Summary:

 

  1. Do we process your personal Data? Yes
  2. Do we process your sensitive personal data? Yes
  3. Do we share? Yes
  4. Have we taken adequate security measures? Yes ,we have
  5. Is there any transfer abroad? Yes, provided it is limited to foreign patients only.

 

This clairfication text has been updated on 21.05.2024 and has been arranged in the light of the principle decisions of the Personal Data Protection Authority, the GDPR (General Data Protection Regulation), the amendments made to KVKK (Law on the Personal Data Protection), and the data contained in our VERBIS record. Do not forget to visit the web site of Lokman Hekim Esnaf Hospital for the current version of the periodically updated Clarification Text. Check the Data Inventory to see the map of the departments and processed data.

 

 

  1. WHAT IS THE PURPOSE OF THE CLARIFICATION TEXT?

  1. Article 10 of the KVKK (The Law on Protection of Personal Data) stipulates that the data subject whose personal data is processed must be informed during the processing of his/her data. In this context, we would like to tell you why we process your personal data.
  2. This text is very important for you to learn why we process your personal data, to have the opportunity to update your inaccurate / incomplete or outdated data and to exercise your rights granted to you by the KVKK. Please read it.
  3. This text also applies to our former patients.
  4. Please contact us if you do not understand or if you need us to complete any questions.



  1.  WHO PROCESSES YOUR PERSONAL DATA (The Data Controller)

 

The data controller is LOKMAN HEKİM ÖZEL SAĞLIK HİZMETLERİ A.Ş. The address of the data controller is Tuzla Mahallesi Sadi Pekin Caddesi, 54. Sokak No:3, 48300 Fethiye/MUĞLA and the contact number is 0252 612 64 00, the official e-mail address with kep extension is lokmanhekim@hs02.kep.tr, the e-mail address is kvkk@esnafhastanesi.com. These addresses will be used to exercise the rights of the data controller under Article 11 of the KVKK.

The data controller is registered in VERBIS system. You can access VERBIS records by searching the above company title in the "Registry Inquiry" section on https://verbis.kvkk.gov.tr.

 

 

  1.  FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

  1. Initiation and follow-up of your treatment processes,
  2. Execution of private hospital organisation process,
  3. Execution of the process in cases where consultation is required,
  4. Carrying out the communication process with you,
  5. Carrying out the necessary examinations,
  6. Carrying out maintenance services,
  7. Optimal execution of the medical diagnosis and treatment process,
  8. Determining your appointment date and time and your change requests and carrying out the process,
  9. Carrying out the processes of obtaining medication and learning your medication history,
  10. Execution of accounting and finance processes,
  11. Realisation of your transfer operations,
  12. Carrying out your hospitalisation and hospital discharge procedures,
  13. Conducting telemedicine services,
  14. Carrying out registration procedures to the Hospital data system,
  15. Transmission of the single-use protocol number and verification code to your mobile phone via SMS during your appointment procedures,
  16. Execution of operation and procurement processes,
  17. Storage and archiving of health services and financial transactions with the obligations arising from the legislation,
  18. Performing the PCR test, sending the results as a code via SMS or any other communication system of the patient's choice,
  19. Carrying out the transfer processes of foreign patients, promoting health services abroad,
  20. Evaluation of requests and complaints,
  21. Carrying out the processes of information security,
  22. Ensuring physical security,
  23. Fulfilment of obligations under the protection of personal data,
  24. Sending your invoice and test results to the contact addressof your choice chosen contact address,
  25. Fulfilling the demands of public institutions and organisations,
  26. Following-up your feedbacks and contacting you,
  27. Carrying out your insurance processes,
  28. Carrying out your patient rights processes,
  29. Follow-up and execution of legal processes,
  30. Providing your wireless internet usage in the hospital premisesupon your request,
  31. Use of our products and services,
  32. Monitoring the use of your medicines,
  33. Fulfilling the demands of the accommodation facilities within the scope of tourism medicine activities,
  34. Carrying out the examination and health reports processes and reporting of the accommodation facilities employees within the scope of occupational health and safety legislation,
  35. Carrying out ambulance services,
  36. Provision of mobile ambulance and emergency medical services in the Dalaman airport area,
  37. Provision of home care services,
  38. Follow-up of patient relationship management processes,
  39. Carrying out outpatient and inpatient treatment procedures of the patient,
  40. Carrying out the patient's vehicle parking procedures.
  41. Carrying out instant registration procedures to the Medula system,
  42. Carrying out instant registration procedures to the E-Nabız system of the Ministry of Health,
  43. For better follow-up of your requests.





  1.  WITHIN THE SCOPE OF OUR PURPOSES, WHERE DO WE COLLECT YOUR DATA AND WHAT ARE OUR LEGAL REASONS?

 

Below, we have also included our methods of collecting your personal data and the legal reasons for our processing purposes. There is a difference in the regulation of the KVKK (Art.5 and Art.6) between the sensitive data processing activity and the activity of processing your personal data and the activity of processing legal reasons. Your personal data of sensitive nature (such as your health data, sexual life data) will be processed based on more specific processing reasons. With the amendment made within the scope of the KVKK, your personal data of sensitive nature is processed within the scope of technical and administrative measures to be taken in the processing of personal data of special nature, based on the reason "It is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons or authorised institutions and organisations under the obligation to keep secrets", except for the existence of general processing reasons. With the recent amendments to the KVKK , specific grading has been removed in the conditions for processing data on health and sexual life.

 

 Your personal data is collected through methods such as our call centre, filling out the forms on our website, your application to the front desk, fax, e-mail, face-to-face meeting, the insurance companies application, our contracted accommodation facilities application, the patient's relatives or a third party’s application, notification of the referred hospital, notification of medical consultants or intermediary companies for international patients, notification of the foreign patient’s insurance company.

 

The legal reasons for processing are very important. Processing activities will not take place except for legal reasons, and in some cases, the processing of your personal data will only be based on your explicit consent. However, the data minimisation process is carried out within the scope of the instructions of the Ministry of Health in order not to process personal data other than the legal reasons for processing and to apply less to your explicit consent. The explicit consent you have given can be withdrawn in any case at any time but the data processing will continue being legal until the moment you have withdrawn it.

 

  1. Remember that your personal data is processed based on your explicit consent, except for legal processing reasons. Check the reasons for processing in the clarification text and make sure that you are fully informed.
  2. Identity Data: Name, surname, ID card scan, passport number for foreigners, Turkish ID number, marital status, social security number
  3. Contact Data: Telephone number, E-mail address, Contact address, Location data,
  4. Finance Data: Invoice information, IBAN and account number, tax number,
  5. Customer Transaction Data: Call centre records, appointment records, patient relative data, protocol number,
  6. Physical Space Security Data: Camera recording
  7. Sensitive Personal Data: Health data (medical diagnosis, treatment, examination data, laboratory results, blood tests, health reports, PCR tests, pregnancy results, MRI information, hospitalisation and discharge data, etc. all medical data, sexual life data, genetic data, vein imprint application data,
  8. Cookie logs
  9. Other data: plate number
  10. Name-surname, T. C identity number, passport number for foreigners, address information, e-mail, telephone number, place and date of birth, marital status, gender, social security number, private insurance data, identity scan, licence plate number, protocol number, financial data (payment, invoicing), laboratory results, camera recordings, occupation, patient's relative, appointment data received via the web page, communication data, call centre records data are processed based on the legal grounds that it is mandatory to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract, the person has made his/her own data public, vein print reading, explicitly stipulated by law.

  11. Radiology department, medical units, international patient department, pharmacy, registry, VIP patient department, health tourism department, admission and discharge services unit, laboratory unit, doctors, accounts department, medical accounts department, health data by other departments (all treatment data, radiology results, laboratory results, all results based on previous treatment, medication information, health data included in the invoice, health reports, pregnancy information, MRI results, tomography results, operating theatre information, patient hospitalisation and discharge data), are processed (by persons under the obligation to keep confidentiality) in the light of adequate technical and administrative measures in the processing of sensitive personal data based on the legal reason of medical diagnosis, treatment and care services, planning and management of health services.

  12. Data such as tax identification number, social security number, name, surname, address data, Turkish ID number, passport number, credit card, IBAN number, account number processed by the accounts department are processed based on the legal reason that it is mandatory for the data controller to fulfil its legal obligation.

  13. In accordance with the rules of confidentiality in design, we have reviewed our physical spaces and data processing activities and subjected our data processing activities to the minimisation process as much as possible, except for the data that must be processed upon the request of public institutions and organisations. When you visit our website, you can see that we have taken a number of measures to ensure that your data is not over-processed. Contact us to learn more about these measures.

  1. CAMERA SURVEILLANCE IS USED TO ENSURE PHYSICAL SECURITY

 

In order to ensure physical security, surveillance activities are carried out with a closed circuit camera system outside patients private areas. It is recorded for a maximum of 90 days for the purpose of physical space security, provided that it does not violate the fundamental rights and freedoms of individuals. Security records are accessed only by the IT unit for limited purposes based on the legal reason that the data controller fulfils its legal obligations in case of need.

 

  1.  WEB PAGE AND MOBILE APP ACCESS.

When you visit our website, your personal data such as name-surname, e-mail, telephone number are processed on our e-appointment and contact pages. These data are transmitted to the screens of the front desk unit and you are contacted when it is necessary. Your appointment cancellation request can be done through our website and completed by following the steps on the web page. If you access our web page with your mobile device, your location data is recorded if  your location data is open. We therfore recommend you to switch off your location data.

When you visit our website from your laptop or mobile device, review your cookie settings and cookie policy published on our website.

 

  1. WE PROCESS FOR SOCIAL MEDIA AND ADVERTISING / PROMOTIONAL ACTIVITIES.

 (This article has been removed within the framework of the relevant legal regulations.)

 

  1. WE PROCESS PERSONAL AND SENSITIVE DATA OF CHILDREN

 

We also share the clarification text about the processing of personal data of children up to the age of 16 with their parents and we take care to ensure that the parents of the children read the text together with the child. We take a high level of precaution regarding the processing and confidentiality of children's personal data and we carry out this process together on behalf of the child in a way to ensure his/her privacy.

Children's personal data are never shared on social media and birth photos cannot be used on the hospital's promotional page.

 

9. WE TRANSFER YOUR PERSONAL DATA

 

Your collected personal data is being transferred to:

 

  1. Ministry of Health, its sub-units and family medicine centres,
  1. To private insurance companies within the scope of financing health services and covering the costs of examinations, diagnosis and treatment,
  2. To the Social Security Institution,
  3. General Directorate of Security and other law enforcement agencies,
  4. General Directorate of Population and Citizenship Affairs,
  5. To the Turkish Pharmacists' Association,
  6. To the judicial authorities,
  7. Laboratories, medical centres, ambulances, medical devices and health service providers with whom we are in agreement and cooperate for medical diagnosis and treatment
  8. The health institution to which you have been transferred or to which you have applied yourself,
  9. To the legal representatives you have given special authorisation, your lawyer
  10. In case of any possible legal disputes, to Esnaf Hospital lawyers, tax consultants and auditors, third parties from whom consultancy is received, who are legally or contractually obliged to keep secrets,
  11. Regulatory and supervisory authorities and public authorities,
  12. To the workplace doctors if the invoicingis to be made to the employer,
  13. Hospital affiliates and subsidiaries within the framework of legal limits in terms of the continuity of the services you receive,
  14. In accordance with the legislation, to our business partners who send mass SMS message and e-mails in order to provide information about the services you receive, complementary services, new services, etc.

 

 

 

 

 

10. OUR APPROACH TO DATA TRANSFER ABROAD

 

Personal data may be transferred abroad by data controllers and data processors if one of the conditions specified in Articles 5 and 6 is met and there is an adequacy decision regarding the country to be transferred, sectors within the country or international organizations.

 

In the absence of an adequacy decision and if any of the appropriate assurances stipulated in the fourth paragraph cannot be provided, data controllers and data processors may transfer personal data abroad only in the presence of one of the following situations, provided that it is incidental:

 

  1. The person concerned gives explicit consent to the transfer, provided that he or she is informed about possible risks.
  2. The transfer is mandatory for the performance of a contract between the data subject and the data controller or for the implementation of pre-contractual measures taken upon the request of the data subject.
  3. The transfer is mandatory for the establishment or performance of a contract between the data controller and another real or legal person for the benefit of the data subject.
  4. The transfer is mandatory for a superior public interest.
  5. The transfer of personal data is mandatory for the establishment, exercise or protection of a right.
  6. It is mandatory to transfer personal data for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.
  7. Data transfer from a registry that is open to the public or persons with legitimate interest, provided that the conditions required to access the registry in the relevant legislation are met and the person with legitimate interest requests it.

 

11. WOULD YOU LIKE  TO KNOW WHAT YOUR RIGHTS ARE AS A DATA SUBJECT?

 

            Each person has the right to apply to the controller and

  1. a) to learn whether his/her personal data are processed or not,
  2. b) to request information if his/her personal data are processed,
  3. c) to learn the purpose of his/her data processing and whether this data is used for intended purposes,
  4. ç) to know the third parties to whom his/her personal data is transferred at home or abroad,
  5. d) to request the rectification of the incomplete or inaccurate data, if any,
  6. e) to request the erasure or destruction of his/her personal data under the conditions laid down in Article 7,
  7. f) to request notification of the operations carried out in compliance with sub-paragraphs (d) and (e) to third parties to whom his/her personal data has been transferred,
  8. g) to object to the processing, exclusively by automatic means, of his/her personal data, which leads to an unfavourable consequence for the data subject,
  9. ğ) to request compensation for the damage arising from the unlawful processing of his/her personal data.

             

 

 

12. CONTACT US

 

Contact us by filling out the application form on our website www.esnafhastanesi.com. In order to use your rights mentioned above, we kindly request you to send your clear identity information and explanations about the right you want to use in clear and concise language in writing wit wet signature to LOKMAN HEKİM ESNAF HASTANESI (DATA RESPONSIBLE) Tuzla Mahallesi Sadi Pekin Caddesi, 54. Sokak No:3, 48300 Fethiye/MUĞLA address with wet signature or  by email via the registered email address previously specified to the date conrtrolle to kvkk@esnafhastanesi.com e-mail address signed with secure electronic signature (e-signature, m-signature). The applications you make must belong solely to you. For applications to be made on behalf of someone else, legal documents proving that you represent the applicants must be added to the application petition. Applications made within this scope will be responded to within 30 days at the latest. These applications are completely free, but in cases where the process requires an additional cost, a fee at the tariff determined by the Personal Data Protection Board may be requested. You can visit www.kvkk.org.tr for the tariff. Complaint applications made directly to the Personal Data Protection Board without first applying to the data controller will not be heard ( please visit https://esnafhastanesi.com/://sikayet.kvkk.gov.tr/)