Merkez District, Cenere Street, Tempocity No:26/2, Kağıthane, Istanbul

PERSONAL DATA PROTECTION LAW

As the data controller of DR ÇINAR GAFFARI, we attach great importance to the protection of your personal data within the scope of the Personal Data Protection Law No. 6698 (“Law”) and the relevant sub-legislation, as well as in accordance with the General Data Protection Regulation GDPR (General Data Protection Regulation). This Clarification Text on Processing and Protection of Personal Data has been prepared in order to inform you about the sources from which we obtain your personal data, our legal reasons for obtaining and processing personal data, the purposes for which we process your personal data, whether we transfer personal data and to whom for what purposes, and your legal rights.

DR ÇINAR GAFFARİ processes your personal data in accordance with the law. It prevents unlawful processing of your personal data and unlawful access to this data. It has taken all necessary technical and administrative measures to ensure the most appropriate level of security to ensure the protection of personal data.

PEOPLE WHOSE DATA WE PROCESS

DR ÇINAR GAFFARİ, as the data controller, processes personal data limited to the following groups of persons.

Workers

Our Labor Candidates (including reference persons declared by job applicants)

Interns and On-the-Job Training Trainees,

Our patients

Persons who are interviewed or communicated with for the purpose of diagnosis, treatment or receiving a service of this kind,

Relatives and companions,

Parties to all kinds of commercial activities or authorized or employees of persons or companies with whom we cooperate or will cooperate due to commercial activity (Supply, advertising, support, marketing, accommodation, transportation, reference sources, etc.)

Shareholders or shareholder negotiations,

Legal Advisors, Lawyers and Consultants or authorized or employees of consulting companies,

Visitors

Legal representatives, parents, guardians or custodians of all data subjects

Persons who are parties to legal proceedings and their legal representatives

Third parties that we have contacted even though they have no commercial or legal connection with our company.

PERSONAL DATA WE PROCESS

DR ÇINAR GAFFARİ, as the data controller, processes the following personal health data, general and special categories of personal data in accordance with the principles of “compliance with the law”, “necessity”, “fitness for purpose” and “limitation”.

Identity Data

All data related to the identity of the persons whose data will be processed, such as name-surname, nationality, Turkish ID number, passport number and information or temporary Turkish ID number, place and date of birth, marital status, gender information.

Contact Data

All communication data such as residential address, correspondence address, mobile phone number, e-mail address.

Audiovisual Data

Image and sound recordings taken by the camera system recorded by the company security cameras in closed circuit, voice call recordings kept if you contact our call center, personal data taken in photograph or video recording for the purpose of confirming and proving that the promotion, research, medical or aesthetic / cosmetic procedure is carried out with special written consent and permission (consent) or for the purpose of convincing other patient candidates to the medical procedure are the data within this scope.

Personal Data

Data on personal transactions of workers, such as date of employment, wages, number of days worked per month, etc., as required by law or labor contract.

Education Data

Data on the educational status of workers, prospective workers, trainees or on-the-job training trainees or other relevant persons employed by the company.

Job and Occupation Data

All data relating to work or occupation in respect of workers, prospective workers, trainees or on-the-job training trainees or other relevant persons employed by the company (including data on professional experience, diplomas, courses)

Comment and Complaint Data

Comment and complaint data transmitted to our Company by giving approval and consent through the website or other channels in order to evaluate the services we offer.

Location and Location Data

Address or location data that persons transmit by any means and with their consent.

Transaction Security Data (IP Data and Cookies)

This includes IP address, browser information, website login, logout and password information (Mac ID, IP address information, website login, logout and password information).

Legal Data

All data relating to persons being plaintiffs, defendants and enforcement data. Data related to the employees working in the company and any person who has a lawsuit or enforcement proceedings with the company.

Financial Data

Data such as bank account number and IBAN number of individuals. Data requested and processed in terms of workers working in the company and patients receiving services from the company.

Health Data

All kinds of health data obtained during the execution of medical diagnosis, treatment and care services, such as laboratory and imaging results, medical test results, blood type, examination data, prescription information, which are required to be followed up in medical files for legal reasons and processed with the consent of the person. In addition, the health report and other medical documents in the employee personnel file of workers are also within this scope.

Vehicle License Plate Data

In case of using the company’s parking lot or private valet service, vehicle license plate data is within this scope.

Customer Transaction Data

Call center records, invoices, bills, promissory notes, checks, box office receipts, order information, request information, etc. are data within this scope.

Dress Code Data

Body data such as fixtures, uniforms, materials and shoe numbers are included in this scope.

Biometric Data

This includes palm data, fingerprints, retinal scans, facial recognition, etc.

Risk Management Data

This includes data processed for the management of commercial, technical and administrative risks.

Physical Space Security

Entry and exit registration information of employees and visitors, security camera records are data within this scope.

Association, Foundation and Trade Union Data

Association and foundation data may be required for social responsibility and workplace organizations, and union data may be required for union dues deduction.

III. PROCESSING OF PERSONAL DATA

A. OBTAINING PERSONAL DATA

1.Through Which Channels and How Personal Data is Collected

Your Personal Data;

1.2. As a result of the interview with our call center,

1.3. As a result of the interview made through the live support application on our website,

1.4.DR ÇINAR GAFFARİ, as a result of the interview to be held by contacting the doctors or relevant staff via telephone WhatsApp App or e-mail,

1.5.DR ÇINAR GAFFARİ, as a result of the communication established through the phones in the use of marketing and promotion personnel or through applications such as SMS or WhatsApp,

1.6.DR ÇINAR GAFFARİ, in case of your application, as a result of your interviews with doctors or relevant personnel via phone, SMS or WhatsApp etc. applications,

1.7. If you apply to DR ÇINAR GAFFARİ, as a result of face-to-face interviews with doctors or relevant staff,

1.8. Personal data are included in the contracts and other commercial activity documents and communication platforms of the person and company officials or employees with whom business relations are made as required by the commercial activity,

1.9. As a result of the inclusion of personal data on the contracts and other commercial activity documents and communication platforms of our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies,

1.10. As a result of applications made through panels such as “contact us” or “get information” through its promotion and advertisement on social media,

1.11. As a result of requesting personal data requested by the legislation in order to connect to the broadcast on the wireless network (Wi-Fi) broadcast special for guests within the scope of wireless Internet service and mobile phone number for encryption,

1.12. Obtaining data by recording the MAC ID (Device Identification Information) from the entries made to the website,

1.13.DR ÇINAR GAFFARİ, although it has no commercial or legal connection with DR ÇINAR GAFFARİ, in the event that we are contacted or if we are contacted, personal data are included in the communication platforms of third parties,

1.14. Similarly with other lawful means of data retrieval,

It is obtained from channels such as.

B. PURPOSES AND LEGAL REASONS FOR PROCESSING PERSONAL DATA

1. Purposes of Collection and Processing of Personal Data

Your personal data mentioned above and your sensitive personal data will be processed for the following purposes.

1- Fulfillment of legal obligations and execution of all kinds of work within the scope of its field of activity within the legal framework,

2-Fulfillment of the provisions of the contract,

3-Provision of Health Services (Medical or medical/cosmetic diagnosis, examination, treatment and all kinds of care services)

4- Commercial activity and business management requirements,

5-Sectoral (health) requirements;

5.1. Protection of public health, preventive medicine, medical diagnosis, treatment and care services, with or without patients,

5.2. Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations in accordance with health legislation,

5.3. Financing of health care services by patient services, financial affairs, marketing departments, covering the costs of examinations, diagnostics and treatment,

5.4. Informing patients about the appointment through the customer representative, call center and other channels,

5.5. Patient services, identity confirmation by other operation units,

5.6. Measuring, increasing and researching patient satisfaction by hospital management, patient rights, patient experience departments,

5.7. Invoicing by patient services, financial affairs, marketing departments,

5.8. Responding to all kinds of questions and complaints regarding health services by the hospital management, patient rights and call center, patient relations department,

6.Technical requirements;

6.1. Call center, patient relations, planning and management of internal functioning of the institution by hospital management,

6.2.Service delivery quality, patient experience, research and analysis conducted by IT departments to improve the quality of health services,

6.3.Training of workers by human resources management and quality departments,

6.4. Monitoring and prevention of abuse or unauthorized transactions by internal audit and IT department,

6.5. fulfillment of risk management and quality improvement activities by quality, IT departments,

6.6.Taking all necessary technical and administrative measures within the scope of data security by the hospital management and IT department,

6.7. Ensuring the necessary communications by the officials in order to fulfill transportation, accommodation and hospitality services within the scope of health tourism,

6.8. Participation in campaigns and providing campaign information by the patient relations, marketing, call center, department, designing special content, tangible and intangible benefits on the web and other mobile channels, social media and communicating them to the interlocutors,

6.9. To be able to fulfill training and activities by the educational institutions with which the institution cooperates,

2.Legal Grounds for Collection and Processing of Personal Data

Your personal data mentioned above and your sensitive personal data;

Basic Law No. 3359 on Health Services,

Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations,

Law No. 6698 on the Protection of Personal Data,

Regulation on Private Hospitals,

Regulation on Processing and Protection of Privacy of Personal Health Data

Law No. 1774 on Identity Notification,

Labor Law No. 4857,

Law No. 5510 on Social Security and General Health Insurance,

It will be processed on legal grounds.

As stated in Article 6, paragraph 3 of the Law No. 6698 on the Protection of Personal Data, personal data on health and sexual life can only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without seeking the explicit consent of the person concerned.

C. TRANSFER OF PERSONAL DATA

Your personal data,

Basic Law No. 3359 on Health Services,

Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations,

Law No. 6698 on the Protection of Personal Data and all relevant sub-legislation,

Regulation on Private Hospitals,

Regulation on Processing and Protection of Privacy of Personal Health Data

Law No. 1774 on Identity Notification,

Labor Law No. 4857,

Law No. 5510 on Social Security and General Health Insurance,

Within the framework of its provisions and for the purposes described above;

The Ministry of Health, its sub-units and family medicine centers,

Private insurance companies (health, pension, life insurance and similar),

Social Security Institution,

Ministry of Family Labor and Social Policies,

General Directorate of Security and other law enforcement agencies,

General Directorate of Population and Citizenship Affairs,

Other authorized official institutions and organizations,

Pharmacists Association of Turkey,

Judicial authorities, enforcement agencies, mediators,

Laboratories, medical centers, ambulances, medical devices and health service providers in Turkey or abroad with which we cooperate for medical diagnosis and treatment,

The health facility to which the patient is referred or to which the patient presents himself/herself,

Legal representatives, parents and guardians authorized in writing

All natural or legal third parties, including lawyers, tax consultants and auditors, with whom we work under the contract,

Regulatory and supervisory bodies and government authorities,

Companies within the group of companies to which our hospital is affiliated,

Banks where our company or any of our patients or employees who are related to our company under any contract with our company have accounts,

Private pension companies worked within the scope of mandatory or voluntary PPS (Private Pension System),

Our suppliers, support service providers, archive service providers and business partners whose services we benefit from or cooperate with (for more detailed information, you can obtain information by applying to our hospital in writing).

To our business partners and business contacts,

Shareholders and real or legal persons with whom shareholder negotiations are made

Outsourcing service providers,

Cargo or courier companies,

Air, land or sea passenger transportation companies,

Will be Shared with.

IV.OUR PRECAUTIONS AND COMMITMENTS FOR THE PROTECTION OF PERSONAL DATA

DR ÇINAR GAFFARİ, in its capacity as data controller, protects your personal and sensitive personal data mentioned above in its own physical and electronic environments with great sensitivity and in full compliance with the provisions of the legislation, by taking all kinds of administrative and technical measures.

DR ÇINAR GAFFARİ has taken all kinds of administrative and technical measures to protect your personal data, as recorded in VERBIS and included in the Personal Data Inventory.

DR ÇINAR GAFFARİ is committed to protecting all personal data. In order to prevent unlawful processing and access to personal data and to ensure the protection of personal data, technical and administrative measures to ensure the appropriate level of security are carried out using various methods and security technologies.

DR ÇINAR GAFFARİ will not disclose the personal data it obtains to anyone else in violation of the provisions of the Personal Data Protection Law No. 6698 and will not be used for purposes other than processing.

DR ÇINAR GAFFARİ has prepared and ensured that all warning or consent statements and undertakings are prepared and signed in cases where it is mandatory and necessary to share (transfer) personal data with outsourcing service providers and suppliers, consultants or lawyers, and has implemented the necessary multi-faceted audit activities.

V. PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES

DR ÇINAR GAFFARI does not position cookies on its website. During the use of our website and mobile application, IP address, browser information (Mac ID, IP address information, website login, logout and password information) are not received.

VI. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA

Pursuant to Article 11 of the Law on the Protection of Personal Data, you may exercise your rights regarding the processing and protection of your personal data, provided that you prove your identity, by applying to DDR ÇINAR GAFFARİ as the Data Controller in the following ways.

A. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

1.To learn whether your personal data is being processed,

2. To request information if your personal data has been processed,

3. To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,

4. To know the third parties to whom your personal data is transferred domestically or abroad,

5. To request correction of personal data in case of incomplete or incorrect processing

  1. Request deletion or destruction of personal data,
  2. In the event that your personal data has been transferred to third parties, in case your personal data is incomplete or incorrectly processed, to request the correction of these and the deletion or destruction of personal data to be notified and communicated to the relevant third party,

8. To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

9. To demand compensation for damages in cases of damage due to unlawful processing of personal data,

you have rights.

You can request the destruction (deletion, destruction or anonymization) of your personal data within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law. However, by evaluating your request for destruction, which method is appropriate will be evaluated by our company according to the conditions of the concrete event. In this context, you can always request information about why we have chosen the destruction method we have chosen.

Personal data collected about persons under 18 years of age is limited to their name, surname, age and degree of closeness, and this data can only be given to us by the relevant adult (parent or guardian).

SITUATIONS EXCLUDED FROM THE SCOPE OF THE RIGHT TO APPLY

Pursuant to Article 28 of the Law on the Protection of Personal Data, it will not be possible for personal data owners to assert their application rights since the following cases are excluded from the scope of the KVK Law:

Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.

Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.

Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.

Processing of personal data by judicial or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.

Pursuant to paragraph 2 of Article 28 of the Law on the Protection of Personal Data, except for the right to claim compensation for damages, it is not possible to assert rights in the following cases:

Processing of personal data is necessary for the prevention of crime or criminal investigation,

Processing of personal data made public by the data subject himself/herself,

Personal data processing is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law,

Processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and fiscal matters.

B. WAYS TO CONTACT OUR COMPANY TO EXERCISE YOUR RIGHTS

Your rights under the Law on the Protection of Personal Data;

1- By filling out the Application Form on the Protection of Personal Data on our company’s website address “www.drcinargaffari.com”,

2- By coming to Yahya Kemal Mahallesi Cendere Caddesi Engin Sokak Vera Rezidans a blok no 93 Kağıthane/ İstanbul address where the headquarters of our company is located, filling out the Application Form on the Protection of Personal Data to be obtained from the Human Resources Management department and submitting it in person against signature,

3-Sending a letter through a notary public,

4- You can use info@www.drcinargaffari.com e-mail address with secure electronic or mobile signature or by sending an e-mail to the registered e-mail address.

Depending on the nature of your request and the application method, the Company may request additional verifications (such as sending a message to your registered phone, calling you) in order to determine whether the application belongs to you and thus protect your rights. For example, if you apply through your e-mail address registered with the Company, you may be contacted using another communication method registered with the Company and asked to confirm whether the application belongs to you.

Your requests in your application will be finalized free of charge as a rule within thirty working days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, a fee not exceeding 50 (Fifty) TL in total may be charged, as specified in the Communiqué on the Procedures and Principles of Application to the Data Controller published by the Personal Data Protection Authority in the Official Gazette dated 10.03.2018 and numbered 30356. If your application is caused by the error of our company, which is the Data Controller, the paid fee will be refunded to you.

Your duly made requests regarding the Protection of Personal Data will be concluded, generally free of charge, within thirty working days at the latest upon receipt by our company.

In case of your application, “DR ÇINAR GAFFARI,” has the right to request some verifying information from you in order to confirm that you are the right person. Unless you cancel your application, you are deemed to have accepted these requests of DR ÇINAR GAFFARİ.

CONSENT and APPROVAL

When you read this Clarification Text, you are deemed to have accepted, declared and undertaken that you have full and complete information about the fact that DR ÇINAR GAFFARİ carries out a data processing process in this context and that you have been informed about the processes of processing your personal data and that you consent to the processing of your personal data.