DISCLOSURE FORMFOR PATIENTS IN ACCORDANCE WITH THE LAW ON THE PROTECTION OF
PERSONAL DATA (OF THE REPUBLIC OF TURKEY)
Data Controller : Dr. Pakize Omur Unal Tekeli
Address : Levent Mahallesi, Manolyalı Sokak, No:23 Beşiktaş/İSTANBUL
Contact : kvkk@dromurtekeli.com
This Clarification Text has been prepared in accordance with the Law on the Protection of Personal Data. It clarifies the responsibilities of the Data Controller's disclosure obligation stipulated in accordance with the aforementioned law; The Data Subjectaccepts and declares that she/he has been informed about the following;
Article-1 Definitions
In the execution of the Law on the Protection of Personal Data;
- Anonymization: Making it unable for personal data of being associated with an identified or identifiable natural person in any way, even by matching with other data,
- Data subject: The natural person whose personal data is processed,
- Personal data: Any information relating to an identified or identifiable natural person,
- Processing of personal data: All kinds of operations carried out on personal data fully or partially, automatically, or non-automatically, provided that it is a part of a data recording system; Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, bringing, classifying or preventing its use.
- Board: Personal Data Protection Board,
- Institution: Personal Data Protection Institution,
- Data processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
- Data recording system: The recording system in which personal data is processed and structured according to certain criteria,
- Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for installing up and managing the data recording system,
- Special categories of personal data: Data regarding race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other beliefs, attire and clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures with biometric and genetic data.
Article-2 Principles Regarding the Processing of Data
2.1. Within the scope of the activities of the Data Controller;
The Personal Data of the Data Subject processed by us are as follows:
Identification Data
|
Name, Surname, Republic of Turkey Identity Number, Gender, Age,
Signature, Date of Birth
|
Contact Data
|
E-Mail Address, Full Address, Mobile Number, Telephone Number
|
Financial Data
|
Bank Credit Card Number And Information, Service Fee Amount, Payment Amount And Time
|
Patient Information Data
|
Appointment Date, Appointment Time, Processed Room, Processing
Staff, Appointment Note, Transaction Information, Patient File Number,
Medical CV Information, Patient Record Number, Procedure Date,
Decision Taken and Drugs Used, Random Date, Information about the Application Performed
|
Visual Data
|
Photograph
|
Profession Information
|
Profession
|
The Personal Data may process ;
- Within the scope of our commercial or our business relationship with you,
- Within the framework of the purpose that requires the processing, in connection with this purpose, in a limited and measured way
- The personal data that you have stated or have been stated to us shall be recorded, stored, preserved, rearranged and otherwise processed within the records specified herein, kept accuracy and up-to-date.
2.2. Veri Sahibi’nin Madde 2.1’de belirtilen Kişisel Verileri Veri Sorumlusu tarafından;
- Planning and execution of activities which will ensure the continuity and service,
- Identification and verification of your personal data in order to prevent it from being captured by others,
- Planning and execution of patient relations management processes,
- Providing information and reminder services in case of making an appointment,
- Carrying out and developing public health protection, preventive medicine, medical diagnosis, treatment and care services,
- Planning and management of health services and financing of services,
- Keeping records for patients,
- Fulfillment of necessary services,
- Planning and execution of clinical communication activities,
- Process development and improvement studies,
- Follow-up of patient demands and/or complaints by increasing patient satisfaction,
- Carrying out personalized information activities,
- Supply of personalized drugs and/or medical supplies and/or devices,
- Follow-up of contract processes and/or legal requests,
- Planning and execution of marketing processes of services and products,
- Planning and execution of the service and/or after-sales support services activities,
- Providing payment transactions for patients and providing invoices/receipts,
- Development and improvement of health services,
- Financial operations, communication, market research and social responsibility activities, purchasing operations (demand, offer, evaluation, order, budgeting, etc.), product quality processes and operations carried out by our clinic,
- Providing information to authorized institutions and organizations in accordance with relevant legislation,
- Complying with the information storage, reporting, disclosure obligations stipulated under the provisions of the relevant legislation and fulfilling the legal obligations to which we are subject to due to the services provided.
Your personal data may be processed by the Data Controller for purposes and reasons such as, but not limited to the above-mentioned purposes and legal reasons.
The aforementioned data is collected electronically and/or by physical means as a result of meetings, limited to the above-mentioned purposes.
2.3 If necessary and to the extent it is necessary, taking into account the decisions of the Institution, only to fulfill the obligations arising from the service relationship between the Parties and the provisions of the relevant legislation, as well as to increase the quality of service and to protect the legitimate interests of both parties, your personal data may be transferred tothe parties listed below;
- TheHealth Services Fundamental Law No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, the Law on the Protection of the Personal Data No. 6698, the Regulation on the Processing and Privacy of Personal Health Data and other relevant legislation. and/or organizations,
- With legally authorized institutions, organizations and authorities, tax offices, workplace inspectors and administrative institutions and organizations, especially the Social Security Institution (SGK),
- Legal representatives and legally authorized private legal persons from whom we receive consultancy, and whom we work with including lawyers, consultants, auditors,
- Domestic/foreign organizations and other third parties and legal representatives, with whom we contractually receive and/or provide services, cooperate with, to carry out our activities,
- Laboratories domestic or abroad, with which we cooperate for medical diagnosis and treatment, institutions that provide ambulance medical devices and health services,
- Associated employees authorized by the Data Controller,
- For the purpose of auditing and reporting accounting and financial transactions such as budget management and invoicing, to the companies we are affiliated with and audit firms,
- To ensure that the records containing your personal data can be kept during the mandatory retention period, the relevant records are sent to third-party archiving companies that provide this service,
- Business partners, direct or indirect affiliates, companies located in the country and/or abroad, to provide support to you, to contact you, when necessary, to ensure that the service is not interrupted in accordance with our legitimate interests,
Your personal data may be submitted to the competent authorities for the Data Controller to fulfill its legal obligations; It may be transferred to third parties located within the country and/or abroad such as suppliers, business partners, shareholders, partners, professional consultants. for the purpose of performing business activities. It can be shared with companies located in countries with or without adequate protection in databases around the world.
-
Article-3 Other Rights of the Data Subject
Apart from and in addition to the right to follow and demand the performance of the basic principles summarized above, as per Article 11 of the Legislation of Protection of Personal Data (KVKK) of the Republic of Turkey, The Data Subject has the following rights separately;
- To learn about whether their Personal Data is processed or not,
- If the Personal Data have been processed, learn about the processing of the Personal Data,
- To learn about the purpose of processing of the Personal Data and whether they are used in accordance with its purpose,
- To be informed about the third parties to whom Personal Data is transferred in the country or abroad,
- Requesting correction of the Personal Data in case of incomplete or incorrect processing,
- In the event that the reasons for the processing of the Personal Data are no longer valid, to request the deletion or destruction of their Data, in the manner and within the limits stipulated by the law and relevant legal legislation,
- Demanding that the request for the deletion or correction of the Personal Data be notified to the third parties to whom the data has been transferred,
- Objecting to the occurrence of a consequence against her/him by analyzing the Processed Personal Data exclusively through automated systems,
- To request the compensation of the damage in case of loss due to unlawful processing of Personal Data.
In accordance with the procedures and principles of the method of application in the Communiqué on the Procedures and Principles of Application to the Data Controller, dated 10.03.2018 and numbered 30356,
The Data Subject is able to apply to the Data Controller by posting an application letter with a "wet ink" signature to the address at the “Levent Neighborhood, Manolyalı Street , No:23 Beşiktaş / ISTANBUL / TURKEY” together with the documents showing identity; or via "kvkk@dromurtekeli.com" mail address by using the registered e-mail (KEP) address, secure electronic signature, mobile signature or using the e-mail address previously notified to the Data Controller and registered in the system. The requests included in the application will be fulfilled free of charge within 30 days at the latest, depending on the nature of the request. In this regard, the rights arising from the legislation are reserved.
Article-4 Collection Method of Personal Data of The Data Subject and Legal Reason
The Data Subject’s's personal data may be collected by the Data Controller in physical, verbal, written or electronic environment. The Data Controller processes and shares your personal data for the purposes of continuing the activities, fulfilling its legal obligations clearly stipulated by the law.
Article-5 Security of the Personal Data of the Data Subject
To make sure that the personal data of the Data Subject is processed in accordance with the law and stored securely and to prevent unlawful access to your personal data, the Data Controller takes all necessary technical and administrative measures to ensure the appropriate level of security.
Article-6 Storage of the Personal Data of the Data Subject
The personal data of the Data Subject is stored in physical and digital environment by the Data Controller, the personnel of the Data Controller, the data processor/s authorized by the personnel and similar means. The Personal data of the Data Subject can be stored for the periods required by the purposes of processing. The Personal data is deleted, destroyed or anonymized if there is no legal reason to keep it after the purpose of processing is eliminated.