Clarification Text on Protection and Processing of the Personal Data

As ATM Özel Sağlık Hizmetleri Tic. A.Ş. hospitals and within its subsidiaries, we attach great importance to the security of your personal data. Pursuant to the Law on Protection of Personal Data No. 6698 (“Personal Data Law”) and “Regulation on the Processing and Privacy of Personal Health Data”, as a health institution, we will record and archive your personal information necessary to provide you with health services, share it with authorized 3rd Parties/Institutions when necessary, and process it in the ways listed in the Personal Data Law. Therefore, we inform you about our mutual rights and obligations. 1) Processing of Your Personal Data and the Data Controller As ATM Özel Sağlık Hizmetleri Tic. A.Ş. hospitals and within its subsidiaries, we attach great importance to the security of your personal data. As ATM Özel Sağlık Hizmetleri Tic. A.Ş. hospitals and within its subsidiaries, in order to provide you with health services as a data controller, Your credentials (First Name, Last Name, T.R. ID. Number, passport number for non-Turkish citizens or temporary T.R. Identification Number, Place and Date of Birth, Marital Status, Gender information and photocopy of T.R. ID. Card or Driver’s License submitted) Your contact information (such as address, phone number, e-mail address) Patient number and protocol number, Your bank account / Iban number, financial information for the payment and invoicing, Your private health insurance or Social Security Institution data, Your health data, including but not limited to your external institution laboratory and imaging results, test results, examination data, check-up information, prescription information that you submit to be included in your file, Your video and audio recording in the closed-circuit camera system around the hospital general areas, Your audio and video recording obtained in case you use the video call service over remote access platforms, Your personal data, including the sound and image obtained in case of giving consent under the Law on Intellectual and Artistic Works, If you have contacted our Call Center, your voice call recording, If you have used the parking lot and valet service, your license plate information, Suggestions, comments and survey answers you share for the purpose of evaluating our services, Your personal information, including your IP address, browser information, browsing data obtained during use, and medical data that you transmit with your consent through the mobile application, which we obtain during the use of our website and mobile applications; we declare that we will process them in our archives in the manner and subject to the conditions stipulated in the Personal Data Law. 2) Purpose and Legal Reason for Processing Your Personal Data Among the purposes of processing your personal data; Protection of public health, execution of medical diagnosis, treatment and care services, Sharing the requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation, If you make an appointment, providing you with information about your appointment, Planning and managing the internal functioning of the hospital, Analysis for the purpose of improving health services, In order to carry out the activities in their fields with the education/training institutions we cooperate with, Providing the financing of health services, executing the invoicing, Verification of your identity and confirmation of your relationship with contracted/related institutions Responding to your questions or complaints regarding our Services, Activities related to measuring and researching patient satisfaction in order to increase the service quality, Supply of medicines and medical devices, Participation in campaigns and providing information by Marketing, Media and Communication, Call Center departments, designing and transmitting special content, tangible and intangible benefits on the web and mobile channels. Legal reasons for the processing of your personal data; Cases clearly stipulated in the Private Hospitals Law No. 2219 and the Health Services Basic Law No. 3359 and Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Private Hospitals Regulation, Health Practice Communiqué, Patient Rights Regulation Fulfilling legal obligations arising from the relevant secondary legislation and protecting public health, execution of preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. 3) Transfer of Your Personal Data For the purpose of public health and preventive medicine services and subject to the conditions in the Law on the Protection of Personal Data, your personal data might be shared with T.R. Ministry of Health, Provincial Health Directorates, Public Health Centers and other units affiliated to the Ministry of Health and not limited to these institutions, requested by the competent authorities, by persons appointed by those authorities or within the scope of the established Turkish e-pulse system and similar systems or within the scope of our notification and/or reporting obligation imposed or your personal data with the relevant authorities and persons, Directly/indirectly with our domestic/overseas shareholders, subsidiaries and/or affiliates, group companies With our business partners, With legal representatives and third parties to whom we have received consultancy and authorized, including lawyers, consultants, auditors, With domestic/foreign organizations and other third parties and their legal representatives, with whom we contractually receive services and cooperate to carry out our activities, With your institution, if you use your private insurance with the Social Security Institution for patients under SSI, your insurance company you are a member of and invoicing will be made to the institution you work for, Laboratories, ambulances, medical devices and institutions that provide health services, in the country or abroad, with which we cooperate for medical diagnosis and treatment, When there is a need to be referred, contacting the relevant health care provider, Security General Directorate and other law enforcement agencies, General Directorate of Civil Registration, Turkish Pharmacists Association, and the Legal representatives you have authorized. 4) Method of Collecting Personal Data Your personal data is collected verbally, visually, in writing or electronically from the call center, switchboard, internet, mobile applications, physical spaces and similar channels, depending on the nature of the service provided, within the scope of the above-mentioned purposes. 5) Security Measures Regarding Your Personal Data Our Health Organization, which realizes the data processing activities such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of your personal data as the data controller; a) To prevent the unlawful processing of your personal data, b) To prevent unlawful access to personal data, c) Responsible for taking all kinds of technical and administrative measures to ensure the protection of personal data and to ensure the appropriate level of security, and takes these measures to the maximum extent possible. In addition, additional security measures, which are determined by the Personal Data Protection Board and are not limited to the following, are also taken in the processing of sensitive personal data. Our employees are trained on information security, patient privacy, and protection of personal data, institutional policies and procedures on personal data security are already specified, personal data is destroyed when the purpose of use is no longer valid, our systems containing personal data are routinely audited, contracts are made with data processors from whom service is received, up-to-date software is used, we have a security network designed against cyber-attacks, access to systems containing personal data is limited, antivirus and antispam programs are continuously used, IT networks related to security problems are constantly monitored, tests are carried out to identify system weaknesses, there is a corporate reporting system about problems, in case of abuse of the systems, the evidence is collected and reported to the Personal Data Protection Authority and a criminal complaint is made to the Prosecutor’s Office, and, in our physical environments where personal data are stored, protection measures against natural disasters such as fire, flood, etc. have been taken and these environments are kept locked and the entrances/exits are always under control. 6) Your Rights as Data Processed Persons By applying to our Health Institution within the scope of Article 11 of the Personal Data Law; you can learn about whether your personal data is processed, you can request information if your personal data has been processed, you can learn the purpose of processing your personal data and whether it is used in accordance with this purpose, you can learn whether the personal data has been transferred or not, and if so, the third parties to whom the transfer has been transferred, and request the correction of the personal data if it is incomplete or incorrectly processed, you can request deletion within the framework of the conditions stipulated in the legislation, may request the correction and deletion of personal data to be forwarded to third parties, you can object to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems, and, in case you suffer damage due to processing in violation of the Personal Data Law, you can request the compensation of the damage.