Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment respects your privacy and seriously takes the subject of data security. In this context, this text is drawn up to inform and enlighten you under 6698 Numbered Law on the Protection of Personal Data (“Law”) and other relevant legislation.
Definitions
In this information text,
Personal Data: All kinds of information relating to an identified or identifiable natural person,
Processing of personal data: All kinds of operations carried out on personal data, including collecting, recording, storing, changing, sharing with third parties and transferring personal data overseas, either automatic or non-automatic means provided that it is a part of any data recording system,
Law on Protection of Personal Data “Law”): 6698 Numbered Law on the Protection of Personal Data published in the Official Gazette and came into force on 7 April 2016,
Board: Personal Data Protection Board,
Data Processor: means the natural or legal person who processes Personal Data on behalf of the data controller based on the authority given by him,
Data Controller: means the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.
Data Controller
Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment Head Office Address: Zakirbaşı Sokak No:32 34020 Kazlıçeşme – Istanbul.
We, as Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment, are sensitively approaching the issue of securing, processing and destroying the personal data of our patients/patient relatives, potential patients, our Economic Establishment Board of Directors, our Managers, employees, employee candidates, interns, visitors, suppliers, the foundation we are affiliated with, the employees, their shareholders and the officers of the institutions we cooperate with, and 3rd parties under of the Constitution of the Republic of Turkey, international agreements to which our country is a party, and 6698 Numbered Law on the Protection of Personal Data (“Law”)
In this context, we acting as a Data Controller would like to inform you within the scope of Law. Your personal data that you share with our hospital, our patients/patient relatives, potential patients, our Economic Enterprise Board of Directors, our managers, employees, employee candidates, interns, visitors, suppliers, the foundation we are affiliated with, the employees, shareholders and officials of the institutions we cooperate with, and third parties can be processed, transferred to third parties locally and internationally, stored, used for profiling and classified in accordance with our activities and service purposes and in a measured manner.
Collection of Personal Data
Your personal data may be collected orally, in writing, visually, electronically or otherwise, by Surp Pırgiç Armenian Hospital for the purposes of protecting public health, preventive medicine, records related to your applications to our health institutions, medical diagnosis, treatment and care services, planning and management of health services and financing, online via the SGK system, from the records shared in case of benefiting from a private insurance company, via the records of other health institutions in case of your visit to our health institutions, through e-mails you send (e-mails), call center call records, website, verbal, written and similar channels.
We herein inform you that following information will be collected, processed and recorded for archival purposes in accordance with the requirements of the Law.
Your identity information: Your name, surname, citizenship number, passport number or temporary citizenship number, place and date of birth, marital status, gender, insurance and/or patient protocol number and other identification data that may identify you,
Contact Information: Your address, telephone number, electronic mail address, postal address and other communication data, your patient number and protocol number, your voice call records kept by customer representatives or patient services in accordance with call center standards, and your personal data collected when you contact us via e-mail, letter or other means,
Accounting information: Your financial data such as your bank account number, IBAN number, credit card information only on the slip, billing and billing information, your data regarding private health insurance and Social Security Institution data for the purpose of financing and planning health services,
Health Information: All kinds of your health information collected during or as a result of medical diagnosis, treatment and care services, including but not limited to patient medical reports, diagnostic data, biometric and genetic data, your laboratory results, test results, examination data, appointment information, prescription information,
Your health data, including but not limited to your laboratory and imaging results, test results, examination data, check-up information, prescription information, which you submit to the external institution for the purpose of filing
Your feedbacks such as questionnaires filled out by patients, letters of thanks and complaints, satisfaction results. Your images and sound recordings obtained from the camera recordings that are constantly recorded in the common areas in accordance with the legislation in our hospital,
Your personal data collected when you attend trainings, seminars or events organized by Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment,
Your health data and other personal data that you send or entered in all websites of Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment,
Your personal data, you provided us while appling for a job at Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment, including but not limited to your CV, and
Your personal data when you are employed by or have employment relation with Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment.
Purpose of Processing Your Personal Data
Articles 4, 5 and 6 of the Law, your personal data will be processed
in accordance with by the laws and the rule of good faith,
in connection with the purposes of the processing, in a limited and measured manner,
accurately and up-to-date,
for specific, clear and legitimate purposes
for as long as required by the relevant legislation or for the purpose for which they are processed.
Your personal data may be processed by our hospital, as a data controller in order to understand your needs by getting to know you better without compromising our quality, to respond to your requests faster, to provide better service to you by improving our communication with you, to conduct analytics for these purposes, to inform you about our services, to measure your satisfaction about our services, to improve and diversify our services in line with your wishes and needs, and to carry out the necessary quality and standard audits, or to ensure fulfillment of legal and commercial obligations that we have before persons who have a business relationship with our hospital, and to fulfill our other obligations regarding the determination and implementation of legal, commercial, financial, administrative operations as well as commercial and business strategies of our institution.
The data of our employees may be processed by our Institution or natural or legal persons which have business relationship with or is authorized by us in order to fulfill our obligations stipulated by the Labor Law, labor and social security legislation and other legislation in force, and, within our human resources policy, or for operational reasons such as improvement of the performance level and employee satisfaction and ensuring occupational safety and work peace.
Transfer of Your Personal Data
For the purpose of public health and preventive medicine services and subject to the requirements of the Law,
Within the scope of the law and other legislation and for the purposes mentioned above, Your personal data may be transferred to our shareholders, the foundation we are affiliated with, the Ministry of Health and related units, Provincial Health Directorate, District Health Directorate, Public Health Centers and other units affiliated to the Ministry of Health, Social Security Institution, General Directorate of Security and other law enforcement agencies, General Directorate of Civil Registry, Pharmacists Association of Turkey, Courts and all kinds of judicial authorities, central and other third parties, third parties we consult, including your authorized representatives, lawyers, tax and financial advisors, regulatory and supervisory institutions, our business partners and other third parties with whom we cooperate in order to develop or carry out health services for the above-mentioned purposes, if requested, including by official authorities or within the scope of e-pulse and similar systems established, or within the scope of our notification and/or reporting obligation imposed on us.
Collection Methods of Your Personal Data and Legal Reasons
Your personal data is collected verbally, visually, in writing or electronically from call center, switchboard, the Internet, mobile applications, physical places and similar channels, depending on the nature of the service provided, within the scope of the above-mentioned purposes.
Your personal data are collected and processed via verbal, written or electronic means under the provisions of applicable legislation for the aforementioned purposes and providing health services within the defined legal framework, and in this context, for facilitating Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment to fulfill the contractual and legal obligations in full and properly.
In addition, legal reasons for processing also include: the cases clearly stipulated in the Private Hospitals Law No. 2219, the Health Services Basic Law No. 3359, the fulfillment of our legal obligations arising from the relevant secondary legislation such as the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Private Hospitals Regulation, Health Practice Communiqué, Patient Rights Regulation, and public health protection, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, Regulation on the Processing of Personal Health Data and Protection of Privacy, Ministry of Health regulations and other legislation provisions, and
They can be transferred to the physical archives and/or information systems of the Yedikule Surp Pırgiç Armenian Hospital Foundation Economic Establishment, where they will be retained in both digital and physical environment.
Storage and Erasure of Data
Our Hospital stores the personal data it processes for the periods determined by the legislation, and in the absence of a separate period specified in the legislation, the personal data is processed only for the period of time required to be processed in accordance with the practices and business practices of our Hospital in relation to the services provided by our Hospital while processing that data, and after this, only for the periods the retention requirement for which is proven with the practice to constitute evidence in disputes. After the expiry of the specified periods, the personal data in question are erased, destroyed or anonymized.
Security Measures Taken Regarding Your Personal Data
Our Health Institution, which, as a data controller, performs data processing activities such as collecting, recording, storing, retaining, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of your personal data is responsible for taking all technical and organizational measures in order to
To prevent the unlawful processing of your personal data,
To prevent unlawful access to personal data,
To maintain the appropriate level of security in order to ensure the protection of personal data. In addition, additional security measures, which are determined by the Personal Data Protection Board and are not limited to the following, are also taken in the processing of sensitive personal data.
Our employees are trained on information security, patient privacy, and protection of personal data. Institutional policies and procedures are in place on the personal data security. Personal data is destroyed when the purpose of use ceases. Our systems containing personal data are routinely audited. Contracts are made with the data processors from whom the service is provided. Up-to-date software is used. We have a security network designed against cyber attacks. Access to systems containing personal data is limited, antivirus and anti-spam programs are used. Information networks related to security problems are constantly monitored. Tests are carried out to identify system vulnerabilities. There is a corporate reporting system for the issues. In case of abuse of the systems, the evidence is collected and reported to the Personal Data Protection Authority and a criminal complaint is made to the Prosecutor's Office. Protection measures against natural disasters such as fire, flood, etc. have been taken in our physical environments where personal data are stored, and these environments are kept locked and entrances / exits are under control.
Your Rights as a Personal Data Subject
According to Article 11 of Law, you have following rights
To learn whether your personal data is processed,
If your personal data has been processed, to request information about it,
To learn the purpose of processing personal data and whether they are used in accordance with its purpose,
To learn the third parties to whom your personal data is transferred, locally or overseas
To request correction of your personal data if it is incomplete or incorrectly processed,
To request the deletion or destruction of your personal data in accordance with provisions of the Law,
When you request the deletion or destruction of your personal data with the correction of incomplete or inaccurate data, to request it be notified to the third parties to whom your personal data has been transferred,
To object an infavorable result for you from the analysis of the data processed through exclusively automated systems,
If you suffer damage due to the unlawful processing of personal data, to demand the compensation of this damage.
Complaint and Communication
If you want to use rights or submit request under the above paragraphs, you can fill in the "Personal Data Access and Information Request Form" on our website and apply to our Head Office Address at Zakirbaşı Sokak No: 32 34020 Kazlıçeşme – İstanbul, to the attention of the Public Relations Unit.
