Home

Turkish personal data protection law

ETHICS HEALTH SERVICES AND TRADE (INTERLIVA) DISCLOSURE TEXT ON THE PROCESSING OF PERSONAL DATA

“Kartaltepe Mah. İncirli Caddesi Limon Çiçeği Sokak No. 1 Bakırköy-İstanbul” As ETİK SAĞLIK HİZMETLERİ VE TİC. A.Ş. (hereinafter referred to as “Interliva”), which operates at the address “Kartaltepe Mah. İncirli Caddesi Limon Çiçeği Sokak No. 1 Bakırköy-İstanbul”, we prioritize the right to privacy, which is also a patient right, and the superior value of personal data in our medical center activities. With this awareness, we implement the necessary procedures to process and store the personal data of the persons associated with our medical center, including our patients, patients’ relatives, employees, who benefit from the health services we offer, in accordance with the Constitution of the Republic of Turkey and international conventions on human rights to which our country is a party and the Law No. 6698 on the Protection of Personal Data (“KVKK”). In addition, the provisions of the European Union General Data Protection Regulation (“GDPR”) are taken into consideration for our patients and related persons who are European Union citizens or within the scope of European Union legislation.

In accordance with the KVKK and as Data Controller, your personal data will be recorded, stored, updated, disclosed / transferred to third parties where permitted by the legislation, classified, anonymized where necessary, de-identified where necessary, destroyed and processed in connection with our activities and service purposes in the ways listed in the KVKK and within the limits prescribed by the legislation.

With this Clarification Text, enlightening information is conveyed in the capacity of “Data Controller” on how your personal data obtained within the scope of the health services we provide are processed (what kind of personal data we collect, how we collect, how we use, how we use, how we protect, how we transfer, how to delete, etc.).

Below is the information regarding the processing of your personal data by Interliva as the data controller;

1. WHAT ARE THE PERSONAL DATA AND PROCESSES COLLECTED BY INTERLIVA?

Depending on the health services offered or to be offered to you or your legal relationship with our company (employee, employee candidate, consultant, supplier, cooperation partner), your personal data that we collect for the purposes specified in Section 2 below, although its content varies, are listed below within the scope of the processes;

A. HEALTH SERVICE PROCESS

a. Appointment Process / Information Retrieval Process

In order to be able to create an appointment or to provide you with information when you request health services or information from Interliva, your personal data specified below are collected based on the legal reason that “it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “it is mandatory for the data controller to fulfill its legal obligation”;

Personal Data Collected from Potential Product or Service Buyer / Patient Candidate / Patient

Your identity information: Name, surname, date of birth,

Your Contact Information: Phone number, e-mail address.

Your Health Information: Your complaint as the basis for the application.

Your Customer Transaction Information: Your correspondence or interview data regarding the application.

Your Visual Data / Physical Space Security: Your visual data processed by camera recording during the visit to the medical center,

Your Visual Data / Physical Space Security: Your visual data processed by camera recording during the visit to the medical center,

Personal Data Collected from the Relative of the Potential Product or Service Recipient if the Appointment is Created by the Relative of the Potential Product or Service Recipient

Your Contact Information: Your phone number, e-mail address.

Other Information: Your proximity information with the patient, Data on the health complaints of your relative for whom you requested an appointment, Your correspondence or interview data regarding the application.

Your Visual Data / Physical Space Security: Your visual data processed by camera recording during your visit to the Medical Center.

b. Health Service Delivery Process

Personal Data Collected from the Person Receiving the Product or Service

Your identity information: Your name, surname, copy of your identity document or passport or driver’s license, Turkish ID number, passport number or temporary Turkish ID number, place and date of birth, marital status, gender, mother’s and father’s name, place of registration and other identity data that we can identify you.

Your Contact Information: Your contact data consisting of your address, telephone number, e-mail address, personal data obtained when you contact us by letter or other means, the name and surname of the person to be contacted in case of emergency and contact data.

Your Philosophical Belief, Religion and Sect Information: Your philosophical belief, religion and sect information that you would like to specify specifically within the scope of your story about your philosophical belief, religion and sect information within the scope of your health care story.

Your Accounting Information: Your bank account number, IBAN number, credit card information, billing information.

Your Insurance Data: Your private health insurance data and/or contracted institution data and/or Social Security Institution data for the purpose of financing and planning health services.

Your Visual Data: Your images of camera recordings kept for security and audit purposes within the scope of the Medical Center, your medical images / images of the face such as your mouth, mouth, chin, hair and head structure, your photographs / images before and after the treatment.

Audio and Visual Records: Your voice call recordings kept by customer representatives or patient services in accordance with call center standards,

Your Health Information: All kinds of your personal data related to health and sexual life obtained during or as a result of the execution of medical diagnosis, treatment and care services, including your laboratory results, test results, examination data, prescription information, your genetic data, blood type, intraoral measurements, past test results and reports, hair, skin and skull structure information, which are also linked to health data,

Transaction Security / Risk Management / Marketing Data: In accordance with the legislation, online identifying information and IP address information are collected during the website visit process. In addition, the IP address of website users is recorded in order to identify problems with the System and to quickly resolve problems or disputes that may arise regarding the service provided. IP addresses can also be used to identify users in a general way and to collect comprehensive demographic information. Website login and exit information, Password and password information Information processed for the management of commercial, technical and administrative risks, Survey, Cookie records, Information obtained through campaign work.

Your Customer Transaction Data: Your application data regarding your complaint or satisfaction within the scope of the Patient Rights Regulation. Call center records, Invoice information.

Your Legal Transaction Data: Information in correspondence with judicial authorities.

Personal Data Collected from Potential Product or Service Buyer Relatives

Your Identity Information: Your name, surname, degree of closeness with the prospective patient/patient.

Your Contact Information: Your telephone number.

Your Accounting Information: If you make a payment on behalf of the patient, your bank account number, IBAN number, credit card information.

Your Visual Data: Your camera recordings images that are kept for security and audit purposes within the scope of the Medical Center.

Other Data: Your application data regarding your complaint or satisfaction made to the Patient Communication Unit within the scope of patient rights and guest satisfaction.

Your Legal Process Data: Your information passed during correspondence with judicial authorities.

B. BUSINESS RELATIONSHIP PROCESSES

Personal Data Collected from Employees

Your Identity Information: Your name, surname, copy of your identity document or passport or driver’s license, Turkish ID number, passport number or temporary Turkish ID number, nationality, place and date of birth, marital status, gender, social security institution number.

Your Contact Information: Your official place of residence, telephone number, e-mail address and personal data obtained when you contact us via e-mail, letter, the name and surname of the person to be contacted in case of emergency and contact data.

Your Philosophical Belief, Religion and Sect Information: Your philosophical belief, religion and sect information that you would like to specify specifically and due to the fact that a photocopy of the identity card / passport is taken due to the legislation for the creation of the personal file.

Your Accounting Information: Your bank account number, IBAN number, wage data.

Your Health Information: Your blood type, health information.

Your Visual Data: Your photographs to be used in the processes within the scope of the personnel file due to the fact that you are an employee of our health institution, your data taken from the medical center cameras that are kept for security and audit purposes.

Auditory Records: Your voice recordings in case you take part in recorded calls in call center processes.

Professional Experience / Personal Data: Your curriculum vitae, diploma, education status, graduation information, foreign language skills, references, start date, incapacity report, courses attended, on-the-job training information, certificates, transcript information.

Criminal Conviction Data: Your criminal record. Information on criminal convictions, Information on security measures.

Process Security / Risk Management: Password and password information, log records are processed for workplace system security and order. IP address information, website login and exit information, password and password information, information processed for the management of commercial, technical and administrative risks.

Your Legal Process Data: Your information passed during correspondence with judicial authorities.

Transaction Security Data: Your IP address, password, log records.

Location and Vehicle Data: In case you have a workplace vehicle, your location data where the vehicle is located with the vehicle tracking system, vehicle license plate, vehicle license, device ID number, brand model, model year information and your computer usage location data in case of remote connection to the workplace server with the workplace computer.

Your Biometric Data: Fingerprint data.

Your Other Data: Your professional chamber information.

Personal Data Collected from Prospective Employees

Your Identity Information: Your name and surname.

Your Contact Information: Your telephone number.

Your Personal Data: Your curriculum vitae, your reference data.

Physical Space Security: Entry and exit registration information during medical center visit, Camera records

Risk Management: Information processed to manage commercial, technical and administrative risks

Professional Experience: Diploma information reported in the CV, Courses attended, On-the-job training information, Certificates, Transcript information

Visual Recordings: Camera recordings of the medical center visit.

C. CONTRACTUAL PROCESSES

Personal Data Collected from Consultants, Service Providers, Suppliers, Business Partners

Data Collected from Consultant, Service Provider, Supplier, Collaboration Partner Authorized

Your Identity Data: Your name, surname, Turkish ID number.

Your Contact Data: Your phone number, e-mail address, postal address.

Legal Action: Information in correspondence with judicial authorities, Information in the case file

Your Visual Data / Physical Space Security: Our visual data processed by camera recording during the visit to the Medical Center. Entry and exit registration information.

Risk Management: Information processed for the management of commercial, technical and administrative risks

Finance: Balance sheet information, Financial performance information, Credit and risk information, Asset information

Data Collected from Consultant, Service Provider, Supplier, Collaboration Partner Employee

Your Identity Data: Your name, surname, Turkish ID number.

Your Contact Data: Your phone number, e-mail address, postal address.

Your Visual Data / Physical Space Security: Visual data processed by camera recording during the visit to the Medical Center. Entrance and exit records.

Risk Management: Information processed for the management of commercial, technical and administrative risks.

D. WEBSITE VISITOR PROCESSES

Marketing Data: The IP address of website users is recorded in order to identify problems with the system and to quickly resolve problems or disputes that may arise regarding the service provided. IP addresses can also be used to identify users in a general way and to collect comprehensive demographic information. IP addresses, cookie records and log records are processed.

E. VISITOR PROCESSES

Your Visual Data / Physical Space Security: Visual data of individuals who visit the Medical Center for any reason, processed by camera recording.

2. PURPOSE AND LEGAL REASON FOR PROCESSING YOUR PERSONAL DATA

We process your personal data for the following purposes. In addition to the provisions specified in the legislation, in cases where it is necessary to process personal data belonging to the parties to the contract and data processing is mandatory for legitimate interest, processing is carried out by obtaining explicit consent as explained in Article 4 according to the nature of the data;

  • Basic Law No. 3359 on Healthcare Services, Law No. 1219 on the Practice and Execution of Medicine and Medical Arts, Decree Law No. 663 on Certain Regulations in the Field of Health, Regulation on Private Healthcare Organizations Providing Outpatient Diagnosis and Treatment Services, Law on the Protection of Personal Data, Regulation on Personal Health Data and other relevant regulations to fulfill our legal obligations,
  • Protection of public health, preventive medicine, medical diagnosis, treatment and care services for the provision of health services, hair transplantation and aesthetic services, Maintaining information about your health data that must be kept within the scope of the relevant legislation,
  • Maintaining information about your health data that must be kept within the scope of the relevant legislation,
  • Responding to written requests of official authorities such as Law Enforcement Forces, Courts, Enforcement Directorates, SSI, İŞKUR, embassies, sharing information requested with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation,
  • Providing information to prosecutors’ offices, courts and relevant public officials upon request and in accordance with the legislation in matters related to public security and legal disputes, fulfilling legal processes, and using it as evidence in order to fulfill the burden of proof in future legal disputes,
  • Preparation of power of attorney for the employees appointed as proxy by the senior management for the execution of various works on behalf of our Medical Center and having them notarized,
  • Planning and managing financing for the delivery of health services, billing,
  • Execution of finance and accounting transactions,
  • Execution of Company / Product / Service Loyalty Processes
  • Execution of Logistics Activities
  • Implementation of Social Responsibility and Civil Society Activities
  • Execution of Strategic Planning Activities
  • Ensuring the Security of Movable Property and Resources
  • Execution of Supply Chain Management Processes
  • Execution of Wage Policy
  • Execution of Marketing Processes of Products / Services
  • Ensuring the Security of Data Controller Operations
  • Execution of Investment Processes
  • Execution of Talent / Career Development Activities
  • Taking all necessary technical and administrative measures within the scope of data security of the Medical Center,
  • Planning and management of the internal functioning of the Medical Center, development of services, analysis, risk management and evaluation of quality processes,
  • Monitoring and preventing fraud and unauthorized transactions,
  • If you make an appointment, you can be notified about the appointment,
  • Verification of your identity,
  • Fulfillment of legal and contractual obligations, execution of works and transactions as a result of signed contracts and protocols,
  • Confirming your relationship with the institutions contracted with our Medical Center, sharing the information requested by the insurance companies you are insured with or the contracted institutions you are a member of within the scope of financing the health service provided,
  • Responding to all your questions and complaints about our health services,
  • Measuring patient satisfaction and improving patient satisfaction, training and developing our employees,
  • Supply of medicines or medical devices, implant materials and fulfillment of laboratory processes,
  • Fulfillment of risk management and quality improvement activities,
  • Participation in campaigns and providing campaign information by the Marketing, Media and Communication departments, designing and communicating special content, tangible and intangible benefits on web and mobile channels for marketing, promotion and other purposes,
  • In order to ensure the execution of our Medical Center’s human resources policies; the data of our employees, the Labor Law and labor and social security legislation, occupational health and safety and other legislation in force, as well as the execution of the obligations and activities in accordance with the legislation, as well as increasing the level of performance and employee satisfaction and ensuring work peace, the creation of the personnel file,
  • Realizing private pension deductions at legal rates and notifying the contracted banks on behalf of the employee,
  • Providing the necessary trainings to ensure the professional and personal development of employees, orientation of employees,
  • Execution of application processes for prospective employees,
  • Ensuring the security of the Medical Center, ensuring physical space security,
  • Execution of information security processes,
  • Ensuring transaction security,
  • To be able to carry out processes in case you visit our medical center in terms of guest data and use the website and social media accounts for any reason,

We process your personal data based on the Law No. 6698 on the Protection of Personal Data.

Your personal data may be transferred to physical archives and/or information systems within our medical center and/or contracted organizations and kept both in digital and physical environment. The results of examinations, reports, X-rays and all kinds of health data that you have delivered to our medical center regarding treatment processes such as examinations and reports in other health institutions may be destroyed within three months, unless you have not received them and/or it is determined by the physician that they are important for your patient file.

3. HOW DO WE COLLECT AND PROCESS PERSONAL DATA BY INTERLİVA?

Within the scope of KVKK and GDPR, any operation performed on data is accepted as “processing of personal data”. Your personal data that you share with Interliva is collected in the following ways;

PERSONAL DATA OF PATIENTS AND PATIENT RELATIVES

Personal data belonging to the patient and patient relatives are collected in the online system or by physically filling out forms or verbally declaring personal data. In this context, your personal data are collected verbally, in writing or electronically by filling out a form at www.interliva.com or when making an appointment via phone, phone application or e-mail for face-to-face service, when creating an appointment with your physical application to Interliva; during the service provided in our medical center, during admission to the medical center, when you use our website for information, appointment, complaint purposes for service provision, when you visit our medical center or our website and when you browse our website, your personal data are collected by verbally, in writing or electronically by obtaining, recording, storing, storing, changing, rearranging.

EMPLOYEE PERSONAL DATA

Personal data belonging to employees are collected from the relevant person by physically delivering documents or sending them by e-mail or mail.

PERSONAL DATA OF PROSPECTIVE EMPLOYEES

Personal data belonging to employee candidates are collected from the relevant person by physically submitting documents or sending them by e-mail or mail.

PERSONAL DATA COLLECTED FROM CONSULTANTS, SERVICE PROVIDERS, SUPPLIERS, BUSINESS PARTNERS/EMPLOYEES

Personal data belonging to the authorized person or employees of the private company from which the service is received are collected from the relevant person verbally with the contract between the parties or by sending them by e-mail or mail.

PERSONAL DATA OF WEBSITE VISITORS

Personal data belonging to the website visitor is collected by the system when the relevant person uses Interliva’s website.

VISITOR DATA

When visiting the Medical Center for any reason, visual data are recorded through the camera system.

4. ISSUES RELATED TO EXPLICIT CONSENT WITHIN THE SCOPE OF THE PROCESSING CONDITIONS OF PERSONAL DATA

Within the scope of Articles 5 and 6 of the KVKK, “personal data cannot be processed without the explicit consent of the person concerned”. However, the following cases are listed as exceptions to this situation;

  • It is clearly stipulated in the laws.
  • It is mandatory for the protection of the life or physical integrity of the person himself/herself or of another person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.
  • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract.
  • It is mandatory for the data controller to fulfill its legal obligation.
  • It has been made public by the data subject himself/herself.
  • Data processing is mandatory for the establishment, exercise or protection of a right
  • Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject

However, we would like to point out that these exceptions do not apply to all personal data of a special nature and in all cases. Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are personal data of special nature and cannot be processed without the explicit consent of the data subject. If regulated by law, explicit consent is not required for personal data other than health and sexual life.

Personal data relating to health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the data subject. The health report and, where necessary, health examinations of employees are processed by the workplace physician within the scope of occupational health and safety without obtaining explicit consent.

For this reason, due to the provision of health services, we process the health data of our patients and, if necessary, their sexual life data and/or related genetic data without obtaining explicit consent.

In cases regulated by the law, we process private data other than health and sexual life without obtaining explicit consent.

We process all other special categories of personal data with your explicit consent.

In short, your personal data will be processed in accordance with the law and the rule of honesty, in connection with the purposes of processing, in a limited and measured manner, accurately and up-to-date, for specific, clear and legitimate purposes.

5. PERSONS AND ORGANIZATIONS TO WHOM YOUR PERSONAL DATA MAY BE TRANSFERRED

Institutions or organizations permitted by the provisions of the Basic Law No. 359 on Health Services, Law No. 1219 on the Practice and Execution of Medicine and Medical Arts, Regulation on Private Health Institutions Providing Outpatient Diagnosis and Treatment Services, Law No. 6698 on the Protection of Personal Data, Regulation on Personal Health Data and other relevant legislation, the Ministry of Health and its sub-units, security forces affiliated to the Ministry of Interior, law enforcement officers, prosecution authorities, courts, other official authorities authorized by law, private insurance companies, our direct/indirect domestic shareholders, our lawyers in case of a possible legal dispute, consultants, representatives of official institutions authorized to inspect our medical center, auditors, business partners, third parties consisting of laboratories, centers, health institutions that we cooperate with for the provision of health services, domestic organizations and foreign organizations from which we receive contractual services to carry out our activities, cooperate, use e-mail and website infrastructure, systems and programs.

6. WHAT SHOULD YOU DO IF YOUR PERSONAL DATA CHANGES?

If there is a change in your personal data, you should tell us so that we can update our records. In addition, in accordance with our procedures, your consent will be requested from you in order to check the accuracy and currency of some of your personal data, especially your contact and address data.

7. PERSONAL DATA OF CHILDREN

Under the laws of the Republic of Turkey, we may process personal data of individuals under the age of 18 with the consent of the minor’s parent or guardian. Although there are different legal regulations in the 13-16 age range within the scope of the European Union, please contact our company if you have an additional request.

8. RIGHTS OF THE PERSONAL DATA OWNER IN ACCORDANCE WITH KVKK NUMBERED 6698

Pursuant to Article 11 of the KVKK No. 6698, the rights of the Personal Data Owner are as follows:

By applying to us in accordance with the legislation regarding your processed personal data,

  • Learn whether personal data is being processed,
  • Request information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used for their intended purpose,
  • To know the third parties to whom personal data are transferred domestically or abroad
  • To request correction of personal data in case of incomplete or incorrect processing,
  • To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK (since personal data within the scope of health is obliged to be kept within the scope of the legislation, the right to deletion will be evaluated in accordance with the Regulation on Personal Health Data).
  • In case of correction, deletion or destruction of personal data, to request that these transactions be notified to third parties to whom personal data are transferred, (since personal data within the scope of health are obliged to be kept within the scope of the legislation, the right to deletion will be evaluated in accordance with the Regulation on Personal Health Data).
  • To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
  • In case of damage due to unlawful processing of personal data, to demand compensation for the damage,

you have these rights.

In addition to the above-mentioned rights listed in the KVKK, the following rights are available within the scope of the GDPR provisions for health tourist patients and related persons who are European Union citizens or in the GDPR application area.

  • Right to be Forgotten: You have the right to request the deletion of your data within the scope of the right to be forgotten in connection with the right to erasure, except in exceptional cases regulated in the GDPR.
  • Data Portability: You have the right to transfer your data to another data controller other than us, except in exceptional cases and in cases where the place of service provision is subject to the laws of the Republic of Turkey by evaluating the service provided to you and does not contradict the mandatory provisions of the KVKK.
  • Right to Restrict Data Processing: When exercising your right to data deletion, you have the right to data restriction in certain circumstances.

In addition, where we have obtained your consent to process your personal data for a specific purpose (e.g. for a research project) or to provide you with informative promotional activities, you can withdraw your consent at any time.

In order to exercise your above-mentioned rights, you can fill out the “Application Form in accordance with the Law on the Protection of Personal Data” on the web address www.interliva.com and send it to “Kartaltepe Mah. İncirli Caddesi Limon Çiçeği Sokak No. 1 Bakırköy-İstanbul / Türkiye” by hand in person, through a notary public or by registered mail with a note “Personal Data Information Acquisition Request”. In addition, if necessary, you can contact the e-mail address with the extension [email protected] or the telephone line 0212 542 01 19 / 0212 542 01 11.

During the application, we reserve the right to request the presentation of identity card for the purpose of confirming identity information.

Your applications within this framework will be finalized within a maximum of 30 days. Such applications are free of charge, and in case the transaction requires an additional cost pursuant to the second paragraph of Article 13 of the Law, the fee in the tariff determined by the Board will be charged by our company.