Information and Consent Form Regarding Protection and Processing Of Personal Data
As NP Istanbul Brain Hospital, we attach great importance to the security of your personal data. As healthcare institutions, we will record, archive your personal data necessary to provide you healthcare services and share them with authorized 3rd Parties/Institutions as stated in Law on Personal Data pursuant to Law on Protection of Personal Data (“Law on Personal Data") and “Regulation on Processing and Privacy of Personal Healthcare Data”. Therefore, we inform you and request your express consent regarding our mutual rights and obligations.
1. Processing of Your Personal Data and Data Supervisor
As NP Istanbul Brain Hospital, with the title of data controller, to provide you healthcare services, we declare that we may process your data including;
- Your identity details (Full Name, R.T. ID No, passport number or temporary R.T. ID number for people who are not Turkish citizens, Place and Date of Birth, Marital Status, Gender Information and copy of submitted R.T. ID Card or Driving License)
- Your contact information (Address, phone number, electronic mail address etc.)
- Your patient number and protocol number,
- Your bank account/IBAN number, financial details regarding payment and invoicing
- Your data about private health insurance or State Social Security Institution,
- Your health data including, but not limited to, third party laboratory and imaging results, test results, examination data, check-up details and prescription details that are submitted by your party to take place in your file
- Your imagery and voice recording in closed circuit camera system in general areas of hospital,
- Your voice interview recording if you contact our Call Center,
- Your vehicle registration plate if you use parking lot and valet parking services,
- Your recommendations, comment texts and survey responses that you share to evaluate our services
- Your net surfing data obtained during use especially your IP address, browser details that we obtain during your use of our web site and mobile applications and your medical data provided by yourself with your free will over the mobile application in our archives pursuant to and as foreseen by the Law on Personal Data under any circumstances.
2. The Aim and Legal Reason of Processing Your Personal Data
The purposes of processing your personal data include but not limited to;
- Protection of public health, conduction of medical diagnosis, treatment and care services,
- Share of demanded information with Ministry of Health and other state institutions and organizations pursuant to related regulations,
- Providing you with information on your appointment if you make appointment,
- Planning and managing the internal operation of hospital,
- Making analyses to develop the healthcare services,
- Realizing activities with education/training institutions with which we cooperate,
- Obtaining finance for healthcare services and invoicing,
- Verification of your identity, confirmation of your relation with contracted institutions,
- Giving answers to your questions or complaints related to our services,
- Supply of medication and medical device,
- Participation to campaigns by Marketing, Media and Communication, Call Center departments and providing information on campaign, design and conduction of special contents in web and mobile channels and concrete and abstract benefits.
Legal reasons of processing your personal data are to fulfill the legal obligations arising out of conditions clearly foreseen in Law on Privately Owned Hospitals number 2219 and Fundamental Law on Health Services number 3359 and of the secondary legislation such as Delegated Legislation on Organization and Duties of Ministry of Health and Affiliated Facilities number 663, Regulation of Privately Owned Hospital, Healthcare Procedures Communiqué, Regulation of Patient Rights and to conduct protection of public health, preventive medicine, medical diagnosis, treatment and care services and to plan and manage the healthcare services and finance.
3. Transfer of Personal Data
Pursuant to conditions of Law on Protection of Personal Data, for public health and preventive medicine services, your data can be shared with,
- Related authorities and persons if demanded by competent authorities including but not limited to RT Ministry of Health and Provincial Health Directorate, Public Health Centers and affiliates of Ministry of Health or if demanded by people assigned by competent authorities or within the framework of e-pulse and similar systems as part of our obligation of notice and/or reporting,
- With our direct/indirect local/international shareholders, allied companies and/or affiliates, group companies
- With our business partners,
- Legal representatives and third parties rendering consultancy services to our party, authorized by our party including the lawyers, consultants, auditors working with us, With local/international organizations rendering contractual services to our party to conduct our activities and other third parties and legal representatives,
- For the patients with SGK, with Social Security Institution; with your institution if you have private insurance and if the invoice is submitted to your workplace, with the insurance company which you are member of,
- With local and abroad laboratories, ambulance, medical device and healthcare institutions we are in cooperation with for medical diagnosis and treatment,
- With the related healthcare institution if you should be referred,
- With the legal representatives authorized by your party
4. Method of Gathering Personal Data
Your personal data are gathered depending on the characteristics of rendered service, in call center, switchboard, internet, mobile applications, physical places and similar channels in verbal, visual, written or electronic environment for the purposes stated above.
5. Measures Taken Regarding Your Personal Data
Our Institution that performs data processing activities such as gathering, recording, storing, preserving, changing, reorganizing, explaining, transferring, taking over, making derivable your personal data as the data supervisor is responsible for taking all kinds of technical and administrative measures to ensure the appropriate security level regarding a)Preventing illegal processing of your personal data, b) Preventing illegal access to your personal data, c) Ensuring preservation of your personal data; and it takes these measures to the full extend. In addition, it takes the additional security measures in processing specific personal data determined by Personal Data Protection Committee which are not limited with the below stated ones. Our employees are trained regarding data security, patient privacy, protection of personal data, institutional policies and procedures about safety of personal data are written, personal data are deleted when the reason of use no longer exists, our systems including the personal data are assessed routinely, contracts are made with service provides processing the data, updated software are used, our security web is available against cyber attacks, access authorization to systems including personal data is limited, anti-virus and anti-spam programs are used, information network regarding security problems are continuously monitored, tests are conducted to identify system weaknesses, institutional reporting systems regarding problems are available, evidences are gathered, stated to Personal Data Protection Committee and allegation is made to prosecution office in case of misappropriation of systems, measures are taken against natural disasters such as fire, flood etc. in our physical environments where the personal data are stored, these places are kept locked and entrances/exists are controlled.
6. Your Rights As People Whose Data Are Processed
Pursuant to article 11 of Law on Personal Data, you can learn if your personal data are processed by applying to our Healthcare Institution, you can demand your personal data if processed, you can learn the aim of processing personal data and if they are used according to this aim, you can learn whether your personal data is transferred or not, who are the 3rd persons making the transfer, you can demand correction of your personal data if they are processed falsely, you can demand deletion of your personal data if they are processed falsely or incompletely within the scope of conditions foreseen in regulation, you can ask the 3rd persons who transfer the data to correct, delete the personal data, you can demand compensation if you suffer a damage due to process of your personal data divergently from the Law on Personal Data.