INFORMATION ON PROCESSING OF PERSONAL DATA

Hisar Europe Health Services Ind. and Tic. Inc. (“Hisar Europe ADSP”) places great importance on the security of your personal data. With this awareness, we handle and safeguard all types of personal data entrusted to us through various channels such as Call Centers, internet, mobile applications, physical spaces, and similar, in the best possible manner and with utmost care. As the Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”) and relevant legislation, we process your personal data as outlined below:

Collection, Processing, and Purposes of Processing Personal Data

In order to provide you with high-quality services, we obtain your personal data verbally, in writing, visually, or electronically through channels such as Call Centers, internet, mobile applications, physical locations, and others, depending on the nature of the service provided.

Within this framework, some of the main categories of personal data, including primarily personal health data obtained for the execution of all medical diagnosis, examination, treatment, and care services, are as follows:

Your name, surname, Turkish Identification Number (TC Kimlik No), passport number or temporary TC Kimlik number if you are not a Turkish citizen, place and date of birth, marital status, gender information, identity data such as your Turkish Identification Card or Driver’s License photocopy presented by you,
Your address, phone number, email address, and other contact details,
Your financial data such as bank account number, IBAN number,
Medical data related to health and sexual life obtained during the execution of medical diagnosis, treatment, and care services, including laboratory and imaging results, test results, examination data, prescription information, and other personal health data,
Your responses and comments shared to evaluate our services,
Closed-circuit camera system footage and audio recordings taken during your visits to our hospitals,
Voice call recordings maintained when contacting our Call Centers,
Data related to private health insurance for financing and planning health services, and Social Security Institution data,
Your vehicle plate number if you use our parking and valet services,
Navigation information obtained during the use of our website and mobile application, IP address, browser information, and medical documents, surveys, form information, and location data that you voluntarily provide,
Your above-mentioned personal data and sensitive personal data may be processed for the following purposes:

Protection of public health, preventive medicine, medical diagnosis, treatment, and care services,
Sharing information requested by the Ministry of Health and other public institutions and organizations in accordance with relevant legislation,
Compliance with legal and regulatory requirements,
Billing and sharing required information with private insurance companies within the scope of Healthcare Services, Finance, and Marketing departments,
Informing you about your appointments through our Call Centers and Digital Channels,
Verification of your identity by our Healthcare Services, Healthcare Professionals, and Call Center departments,
Planning and managing internal operations by Hospital Management,
Analysis of healthcare services for improvement purposes by Quality, Patient Experience, and Information Systems departments,
Providing training to our employees by Human Resources and Quality departments,
Monitoring and preventing abuse and unauthorized transactions by Audit and Information Systems departments,
Implementation of risk management and quality improvement activities by Quality, Patient Experience, and Information Systems departments,
Invoicing for our services by Healthcare Services, Finance, and Marketing departments,
Verification of your relationship with institutions contracted with our hospital by Healthcare Services, Finance, and Marketing departments,
Responding to any questions and complaints regarding our healthcare services by Hospital Management, Patient Rights, Patient Experience, and Call Center departments,
Taking all necessary technical and administrative measures for data security of our hospital systems and applications by Hospital Management and Information Systems departments,
Participation in campaigns and provision of campaign information by Marketing, Media and Communication, and Call Center departments, designing and communicating special content, tangible and intangible benefits on web and mobile channels,
Measurement, enhancement, and investigation of patient satisfaction by Hospital Management, Patient Rights, and Patient Experience departments,
Conducting education and teaching activities by educational institutions in collaboration with our institution.

Your personal data and sensitive personal data mentioned above may be carefully preserved and stored in physical and electronic archives within Hisar Europe ADSP and external service providers, in compliance with legislation.

Transfer of Personal Data

In accordance with the Law No. 6698 on the Protection of Personal Data, Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Its Affiliated Institutions, Private Hospitals Regulation, Regulation on Processing and Protection of Private Health Data, Ministry of Health regulations, and other legal provisions:

Your personal data may be shared with entities such as the Ministry of Health, its affiliated units, and family health centers,
Private insurance companies (health, retirement, life insurance, etc.),
Social Security Institution,
General Directorate of Security and other law enforcement agencies,
General Directorate of Population,
Turkish Pharmacists Association,
Judicial authorities,
Laboratories, medical centers, ambulances, medical device and healthcare service providers with whom we collaborate domestically or internationally for medical diagnosis and treatment,
Healthcare institution to which the patient is referred or where the patient himself/herself applies,
Your authorized legal representatives,
Third parties such as our lawyers, tax advisors, auditors, and other consultants, including those we work with,
Regulatory and supervisory authorities and official authorities,
Your employer,
Our suppliers, support service providers, archive service providers, and business partners with whom we benefit from services or collaborate (for more detailed information, you can apply to our hospital in writing).

Method of Personal Data Collection and Legal Basis

Your personal data is collected and processed in all verbal, written, visual, or electronic forms within the legal framework to fulfill all legal and contractual obligations of Hisar Europe ADSP and to conduct all kinds of business related to Hisar Europe ADSP’s activities within its field of activity. The legal basis for the collection of your personal data is:

Law No. 6698 on the Protection of Personal Data,
Health Services Basic Law No. 3359,
Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Its Affiliated Institutions,
Private Hospitals Regulation,
Regulation on Processing and Protection of Private Health Data, Ministry of Health regulations, and other legal provisions.

Additionally, as stated in Article 6, Paragraph 3 of the Law, personal data related to health and sexual life may only be processed without the explicit consent of the data subject by persons or authorized institutions and organizations under the obligation of confidentiality, for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and financing.

Your Rights Regarding Protection of Personal Data

According to the Law and related regulations:

Learning whether personal data is processed,
Requesting information if personal data is processed,
Access to personal health data and requesting this data,
Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
Knowing the third parties to whom personal data is transferred domestically or abroad,
Requesting correction if personal data is incomplete or incorrectly processed,
Requesting deletion or destruction of personal data,
Requesting notification of the transactions made regarding correction and/or deletion or destruction of personal data to third parties to whom personal data is transferred,
Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
Having the right to demand compensation if personal data is processed unlawfully and causes damages.

Data Security and Right to Apply

Your personal data is meticulously protected within the technical and administrative possibilities and provided at an appropriate level against possible risks by taking necessary security measures and technological opportunities into consideration.