Information Form on Processing of Personal Data

Information Form on Processing of Personal Data

INFORMATION AND DISCLOSURE NOTICE UNDER THE LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA ("NOTICE")

NPISTANBUL Brain Hospital attaches importance to personal data privacy and confidentiality of private life. Article 20 of the Constitution states that "Everyone has the right to request the protection of personal data concerning him/her. This right includes the right to be informed about personal data concerning oneself, to access these data, to request their correction or deletion, and to learn whether they are used for their purposes. Personal data may only be processed in cases stipulated by law or with the explicit consent of the person. The principles and procedures regarding the protection of personal data shall be regulated by law." Within the framework of the mandatory provision, the Personal Data Protection Law No. 6698 ("KVKK") entered into force after being published in the Official Gazette dated 07.04.2016, and regulations and board decisions, which are derivative legislation in terms of the implementation of the law, have been published. The aforementioned law regulates the procedures and principles to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and the obligations of real and legal persons who process personal data. In this context, we fulfill our responsibility to enlighten and inform your rights and obligations.

NPISTANBUL Hospital ("Hospital") may process your personal data as "data controller" within the scope described in this Notice. In terms of business requirements, employees also carry out their services in line with the KVKK and derivative legislation with patients receiving services, patients' relatives and other third parties and organizations (generally referred to as "Recipients"), including suppliers within the framework of the health service relationship, and employees also comply with their obligations and responsibilities as personnel within the scope of the protection of personal data in their relationship with "Recipients".

In the event of a conflict between this Notice and the provisions of the legislation in force, the Hospital accepts that the provisions of the legislation will be applied in line with the title of "Data Controller".

A) DEFINITIONS WITHIN THE SCOPE OF KVKK

a) Explicit consent: Consent regarding a specific subject, based on information and expressed with free will.

b) Anonymization: It refers to making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

c) Relevant person: Refers to the natural person whose personal data is processed.

ç) Personal data: Any information relating to an identified or identifiable natural person.

d) Processing of personal data: It refers to all kinds of operations performed on personal data such as obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

e) Sensitive Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

f) Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.

g) Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

B) BASIC PRINCIPLES OF PROCESSING PERSONAL DATA

The Hospital accepts that it will process personal data in accordance with the following principles in both its internal procedures and external procedures, in accordance with Article 4 of the KVKK with this Notice:

  • Compliance with the law and good faith
  • Accuracy and timeliness
  • Processing for specific, explicit and legitimate purposes
  • Processing data in connection with the purpose for which they are processed, in a limited and measured manner
  • Processing limited to the period stipulated by the provisions of the legislation or required by the purpose of processing

C) CONDITIONS FOR PROCESSING PERSONAL DATA

In accordance with Article 5 of the KVKK, the processing processes of "personal data" by the Hospital are carried out in accordance with the following conditions specified in the KVKK and the relevant legislation:

  • Explicit Consent of the Data Subject
  • Processing of Data Due to Legal Requirements
  • The Processing of the Data of the Person Who Cannot Explain the Consent of the Data Subject Due to Actual Impossibility or Whose Consent is Not Recognized as Legally Valid is Mandatory for the Protection of His or Someone Else's Life or Physical Integrity
  • Processing of Personal Data of the Parties to a Contract is Mandatory Provided that it is Directly Related to the Establishment and Execution of a Contract
  • It is Mandatory for the Data Controller to Fulfill its Legal Obligation
  • Processing of Personal Data Made Public by the Data Subject
  • Processing of Data Required for the Establishment, Exercise or Protection of a Right
  • Processing of Personal Data for the Legitimate Interests of the Data Controller

D) CONDITIONS FOR PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA

Pursuant to Article 6 of the LPPD, data relating to ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data. It is prohibited to process sensitive personal data without the explicit consent of the data subject. It is the basic principle that hospital employees "do not process sensitive personal data" in terms of personal data, and the processing of sensitive personal data is strictly prohibited as a rule, without prejudice to the following legal exceptions and obligations. The Hospital has also adopted the basic rule and principle of not processing the "sensitive personal data" of the Addressees, without prejudice to the following legal exceptions and obligations . The exceptions to the main principle are as follows:

a-Processing of Sensitive Personal Data in the Presence of Explicit Consent of the Data Subject: The provisions stipulated by the KVKK regarding the processing of sensitive personal data without explicit consent are reserved.

b-Processing of Special Categories of Personal Data Despite the Lack of Explicit Consent of the Data Subject Due to the Provisions of the Legislation: In cases where it is stipulated that special categories of personal data may be processed with the provisions of the legislation, special categories of personal data other than the health and sexual life of the person concerned may be processed in accordance with the provisions of the KVKK. In terms of the hospital, this requirement, including the work and transactions required by the financing and management of the health service; In legal processes such as investigations, lawsuits, enforcement proceedings arising from legal relations, especially contracts, the submission of special quality personal data to legal processes, provided that it is relevant and limited to the merits of the relevant legal process, the inclusion of special quality personal data collected by law enforcement authorities, investigation authorities, courts ex officio or by parties or third parties in legal processes and the storage and processing of personal data for the period required for legal processes.

c-Processing of personal data of special nature related to health and sexual life for the purposes of preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, provided that they are under the obligation of confidentiality: Pursuant to the LPPD, the processing of personal data of special nature related to the health and sexual life of individuals is subject to the condition of their explicit consent, and in the absence of explicit consent, it is regulated that such personal data may be processed by persons under the obligation of confidentiality for the purpose of preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. In terms of the hospital, this requirement, including the works and transactions required by the financing and management of the health service; In legal processes such as investigations, lawsuits, execution proceedings arising from legal relations, especially contracts, the submission of special categories of personal data to legal processes, provided that it is related and limited to the merits of the relevant legal process, the inclusion of special categories of personal data collected by law enforcement authorities, investigation authorities, courts ex officio or by the parties or third parties in legal processes and the storage and processing of personal data for the period required for legal processes.

d-Precautions to be taken in the Processing of Sensitive Personal Data: In order to process sensitive personal data, necessary technical and administrative measures are taken, especially preventing unauthorized access and cyber-attacks with encrypted access in accordance with KVKK. This issue is monitored and coordinated by the Personal Data Protection Committee. Employees are also obliged to comply with these administrative and technical measures.

E) THE PURPOSE FOR WHICH PERSONAL DATA WILL BE PROCESSED

The collected personal data may be processed for the purposes listed below, provided that the personal data is within the personal data processing conditions specified in Articles 5 and 6 of Law No. 6698: Basic Law No. 3359 on Health Services, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations, Regulation on Private Hospitals, Regulation on the Processing of Personal Health Data and Ensuring Privacy and other health-related regulations. In addition, the execution of public health medical diagnosis, treatment and care services, early diagnosis and preventive medicine, planning and management of health services and financing; informing you about the appointment in case you make an appointment; counter and cashier transactions; planning and managing the internal functioning of our Hospital, conducting analysis for the purpose of improving health services; engaging our employees in training activities to serve you better, monitoring and preventing abuse and unauthorized transactions; fulfilling risk management and quality improvement activities; to conduct diagnostic and therapeutic research and device supply within the limits of the legislation; to fulfill legal and regulatory requirements; to be paid for our services through invoices and legal processes; to confirm your identity; newborn baby notification; to confirm your relationship with institutions contracted with our Hospital; to share the information requested with the Ministry of Health and other public institutions and organizations and private organizations in accordance with the relevant legislation; to share the information requested with private insurance companies within the scope of financing health services; responding to all kinds of questions and complaints regarding our health services; analyzing your use of health services and storing your health data in order to develop and improve the health services we provide to you; to make calls with call centers more effective and efficient health services, to better fulfill the service of hospital security officers, to keep information about your health data that must be kept in accordance with the relevant legislation; financial reconciliation with the institutions we have contracted with regarding the health services provided to you; including but not limited to measuring patient satisfaction, conducting and developing medical diagnosis, treatment and care services, planning and management of health services and financing, increasing patient satisfaction, announcing our medical diagnosis, treatment and care services to you, online and live support, secondary opinion, information and dissemination activities through websites, improvement and development of human resources policies, improvement and development of human resources policies, improvement of the effectiveness of health care services.C. It can be processed for similar purposes, provided that it can receive support from group companies and academic institutions, especially Üsküdar University, to increase the efficiency of healthcare services, to provide auxiliary services of the hospital building, including parking and valet service, and to remain within legal limits.

F) TO WHOM AND FOR WHAT PURPOSE THE PROCESSED PERSONAL DATA MAY BE TRANSFERRED

Personal data collected to the extent permitted and required by the KVKK and derivative legislation and according to the circumstances of the case, but not limited to those herein; In line with contractual purposes, in order to perform health services, to maintain and improve effective employee management, to fulfill the obligations arising from the contracts concluded by our hospital, except in cases where data transfer is legally prohibited, to provide referral and information supply between departments in order to carry out legally and legally necessary administrative procedures, to evaluate the performance of employees, to ensure and improve occupational safety, and also to ensure the legal and commercial security of our Hospital and persons who have a business relationship with our Hospital; For the purposes of determining and implementing the business strategies of our Hospital; Basic Law No. 3359 on Health Services, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations, Private Hospitals Regulation, Labor Law, Occupational Health and Safety Law, Social Insurance and General Health Insurance Law, Law on Regulation of Publications on the Internet and Combating Crimes Committed through These Publications, Turkish Code of Obligations, Turkish Commercial Code, Tax Procedure Law, Personal Data Protection Law No. 6698 and institutions or organizations permitted by other legislation provisions; Public legal entities such as the Personal Data Protection Authority, the Ministry of Health and its organization, the Council of Higher Education, the Ministry of Finance, the Ministry of Customs and Trade, the Ministry of Labor and Social Security, the Information Technologies and Communication Authority; our subsidiaries and/or our direct/indirect domestic/foreign affiliates; our online service units in order for secondary opinion and live support units to provide effective health services over the internet, domestic/foreign organizations and other third parties who are jointly and severally responsible with us in taking workplace security measures such as the protection of all kinds of your personal data, preventing unauthorized access and preventing unlawful processing, program partner domestic/foreign organizations and other 3rd parties. It may be transferred to persons limited to the personal data processing conditions and purposes specified in Articles 8 and 9 of Law No. 6698. NP Istanbul hospital and medical centers, Social Security Institution, Ministry of Health and its organization, Family Medicine Centers, private insurance companies (health, pension and life insurance and similar law enforcement agencies, especially the General Directorate of Security, General Directorate of Population, Turkish Pharmacists Association, courts, laboratories, centers and similar third parties with whom we cooperate for medical diagnosis, your authorized representatives, the health institution to which the patient is referred or to which the patient himself/herself applies, third parties to whom we receive consultancy, including lawyers, tax consultants and auditors,
regulatory and supervisory authorities, official authorities, our suppliers, support service providers and business partners and other third parties whose services we benefit from or cooperate with are also included in this scope and may be transferred to such organizations within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK.

G) METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Your personal data is collected by the Hospital through different channels and on the basis of different legal grounds in physical and electronic media for the purposes of performing the health services of the Hospital effectively and efficiently within the framework of legal requirements, fulfilling the duty of care, implementing and executing human resources policies, fulfilling the obligations arising from contracts, evaluating the performance of employees, ensuring and improving occupational safety, and carrying out our activities and operational processes. Your personal data collected for this legal reason may also be processed and transferred for the purposes specified in Articles (E) and (F) of this Notice within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

H) TRANSFER OF PERSONAL DATA

Article 8 of the LPPD regulates the transfer of personal data to third parties within the country. As a main rule, personal data cannot be transferred to third parties without the explicit consent of the data subject. Our employees have also been informed with this Notice that the personal data of the RESPONDENTS cannot be transferred to third parties as a rule. Compliance with the following criteria is ensured in the processes regarding the transfer of personal data. It is the responsibility of the Hospital to act in accordance with all legislative provisions regarding the transfer of personal data and to adapt the transfer processes according to the provisions of the legislation in force or to enter into force, and these processes will be monitored and coordinated by the Personal Data Protection Committee.

Explicit consent of the person concerned for the transfer of personal data In accordance with Article 8 of the KVKK, the main rule for the transfer of personal data to third parties is the explicit consent of the person concerned. In cases where the data subject does not have explicit consent for the transfer of personal data domestically, it is possible to transfer personal data to third parties under the conditions regulated by paragraph 2 of Article 5 of the KVKK regarding the data processing conditions for the processing of personal data and paragraph 3 of Article 6, provided that adequate measures are taken. Even if there is no explicit consent of the person concerned, it is possible to transfer personal data provided that the relevant conditions are met in terms of the transfer of sensitive personal data and other legislation provisions are required.

I) TRANSFER OF PERSONAL DATA ABROAD

Pursuant to Article 9 of the LPPD, as a main rule, personal data cannot be transferred abroad without the explicit consent of the person concerned. In case of consent, personal data may be shared with our affiliated organizations abroad in proportion to the legitimate requirements arising from educational activities, and personal data may be transferred taking into account the list of safe countries to be published by the Data Protection Board.

In cases where the data subject does not have explicit consent for the transfer of personal data abroad, the processing and transfers permitted under the LPPD and the relevant legislation regarding the processing and transfer of personal data may be carried out.

I. DELETION, DESTRUCTION, ANONYMIZATION OF PERSONAL DATA

Personal data, even if it has been processed in accordance with the provisions of KVKK and other legislation and this Notice, should be deleted, destroyed or anonymized by the request of the person concerned or by the Hospital itself upon the disappearance of the reasons requiring the processing of the data. The Hospital provides the administrative and technical infrastructure suitable for fulfilling all new legislation provisions that are in force or will enter into force regarding the deletion, destruction or anonymization of data. Employees are obliged to implement all new legislative provisions that are in force or will enter into force regarding the deletion, destruction or anonymization of data.

J. RIGHTS OF THE PERSONAL DATA OWNER

As personal data owners, if you fill out the "Personal Data Information and Request Form" below and deliver it to the hospital address where you have received service, send it via notary public, send an e-mail with an e-mail signed with a secure electronic signature belonging to you, or send a "Word or PDF" extension file signed with a secure electronic signature to kisiselveri@npistanbul.com by e-mail; NPISTANBUL Beyin Hospital will finalize the request free of charge as soon as possible and within thirty days at the latest, depending on the nature ofthe request . However, if the transaction requires an additional cost other than free of charge legal requirements, NPISTANBUL Beyin Hospital may charge the fee in the tariff determined by the Personal Data Protection Board. In this context, personal data owners;

  • Learning whether personal data is processed or not,
  • Request information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • To know the third parties to whom personal data are transferred domestically or abroad,
  • To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
  • Although it has been processed in accordance with the provisions of Law No. 6698 and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
  • To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
  • In case of damage due to unlawful processing of personal data, it has the right to demand compensation for the damage.

Annex: Personal Data Information and Request Form

Sincerely submitted for your information.

NPISTANBUL Brain Hospital

Saray Mah. Ahmet Tevfik İleri Cad. No:18 - 34768 Ümraniye / Istanbul / Turkey

T: +90 216 633 0 633 F: +90 216 634 1250

Download the application form.

Share
Updated At11 July 2024
Created At30 April 2018
Let Us Call You
Phone