General Clarification Text Relating To The Processing Of The Personal Data (GDPR)

1. General Definition

Personal data consists of any data of the natural person whose ID is identified and identifiable under the Law. Sensitive Personal Data, a specific kind of personal data, refers to race, ethnicity, political thought, philosophical belief, religion, sect, other beliefs, dress and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data.

Processing of the personal data, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use, obtaining personal data completely or partially automatically or by non-automatic means provided that it is a part of any data recording system, mean all kinds of operations performed on data.

2. Data Controller

Your personal data is handled by ÖZEL BEYHEKİM HASTANESİ SAĞLIK HİZ.SAN.TİC.LTD as the data controller. STI. (“Data Controller”), in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”), within the scope described below. You can examine what your personal data is, how they are collected, what personal data may be subject to processing by us, and the details of the purposes of processing this data from the tables below.

3. Groups of Persons whose Personal Data are Processed

We process the personal data of the following groups of people within the scope of the hospital.

• Employees
• Interns
• Members of the Board of Directors
• Employee Candidates
• Visitors
• Supplier Officials / Employees
• Patients
• Relatives of Patients
• Parent/Guardian/Representatives
• Notifying Third Parties

Personal Data of Employees and Interns

Detailed information about the processed personal data of employees and interns is published in a way that only our employees and interns can access, and they have been informed in detail on this matter. If you are a former employee or trainee of Beyhekim Hospital, you can exercise your rights regarding your personal data processed while you are an employee or trainee by using one of the application channels in this Clarification Text.

Personal Data of the Members of the Board of Directors

Detailed information about the processed personal data of the member of the Board of Directors is published in a way that only our employees and interns can access, and they have been informed in detail on this matter. If you are a former member of the Board of Directors of Beyhekim Hospital, you can exercise your rights regarding your personal data processed while you are an employee or trainee by using one of the application channels in this Clarification Text.

Personal Data Processing Purposes:

Your personal data is processed for the purpose of Execution of the Procurement of Goods / Services, Execution of Finance and Accounting Affairs, Execution / Audit of Business Activities, Execution of Contract Processes, Execution of Supply Chain Management Processes.

Method of Obtaining Your Personal Data:

Your identity information is collected through company software, call center calls, customer experience research, social media accounts, platforms managed by third parties, printed forms, contracts, e-mail and documents declared by you.

Your personal information is collected through company software, contracts, e-mail, and printed forms.

Your contact information is collected through contracts, company-owned software, platforms managed by third parties, printed forms, meetings, and events.

Your contact information is collected through contracts, company-owned software, platforms managed by third parties, printed forms, meetings and events.

Your financial information is collected through printed forms.

Legal Reasons for Processing Your Personal Data:

Your Personal Data is processed by Beyhekim Hospital in line with the realization of the above-mentioned purposes, based on the legal reasons specified in the Article 5 of the Personal Data Protection Law and the relevant legislation;

• expressly stipulated in the law,
• It is processed on the basis of legal reasons that the data controller is mandatory in order to fulfill its legal obligation.
• The necessity of processing the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• Provided that it does not harm the fundamental rights and freedoms of the data subject, data processing is mandatory for the legitimate interests of the data controller.

Purposes of Processing Your Personal Data:

Your personal data will be processed with the purpose of Execution of Information Security Processes, Execution of Finance and Accounting Affairs, Execution of Communication Activities, Execution of Customer Relationship Management Processes Execution of Emergency Management Processes, Execution of Contract Processes, Execution of Activities in Compliance with the Legislation, Execution of Business Continuity Activities, Execution of Audit / Ethics Activities, Authorized Person, Providing Information to Institutions and Organizations, Carrying out Storage and Archive Activities, Carrying out Communication Activities, Carrying out Internal Audit / Investigation / Intelligence Activities, Execution / Audit of Business Activities, Execution of Customer Relationship Management Processes, Execution of Occupational Health / Safety Activities, Goods / Service Production and Operation Execution of Processes, Execution of Finance and Accounting Affairs, Organization and Event Management, Execution of Management Activities, Execution of Training Activities, Security of Data Controller Operations Provision of Equipment, Ensuring Physical Space Security, Ensuring the Security of Movable Goods and Resources, Execution of Goods / Service Sales Processes, Receiving and Evaluation of Suggestions for the Improvement of Business Processes

Method of Obtaining Your Personal Data:

Your identity information is collected through information systems/electronic devices, third-party managed platform, face-to-face, call center call, documents declared by the relevant party, contract and other documents submitted by you.

Your financial information is collected through information systems/electronic devices, documents declared by the relevant party, contracts, face-to-face and other documents submitted by you.

Your contact information is collected through information systems/electronic devices, documents declared by the relevant party, contract, platform managed by the third party, call center call, face-to-face and other documents submitted by you.

Information belonging to family members is collected through the platform managed by the third party, call center call, documents declared by the relevant party, contract and other documents submitted by you.

Your personal information is collected through information systems/electronic devices, documents declared by the person concerned, contracts and other documents submitted by you.

Your professional experience information is collected through the contract, documents declared by the relevant party and other documents submitted by you.

Your health information is collected through information systems/electronic forms, third-party managed platform, call center call, documents declared by the relevant party, contract, face-to-face and other documents submitted by you.

Legal Reasons for Processing Your Personal Data:

Your Personal Data is processed by Beyhekim Hospital in line with the realization of the above-mentioned purposes, based on the legal reasons specified in the Article 5 of the Personal Data Protection Law and the relevant legislation;

• expressly stipulated in the law,
• It is processed on the basis of legal reasons that the data controller is mandatory in order to fulfill its legal obligation.
• The necessity of processing the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
• Provided that it does not harm the fundamental rights and freedoms of the data subject, data processing is mandatory for the legitimate interests of the data controller.

Your Personal Data is processed by Beyhekim Hospital in line with the realization of the above-mentioned purposes, based on the legal reasons specified in the Article 6 of the Personal Data Protection Law and the relevant legislation;

• express consent of the person concerned,
• Personal data related to health and sexual life are only for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment, and care services, planning and managing health services and financing, by persons or authorized institutions and organizations under the obligation of secrecy without seeking the explicit consent of the person concerned. It is processed on the basis of legal reasons.

4. Legal Reason for Collecting Your Private Personal Data

Special categories of personal data require higher protection than other data categories. It is regulated in accordance with the Personal Data Protection Law  that additional information should be provided in order to process such data.

Personal data of special nature, data related to the person’s race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, disguise and clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

5. Domestic Transfer of Your Personal Data

• Your personal data is shared with people who are expressly authorized in the legislation, especially the Social Security Institution, in accordance with the legal regulations and the legislation we are subject to. In addition, your personal data will be shared with authorized persons or public institutions and organizations upon the request of a court decision or authorized administrative authorities.
• Your personal data will be shared with third parties who process the data in order to fulfill the obligations under the employment contract between us (for example, sharing your health data with our workplace doctor under the Occupational Health and Safety Law No. 6331, etc.).
• Your personal data may be shared with real persons or private law legal entities with whom we cooperate for the purposes of executing finance and accounting works, executing contract processes, and conducting investment processes within the scope of the service contract between us.
• Your personal data may be shared with our suppliers for the purpose of carrying out supply chain management processes and fulfilling the contract regarding the products or services to be procured from suppliers within the scope of the service contract between us.
• Your personal data may be shared with our business partners with whom we cooperate within the scope of the service contract between us for the purpose of conducting business activities and fulfilling the contract.

6. Do We Transfer Your Personal Data Abroad?

• Your personal data is not transferred abroad.

7. How long your personal data is stored?

The storage period of your personal data is as follows:

• If a period is determined for the storage of data in the law or the relevant legislation, the said data must be kept for at least this period. Unless otherwise stipulated in the legislation, as a rule, your personal data is stored for 10 years from the execution or end of the contract.
• The storage period is determined by adding a period of 6 months to 1 year to the periods stipulated in the legislation for the storage of your data, taking into account the possibility that a possible court request or a request of an administrative authority authorized by law regarding the relevant data reaches us late, or that a conflict that we may be a party to occurs and at the end of the period the data in question is deleted, destroyed or anonymized.
• If the legislation does not foresee a period for the storage period of the data we process, your data will be stored for the period determined in the contract made with you and as a requirement of the relationship between us. After the end of the aforementioned relationship or after the period specified in the contract, your data is deleted, destroyed or anonymized without any request.
• If all the processing conditions for personal data have been eliminated or the storage period declared by us or determined within the scope of the legislation has expired, your data will be deleted, destroyed or anonymized ex officio on the first periodic destruction date or within 6 months at the latest. If you request the deletion of your data for a valid reason, your data will be deleted within 30 days at the latest. If you request the deletion or destruction of your data, the retention period of which is determined in the legislation, before the stipulated periods, your request will not be fulfilled.

8. What are the Rights You Have Pursuant to Article 11 of the Personal Data Protection Law?

For all your requests, you can fill in the “Data Owner Application Form” on our website or send the application document you have prepared to our Company through the channels listed below. The applications you make to us pursuant to Article 11 of the Personal Data Protection Law will be evaluated promptly and comprehensively. Your application request will be answered and finalized within 30 days at the latest.

The rights you have pursuant to the above-mentioned article are as follows:

• Learning whether your personal data is processed by the Company and requesting information about it,
• Learning the purpose of processing your personal data and whether they are used in accordance with the purpose,
• Requesting correction of personal data if it is incomplete or incorrectly processed,
• Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law.
• Requesting notification of the transactions made pursuant to clauses 11 (d) and (e) of Personal Data Protection Law to third parties to whom personal data has been transferred,
• Objecting to a result against you by analyzing your personal data exclusively through automated systems,
• If you suffer any damage due to the processing of your personal data in violation of the relevant legislation, requesting the recovery of the loss.

Your requests regarding your personal data; if you wish, via the Contact Form;

• Sending to Tepekum Mah., Beyhekim Sk. No:10 Adapazarı/Sakarya address with a photocopy of the ID card and signature.
• By personally applying to Beyhekim Hospital with a valid identity document,
• By sending it to our registered e-mail address ozelbeyhekim@hs01.kep.tr by using a registered e-mail (KEP) address and a secure electronic signature or mobile signature.,
• You can forward it to Beyhekim Hospital by sending an e-mail to info@beyhekimhastanesi.com.tr by filling out a petition signed by the Applicant with mobile signature or secure electronic signature, or by filling in the “Relevant Person Application Form” if desired.

Thank you for reading the clarification text.