Protection of personal data is among the most important priorities of REFERENCE AESTHETIC HEALTY GROUP . Necessary sensitivity is given to the security of personal data, and great importance is attached to patient privacy and the preservation of all personal data belonging to our patients by processing them in the best possible way and with care. In addition to our patients, our companions, visitors, all our employees and employees of the institutions and organizations we cooperate with; According to the Law on the Protection of Personal Data No. 6698, the regulation on the Processing and Privacy of Personal Health Data and the relevant legislation, it has been adopted as a corporate policy to protect personal data within the framework of the following basic principles.
- Processing personal data in accordance with the law and honesty rules,
- Keeping personal data accurate and up-to-date when necessary,
- Processing personal data for specific, explicit and legitimate purposes,
- Related, limited and measured processing of personal data for the purpose for which they are processed,
- Keeping personal data for as long as required by the relevant legislation or for the purpose for which they are processed,
- Clarifying and informing personal data owners,
- Establishing the necessary system for personal data owners to exercise their rights,
- Taking the necessary measures in the protection of personal data,
- To act in accordance with the relevant legislation and KVK Board regulations in the transfer of personal data to third parties in line with the requirements of the processing purpose,
- Showing the necessary sensitivity to the processing and protection of sensitive personal data,
- Deletion and destruction of personal data in a legally defined manner and time
Execution of medical diagnosis, treatment and care services, Protection of public health, planning and management of preventive medicine health services and financing; to inform our patients about the appointment; planning and managing the internal procedures of our clinic, analyzing for the purpose of improving health services; training and developing our employees, protecting the personal processes and legal rights of our employees, monitoring and preventing abuse and unauthorized transactions; performing risk management and quality improvement activities; conducting research; fulfilling legal and regulatory requirements; billing for our services; confirming your identity;
The main purpose of this Policy is to make explanations about the personal data processing activity carried out by REFERENCE AESTHETIC HEALTY GROUP in accordance with the law and what has been done for the protection of personal data. To ensure transparency by informing the persons whose personal data are processed by our Clinic, especially its shareholders and officials and third parties. Although the personal data processed by REFERENCE AESTHETIC HEALTY GROUP may vary depending on the health services provided, it is collected by automatic or non-automatic methods. Our patient representatives, physicians, health professionals, etc. our employees, subcontractors and their employees and companies involved in all kinds of commercial activities; Special quality personal data and general personal data, especially health data collected verbally, in writing or electronically through our call center, website, online services and similar means, can be processed for the purposes listed below.
Confirming your relationship with the institutions contracted with our clinic; sharing all kinds of information requested by private insurance companies within the scope of financing health services; to be able to answer all your questions and complaints about our health services; Taking all necessary technical and administrative measures within the scope of data security of our clinic’s systems and applications; analyze your use of healthcare services and store your health data in order to develop and improve the healthcare services we provide to you; to preserve the information about your health data, which must be kept in accordance with the relevant legislation; Providing financial reconciliation regarding the health services offered to you with the institutions we have contracted with, banks and all institutions (public and private) from which health expenditures are collected; sharing the requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation; measuring patient satisfaction, increasing patient satisfaction.
Personal data is collected and processed in all kinds of verbal, written or electronic media for the purposes stated above and health services to be provided within the determined legal framework and within this framework, REFERENCE AESTHETIC HEALTY GROUP contracts and legal obligations are fully fulfilled..
This Policy; It covers the personal data defined below, which is processed automatically or non-automatically, of our patients, companions, visitors, institution officials, employees, employees, shareholders and officials of persons, organizations and institutions with whom we have cooperation and all kinds of legal relations, and third parties.
Name, surname, TR ID number, passport number or temporary TR ID number, place and date of birth, gender, marital status, clinic-specific protocol number and other identification data identifying patients; financial data such as address, telephone number, e-mail address, etc. contact data, payment and billing information; audio and digital information that can be obtained by electronic or non-electronic means; personal data of general and special nature, especially personal health data obtained during the execution of all medical diagnosis, examination, treatment and care services; Data on private health insurance and Social Security Institution data for the financing and planning of health services, health and identity data sent via websites, all visual (digital and non-digital) records
The scope of application of this policy according to personal data owners groups may be the entire policy (such as our patients); may also have only some provisions (for example, only our employees, suppliers, etc.)
Personal data may also be processed when a call center or website is used to use online services, on the intranet, training, participation in events organized by the hospital, or when visiting websites.Definitions
Explicit Consent: Consent about a specific subject, based on information and expressed with free will
Anonymization: It is the change of personal data in such a way that it loses its quality as personal data and this situation cannot be undone. For example masking, aggregation, data corruption etc. making personal data incapable of being associated with a natural person through techniques
Employees, Shareholders and Officials of the Institutions We Collaborate with: Natural persons, including shareholders and officials of these institutions, working in the institutions (such as but not limited to business partners, suppliers) with which our clinic has any business relationship.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use
Personal Data Owner: The natural person whose personal data is processed. For example, patients and staff
Personal Data: Any information relating to an identified or identifiable natural person. Therefore, the processing of information regarding legal persons is not within the scope of the Law. For example, name, surname, TCKN, e-mail, address, date of birth, credit card number, bank account number, etc.
Patient: Person who applied to our clinic for examination and treatment and received outpatient or inpatient treatment.
Special Quality Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data special quality dataInstitution Official: General Manager of the Institution and other authorized natural persons
Third Party: Third-party real persons (For example, employees or officials of the company from whom the service is received, Companion etc.)Data Processor: It is the natural and legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. For example, the IT company that keeps the data of our clinic, all the employees who enter the patient data into the system.
Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).Visitor: Real persons who have entered the physical areas of our clinic for various purposes or visited our websites.
Implementation of the Policy and Related Legislation
The processing and protection of personal data is carried out within the framework of the relevant legal regulations in force. REFERENCE AESTHETIC HEALTY GROUP Personal Data Protection Policy has been prepared in accordance with current regulations.
The policy was created by integrating with the practices of REFERENCE AESTHETIC HEALTY GROUP within the framework of the rules set forth by the relevant legislation. It carries out the necessary preparations by adhering to the effective periods stipulated in the KVK Law. When necessary, the above-mentioned personal data can be provided in the Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Hospitals, Regulation on the Processing of Personal Health Data and Protection of Privacy and regulations of the Ministry of Health, etc. It will be transferred to the physical archives and information systems of our clinic and / or our suppliers, which can be processed within the framework of the provisions of the legislation. As a result, Personal data will be protected both digitally and physically in accordance with the legal periods defined in the institutional procedures.
Ensuring the Security of Personal Data
Our clinic takes the necessary technical and administrative measures to ensure the optimum level of security in order to prevent the unlawful processing of the personal data it processes and to ensure the preservation of the data, and in this context, it makes or has the necessary inspections made.
The actions and measures taken by our clinic to ensure “data security” in accordance with Article 12 of the KVK Law are listed below.
- Our clinic takes technical and administrative measures according to technological possibilities and application cost in order to ensure that personal data is processed in accordance with the law. Employees are informed that they cannot disclose the personal data they have learned to others in violation of the provisions of the KVKK and cannot be used for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.
- Our clinic takes technical and administrative measures to prevent reckless or unauthorized disclosure, access, transfer or any other unlawful access to personal data.
- Our clinic raises awareness as data processing institutions such as business partners and suppliers, to whom personal data has been transferred, on preventing the illegal processing of personal data, preventing illegal access to data, and ensuring that the data is kept in accordance with the law.
- Obligations that our clinic has to comply with when processing personal data as a data controller, and the obligation to comply with the legal, administrative and technical measures developed in this regard.
- Our clinic conducts or has had the necessary inspections done within its own body. The results of these audits are reported to the relevant department within the scope of the internal functioning of the Institution and necessary activities are carried out to improve the measures taken.
- Our clinic operates the system that ensures that the personal data processed in accordance with Article 12 of the KVK Law is obtained by others illegally, and this situation is reported to the relevant personal data owner and the KVK Board as soon as possible.
Data Owner’s Rights; Claiming Rights, Communication Channels and Evaluation of Data Owners’ Requests
Our clinic carries out the necessary channels, internal functioning, administrative and technical regulations in accordance with Article 13 of the KVK Law in order to evaluate the rights of the personal data owners and to provide the necessary information to the personal data owners.
In case personal data owners submit their requests regarding their rights listed below to our Clinic in person with a written application and with a special authorized power of attorney, our Clinic concludes the request as soon as possible and within thirty days at the latest, free of charge, depending on the nature of the request. Personal data owners;
- Learning whether personal data is processed or not,
- If personal data has been processed, requesting information about it,
- To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
- Knowing the third parties to whom personal data is transferred in the country or abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing,
- Requesting the deletion or destruction of personal data,
- In case of correction, deletion or destruction of personal data, requesting that these transactions be notified to third parties to whom personal data has been transferred,
- Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- It has the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.
- Pursuant to paragraph 1 of Article 13 of the KVK Law, the request regarding the exercise of the above-mentioned rights must be submitted to our Clinic (data controller) in “written”.
- For the exercise of the rights specified within the framework of the KVK, the request is sent to our Clinic, together with the necessary information identifying the identity and the explanations regarding the rights desired to be exercised, also specifying which right is related to the exercise specified in Article 11 of the Law; It will ensure that the application regarding the request is answered more quickly and effectively.
- Protection of Private Personal Data
- REFERENCE AESTHETIC HEALTY GROUP protects personal data meticulously with its technical and administrative facilities. The security measures taken by our clinic are provided at an optimum level, taking into account the technological possibilities and possible risks.
- A group of personal data is defined as “personal data of special nature” in the KVK Law due to the risk of causing discrimination or victimization of individuals when processed unlawfully.
- These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
- The protection of the above-defined data, which is determined as “special quality” by the KVK Law and processed in accordance with the law, is treated with sensitivity.
- Clarifying and Informing the Personal Data Owner
In accordance with Article 10 of the KVK Law, it enlightens the personal data owners during the acquisition of personal data. In this context, the identity of our Clinic, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and legal reason, and the rights of the personal data owner within the scope of Article 11 of the KVK Law during the acquisition of personal data by our Clinic. related lighting.
Article 20 of the Constitution states that everyone has the right to be informed about their personal data. Accordingly, in Article 11 of the KVK Law, “requesting information” is also listed among the rights of the personal data owner. In this context, our clinic provides the necessary information in case the personal data owner requests information in accordance with the 20th article of the Constitution and the 11th article of the KVK Law.
Our clinic announces the corporate policy on the protection of personal data to the personal data owners and those concerned, with various publicly available documents, informing the relevant persons in personal data processing activities and providing accountability and transparency within this framework. In addition, the relevant persons of our clinic; It also informs people about their activities and the articles in the law in different ways, especially when they apply for their “explicit consent”.
Processing of Personal Data
Our clinic, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; accurate and up-to-date, in compliance with the law and honesty rules; for specific, clear and legitimate purposes; engages in personal data processing activities in a connected, limited and measured manner for this purpose.
Our clinic retains personal data for as long as required by law or for the purpose of processing personal data.
Our clinic processes personal data in accordance with Article 20 of the Constitution and Article 5 of the KVK Law, based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.
Our clinic acts in accordance with the regulations stipulated in terms of processing special quality personal data in accordance with Article 6 of the KVK Law.
Our clinic complies with the regulations stipulated in the law and set forth by the KVK Board on the transfer of personal data in accordance with the 8th and 9th articles of the KVK Law.
Processing of Personal Data in Compliance with the Principles Established in the Legislation
Processing in Compliance with Law and Integrity
Our clinic; acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. Our clinic takes into account the proportionality requirements in the processing of personal data, and does not use personal data for any other purpose.
Ensuring Personal Data Is Accurate and Up-to-Date When Necessary
Our clinic; takes the necessary measures to ensure that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legal interests.
Processing for Specific, Explicit, and Legitimate Purposes
Our clinic clearly and precisely determines the legitimate and lawful purpose of processing personal data. Our clinic processes personal data in connection with the service it provides and as much as is necessary for them. The purpose for which personal data will be processed by our clinic is notified before the personal data processing activity begins.
Being Related to the Purpose for which they are Processed, Limited and Measured
Our clinic processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed. For example, personal data processing activities are not carried out to meet the needs that may arise later.
Retention for as Long as Required for the Purpose of Processing or Envisioned in the Relevant Legislation
Our clinic retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context, our clinic first determines whether a period is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. Personal data is deleted, destroyed or anonymized by our Clinic in the event that the period expires or the reasons requiring its processing disappear.
Personal Data Processing Conditions
Protection of personal data is a constitutional right. Pursuant to the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by the law or with the explicit consent of the person. Our clinic is in this direction and in accordance with the Constitution; processes personal data only in cases stipulated by law or with the explicit consent of the person.
Although the legal bases for the processing of personal data by our clinic differ, we act in accordance with the general principles specified in Article 4 of the Law No. 6698 in all kinds of personal data processing activities.
The express consent of the personal data owner is only one of the legal bases that allow the processing of personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity can be only one of the conditions stated below, or more than one of these conditions can be the basis of the same personal data processing activity. In case the processed data is special quality personal data; The following conditions apply.
- Finding the Explicit Consent of the Personal Data Owner
- Clearly Provided in Laws
- Failure to Obtain Explicit Consent of the Related Person Due to Actual Impossibility
- Direct Concern with the Establishment or Performance of the Contract
- Fulfilling the Legal Obligation of the Institution
- Publicizing the Personal Data of the Personal Data Owner
- Mandatory Data Processing for the Establishment or Protection of a Right
- Mandatory Data Processing for the Legitimate Interest of Our Clinic
Processing of Private Personal Data
Our clinic carefully complies with the regulations stipulated in the KVK Law in the processing of personal data determined as “special quality” by the KVK Law.
In Article 6 of the KVK Law, a set of personal data that carries the risk of causing victimization or discrimination when processed unlawfully is determined as “special quality”. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
By our Clinic in accordance with the KVK Law; Special categories of personal data are processed in the following cases, provided that adequate measures to be determined by the KVK Board are taken:
- If the personal data owner has express consent, or
- If there is no explicit consent of the personal data owner;
- Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,
- Special categories of personal data relating to the health and sexual life of the personal data owner, only for the purposes of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, or persons or authorized institutions and organizations under the obligation of keeping confidentiality. processed by organizations.
Transfer of Personal Data
Our clinic can transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, institutions, group companies, third real persons) in the country and abroad by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. In this direction, our clinic acts in accordance with the regulations stipulated in Article 8 of the KVK Law Your personal data, within the scope of the Law and other legislation and for the purposes mentioned above, REFERENCE AESTHETIC HEALTY GROUP Medical Centers, Group Companies, Universities, Ministry of Health, sub-units and family medicine centers, private insurance companies (health, retirement and life). insurance and the like), Social Security Institution, General Directorate of Security and other law enforcement agencies, General Directorate of Population, Pharmacists Association of Turkey, courts and all public institutions and organizations, without being affiliated with it, in the country or abroad with which we cooperate for medical diagnosis. laboratories, medical centers and third parties providing health services, the health institution to which the patient is referred or the patient himself applies, your authorized representatives, the institution you are affiliated with and/or work with, the third parties we consult, including lawyers, tax consultants and auditors, regulator and supervisor With internal institutions and official authorities, domestic or foreign systems and/or companies within the group of companies that our Hospital is affiliated with, our suppliers, support service providers and business partners whose services we benefit from or cooperate with (you can apply to our Clinic in writing for more detailed information). can be shared.
Transfer of Personal Data
Our clinic can transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, institutions, group companies, third real persons) in the country and abroad by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. In this direction, our clinic acts in accordance with the regulations stipulated in Article 8 of the KVK Law.
Your personal data, within the scope of the Law and other legislation and for the purposes mentioned above, REFERENCE AESTHETIC HEALTY GROUP Medical Centers, Group Companies, Universities, Ministry of Health, sub-units and family medicine centers, private insurance companies (health, retirement and life). insurance and the like), Social Security Institution, General Directorate of Security and other law enforcement agencies, General Directorate of Population, Pharmacists Association of Turkey, courts and all public institutions and organizations, without being affiliated with it, in the country or abroad with which we cooperate for medical diagnosis. laboratories, medical centers and third parties providing health services, the health services to which the patient is referred or the patient himself applies, your authorized institution, the institution you are affiliated with and/or work with, the third parties we consult, including lawyers , tax consultants and auditors, regulator and supervisor With internal institutions and official authorities, domestic or foreign systems and/or companies within the group of companies that our Hospital is affiliated with, our suppliers, support service providers and business partners whose services we benefit from or cooperate with (you can apply to our Clinic in writing for more detailed information). can be shared.,
Personal Data Received for Physical Space Security
Building, Facility Entrances and Personal Data Processing Activities within the Building Facility and Website Visitors
Our clinic complies with the regulations in the KVKK in the conduct of camera monitoring for security purposes.
In the buildings and facilities of our clinic, personal data processing activities are carried out for monitoring the entrance and exit of patients, staff, visitors and supplier company employees with security cameras.
Personal data processing is carried out by our Clinic by using security cameras and recording guest entries and exits. In this context, our clinic acts in accordance with the Constitution, KVK Law and other relevant legislation.
Video recordings of our visitors and sound recordings are taken where necessary through the camera monitoring system at the building, facility entrances and inside the facility of our clinic.
Our clinic, within the scope of monitoring with security cameras; It aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of the institution, patients and employees, and to protect the interests of patients regarding the health care and other services they receive.
The camera monitoring activity carried out by our clinic is carried out in accordance with the Law on Private Security Services and the relevant legislation.
Only authorized institution employees and/or supplier company employees have access to the records recorded and maintained in the digital environment. On the other hand, live camera images can be watched by outsourced security services.
Camera records are kept for 1 month.
In accordance with Article 12 of the KVK Law, our clinic takes the necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring.
Terms of Deletion, Destruction and Anonymization of Personal Data
Although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data is deleted, destroyed or anonymized pursuant to the relevant procedures of our Clinic or upon the request of the personal data owner, in case the reasons requiring processing are eliminated. is brought.
In this context, our Clinic trains, assigns and raises awareness of the relevant business units in order to fulfill its related obligation.
While obtaining the names and surnames of the people who come to the buildings of our clinic, or through the texts posted by the Institution or made available to the guests in other ways, the personal data owners are enlightened in this context.
To ensure safety by our clinic and for the purposes specified in this Policy; Internet access can be provided by our Clinic to our Visitors who request it during their stay in our Buildings and Facilities. In this case, log records regarding internet access are recorded in accordance with the Law No. 5651 and the mandatory provisions of the legislation arranged according to this Law; These records are only processed when requested by authorized public institutions and organizations or in order to fulfill our legal obligations in the audit processes to be carried out within the Agency.
Only a limited number of Institution employees have access to the log records obtained within this framework. Employees of the Institution who have access to the aforementioned records access and share these records with legally authorized persons only for use in requests or audit processes from authorized public institutions and organizations. A limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality agreement.
On the websites owned by our clinic; to ensure that the visitors of these sites perform their visits on the sites in accordance with the purposes of their visit; Internet movements within the site are recorded by technical means in order to show them customized content and to carry out online promotional activities.
REFERENCE AESTHETIC HEALTY GROUP Personal Data Protection and Processing Policy enters into force on 17.03.2023. In case of renewal of all or certain articles of the Policy, the effective date of the Policy is the date on which that article is revised for the renewed article.