Personal Data Protection Information
The Physician and the practice under his responsibility place the utmost importance on protecting and processing personal data, particularly the privacy of personal life as regulated in Article 20 of the Constitution, as well as protecting the basic rights and freedoms of individuals. Within this framework, the organization takes great care to ensure that personal data is protected and processed in accordance with the law and acts with this understanding in all planning and activities.
The Physician does not view the protection and processing of personal data only in the context of compliance with laws, but rather places the value given to humans at the foundation of his approach. Acting with this awareness, the Physician and the practice under his responsibility take all necessary administrative and technical measures to ensure the safe storage of personal data and prevent its processing in violation of the law.
a. Data Collector
A data controller refers to the real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. According to the Personal Data Protection Law numbered 6698 (“the Law”), your personal data is collected and processed by “the phsycian” as the data controller within the scope explained below.
b. Personal Data Collection Method and Legal Reason
Your personal data is collected through various channels by fully or partially automatic or non-automatic means, in all kinds of oral, written, and electronic media; such as various documents submitted to the physician, job application forms obtained through various channels such as job search portals, customer information forms, mail and e-mails, call center, website, social media tools, communication accounts and devices, examination center information systems and devices, security cameras, third parties such as doctors, business partners, and companies that provide services/products to the doctor and the doctors employed by the physician, in order to be stored for as long as necessary.
Your personal data is processed based on your explicit consent. However, your personal data can also be processed without seeking explicit consent, based on legal grounds such as: (i) being explicitly provided for by laws, (ii) personal data being made public by the data subject themselves, (iii) the data subject being unable to provide consent due to factual impossibility, and it being necessary for the protection of the life or physical integrity of the data subject or another person, (iv) being necessary for the performance of a contract or for the conclusion of a contract to which the data subject is a party, (v) being necessary for the fulfillment of the legal obligation of the controller, (vi) being necessary for the establishment, exercise or protection of a right, (vii) being necessary for the legitimate interests of the controller, provided that it does not harm the fundamental rights and freedoms of the data subjects.
c. Purposes of Processing Personal Data
Your personal data is processed for the following purposes: to fulfill legal and professional obligations as per the conditions mentioned in the second paragraph of Article 5 of the Law; to properly plan and carry out our commercial relationships, partnerships, and strategies; to ensure the legal, commercial and physical security of the doctor and our business partners; to ensure the smooth operation of the doctor; to best plan and implement our human resources policies; to ensure the functionality and security of the doctor’s information systems and create necessary databases; to improve the services offered on the doctor’s website and fix any errors; to create and keep track of visitor records and ensure management of requests and complaints.
If you provide your explicit consent, your personal data may be processed by the physician for the purpose of allowing you to benefit from the products and services offered in the best way (statistics, analysis, profiling, and reporting of preferences) and to keep you informed (promotion, advertising, announcements, and information, as well as personal process tracking); to plan, develop and carry out corporate communication activities and to analyze your financial profile.
Medical imaging data including X-ray, CT (Computed Tomography), MRI (Magnetic Resonance Imaging), DEXA (Bone Density Measurement Device), Scintigraphy, Angiography, Ultrasonography, etc. obtained from Medical Imaging Systems will be destroyed in accordance with the “Regulation on the Deletion, Destruction or Anonymization of Personal Data” after it is viewed by the Physician.
d. To Whom and For What Purpose the Processed Personal Data Can Be Transferred
Your personal data may be shared with our group of doctors, affiliates, partners, external doctors (such as those providing services in areas like security, health, workplace safety, and law) we contract with to fulfill our contractual or legal obligations, and authorized institutions and organizations, within the scope of the purposes mentioned in the first paragraph of this section (c) and under the conditions specified in Articles 8 and 9 of the Law, provided that the necessary security measures are taken. If you provide your explicit consent, your personal data may be shared with our group of doctors, affiliates and partners, within the scope of the purposes mentioned in the second paragraph of this section (c).
e. Rights of Personal Data Owners Pursuant to Article 11 of the Law
The physician, in accordance with Article 10 of the Law, informs you of your rights and guides you on how to exercise them, and implements the necessary internal procedures, administrative and technical regulations. As the data subject, you have the rights, in accordance with Article 11 of the Law, to: (a) learn whether or not your personal data is being processed, (b) request information about your personal data if they are being processed, (c) learn the purpose of the processing of your personal data and whether or not they are being used in accordance with that purpose, (ç) find out about third parties to whom your personal data is transferred within or outside of the country, (d) request the correction of your personal data if they are incomplete or inaccurate, (e) request the deletion or destruction of your personal data in accordance with the conditions set out in Article 7 of the Law, (f) request that the operations carried out in accordance with the provisions of paragraphs (d) and (e) of this Article be notified to third parties to whom your personal data is transferred, (g) object to the processing of your personal data by means of automatic systems that results in an outcome that is not favorable to you, (ğ) request the compensation of damages if you are harmed due to the illegal processing of your personal data.
You can submit requests and applications related to the implementation of the Law by preparing the Data Owner Application Form in accordance with the legislation, either by delivering it personally to the address “Mimar Sinan Mah., Ziya Gökalp Blv. No:28 Mi’Marin Medical D:1, 35220 Konak/İzmir”, or by sending it through a Notary Public, or by sending it electronically to the registered electronic mail (KEP) address ozgur.aksan@hs06.kep.tr using a secure electronic signature or mobile signature.
In your requests and applications, the following elements must be present:
Information and documents related to the subject must be attached to the application.
The physician will handle the requests included in the application as soon as possible and within thirty days for free, depending on the nature of the request. However, if the process requires additional cost, fees may be charged according to the tariff determined by the Board.
The physician may accept the request or reject it with an explanation and notify the person concerned in writing or electronically. If the request is accepted, the physician will take the necessary steps as soon as possible and inform the person concerned. Should the fee is charged due to a mistake made by the physician, it will be refunded to the data owner.
If the request is rejected or the response given is deemed insufficient or if a response is not given within the time period, the data owner has the right to file a complaint with the Personal Data Protection Board within thirty days of learning about the response and, in any case, within sixty days from the date of the request.
More detailed information about the subject can be found in the “Protection and Processing of Personal Data Policy” of the physician.
Application to the data controller Article 13:
(1) The individual submits their requests related to the implementation of this law to the data controller in writing or through other methods determined by the Board.
(2) The data controller will handle the requests included in the application as soon as possible and within thirty days for free, depending on the nature of the request. However, if the process requires additional cost, fees may be charged according to the tariff determined by the Board.
(3) The data controller may accept the request or reject it with an explanation and notify the person concerned in writing or electronically. If the request is accepted, the data controller will take the necessary steps. If the fee is charged due to a mistake made by the data controller, it will be refunded to the person concerned.
Complaint to the Board Article 14:
(1) If the request is rejected, if the response given is deemed insufficient or if a response is not given within the time period, the individual may file a complaint with the Board within thirty days of learning about the response and, or in any case within sixty days from the date of the request.
(2) The complaint procedure cannot be used before the application procedure is exhausted.
(3) Those whose personal rights have been violated have the right to compensation according to general rules.
OUR PERSONAL DATA PROTECTION AND PROCESSING POLICY
CHAPTER ONE
1. INTRODUCTION
1.1. Introduction
As your physician (“Doctor”), we attach the utmost importance to the protection and processing of personal data in accordance with the Personal Data Protection Law numbered 6698 (“Law”) and we act with this awareness in all our planning and activities. With this awareness, we take all administrative and technical measures for the protection and processing of personal data.
1.2. Purpose of the Policy
The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to protect and process personal data in accordance with the Law, primarily by protecting the privacy of personal life as regulated in Article 20 of the Constitution, as well as the fundamental rights and freedoms of individuals to the maximum degree possible, and to inform Data Owners about the procedures and principles that the Doctor will comply with according to the Law and our responsibilities.
In order to perform medical activities in this scope, the Doctor with a Health Tourism Authority Certificate is processing various personal data of various individuals, particularly all patients/consultants, medical tourists, potential medical tourists, employees communicating on their own behalf or on behalf of others, company employees and other real persons who establish a relationship through job applications or any other purpose or channel, in a legally compliant manner as a “Data Controller.”
Another aim of this policy is to inform relevant individuals by making statements about the procedures and personal related systems carried out by the physician, and thus to provide transparency in personal data. In this context, the physician has detailed the processing of personal data within the scope of the law, the data subjects and their rights involved in this processing, and the use of cookies and similar technologies in this “Policy.”
1.3. Scope of the Policy
This Policy has been prepared for real persons, partners, officials, employees, job candidates, visitors, company customers, patients, health tourists, potential patients and/or consultants and other third parties, and it will be applied within the scope of these specified individuals. The physician is informing these Personal Data Owners about the Law by publishing this Policy on its website.
This policy will be applied in cases where the physician processes the personal data of the relevant individuals mentioned above, fully or partially, by means of automatic or non-automatic methods, which are part of any data recording system, within the scope of any diagnosis and treatment of diseases related to the management of the clinic. If the data does not fall within the scope of “Personal Data” as stated below or if the Personal Data processing activity carried out by the physician is not done in the ways mentioned above, this policy will not be applied.
1.4. Definitions
The terms used in the implementation of this Policy have the following meanings:
Explicit Consent: Consent that is based on information and expressed freely with regard to a specific subject.
Anonymization: The process of making personal data such that it can no longer be associated with a specific or identifiable natural person, even when matched with other data.
Job Candidate: Real persons who have applied for a job through any means or have opened up their resume and relevant information for the physician’s review.
Contact person: Contact person is the real person reported by the data controller during registration in the registry for the purpose of communication with the entity in relation to the responsibilities of; legal entities established in Turkey, and the data controller representative of legal entities that are not established in Turkey, under the Law and secondary regulations to be issued based on this Law.
Processing of Personal Data: Any kind of operations performed on personal data such as collecting, recording, storing, maintaining, modifying, reorganizing, disclosing, transferring, acquiring, making acquirable, classifying or preventing the use, via either fully or partially by automated means or by non-automated means that are part of a data recording system.
PDP Board (KVK Board): The Personal Data Protection Board.
Data Owner / Relevant Person: Patients, consultants within the scope of health tourism or potential or current health tourists, shareholders of the company, business partners of the company, officials of the company, employees, job candidates, visitors, customers of the company, potential customers and third parties whose personal data is processed.
Personal data processing inventory: An inventory created by data controllers where they link the personal data processing activities they carry out in relation to their business processes (personal data processing purposes, data category, recipient group to which data is transferred and the group of data subjects) to each other, and where they detail the maximum required duration for the purpose of data processing, personal data to be transferred to foreign countries and the measures taken for data security.
Personal data storage and destruction policy: A policy relied upon by data controllers to determine the maximum required duration for the purpose of data processing and for the processes of deletion, destruction and anonymization of personal data.
Personal Data: Any information related to an identified or identifiable real person.
Company Customer: Real persons who use or have used the products and services offered by the physician, regardless of any contractual relationship with the physician.
Special Qualified Personal Data: Race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership in an association, foundation or union, health, sexual life, conviction and data related to security measures, as well as biometric and genetic data are special qualified data.
Potential Customer: Real persons who have expressed a demand to use our products and services or who have an interest in them and have been evaluated in accordance with commercial customs and rules of honesty.
Third Person: Other individuals who do not fall within the scope of the Personal Data Protection and Processing Policy of the physician and do not fall into any category of Data Owner in this policy.
Data category: The personal data category, in which personal datas of a set or sets of individuals are grouped according to their common characteristics.
Data subject set: Related people category whose personal data are processed by the data controllers.
VERBIS (Data Controller Registry Information System): An information system created and managed by the Chairmanship, which can be accessed via the internet, and which data controllers will use in their registration applications and other related procedures regarding registration.
Data Processor: A real or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System: Refers to the system in which Personal Data is processed in a structured manner according to certain criteria.
Data Controller: The person who determines the purposes and means of processing personal data, and manages the place where the data is systematically kept (data recording system) is the data controller.
Visitor: All real persons who enter the physical locations owned by the doctor for various purposes or visit our websites for any purpose.
Procedure for Managing Requests from Data Owners: A procedure that outlines the process that will be used for responding the requests that may come from data owners that is prepared within the physician and the physician’s examination team in accordance with the Law.
1.5. Enforcement of the Policy
The Policy, which is put into effect after being revised, is published on the physician’s website and is made available upon physician’s request to the relevant individuals. The physician or the person or organization authorized by the physician has the right to make changes to this policy at any time within the framework of secondary legislation and decisions of the Personal Data Protection Board.
CHAPTER TWO
2. PROTECTION OF PERSONAL DATA
2.1. Security of Personal Data
In accordance with the law, the physician takes all required technical and administrative measures to prevent the illegal processing and access of Personal Data to ensure the preservation of Personal Data by providing appropriate security level.
2.2. Auditing
The physician, directly or via a third party has all necessary audits conducted to ensure the regularity and continuity of the above-mentioned data security.
2.3. Confindetiality
The physician takes all necessary technical and administrative measures, within the limits of technological opportunities and application costs, to prevent the relevant data controllers and processors from disclosing or using the Personal Data they possess contrary to the provisions of the law and the Policy. In this context, the physician carries out informative and training activities with its employees on the Law and the Policy.
2.4. Unauthorized Disclosure of Personal Data
In case Personal Data processed by the physician is obtained by others in a manner not in compliance with the law, the physician conducts the necessary procedures to promptly notify the relevant Personal Data Owner and the Personal Data Protection Board. If deemed necessary by the Personal Data Protection Board, this situation may be announced through the Personal Data Protection Board’s website or another method deemed appropriate by the Personal Data Protection Board.
2.5. Observing the Legal Rights of Personal Data Owners
The physician respects all legal rights of Personal Data Owners in accordance with the implementation of the Policy and the Law and takes all necessary measures to protect these rights.
2.6. Protection of Private Personal Data
Sufficient measures determined by the Personal Data Protection Board are taken by the physician with care and sensitivity within the framework of the Policy for Processing and Protecting Special Qualified Personal Data.
CHAPTER THREE
3. PROCESSING AND TRANSFER OF PERSONAL DATA
3.1. General Principles in Processing of Personal Data
Personal data is processed by the physician in accordance with the procedures and principles specified in the Law and this Policy. The physician adheres to the following principles when processing Personal Data:
3.2. Terms of Processing Personal Data
Personal data is processed by obtaining explicit consent from the data owners or in accordance with the activities that can be carried out without consent in accordance with Articles 5 and 6 of the Law. These data are processed only within the framework of the purposes exemplified in the “Processing Purposes of Personal Data” section of this Policy. The physician can process Personal Data without obtaining the explicit consent of the data owner in the presence of any of the following below-mentioned conditions.
3.3. Conditions of Processing of Special Quality Personal Data
The physician cannot process Special Qualified Personal Data without the explicit consent of the individual. However, Personal Data other than those related to health and sexual life can be processed without the explicit consent of the individual in cases provided for by laws. Personal Data related to health and sexual life can only be processed by the physician without explicit consent of the individual, under the condition of confidentiality, for the purpose of protecting public health, protective medicine, medical diagnosis and treatment, and the management and planning of health services and financing. The physician takes the necessary actions as determined by the Board to ensure adequate measures are taken in the processing of Special Qualified Personal Data.
3.4. Terms of Transfer of Personal Data
The physician can transfer Personal Data and Special Qualified Personal Data to third parties in accordance with the law by creating the necessary confidentiality conditions and taking security precautions in line with the purposes of data processing. The physician will act in accordance with the regulations provided for in the law during the transfer of Personal Data. Within this scope, based on one or several of the Personal Data processing conditions specified in Law No. 5 and mentioned below, and limited to legitimate and lawful data processing purposes, the physician can transfer Personal Data to third parties:
3.4.1. The conditions for transferring Personal Data abroad
The physician can transfer Personal Data and Special Qualified Personal Data to third parties abroad by taking necessary security measures in line with the purposes of data processing. Personal Data processed by a doctor can be transferred to foreign countries which have been declared as having adequate protection by the Personal Data Protection Board (KVK) or to foreign countries where there is no adequate protection, provided that the data controllers in Turkey and in the relevant foreign countries have provided written commitment for adequate protection and the PDP Board has granted permission.
CHAPTER FOUR
4. INDIVIDUALS THAT THE PERSONAL DATA WILL BE TRANSFERRED TO FOR THE PURPOSE OF CLASSIFICATION, PROCESSING AND TRANSFERRING
4.1. Classification of Personal Data
4.1.1. Identity Information
Information about a person’s identity: name-surname, T.C. identity number, marital status, nationality information, mother-father name-surname, place of birth – date, gender, resume information, factory and record number of employees, land registry and other official registry information, and other identity information and documents containing this information, such as ID cards, passport, and tax number, SGK number, signature information, vehicle license plate, and other information.
4.1.2. Communication Information
Phone number, address, email address, fax number, IP address, and other information.
4.1.3. Transaction Security Information
Personal data related to; technical, administrative, legal, commercial security of both the Data Owner and the physician, and being processed during carrying out the physician’s activities.
4.1.4. Financial Information
Any information, documents, and records related to financial results arising from the employee-employer relationship established with the relevant person, including bank account number, branch code, bank card information, IBAN number, credit card information, financial profile, credit score, asset data, income information, and other information.
4.1.5. Visual and Auditory Information
Photographs and camera recordings, audio recordings, and any other data and information that includes these data.
4.1.6. Personal Information
Any personal data processed for the purpose of obtaining information that will serve as the basis for protecting the personal rights of real persons who are in an employment relationship with the Data Owner.
4.1.7. Location Information
Information that identifies the location of the relevant person when using the company’s vehicles in the activities and operations of the physician or other physicians, real and legal persons, and official and private institutions, including GPS location, travel data, and other information.
4.1.8. Family Members and Close Relatives Information
Information about the family members, (e.g. spouse, mother, father, child), relatives, and other individuals that can be reached in emergency situations of the related person, as defined above, including identity information and communication information, for the purpose of protecting the legal and other interests of the physician or other physicians in cooperation, legal and real persons, and the official and private institutions in the scope of their activities and operations.
4.1.9. Physical Location Security Information
Personal data related to records and documents taken at the time of entry to and during the stay in a physical location; camera recordings, fingerprint records and records taken at security points and other data related to the workplace.
4.1.10. Legal Action Information
Data processed within the scope of determination and follow-up of the legal receivables and rights of the physician, performance of his debts and legal obligations.
4.1.12. Special Qualified Personal Information
Data specified in the 6th article of the law (health data, biometric data, religion and membership information and others)
4.1.13. Request/Complaint Management Information
Personal data related to the receiving and evaluating of requests or complaints directed to the physician.
4.2. Purposes of Processing Personal Data
In order to fulfill the obligation of informing as stated in Article 10 of the Doctor’s Law, we provide information to data Owners about the purposes for which their personal data will be processed, as well as to whom and for what purpose the processed data can be transferred. Your personal data is processed solely within the scope of the conditions for personal data processing specified in Articles 5 and 6 of the Law for the following purposes: to plan and implement our human resources policies effectively, to correctly plan and carry out our commercial partnerships and strategies, to ensure the legal, commercial, and physical security of the Physician and our partners, to provide for the institutional functioning of the Physician, to work to ensure that you benefit fully from the products and services offered by the Physician, to customize the products and services offered by the Physician, to meet your requests, needs, and preferences, to ensure the highest level of data security, to create databases, to improve the services offered on the Physician’s website, to communicate with those who submit requests or complaints to the Physician, and to fix errors that occur on the Physician’s website.
4.3. Purposes of Transfer of Personal Data
Your personal data is transferred for the purposes of planning and implementing our human resources policies in the best way, correctly planning and executing our business partnerships and strategies, ensuring the legal, commercial and physical security of our physicians and partners, ensuring the corporate operation of the physician, working to make the products and services offered by the physician most beneficial for you; to tailor the products and services offered by the physician to your demands, needs and requests, ensuring the highest level of data security, creating data bases, improving the services offered on the physician’s website, communicating with those who report requests and complaints to the physician, and fixing errors on the physician’s website, in accordance with the conditions specified in articles 8 and 9 of the Law.
4.4. Persons to whom Personal Data will be Transferred
Your personal data may be transferred to our partners, suppliers, affiliates, companies and institutions with whom we are in cooperation, and to external companies that we receive services from in order to fulfill our contractual or legal obligations. The nature and parties of these transfers may vary depending on the type and nature of the data owner and physician relationship, the purpose of the transfer, and the relevant legal basis, and generally these parties are as follows:
CHAPTER FIVE
5. METHOD OF COLLECTING PERSONAL DATA AND LEGAL REASON, DELETING DESTROYING ANONYMIZATION AND STORAGE PERIOD
5.1. Method and Legal Reason of Personal Data Collection
In accordance with the 1st article which regulates the purpose of the law and the 2nd article which regulates the scope of the law, personal data is collected by various methods such as call centers, the physician’s website, mobile application and other methods, in order to fulfill the purposes mentioned in the policy, through legal reasons based on legislation, contract, request and demand, in verbal, written or electronic forms and it is processed by the physician or the data processors appointed by the physician, in order to fulfill the legal responsibilities arising from the law in a complete and correct manner.
5.2. Deletion, Destruction and Anonymization of Personal Data
With the reservation that the provisions in other laws regarding deletion, destruction and anonymization of personal data still apply: even though the physician has processed the personal data in accordance with this Law and other legal provisions, if the reasons for processing no longer exist; the Physician shall delete, destroy or anonymize the personal data in accordance with the Personal Data Retention and Destruction Policy, either on his own initiative or upon the request of the data owner.
After your health data images obtained through Medical Imaging Systems, including advanced radiological imaging such as X-ray, CT (Computed Tomography), MRI (Magnetic Resonance Imaging), DEXA (Bone Densitometry), Scintigraphy, Angiography, Ultrasound, etc., are viewed by the physician, they will be disposed of in accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data.
The destruction of personal data refers to the deletion of these data in such a way that they can no longer be used or retrieved in any way. Therefore, the data will be deleted from the documents, files, CDs, disks, hard disk/server/cloud, etc., in a way that cannot be restored.
The destruction of data refers to the deletion of information in a way that it can no longer be retrieved or used, by destroying the materials that store the data, such as documents, files, CDs, disks, hard drives, etc.
Anonymization of data refers to the process of making the personal data not able to be linked to an identified or identifiable real person, even if it is matched with other data.
5.3. Retention Period of Personal Data
The physician stores personal data in accordance with the time periods specified in the laws and regulations. If there is no time period specified in the laws and regulations for how long personal data should be kept, personal data will be processed as long as it is necessary to achieve the purpose of the activity being carried out at the time the personal data is processed and then deleted, destroyed or anonymized in accordance with the Personal Data Retention and Destruction Policy.
CHAPTER SIX
6. ENLIGHTENMENT OF PERSONAL DATA OWNER, RIGHTS OF PERSONAL DATA OWNER UNDER THE PDPL
6.1. Disclosure of Personal Data Owner
In accordance with Article 10 of the Personal Data Protection Law, the physician informs the data owners during the process of obtaining personal data. In this context, he uncloses the contact person’s identity (if there’s one), the purpose for which the personal data will be processed, to whom and for what purpose the processed personal data may be transferred, the method of collecting personal data and the legal basis of the collection, alongside with the rights of the data owner.
6.2. Rights of the Personal Data Owner pursuant to the PDPL
The physician informs you of your rights in accordance with Article 10 of the Law, and guides you on how to use these rights, and implements all the necessary internal procedures, administrative and technical regulations. In accordance with Article 11 of the Law, the physician explains the existence of the following rights to the individuals from whom personal data is collected:
In conclusion, you can submit your requests related to the implementation of the Law by using the Personal Data Protection Law Data Owner Request Form in writing or with a secure electronic signature, or by following the procedures specified in the application form using other methods determined by the Personal Data Protection Board (the Board). The physician will handle your requests, depending on their nature, in the shortest possible time and within thirty days free of charge. However, if the said operation requires an additional cost, a fee determined by the board can be charged.
The physician can accept the request but can also reject it as long as the reasoning is explained, and then the response is provided to the person of interest both in analog and digital formats.
If the request in the application is accepted, the physician shall take the necessary actions. The above mentioned “cost” will be refunded to the data owner in case of errors made by the physician or the personnel authorized by the physician.
In case of rejection of the application, insufficiency of the response given or failure to respond to the application within the specified period, the data owner has the right to file a complaint to the board within thirty days from the date of learning the response, and in sixty days at the latest, counting from the date of the application.
6.3. Circumstances in which the Policy and the Law will not be Enforced Whole or Partially
This policy and legal provisions will not be applied in the following cases:
In accordance with the purpose and basic principles of this Policy and the Law; Article 10 which regulates the obligation of disclosure of the data controller, Article 11 which regulates the rights of the data subject excluding the right to demand the compensation of the damage, and Article 16 which regulates the obligation to register in the Data Controllers Registry, shall not be applied in the following cases:
CHAPTER SEVEN
7. CLASSIFICATION OF PERSONAL DATA OWNERS AND MATCHING WITH PERSONAL DATA
7.1. Classification of Personal Data Owners
This policy and law are only applicable to real individuals. Within this scope, Personal Data Owners are grouped as follows:
Job Applicant: Real individuals who have applied for a job or submitted their resumes and related information to the physician for review.
Physician Business Partner, Partners’ Shareholder, Authorized Person, Employee: All real individuals that the physician has any kind of business relationship with, including employees, shareholders, and authorized personnel of real and legal entities (business partners, suppliers, etc.).
Physician’s Customer: Real individuals who use or have used the products and services offered by the physician regardless of whether there is a contractual relationship with the physician.
Potential Customer: Real individuals who have expressed interest in or could be interested in our products and services in accordance with commercial customs and honesty rules.
Third Party: Other individuals who are not covered by the Physician Personal Data Protection and Processing Policy and do not fall into any Personal Data Owner category in this policy.
Visitor: All real individuals who have entered the physical premises of the physician for various purposes or visit our websites for any purpose.
7.2. Matching Personal Data with Personal Data Owners
Classified Personal Data that had their descriptions and scopes have been explained above, have their matching with the classified Personal Data Owners below.
Identity Information: Doctors, clinics, company shareholders; clinic/company officials, clinic/doctor/company customers; potential customers, patients, health tourists, potential patients, health tourists and consultants, clinic/doctor/company business partners, business partners’ shareholders, officials, employees; job candidate, visitors, third parties.
Communication Information: Doctors, clinics, company shareholders; clinic/company officials, clinic/doctor/company customers; potential customers, clinic/doctor/company business partners, business partners’ shareholders, officials, employees; job candidate, visitors, third parties.
Transaction Security Information: Doctors, clinics, company shareholders; clinic/company officials, clinic/doctor/company customers; potential customers, clinic/doctor/company business partners, business partners’ shareholders, officials, employees; job candidate, visitors, third parties.
Financial Information: Doctors, clinics, company shareholders; clinic/company officials, clinic/doctor/company customers; potential customers, clinic/doctor/company business partners, business partners’ shareholders, officials, employees; job candidate, visitors, third parties.
Visual and Auditory Information: Doctors, clinics, company shareholders; clinic/company officials, clinic/doctor/company customers; potential customers, clinic/doctor/company business partners, business partners’ shareholders, officials, employees; job candidate, visitors, third parties.
Personnel Information: Clinic/doctor/company business partners, business partners’ shareholders, clinic/company officials, employees; job candidate, third parties.
Location Information: Clinic/doctor/company business partners, business partners’ shareholders, officials, employees.
Family Members and Close Information: Clinic/doctor/company customers; potential customers, clinic/doctor/company business partners, business partners’ shareholders, officials, employees; job candidate, visitors, third parties.
Physical space security information: Doctor, Clinic, Company shareholder; Clinic/Company official, Clinic/Doctor/Company customer; Potential customer; Clinic/Doctor/Company business partner, Business partner’s shareholder, official, employee; Employee candidate; Visitor, Third party
Legal process information: Potential customer; Clinic/Doctor/Company business partner, Business partner’s shareholder, official, employee; Third party
Special qualified personal information: Doctor, Clinic, Company shareholder; Clinic/Company official, Clinic/Doctor/Company customer; Potential customer; Clinic/Doctor/Company business partner, Business partner’s shareholder, official, employee; Employee candidate; Visitor, Third party
Demand/Complaint management information: Doctor, Clinic, Company shareholder; Clinic/Company official, Clinic/Doctor/Company customer; Potential customer; Clinic/Doctor/Company business partner, Business partner’s shareholder, official, employee; Employee candidate; Visitor, Third party
Website Cookie Disclosure Text
According to the Personal Data Protection Law No. 6698, in order to provide better service to you and to carry out the physician activities in a better way, this Website Cookie Disclosure Text has been prepared by Op. Dr. Özgür Akşan (Physician) as the data controller.
We are informing you with the purpose of processing the personal data procured by the use of cookies on the website, and identifying the rules and procedures regarding the transfer, recording and processing of the contents available on drozguraksanturkiye.com (which is Physician’s official website) by the Physician who is the data controller of the personal data shared with himself and the personal data that was processed during its use by; customers, suppliers, managers and employees of the service providers, Physician’s partners, employees, employee candidates, interns, visitors, employees of state institutions and organizations and employees of private legal entities, third parties.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, numbered 108 and opened for signature in Strasbourg on January 28, 1981 and came into operation on October 1, 1985, was signed by our country on January 28, 1981. This convention was incorporated into our domestic law by being published in the Official Gazette on March 17, 2016 with the number 29656. As a result of this, the Law on the Protection of Personal Data was published in the Official Gazette on April 7, 2016 and came into effect. The European Union (EU) legislation on the protection of personal data, the General Data Protection Regulation (GDPR; see https://gdpr-info.eu/) regulates the right of internet website visitors to obtain current information on which countries, when, for what purpose, why, and where their data is recorded. In our country, cookies are considered within the scope of the Law on the Protection of Personal Data No. 6698, as they contain “regulations related to personal data”. This law and related legislation are evaluated in this context. This Disclosure Text is a disclosure and information text that informs and clarifies the processing, storage, usage and operation of your personal data for all types of devices that provide access to the computer, smartphone, tablet, and physician website.
When you visit the physician’s website, you have the right and freedom to choose to accept or reject the use of cookies. However, if you reject cookies, it may not be possible for you to use the website effectively. Your personal data is processed in accordance with the Law on the Protection of Personal Data No. 6698 within the scope of this Disclosure Text. You can submit your requests to the physician as the data controller by reviewing the Disclosure Text and Personal Data Storage and Destruction Policy specified in the link below in connection with the Internet Site Cookie Disclosure Text.
PRIVACY TERMS:
1. Personal information (Identity Information, Contact Information, Address and Location Information, etc.) is processed for the purpose of providing better service to users (Users) who use or visit the website (Internet Site) operated by Op. Dr. Özgür Akşan (Physician) as the data controller under the domain name “drozguraksanturkiye.com” and facilitating communication with contacts related to the physician. These data collected through the Internet Site are used and stored in accordance with the principle of personal data and privacy protection by the Physician.
2. The physician does not share the information found and filled in on the website with third parties outside of the cases specified in the policies and disclosure texts on the website, without the knowledge or consent of the users. The physician does not use them for any other purpose other than his activity. The physician commits not to sell this information to third parties.
3. On the physician’s website, cookies for blocking harmful publications and unwanted advertisements are used together with first-party cookies with third party cookies by third-party providers (internet search engines).
4. The processed and stored personal data will be reported to the relevant official institutions and authorities in accordance with the mandatory legislation in force, in cases they are requested by the relevant public institutions and official authorities, provided that the person’s explicit consent is obtained in cases where the person’s consent is sought.
5. The user, who is the owner of personal data, by approving these privacy terms/clauses within the scope of this disclosure statement and the policy announced by the physician, confirms that the information provided is his/her own, filled by himself/herself, and that this information can be shared with the physician’s affiliates for the purpose of carrying out the physician’s recruitment processes, communication, sales and marketing activities.
6. If the internet site user accepts the use of the website, it will be considered that the user has read all the conditions written in this Disclosure Text, has been informed about the processing of personal data, has accepted the processing of personal data within the scope and purposes specified, and has explicitly given consent for this.
7. The Physician reserve the right to change the provisions of the “Internet Site Cookie Disclosure Text” in accordance with changes in the legislation, decisions of the Personal Data Protection Board and new conditions that arise within the Physician organization, without prior notice. You can submit your requests to the Physician by filling out the “Application Form” that you can prepare in accordance with the legislation regarding your personal data.
8. When using the internet site, it is possible to connect to other sites and social media sites via link connections. When you click on the links that provide access to the physician’s website or third-party sites, please keep in mind that these sites have personal data privacy policies. Please review the privacy policies of these sites when using them. The physician is not responsible for the contents and policies of third-party sites that are directed from the physician’s site. The physician has no control or responsibility over these sites.
9. It is a known and announced fact by IT experts and national and international authorities that it is not possible to completely protect personal data on the internet. The doctor has taken the necessary administrative and technical measures to protect your personal data.
10. The physician has established the necessary policy for the processing, protection, storage and destruction of personal data in compliance with the legislation. The physician declares that personal data will not be disclosed and will not be shared with third parties, in compliance with the principle of confidentiality, except for the cases specified in the policy. It has been determined that the responsibility for the confidentiality of personal data will continue even after the termination of the employment contract between the doctor and the employees, and if legal obligations are not fulfilled, the employment contract will be terminated for valid reasons, and necessary sanctions will be applied. All persons involved have been informed.
1- Your Processed Personal Data
This information text details the types of automatically processed personal data of the users accessing the internet website operated by (the doctor) and the personal data automatically processed based on the online transactions made on the website, as described below:
When filling out job application or contact forms and health information request forms on the website;
2- Purposes of Processing Personal Data
This text is for informational and disclosure purposes. The purpose of the Disclosure Text is to inform you about the processing of personal data – obtained through cookies – of visitors to the internet website operated by the doctor.
Personal data is processed for reasons such as performing basic functions necessary for the operation of the website, analyzing the website, improving the performance of the website, determining the number of visitors to the website, providing ease of use, sharing on third-party social media pages, etc. In this text, the necessary information about the purposes for which we use cookies on the website and how to control these cookies is explained. We reserve the right to change the provisions of this disclosure text at any time. Any updates will be announced on the website or through methods determined by the institution.
3- Method and Legal Reason of Collecting Personal Data
Personal data in collected within the purpose and scope of users visit to the website, via electronic cookies on the media through the usage of the website, based on the legal reason of the establishment and execution of the agreements that is made or is to be made with the relevant persons, and on the legal reasons towards legitimate interests of the Physician that is the Data Controller.
Your personal data is processed in accordance with the legal regulations such as the Law on the Regulation of Electronic Commerce, the Law on Electronic Signature, the Law on the Regulation of Broadcasts and the Fight Against Crimes Committed Through These Broadcasts on the Internet, the Regulation on Consumer Rights in the Electronic Communications Sector, the Regulation on the Processing and Protection of Personal Data in the Electronic Communications Sector, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, the Regulation on Commercial Communications and Commercial Electronic Messages, the Regulation on the Electronic General Assembly System to be Applied in Anonymous General Assemblies, the Circular on Processes and Technical Criteria Related to the Registered Electronic Mail System, the Regulation on Internet Sites to be Opened by Capital Companies and the 5th and 6th articles of the 6698 numbered Law regarding the conditions and purposes of personal data processing as stated in this text and the specific purposes mentioned in this text.
Medical imaging systems, such as X-ray, CT (computed tomography), MRI (magnetic resonance imaging), DEXA (bone densitometry), scintigraphy, angiography, and ultrasound, produce health data images that are viewed by a physician. These images are then properly disposed of in accordance with the “Regulation on the Erasure, Destruction or Anonymous Processing of Personal Data” once they are no longer needed.
4- To Whom Personal Data Can Be Transferred And For What Purpose
In this text, we state that your personal data may be shared with our group of physicians, suppliers, authorized public institutions and organizations, and private legal entities for the purposes mentioned above and in compliance with the laws. We also inform you that we may store your personal data on domestic and foreign servers, and in compliance with the laws, we may transfer your personal data abroad for the limited purpose of physician activities by taking necessary administrative and technical measures. If your personal data is transferred, sent or processed in countries outside the European Union (EU), it is transferred abroad in accordance with Article 5, 6, and 9 of Law 6698. We assure you that we will not sell or share your personal data with third parties without informing you or obtaining your explicit consent, unless it is necessary.
5- Your Rights as Personal Data Owner
In accordance with Article 11 of the Personal Data Protection Law No. 6698, which regulates the rights of the relevant person, you can submit your requests to us as the data controller at Mimar Sinan Mah. Ziya Gökalp Bulv. No:28 MiMarin Medikal D:1 35220 Konak İZMİR address, by filling out the application form attached and sending a signed copy of the form along with identification documents in person, by secure electronic signature, mobile signature, or by sending an email to ozgur.aksan@hs06.kep.tr using the personal Registered Electronic Mail (KEP) address that you have notified to us, or by making the application through a notary, or by using the methods determined by the Personal Data Protection Authority.
According to Article 11 of the law, everyone has the right to apply to the data controller and request to:
According to Article 11 of the law, everyone has the right to apply to the data controller and request to:
In accordance with Article 13/1 of the Personal Data Protection Law No. 6698, you are required to submit your applications to exercise your rights mentioned above in writing or by using the methods specified by the Personal Data Protection Authority and send them to the physician. The physician will handle your requests in the shortest time possible and within thirty days at the latest, free of charge, according to the nature of the request. However, if the process requires additional costs, a fee according to the tariff determined by the Authority will be requested according to the legislation. If you have any questions, comments, or requests regarding this Website Cookie Disclosure Text, you can contact the physician.
INFORMATION ABOUT COOKIES
1- What is a cookie?
Cookies are small text files that are created by a website on your device and store data in the name-value format. These are known as cookies in literature and are used by the website to remember the visitors. Cookies allow the website you visit to store information on your device and use it during subsequent visits. The cookies created by a website are stored by the internet browser you use to access the site. The information contained in these cookies can only be accessed by the internet sites provided under the domain name that created the cookie and only if you use the same browser. Cookies became an important part of modern internet technologies and their main functions are to remember online visitors’ preferences and recognize the device, and almost all websites use cookies.
2- Purposes of Use of Cookies
The website uses cookies to perform necessary basic functions to ensure the proper functioning of the site. These include allowing logged in visitors to navigate the site without having to re-enter passwords or information, enabling the proper filling out of forms necessary for carrying out business processes, analyzing the website to improve performance, such as integrating different servers that the website runs on, determining statistical data on the number of visitors to the site, remembering user names and search queries for the visitor’s later online connection, ensuring the legitimate interests of the clinic and making performance adjustments accordingly, and facilitating the online use and functionality of the site for visitors. Cookies are also used to connect to the clinic’s or third-party social media tools.
3- Who Sends Cookies and How?
Cookies are sent through the communication channel established between your device’s browser such as Google, Chrome, Safari, Opera, Mozilla Firefox, Internet Explorer and internet servers during your internet browsing. For more detailed information about cookies, you can visit the websites www.allaboutcookies.org or www.aboutcookies.org.
4- Compulsory Cookies
These cookies are necessary for the proper functioning of the website and for you to be able to benefit from the site’s features and services. No personal data is processed through these cookies. Personal information is deleted when the browser is closed. Authentication cookies that come into effect when you log in ensure the continuity of your online access as you navigate from one page to another.
5- Performance Cookies
These cookies help us to measure and improve the performance of the website by identifying visitors and traffic sources. They allow us to access the number of visitors to the pages of the website and to see which pages our visitors are spending time on. All the information collected by these cookies is anonymous, as it is evaluated together, and it does not contain personal information. The aim is to try to use the website more efficiently through these cookies.
6- Functionality Cookies
These cookies are used to provide advanced functionality and personalization opportunities such as remembering the language or region selection of our visitors on the website. If you do not allow the use of these related cookies, it will not be possible to save your personalized settings on our website.
7- Marketing/Targeting Cookies
These cookies are first-party and third-party cookies that are created during your visit to the website and third-party domains. These cookies enable tracking of your click and visit history on the domains on which they are created and match records between different domains. These types of cookies are used for recognizing and profiling users, targeting advertising and marketing activities, and personalizing content.
Session Cookies: The main function of these cookies is to ensure the proper functioning of the website. They are temporary cookies and are deleted from your device when you close the browser.
Permanent Cookies: Cookies that remain on your device until they are deleted by the user or their expiration date is reached, even after closing the browser.
First-Party Cookies: Cookies that are placed on your device by the website operator you are visiting.
Third-Party Cookies: Cookies that are placed on your device by individuals other than the website operator you are visiting, and are controlled by those individuals.
8- How Can The Use of Cookies Be Controlled?
You can use your right to allow or deny cookies according to the type of your internet browser as follows:
Google Chrome: By clicking on the “lock” or “i” icon in the “address bar” of your browser, you can allow or block cookies in the “Cookies” tab.
Internet Explorer: You can control cookie usage in the form of “allow” or “deny” by clicking on the “Security” tab in the “Tools” section in the upper right corner of your browser.
Mozilla Firefox: Click on the “Open menu” tab in the upper right corner of your browser. You can control cookies using the “Privacy and Security” button in the “Options” section.
For other browsers such as Opera and Microsoft Edge, you can check the help or support pages of the relevant browser to control cookie usage.
Safari: You can manage all your cookies by selecting the “Safari” tab from the “Settings” section of your mobile phone, and checking the “Privacy and Security” section.
In addition, by using the links below, it is possible to customize and change your preferences for cookies by changing your browser settings.
Adobe Analytics |
http://www.adobe.com/uk/privacy/opt-out.html |
Google Adwords | https://support.google.com/ads/answer/2662922?hl=en |
Google Analytics | https://tools.google.com/dlpage/gaoptout |
Google Chrome | http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647 |
Internet Explorer | https://support.microsoft.com/en-us/help/17442/windows-internet-explorerdelete-manage-cookies |
MozillaFirefox | http://support.mozilla.com/en-US/kb/Cookies |
Opera | http://www.opera.com/browser/tutorials/security/privacy/ |
Safari | https://support.apple.com/kb/ph19214?locale=tr_TR |
BVS Doctors is a team of highly experienced and skilled surgeons, including Dr. Özgür Akşan, Dr. Nail Özdemir, and Dr. Feryal Akşan, with a combined total of over 70 years of experience in neurosurgery and anesthesiology.
Phone:00 90 532 131 1900
E-mail: ——–
Address: Mimar Sinan Mah. Ziya Gökalp Blv. No:28 Mi’Marin Medical D:1 Alsancak/IZMIR/TÜRKİYE
BVS Doctors
How can we assist you?
WhatsApp Us
🟢 Online | Privacy policy
WhatsApp us