation within the scope of health services provided,

• Verifying your identity, confirming your legal relationship with contracted institutions within the scope of the health services provided, ensuring billing and financial reconciliation, making notifications to relevant institutions and organizations such as in cases of judicial incidents,

• Managing appointment scheduling, creating appointments, making necessary notifications, ensuring patient, patient relatives, and visitor satisfaction, tracking requests and complaints, conducting reviews and evaluations required for the health services provided,

• Developing company services, maintaining corporate development activities, conducting advertising and marketing activities, sustaining the company’s financial, administrative, legal, and technical business processes, managing risk management and quality improvement processes,

• Planning and execution of human resources processes, managing recruitment processes, creating personnel files for employees, fulfilling financial obligations, determining company salary policy,

• Establishing and executing contracts between our company and patients, suppliers, service providers, employees, consultants, institutions, organizations, and third parties with which we have legal relations,

• Using as evidence in legal disputes with third parties,

• Ensuring communication between our company and related persons and organizations, managing necessary contact via our website, online applications, live support services, and social media accounts, conducting processes for filling in relevant electronic and physical forms, ensuring transaction security,

• Providing required information to regulatory and supervisory official institutions, private legal entities,

• Supplying medical drugs, materials, or devices, ensuring billing and payment transactions related to the services provided,

• Ensuring the monitoring of the security of patients, visitors, employees, and third parties through a closed-circuit camera recording system, ensuring legal, technical, and commercial business security, preventing criminal acts of third parties, ensuring physical security of company buildings and premises,

• Ensuring performance evaluation, attendance, and monitoring via personnel attendance control system within the scope of employment contracts and company interest, controlling entry and exit of company buildings and premises.

Within the purposes written above, the following personal data are processed, limited to company activities:

Identity Information, Contact Information, Employment Information, Financial Information, Legal Transaction Information, Professional Experience, Visual and Audio Records, Physical Security Information, Promotional and Marketing Data, Request and Complaint Information, Criminal Convictions and Security Measures Data, Health Information.

Personal data you share with our clinic are processed in whole or in part, automatically or non-automatically provided that they form part of a data recording system, in accordance with the purposes above and the Law. Your personal data will not be used for purposes other than the activities of our clinic.

3- To Whom and For What Purpose Processed Personal Data Can Be Transferred

Personal data processed by our company are transferred to real and legal persons listed below for the purposes specified and in accordance with the relevant legislation and Articles 8 and 9 of the Law on the Protection of Personal Data:

• To public institutions and organizations such as the Ministry of Health, its sub-units, family health centers, the Social Security Institution, the General Directorate of Security and its branches, other law enforcement units, the General Directorate of Population and Citizenship Affairs, Turkish Pharmacists’ Association, Revenue Administration, Tax Offices, professional organizations having the nature of public institutions,

• To universities, public hospitals, private hospitals, medical faculties, laboratories, medical centers, and other healthcare providers for the purpose of carrying out medical diagnosis, examination, treatment, and referral procedures,

• To persons and institutions providing occupational health and safety services, to private insurance companies for carrying out occupational health and safety processes,

• To press institutions, third-party websites, social media platforms, with your explicit consent, for sharing photos, videos/camera recordings for the purposes of public health, medical diagnosis, treatment, care services, promotion, and information,

• To banks, financial institutions, public and private legal entities, and officials for carrying out financial transactions of the relevant persons,

• To prosecutors, courts, mediators, enforcement offices, and relevant legal institutions and organizations for matters concerning public security and legal disputes,

• To domestic and foreign software, hardware, IT, and technology companies for the installation of computer operating systems and programs used within our company, ensuring the security of electronic data, performing maintenance and repair,

• To company shareholders, group companies, business/solution partners, service providers, suppliers,

• To our employees, legal, financial, and tax consultants, regulatory and supervisory authorities, auditors, official authorities, relevant ministries, competent public institutions and organizations, persons, institutions, and organizations permitted under the payment services legislation,

Special categories of personal data may be transferred, with explicit consent when required, without explicit consent when necessary for public health, preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing, limited to the purposes of processing and in accordance with legislation.

4- Transfer of Data Abroad

Pursuant to the principles set forth in Article 4/2 of the Law, personal data of the data subject may be transferred abroad with explicit consent or, without explicit consent in the cases stipulated in Articles 5/2 and 6/3 of the Law, in accordance with the rules in Article 9 of the Law, only to countries that provide adequate protection as announced by the Personal Data Protection Board (“Board”). In cases where adequate protection is not provided, personal data may be transferred abroad provided that the data controllers in Turkey and in the relevant foreign country undertake adequate protection in writing and obtain necessary permissions from the Board. Within the scope of the activities of our company, personal data may be transferred abroad limited to the purposes of public health protection, preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing, through applications, software programs, website, mobile applications, online services, live support services, social media accounts.

5- Method and Legal Grounds for Collecting Personal Data

Your personal data are collected and processed, in whole or in part, automatically or non-automatically, provided that they form part of a data recording system, through:

• the use of electronic software and hardware programs provided for the services we offer,

• call centers, live support services, mobile applications, social media accounts, email channels,

• filling out forms on the website, membership creation, use of online services, patient applications and registration processes,

• preparation of hardcopy forms, provision of medical diagnosis, treatment, and healthcare services,

• creation of personnel files, execution of contracts, accounting, financial, legal transactions.

Your personal data and sensitive personal data are processed in compliance with legal regulations applicable to our company, based on the explicit consent of the data subject. Furthermore, without explicit consent, your personal data are processed based on the following legal grounds:

• It is explicitly provided for by law,

• It is necessary to protect the life or physical integrity of the person or another person who is unable to express consent due to actual impossibility or whose consent is not legally valid,

• It is necessary to process personal data of the parties to a contract, provided that it is directly related to the conclusion or performance of the contract,

• The personal data have been made public by the data subject,

• It is necessary for the establishment, exercise, or protection of a right,

• It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Your personal data are processed, collected, and transferred in accordance with Articles 5 and 6 of the Law on the Protection of Personal Data and Article 5/1-h of the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform, limited to the purposes stated. Your personal data are retained and stored for the duration specified in the relevant legislation.

6- Rights of the Personal Data Owner under Law No. 6698 (Right to Apply)

Within the scope of Article 11 of the Law on the Protection of Personal Data, you may submit your requests to the data controller in accordance with the Communiqué on the Principles and Procedures for the Application to the Data Controller. As the data controller, you may apply to “https://etemogludis.com”, Ataköy Towers 7-8-9-10, E-5 No:20 B Blok 7th Floor No:104, 34158 Bakırköy/Istanbul, by completing the APPLICATION FORM attached and delivering a signed copy in person with identity documents, by sending an email using a Secure Electronic Signature, mobile signature, or your registered electronic mail address previously notified to our clinic, to info@etemogludis.com, by submitting through a notary, or through the methods determined by the Personal Data Protection Authority.

Pursuant to Article 11 of the Law, everyone has the right to request from the data controller regarding themselves to:

• Learn whether personal data is processed,

• Request information if personal data has been processed,

• Learn the purpose of processing personal data and whether they are used in accordance with their purpose,

• Know the third parties to whom personal data is transferred domestically or abroad,

• Request the correction of personal data if they are incomplete or inaccurate,

• Request the deletion or destruction of personal data within the framework of the conditions set out in Article 7 of the Law,

• Request notification of correction, deletion, or destruction of personal data to third parties to whom personal data have been transferred,

• Object to a result against the person arising from the analysis of processed data exclusively through automated systems,

• Request compensation for damages in case of damage due to unlawful processing of personal data.

Pursuant to Article 13/1 of the Law, applications to exercise your rights must be submitted to our Company in writing or through the methods specified by the Personal Data Protection Authority. Our Company will finalize your request as soon as possible and within thirty days at the latest, free of charge depending on the nature of the request. However, if the process incurs an additional cost, the fee determined in the tariff set by the Board will be charged. In this context, no fee will be charged for up to ten pages of written responses to the application, while 1 TL will be charged for each page exceeding ten pages. If the response to the application is provided in electronic recording media such as CD, flash memory, the fee requested by our company shall not exceed the cost of the recording medium.