- ENTRANCE
Protection of personal data, AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. is among its top priorities. Necessary sensitivity is shown regarding the security of personal data, and great importance is attached to patient privacy and to processing and preserving all personal data of our patients in the best possible way and with care. In addition to our patients, our companions, visitors, all our employees and the employees of the institutions and organizations we cooperate with; In accordance with the Law on the Protection of Personal Data No. 6698 and the regulations and relevant legislation on the Processing and Ensuring the Privacy of Personal Health Data, it has been adopted as the corporate policy to protect personal data within the framework of the following basic principles.
- Processing personal data in accordance with the law and the rules of honesty,
- Keeping personal data accurate and updated when necessary,
- Processing personal data for specific, clear and legitimate purposes,
- Limited and measured processing of personal data in connection with the purpose for which they are processed,
- Keeping personal data for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed,
- Enlightening and informing personal data owners,
- Establishing the necessary system for personal data owners to exercise their rights,
- Taking necessary precautions to preserve personal data,
- Acting in accordance with the relevant legislation and KVK Board regulations in transferring personal data to third parties in line with the requirements of the processing purpose,
- Showing the necessary sensitivity to the processing and protection of special personal data,
- Deleting and destroying personal data in a legally defined manner and within a defined period of time
- AIM
The main purpose of this Policy AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. To make statements about the personal data processing activities carried out in accordance with the law and the actions taken to protect personal data, and to ensure transparency by informing the persons whose personal data are processed by our institution, especially our patients, visitors, employees, business partners and suppliers. AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. Personal data processed by may vary depending on the health services provided and are collected by automatic or non-automatic methods. Our physicians, employees, business partners and their employees and companies engaged in all kinds of commercial activities; Special personal data and general personal data, especially health data collected verbally, in writing or electronically, can be processed for the following purposes.
- Providing medical diagnosis, treatment and care services,
- Protection of public health,
- Planning and management of preventive medicine health services and their financing;
- Being able to inform our patients about appointments;
- Planning and managing clinic internal procedures,
- Conducting analysis for the purpose of improving health services;
- Training and developing our employees,
- Protecting the personnel processes and legal rights of our employees,
- Monitoring and preventing abuse and unauthorized transactions;
- Carrying out risk management and quality improvement activities;
- Fulfilling legal and regulatory requirements;
- Billing for our services;
- Confirming your identity;
- Confirming your relationship with institutions contracted with the clinic;
- Sharing all kinds of information requested by private insurance companies within the scope of financing health services;
- To be able to answer all your questions and complaints regarding our health services;
- Taking all necessary technical and administrative measures within the scope of data security of our clinic's systems and applications;
- Analyze your use of health services and store your health data in order to develop and improve the health services we provide to you;
- To preserve information regarding your health data that must be kept in accordance with the relevant legislation;
- Ensuring financial reconciliation regarding the health services provided to you with our contracted institutions, banks and all institutions (public and private) from which health expenses are collected;
- Sharing requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation;
- Measuring patient satisfaction, increasing patient satisfaction.
- Carrying out communication activities
- Carrying out goods/service purchasing processes
- Carrying out financial and accounting transactions
Personal data can be used in any verbal, written or electronic environment to provide the above-mentioned purposes and health services within the specified legal framework and within this framework. AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. It is collected and processed in order to fully fulfill contracts and legal obligations.
- SCOPE
This Policy; It covers the personal data defined below, processed automatically or non-automatically, of our patients, visitors, institution officials, employees, employees, officials of persons, organizations and institutions with which we cooperate and have all kinds of legal relations, and third parties.
Name, surname, TR ID number, passport number or temporary TR ID number, place and date of birth, gender, marital status, other identification data identifying patients; contact data such as address, telephone number, e-mail address, etc., financial data such as payment and billing information; audio and digital information that may be obtained through electronic or non-electronic means; General and special personal data, especially personal health data obtained during the execution of all medical diagnosis, examination, treatment and care services; Data on private health insurance for the purpose of financing and planning health services
The scope of application of this policy according to groups of personal data owners may be the entire policy (such as our patients); There may also be only some provisions (for example, only our employees, suppliers, etc.).
- DEFINITIONS
Explicit Consent: Consent regarding a specific issue, based on information and expressed with free will.
Anonymization: Changing personal data in such a way that it loses its nature as personal data and this situation cannot be undone. For example, masking, aggregation, data corruption, etc. Making personal data unable to be associated with a real person through techniques
Employees and Officials of the Institutions We Collaborate with: Real persons, including the officials of these institutions, who work in the institutions (such as but not limited to business partners, suppliers) with which our institution has all kinds of business relations.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system, Any action performed on data, such as classifying or preventing its use
Personal Data Owner: Natural person whose personal data is processed. For example: patients and staff
Personal Data: Any information regarding an identified or identifiable natural person. Therefore, processing of information regarding legal entities is not within the scope of the Law. For example. name and surname, TR ID number, e-mail, address, date of birth, credit card number, bank account number, etc.
Patient: A person who applies to our institution for examination or treatment and receives outpatient or inpatient treatment.
Special Personal Data: Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. special quality data
Third Party: Third party natural persons who are associated with these persons in order to ensure the security of commercial transactions between our institution and the above-mentioned parties or to protect the rights of the mentioned persons and to provide benefits (For example, employees or officials of the company from which service is received, Companion, etc.).
Data Processor: A real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. For example, the IT company that keeps our institution's data, all employees who enter patient data into the system
Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system).
Visitor: Real persons who enter the physical areas of our institution for various purposes or visit our websites.
- IMPLEMENTATION OF THE POLICY AND RELEVANT LEGISLATION
Processing and protection of personal data is carried out within the framework of the relevant legal regulations in force. AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. The Personal Data Protection Policy has been prepared in accordance with current regulations.
The policy is implemented within the framework of the rules set forth by the relevant legislation. AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. It was created by integrating with applications. It carries out the necessary preparations by adhering to the validity periods stipulated in the KVK Law. When the above-mentioned personal data is required, the Health Services Basic Law No. 3359, the Regulation on Private Health Institutions for Outpatient Diagnosis and Treatment, the Private Hospitals Regulation, the Regulation on Personal Health Data and the Ministry of Health regulations, etc. . It will be processed within the framework of the legislative provisions and transferred to the physical archives and information systems of our links and/or suppliers/business partners. As a result, personal data will be protected both digitally and physically in accordance with the legal periods defined in the institution's procedures.
- ENSURING THE SECURITY OF PERSONAL DATA
Our institution takes the necessary technical and administrative measures to ensure the optimum security level in order to prevent the unlawful processing of the personal data it processes and to ensure the preservation of the data, and carries out the necessary inspections or has them carried out in this context.
The actions and measures taken by our institution to ensure "data security" in accordance with Article 12 of the KVK Law are stated below.
- Our institution takes technical and administrative measures according to technological possibilities and implementation costs to ensure that personal data is processed in accordance with the law. Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of KVKK or use it for purposes other than the purpose of processing, and that this obligation will continue after they leave office, and the necessary commitments are taken from them in this regard.
- Our institution takes technical and administrative measures to prevent imprudent or unauthorized disclosure, access, transfer, or any other form of unlawful access of personal data.
- Our institution raises awareness as data processing institutions, such as business partners and suppliers to whom personal data is transferred, about preventing the unlawful processing of personal data, preventing unlawful access to data, and ensuring the lawful preservation of data.
- The obligations that our Institution, as the data controller, has to comply with when processing personal data and the obligation to comply with the legal, administrative and technical measures it has developed in this regard. Contracts are made with data processing institutions, with which our Institution has relations in various capacities such as suppliers, business partners, in accordance with the nature of the activities they carry out in data processing.
- Our institution carries out the necessary inspections within its own structure or has them carried out. These audit results are reported to the relevant department within the scope of the internal functioning of the Institution and the necessary activities are carried out to improve the measures taken.
- Our institution operates the system that ensures that if personal data processed in accordance with Article 12 of the KVK Law is obtained by others through illegal means, this situation is notified to the relevant personal data owner and the KVK Board as soon as possible.
- DATA OWNER'S RIGHTS
If personal data owners submit their requests regarding their rights listed below to our Institution in writing, in person and with a specially authorized power of attorney, our Institution finalizes the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. Personal data owners;
- Learning whether personal data is processed or not,
- Requesting information if personal data has been processed,
- Learning the purpose of processing personal data and whether they are used for their intended purpose,
- Knowing the third parties to whom personal data is transferred at home or abroad,
- Requesting correction of personal data if it is incomplete or incorrectly processed,
- Requesting the deletion or destruction of personal data,
- In case of correction, deletion or destruction of personal data, requesting that these transactions be notified to third parties to whom personal data has been transferred,
- Objecting to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems,
- In case of damage due to unlawful processing of personal data, they have the right to request compensation for the damage.
In accordance with the 1st paragraph of Article 13 of the KVK Law, the request for the exercise of the above-mentioned rights must be submitted "in writing" to our Institution (data controller).
In order to exercise the rights specified within the framework of KVK, the request must be submitted to our institution, along with the necessary identifying information and explanations about the rights desired to be used, stating which right specified in Article 11 of the Law is related to the exercise; It will ensure that the application regarding the request is answered more quickly and effectively.
- 8. ENSURING THE SECURITY OF SPECIAL PERSONAL DATA
AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. It protects personal data meticulously with its technical and administrative facilities. The security measures taken by our clinic are provided at an optimum level, taking into account technological possibilities and possible risks.
A group of personal data is defined as "personal data of special nature" in the KVK Law due to the risk of causing victimization or discrimination when processed unlawfully.
These data; Data regarding race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
Care is taken to protect the data defined above, which are determined as "special nature" by the Personal Data Protection Law and processed in accordance with the law.
Details of the technical and administrative measures applied during the storage of special personal data are stated in the "Personal Data Storage and Destruction Policy" published by our Institution. These administrative and technical measures have been created in accordance with the Board decision published by the Personal Data Protection Board.
- CLARIFICATION AND INFORMATION OF THE PERSONAL DATA OWNER
In accordance with Article 10 of the KVK Law, it informs personal data owners during the acquisition of personal data. In this context, our Institution informs the personal data owners about the identity of our Institution during the acquisition of their personal data, the purpose for which the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason of personal data collection, and the personal data owner's information within the scope of Article 11 of the KVK Law. It provides information about the rights it has.
Article 20 of the Constitution states that everyone has the right to be informed about their personal data. In this regard, in Article 11 of the Personal Data Protection Law, "requesting information" is also included among the rights of the personal data owner. In this context, our institution provides the necessary information in case the personal data owner requests information in accordance with Article 20 of the Constitution and Article 11 of the Personal Data Protection Law.
Our institution informs the relevant parties about personal data processing activities and ensures accountability and transparency within this framework by announcing the institutional policy on the protection of personal data to personal data owners and those concerned through various publicly available documents. In addition, our Institution's relevant persons; It also informs people about its activities and the articles of the law through different methods, especially when it requests the "explicit consent" of people.
- PROCESSING OF PERSONAL DATA
Our institution, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; accurate and up-to-date, in compliance with the law and the rules of honesty; Pursuing specific, clear and legitimate purposes; engages in personal data processing in a limited and measured manner in connection with the purpose.
Our institution retains personal data for the period stipulated by law or required for the purpose of processing personal data.
In accordance with Article 20 of the Constitution and Article 5 of the KVK Law, our institution processes personal data based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.
Our institution acts in accordance with the regulations stipulated in the processing of special categories of personal data in accordance with Article 6 of the KVK Law.
In accordance with the 8th and 9th articles of the KVK Law, our institution complies with the regulations stipulated in the law and put forward by the KVK Board regarding the transfer of personal data.
Processing of Personal Data in Accordance with the Principles Provided in the Legislation
Processing in Compliance with the Law and the Rules of Honesty
Our institution; It acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. Our institution takes into account the proportionality requirements in the processing of personal data and does not use personal data for purposes other than its purpose.
Ensuring Personal Data is Accurate and Up to Date When Necessary
Our institution; It takes the necessary measures to ensure that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and its own legal interests.
Processing for Specific, Clear and Legitimate Purposes
Our institution clearly and precisely determines the purpose of processing personal data that is legitimate and lawful. Our institution processes personal data in connection with the service it offers and as much as is necessary for them. The purposes for which personal data will be processed are notified by our institution before the personal data processing activity begins.
Being Related to the Purpose for Processing, Limited and Proportionate
Our institution processes personal data in a manner suitable for achieving the specified purposes and avoids the processing of personal data that is not relevant or needed to achieve the purpose. For example, personal data processing activities are not carried out to meet needs that may arise later.
Preservation for the Period Envisaged in the Relevant Legislation or Necessary for the Purpose for which they are Processed
Our institution retains personal data only for the period specified in the relevant legislation or necessary for the purpose for which they are processed. In this context, our Institution first determines whether a period of time is stipulated in the relevant legislation for the storage of personal data, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores personal data for the period necessary for the purpose for which they are processed. If the period expires or the reasons requiring processing disappear, personal data is deleted, destroyed or anonymized by our Institution.
Conditions for Processing Personal Data
Protection of personal data is a Constitutional right. In accordance with the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by law or with the explicit consent of the person. Our institution is in this direction and in accordance with the Constitution; It processes personal data only in cases stipulated by law or with the express consent of the person.
Although the legal basis for the processing of personal data by our institution varies, all kinds of personal data processing activities are carried out in accordance with the general principles specified in Article 4 of Law No. 6698.
Explicit consent of the personal data owner is only one of the legal bases that allow personal data to be processed in accordance with the law. Apart from explicit consent, personal data may also be processed if one of the other conditions listed below is met. The basis for personal data processing may be only one of the conditions listed below, or more than one of these conditions may be the basis for the same personal data processing activity. If the data processed is personal data of special nature; The following conditions apply.
- Having Explicit Consent of the Personal Data Owner
- Clearly Provided in Laws
- Failure to Obtain Explicit Consent of the Person Relevant Due to Actual Impossibility
- Directly Related to the Establishment or Performance of the Contract
- Fulfillment of the Institution's Legal Obligations
- Personal Data Owner's Publicization of Personal Data
- Data Processing Is Necessary for the Establishment or Protection of a Right
- Data Processing is Necessary for the Legitimate Interests of Our Institution
Building and Facility Entrances and Personal Data Processing Activities Performed within the Building and Facility
Our Institution complies with the regulations in the KVK Law when carrying out camera monitoring activities for security purposes.
Personal data processing activities are carried out to monitor the entrance and exit of patients, staff, visitors and supplier company employees through security camera monitoring in our institution's buildings and facilities.
Personal data processing is carried out by our Institution by using security cameras and recording guest entries and exits.
In this context, our Institution acts in accordance with the Constitution, KVK Law and other relevant legislation.
Video recordings of our visitors and audio recordings are taken where necessary through the camera monitoring system at the entrances of our institution's buildings, facilities and within the facility.
Our institution, within the scope of surveillance activities with security cameras; It aims to improve the quality of the service provided, to ensure its reliability, to ensure the safety of the institution, patients and employees, and to protect the interests of patients regarding the healthcare and other services they receive.
Only authorized institution employees and/or supplier company employees have access to the records recorded and preserved digitally.
In accordance with Article 12 of the KVK Law, our institution takes the necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring activities.
- PROCESSING OF SPECIAL PERSONAL DATA
Our institution strictly complies with the regulations stipulated in the KVK Law in the processing of personal data determined as "special nature" by the KVK Law.
In Article 6 of the KVK Law, some personal data that poses the risk of causing victimization or discrimination when processed unlawfully are designated as "special nature". These data; Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.
By our Institution in accordance with the KVK Law; Special categories of personal data are processed in the following cases, provided that adequate measures are taken to be determined by the KVK Board:
- If the personal data owner has explicit consent or
- If there is no explicit consent of the personal data owner;
- Special categories of personal data, other than the health and sexual life of the personal data owner, in cases stipulated by law,
- Special personal data regarding the health and sexual life of the personal data owner can only be used by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing. It is processed by.
- TRANSFER OF PERSONAL DATA
Our institution can transfer the personal data and sensitive personal data of the personal data owner to third parties by taking the necessary security measures in line with the legal personal data processing purposes. In this regard, our institution acts in accordance with the regulations stipulated in Article 8 of the KVK Law.
Your personal data, within the scope of the Law and other legislation and for the purposes stated above, the Ministry of Health, its sub-units and family medicine centers, private insurance companies (health, retirement and life insurance and similar), Social Security Institution, General Directorate of Security and other law enforcement authorities, General Directorate of Population Population, Turkish Pharmacists Association, courts and all public institutions and organizations without being bound by this, laboratories, medical centers and third parties providing health services in the country or abroad with which we cooperate for medical diagnosis (in case of explicit consent), the health institution to which the patient is referred or to which the patient applies, your authorized representatives, the institution you are affiliated with and/or work for, third parties from whom we receive consultancy, including lawyers, tax consultants and auditors, regulatory and supervisory institutions and public authorities, whose services we benefit from or Our support service providers with whom I cooperate, clinical management software (cloud system) accredited by the Ministry of Health used for clinic and patient management, and our business partners.
Transfer of Personal Data Abroad
Your personal data is not transferred abroad by us under any circumstances.
- CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
Even though it has been processed in accordance with the provisions of the relevant law, as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, personal data will be deleted and destroyed in accordance with the relevant procedures of our Institution or upon the request of the personal data owner, in case the reasons requiring processing are eliminated. or made anonymous.
In this context, our Institution trains, assigns and raises the awareness of relevant business units in order to fulfill its relevant obligations.
While the names and surnames of people coming to our Institution's buildings are obtained or through texts posted in the Institution or made accessible to guests in other ways, the personal data owners in question are clarified in this context.
Detailed information about the deletion, destruction and anonymization of personal data is provided in the "Personal Data Storage and Destruction Policy" published by our Institution.
- COMING INTO FORCE OF THE POLICY
AFM Oral and Dental Health HIZ.TİC.LTD.ŞTİ. The Personal Data Protection and Processing Policy comes into force upon signing on 31/12/2021. In case the entire Policy or certain articles are renewed, the effective date of the Policy is the date on which that article is revised for the renewed article.