Information Text on the Processing of Personal Data within the Scope of KVKK
In order to protect the privacy of personal data, especially the confidentiality of private life and to safeguard the fundamental rights and freedoms of individuals, and to regulate the principles and procedures that individuals and legal entities processing personal data must comply with, TOBB ETU Health Education Application and Research Center (TOBB ETU HOSPITAL), as the Data Controller under the Personal Data Protection Law No. 6698 (“KVKK“),informs that your personal data will be processed only within the scope and purposes described below, in accordance with the provisions of the Basic Law on Health Services No. 3359, the Decree Law on the Organization and Duties of the Ministry of Health and Affiliated Institutions No. 663, Private Hospitals Regulation, Personal Data Protection Law No. 6698, Regulation on the Processing and Privacy of Personal Health Data, Health Ministry regulations, and other relevant legislation.
1-) Data Controller
The entity responsible for determining the purposes and means of processing personal data, establishing and managing the data recording system.
2-) Processed Personal Data
Primarily, your health data and other personal and special categories of personal data, including but not limited to: your name, surname, T.C. identification number and/or passport number and/or temporary T.C. identification number, place and/or date of birth, marital status, gender, health insurance, occupation, insurance card number, workplace registration and/or patient identification number that can identify you; your address, telephone number, email address, and other contact information, personal data obtained when you communicate with us via email, letter, and/or other means; your financial data such as bank account number, IBAN number, credit card information, billing, and invoice information; your financial data related to private health insurance for the financing and planning of healthcare services and data on paying institutions such as the Social Security Institution; all kinds of health information and data obtained during the execution of medical diagnosis, treatment, and care services, including but not limited to patient medical reports, diagnosis data, biometric and genetic data, laboratory results, test results, examination data, doctor analyses and comments, appointment information, prescription information; notifications such as surveys, thanks, complaint letters, satisfaction results; your vehicle plate information if you use the parking lot; images obtained from continuously recorded camera footage in common areas due to legal regulations in our hospitals; your personal data submitted through all hospital websites and online services, including your health data, IP address, cookies, and other personal data; your resume and other personal data obtained regarding your job application; all kinds of personal data related to your service contract are included in the scope of “Personal Data/Personal Data” by our hospital in accordance with the Personal Data Protection Law No. 6698 (“KVKK”). It can be processed in connection with the purposes specified in the article and transferred to the individuals, institutions, and organizations specified in Article V in a connected and proportionate manner.
3-) Collection of Personal Data
Your personal data is collected by TOBB ETU HOSPITAL for the purposes of benefiting from the services provided by TOBB ETU HOSPITAL, conducting the necessary work by our relevant units for the realization of activities, carrying out related processes, and conducting promotional activities for the services of TOBB ETU HOSPITAL in accordance with Article 5 of the Personal Data Protection Law. And will be processed within the processing conditions specified in the 6th article of the Personal Data Protection Law.
4-) Processing of Personal Data and Processing Purposes
The personal data we collect within the scope of the services you receive is processed for the following purposes:
a. Fulfillment of legal obligations stipulated in the Basic Law on Health Services No. 3359, the Decree Law on the Organization and Duties of the Ministry of Health and Affiliated Institutions No. 663, Private Hospitals Regulation, Regulation on the Processing and Privacy of Personal Health Data, and other relevant regulations;
b. Protection of public health, preventive medicine, execution of medical diagnosis, treatment and care services, planning and management of health services and financing;
c. Planning and managing the internal functioning of our hospital;
d. Providing information about your appointment when you make an appointment;
e. Identification and verification of your identity for your security;
f. Checking your eligibility with contracted institutions, ensuring financial reconciliation related to healthcare services, and sharing information requested by institutions;
g. Providing you with special drugs, medical supplies, or devices.
h. Billing process;
i. Sharing information obtained with the Ministry of Health and other public institutions and organizations in accordance with the legislation and responding to their requests;
j. Responding to your questions or complaints about our services;
k. Analyzing your use of healthcare services for the purpose of improving the services we provide;
l. Adapting to internal policies and principles;
m. Preserving information related to your health data that must be kept according to the relevant legislation;
n. Conducting promotional and informative activities, contacting you for information about our services;
o. Fulfilling risk management and quality improvement activities;
p. Fulfilling legal and regulatory requirements;
q. Without limiting the above, the execution and improvement of medical diagnosis, treatment, and care services, planning and management of healthcare services and financing, increasing patient satisfaction, researching, and related reasons.
However, your personal data will not be used for any commercial purposes other than the activities mentioned above and those required by the relevant legislation.
Your Personal Data, obtained and processed in accordance with the relevant legislation, may be transferred to and kept both in digital and physical environments in the physical archives and/or information systems of TOBB ETÜ HASTANESİ.
5-) To Whom and For What Purpose Personal Data May Be Transferred
In accordance with the KVKK and relevant health legislation, by ensuring the necessary technical and administrative measures to provide an appropriate level of security, we may transfer your personal data for the purposes stated in Section 3 above to institutions or organizations permitted by the provisions of the Health Services Basic Law No. 3359, Law on the Organization and Duties of the Ministry of Health and Affiliated Institutions No. 663, Private Hospitals Regulation, Regulation on the Processing and Privacy of Personal Health Data, and other relevant legislation; private insurance companies; our direct/indirect domestic/international shareholders, affiliated companies, and/or subsidiaries; group companies; auditors; consultants; business partners; organizations and other third parties with whom we have contracted or collaborated to carry out our activities, both domestically and internationally.
6-) Method of Personal Data Collection and Legal Basis
Your personal data is collected through any kind of verbal, written, or electronic means, such as membership forms or other methods, in line with the purposes mentioned above. With this legal basis, your personal data collected may be processed and transferred for the purposes stated above within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law on the Protection of Personal Data.
Your Personal Data, when the purpose requiring the processing of Personal Data under Article 7/f.1 of the Law on the Protection of Personal Data (KVKK) ceases to exist and/or when the statutory retention periods, for which we are obliged to process your data, expire, will be deleted, destroyed, or anonymized.
7-) Protection of Personal Data of the Personal Data Owner Rights Listed in Article
11 of the Law on You, except for the cases stipulated under the title of “Exceptions” listed in Article 28 of this law, your rights within the framework of KVKK Article 11, your personal data by applying to TOBB ETÜ HOSPITAL;
To exercise your rights stated above, you can submit your request to our Hospital in writing or by other methods determined by the Personal Data Protection Board. Within the scope of your written application, you can submit your request for the right you wish to exercise among the rights listed in Article 11 of this law, with information identifying your identity, to Söğütözü Mahallesi, Yaşam Cad. You can send it to No:5, Çankaya/Ankara. Depending on the nature of the request, your request will be finalized within thirty days at the latest.
8) Cases in Which Personal Data can be Processed Without Explicit Consent According to the Law on the Protection of Personal Data (KVKK):
In accordance with Article 5 of the Law on the Protection of Personal Data (KVKK) and Article 7 of the Regulation, the following personal data may be processed without requiring your explicit consent in the situations outlined below:
In cases explicitly foreseen by laws.