General Data Protection Regulation

METROPOLMED LAW ON PROTECTION OF PERSONAL DATA LIGHTING TEXT

MetropolMed Health Group (Referred to as the Company or the Hospital) will be able to process your personal data as Data Controller within the scope of the Personal Data Protection Law No. 6698 (Law) and the European Union General Data Protection Regulation (“GDPR”) and the relevant legislation.

You can find detailed information about the protection, processing, storage and destruction of your personal data under the heading "Personal Data Protection and Privacy" on our website.

A. COLLECTION, PROCESSING AND PROCESSING PURPOSE OF PERSONAL DATA

1. COLLECTION OF PERSONAL DATA

Your personal data that you share with our company, with automatic or non-automatic methods, offices, agencies, branches, call center, website, social media channels, sms channels, mobile applications and business/program partner through similar means, verbally, in writing or electronically.
 
The company may use cookies to better offer its services and to adapt the content to individual needs and interests. Disabling cookies in the browser does not prevent the use of the services on the website, but it may cause some technical problems. Cookies are also used to collect general, statistical information about the user's use of the website. Our detailed cookie policy is available on our site.
 
Personal data can also be collected from digital media such as company websites, software and applications made available on computers or some smart devices, and social media accounts activated by persons authorized to provide services on behalf of the company.
 
Video recordings of our visitors are taken through the camera monitoring system at our company's building, facility entrances and inside the facility. The company, within the scope of monitoring with security cameras; It aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of our company, customers and other people, and to protect the interests of the customers regarding the service they receive. Our detailed lighting text regarding the camera monitoring activity is available on the site.
 
2. PROCESSING PERSONAL DATA

The company may process your private and general personal data, especially your health data, for the stated purposes:

  • Your identity information: Your name, surname, T.C. Your ID number, passport number or temporary TR ID number, place and date of birth, marital status, gender, insurance and/or any other identification data that can identify you;Your Contact Information: Your address, telephone number, e-mail address and other communication data, your voice call records kept by customer representatives or customer services in accordance with call center standards, and your personal data obtained when you contact us via e-mail, letter or other means; your other personal data that you send to us through our communication channels,
  • Family Members and Close Information, children, spouses and identity information of the data owner,
  • Your Bank Account Information: Your financial data such as your bank account number, IBAN number, credit card information only on the slip, billing and billing information,
  • Physical Space Security Information, If you use the parking lot belonging to our customers, your vehicle plate information, visit information, entry and exit information, your images obtained from the constantly recorded camera records in the common areas, your sound recording,
  • Legal Transaction Information, information requests received from judicial and administrative institutions, data generated as a result of audits and inspections, your other personal data, including the CV provided in case you apply for a job with the Company, and your service contract if you are a company employee or a related employee. All your personal data, Your data on private health insurance and Social Security Institution data for the purpose of financing and planning health services,
  • · Marketing Information, targeting information that may affect the service, cookie records, surveys completed by our customers, letters of thanks and complaints, satisfaction results, etc. notifications you make to evaluate,
  • Special Quality Personal Data, data on race, health and sexual life, data on criminal convictions and security measures, biometric data, in particular the information required to be obtained as required by the service provided or legal regulations.

3. PURPOSE OF PROCESSING PERSONAL DATA

Your personal data shared by you;

  • Ø In order to benefit you and/or the institutions and organizations you represent from the products and services offered by our company, it is the core of our company's commercial and business strategies.
  • Ø Carrying out necessary studies, including, but not limited to, development and implementation of marketing activities, business development and planning activities,
  • Ø Ensuring the physical security and control of the locations in use by our company,
  • Ø Establishing business partner/customer/supplier (authorized or employees) relations,
  • Ø Ensuring contractual requirements and financial reconciliation regarding the products and services offered with our business partners, suppliers or other third parties,
  • Ø Follow-up of legal and administrative affairs, human resources policies,
  • Ø It may be processed for the purpose of calling our company's call center or using the website and/or participating in training, seminars or organizations organized by our company.

4. STORAGE OF PERSONAL DATA

a) Your personal data will be stored in electronic and/or physical media. Necessary business processes are designed and technical security infrastructure developments are implemented in order to prevent your personal data provided and stored by our company from being exposed to unauthorized access, manipulation, loss or damage in the environments where they are stored.
b) Your personal data will be processed by taking all necessary information security measures, provided that it is not used outside of the purposes and scope notified to you, and will be stored and processed during the legal retention period or, if such a period is not foreseen, for the period required by the processing purpose. When this period expires, your personal data will be removed from our Company's data streams by deletion, destruction or anonymization methods.
c) The company adopts the principle of acting in accordance with the law when sharing data with both business and solution partners. Data is shared with business and solution partners with the commitment of data confidentiality and only as much as the service requires, and these parties are compelled to take measures to ensure data security.
d) About the Regulation of Trade. About Commercial Communication and Commercial Electronic Messages by Law. In accordance with the regulation, e-mails for advertising purposes can only be sent to people with prior approval. The explicit consent of the person to whom the advertisement is sent is required. The Company complies with the details of the "approval" determined in accordance with the same legislation. This approval can be obtained in writing, in the physical environment or by any electronic means of communication.
e) If a contractual relationship is established with our customers and prospective customers, the collected personal data can be used without the customer's consent. However, this use takes place in line with the purpose of the contract. On the other hand, the data left to us by our prospective customers (prospective customers) are processed in order to provide them with an easier and higher quality service afterwards. These data are deleted upon request, if there is no contractual relationship.
f) The data that reaches our company are only processed into the system as much as necessary. Redundant information is not recorded in the system, deleted or anonymized. These data can be used for statistical purposes.
g) Your personal data that we have mentioned above, Health Services Basic Law No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Hospitals, Regulation on the Processing of Personal Health Data and Protection of Privacy and Ministry of Health regulations and other legislation provisions. Within the scope of the disclosure obligation of the data controller, we inform you that it can be processed within the framework of the HOSPITAL and/or transferred to the physical archives and information systems of our suppliers, and can be kept in both digital and physical environment.
 
B. TRANSFER OF PERSONAL DATA
Ø The Company, in accordance with the additional regulations listed in Articles 8 and 9 of the Law and determined by the Personal Data Protection Board; If there are conditions for the transfer of personal data, it can transfer personal data at home or abroad.
Ø Transfer of personal data to third parties in the country, in the presence of at least one of the data processing conditions in Articles 5 and 6 of the Law, and on condition that the basic principles regarding data processing conditions are complied with, your personal data can be transferred by the company.
Ø The transfer of personal data to third parties abroad, upon the company and the data controller in the relevant country undertaking in writing, to allow the personal data to be processed by the Board, and existence of at least one of the data processing conditions specified in Articles 5 and 6 of the Law. Personal data may be transferred to third parties abroad.
You can obtain the conditions and detailed information regarding the transfer of your personal data from the Personal Data Protection and Processing Policy on our website.

SHARED PARTY
CATEGORIZATION
SCOPE
PURPOSE OF TRANSFER
Business partner
We carry out the commercial activities of the company most partnered parties
Limited sharing of personal data in order to ensure the fulfillment of the purposes of the establishment of the business partnership
supplier
Parties providing services for the Company to continue its commercial activities in line with the instructions received from the Company and based on the contract between the Company and the Company.
Transfer limited to the receipt of outsourced services from the supplier
Participation
Companies that are affiliates of the Company
Limited transfer of personal data for the purpose of carrying out commercial activities that require the participation of affiliates
Legally Authorized Public Institution
Public institutions and organizations that are legally authorized to receive information and documents from the Company
Limited personal data sharing for the purpose of requesting information by relevant public institutions and organizations
Legally Authorized Private Institution
Private law persons who are legally authorized to receive information and documents from the Company
Sharing of data limited to the purpose requested by the relevant private legal persons within the legal authority

C. DISPOSAL OF YOUR PERSONAL DATA
Despite the fact that it has been processed in accordance with the provisions of the relevant law, it may delete or destroy personal data at its own discretion or upon the request of the personal data owner, in the event that the reasons for its processing disappear.
The deletion or destruction techniques used by us are physical destruction, secure deletion from software, secure deletion by an expert.
The company can anonymize personal data when the reasons that require the processing of personal data processed in accordance with the law are eliminated. Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data.
In accordance with Article 28 of the KVK Law; Anonymized personal data may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of the KVK Law and the explicit consent of the personal data owner will not be sought. Personal data processed by anonymizing are outside the scope of the KVK Law. The most used anonymization techniques by the company are masking, aggregation, data derivation, data hashing.
You can find detailed information on the methods of destruction of personal data from the "Personal Data Retention and Destruction Policy" on our website.

D. CASES WHERE DATA MAY BE PROCESSED WITHOUT EXPRESS CONSENT UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA:
Pursuant to Article 5 of the KVK Law, the following personal data may be processed without your explicit consent in the following cases:
1. Explicitly stipulated in laws.
2. The person who is unable to express his consent due to actual impossibility or whose consent is not given legal validity is compulsory for the protection of himself or someone else's life or bodily integrity.
3. It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
4. It is mandatory for the data controller to fulfill its legal obligation.
5. The person concerned has been made public by himself.
6. Data processing is mandatory for the establishment, exercise or protection of a right.
7. Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

E. DATA SECURITY
As a company; We attach importance to the protection of your personal data. For this reason, we present to your information that we provide protection against possible risks within our technical and administrative possibilities in accordance with information security standards and procedures.

F. YOUR RIGHTS TO PROTECT YOUR PERSONAL DATA
Personal Data Protection Law m. 11, by filling in the "Data Owner Application Form" on our website and delivering it by hand to the address of the workplace where you received the service with wet signature, by sending it via a notary public, by sending it to our Company's cap address in the form of devaozelsaglikas@hs01.kep.tr from your registered e-mail address, or In accordance with the relevant legislation, by sending a "Word or PDF" extension file signed with a secure electronic signature via https://www.metropolmed.com/contact e-mail;
1) Learning whether it has been processed; if it has been processed, to request information about it and to learn whether it is used in accordance with this purpose with the purpose of processing,
2) To know the third parties to whom personal data is transferred in the country or abroad,
3) Requesting correction of these in case of incomplete or incorrect processing,
4) If your personal data is incomplete or incorrectly processed, requesting the notification of the third parties to whom the personal data has been transferred, regarding their correction and/or the deletion or destruction of personal data,
5) In case your personal data is incomplete or incorrectly processed to request their correction and to notify the third parties to whom your personal data has been transferred,
6) Objecting to adverse results that may arise as a result of processing through automated systems,
7) In case of damage due to processing contrary to the law and the relevant legislation, the compensation of the damage

We inform you that you have the right to demand from us.

Your right to learn whether personal data is processed or not, and your right to request information if personal data has been processed; If you exercise your right to know the purpose of processing personal data and whether they are used in accordance with its purpose, or to know the third parties in the country or abroad to whom personal data are transferred, the relevant information will be sent to you as soon as possible and within thirty days at the latest, depending on the nature of your request. You will be notified in writing or electronically, via the contact information provided by you, however, if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

During the evaluation of the applications, the company first determines whether the person making the request is the real right holder. However, the company may request detailed and additional information in order to better understand the demand when it deems necessary.

Responses to data subject applications are notified by the company in writing or electronically. If the application is rejected, the reasons for the rejection will be explained to the data owner with justification.

Social Media Accounts