LIGHTING TEXT OF OUR HEALTH INSTITUTION UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA
Personal Data: Any information relating to an identified or identifiable natural person.
Our Health Institution is in the nature of data controller in accordance with Article 3/f of the Personal Data Protection Law No. 6698.
Data Controller Title: PRIVATE APEX SURGERY MEDICAL CENTER (Apeks Sağlık Merkezi A.Ş.)
OUR HEALTH INSTITUTION
PURPOSE OF PROCESSING AND TRANSFERRING PERSONAL DATA
(Article 6/(3) of the Law on Protection of Personal Data No. 6698)
• Protection of public health,
• Preventive medicine,
• Execution of medical diagnosis, treatment and care services,
• Planning and management of health services and financing
Our current duties and responsibilities in the eyes of laws and other regulations.
Regulation on the Processing and Privacy of Personal Health Data Official Gazette: 20.10.2016 – 29863: Article 7 – (1) Personal health data; It may be processed without the explicit consent of the person concerned, by persons or authorized institutions and organizations under the obligation of secrecy, for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing.
• Your Personal Data That Can Be Recorded If You Visit Our Institution:
Official Gazette Date: 27.03.2002 Official Gazette Number: 24708 Data to be Recorded Pursuant to Article 48 of the Regulation on Private Hospitals
• Patient admission paper (Name and surname, TR ID number, passport number or temporary Turkish ID number, place of birth, year of birth, marital status, gender, address, telephone number, etc.)
• Medical observation and examination paper,
• Patient sign,
• Nurse observation paper,
• X-ray and laboratory request paper and examination reports,
• Surgery paper,
• The patient’s examination request form,
• Output summary,
• The consent form indicating that the treatment to be applied has been accepted and that it shows the consent obtained in accordance with the relevant article of the Patient Rights Regulation published in the Official Gazette dated 1/8/1998 and numbered 23420.
• Appointment information,
• E-mail address,
• Other communication data,
• Voice call recordings and e-mails kept by customer representatives, patient services in accordance with call center standards
• Personal data obtained when contacting us via letter or other means
• Bank account number,
• IBAN number,
• Credit card information,
• Financial data such as billing information;
• Data on private health insurance
• Social Security Institution data;
• In case of a visit to the health institution, the footage of the camera recordings kept for security and inspection purposes, Official Gazette Date: 27.03.2002 Official Gazette Number: 24708 Private Hospitals Regulation: Taking into account the privacy of the patient, the common areas are recorded with the camera recording system and the camera is used. images are stored for at least two months.)
• Vehicle plate information in case of parking lot use,
• Job application forms made to our institution
• Personal files of people working in the institution,
Any data obtained during or as a result of medical diagnosis, treatment and care services, including but not limited to.
PROTECTION OF YOUR PERSONAL DATA BY OUR HOSPITAL:
All your personal data recorded by us in electronic and physical environment; The Decision of the Personal Data Protection Board dated 31/01/2018 and numbered 2018/10 regarding the “Adequate Precautions to be Taken by Data Controllers in the Processing of Special Quality Personal Data” is protected in systems and conditions that are in accordance with the scope of article 3 and article 4.
INSTITUTIONS THAT YOUR PROCESSED PERSONAL DATA CAN BE TRANSFERRED:
• Ministry of Health
• Contracted Laboratory Firm
• Private Insurance Companies
• Contracted Archive Firm
• Hospital Information Management System Providers
• Institutions to be transferred if one of the conditions specified in the third paragraph of Article 6 is met, provided that adequate measures are taken in accordance with Articles 8/b and 9/2 of the Personal Data Protection Law No. 6899.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA:
Pursuant to Article 11 of the Personal Data Protection Law No. 6899;
• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom personal data is transferred in the country or abroad,
• Requesting correction of personal data in case of incomplete or incorrect processing,
• Requesting the deletion or destruction of personal data, without prejudice to the conditions stipulated in the laws and our responsibility to keep your health information (archiving by inpatient and non-inpatient treatment institutions can be deleted from the local database after 20 years),
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• Requesting the compensation of the damage in case of loss due to unlawful processing of personal data,
• It has the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.
METHODS OF APPLICATION TO THE DATA SUBJECT
Law No. 6899 on the Protection of Personal Data
ARTICLE 13- (1) The person concerned submits his requests regarding the implementation of this Law to the data controller in writing or by other methods to be determined by the Board. (2) The data controller concludes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged. (3) The data controller accepts the request or rejects it by explaining its reason and notifies the relevant person in writing or electronically. In case the request in the application is accepted, the data controller fulfills its requirements. In case the application is caused by the fault of the data controller, the fee collected is returned to the relevant person.
complaint to the board
ARTICLE 14- (1) In cases where the application is rejected, the answer given is insufficient or the application is not answered in due time; The data subject may file a complaint with the Board within thirty days from the date of learning the answer of the data controller and in any case within sixty days from the date of application. (2) Pursuant to Article 13, no appeal can be made before the remedy is exhausted. (3) The right to compensation according to the general provisions of those whose personal rights are violated is reserved.
Procedures and principles of examination upon complaint or ex officio
ARTICLE 15- (1) The Board, upon complaint or ex officio if it learns about the alleged violation, makes the necessary examination on the matters falling under its jurisdiction. (2) Notifications or complaints that do not meet the conditions specified in Article 6 of the Law on the Use of the Right to Petition dated 1/11/1984 and numbered 3071 shall not be examined. (3) Except for information and documents qualified as state secrets; The data controller is obliged to send the information and documents requested by the Board regarding the subject of examination within fifteen days and to enable on-site examination when necessary. (4) Upon the complaint, the Board examines the request and gives a reply to the relevant parties. If no response is received within sixty days from the date of the complaint, the request is deemed to have been rejected. (5) In the event that the existence of a violation is understood as a result of the examination made upon the complaint or ex officio, the Board decides that the illegalities it detects will be eliminated by the data controller and notifies the relevant parties. This decision shall be fulfilled without delay and within thirty days at the latest, following the notification. (6) If it is determined that the violation is widespread as a result of the examination made upon the complaint or ex officio, the Board takes a principle decision on this issue and publishes this decision. The Board may also take the opinions of relevant institutions and organizations, if it needs it, before taking a decision in principle. (7) The Board may decide to suspend the processing of data or the transfer of data abroad, in the event that irreparable or impossible damages arise and there is a clear violation of the law.
In order to serve you better and to receive your suggestions, complaints and requests regarding Personal Data, you can send an application to the application button above, or send an e-mail to the website at firstname.lastname@example.org or apply to the Patient Rights Unit of our institution. In accordance with the Law on the Protection of Personal Data, information regarding personal data cannot be provided via telephone communication, and we thank you in advance for your understanding.