Protection of Personal Data
SİSTEM SAĞLIK HİZMETLERİ TİCARET ANONİM ŞİRKETİ DATA POLICY
Protection of personal data is among the most important priorities of SİSTEM SAĞLIK HİZMETLERİ TİCARET ANONİM ŞİRKETİ (“Company”). This SİSTEM SAĞLIK HİZMETLERİ TİCARET ANONİM ŞİRKETİ Data Policy (“Policy”) is the basis adopted in terms of the principles adopted in the conduct of personal data processing activities carried out by our Company and the compliance of our Company’s data processing activities with the regulations in the Personal Data Protection Law No. 6698 (“Law”). principles are explained and thus our Company provides the necessary transparency by informing the personal data owners. With full awareness of our responsibility in this context, your personal data is processed and protected within the scope of this Policy.
This Policy; Our company relates to all personal data of its customers, patients, visitors, employees, employee candidates, suppliers, business partners and third parties that are processed by fully automated, partially automated or non-automatic means provided that they are part of any data recording system. It is possible to access detailed information about the personal data owners in question from the ANNEX 2 (“Annex 2- Personal Data Owners”) document of this Policy.
1.3. IMPLEMENTATION OF THE POLICY AND RELEVANT LEGISLATION
Relevant legal regulations in force on the processing and protection of personal data will find application first. In case of inconsistency between the current legislation and the Policy, our Company accepts that the applicable legislation will find an area of application. The policy regulates the rules set forth by the relevant legislation by embodying them within the scope of Company practices.
1.4. ENFORCEMENT OF THE POLICY
This Policy, issued by our company, is dated 02.01.2020. In case of renewal of all or certain articles of the Policy, the effective date of the Policy will be updated. The policy is published on our company’s website, www.esencanhastanesi.com.tr, and is accessible to all visitors to the website.
- ISSUES REGARDING THE PROTECTION OF PERSONAL DATA
2.1. ENSURING THE SECURITY OF PERSONAL DATA
In accordance with Article 12 of the Law, our company takes the necessary measures according to the nature of the data to be protected in order to prevent the unlawful disclosure, access, transfer or security deficiencies that may occur in other ways. In this context, our Company takes technical and administrative measures to ensure the required level of security in accordance with the guidelines published by the Personal Data Protection Board (“Board”), and carries out inspections or have them made.
- PROTECTION OF PRIVATE PERSONAL DATA
Special importance is attached to sensitive personal data within the scope of the Law due to the risk of causing victimization or discrimination when processed unlawfully. This “special quality” personal data; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully implemented in terms of special quality personal data, and necessary audits are provided within our Company. Detailed information on the processing of sensitive personal data can be found in 3.3 of this Policy. included in the section.
2.3 RAISING AWARENESS AND SUPERVISION OF BUSINESS UNITS ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
Our company provides necessary trainings to business units in order to prevent the illegal processing of personal data, illegal access to data, and to raise awareness about data protection. Our company establishes the necessary systems to raise awareness of its current employees and newly recruited employees on the protection of personal data, and works with consultants if needed. In this direction, our Company evaluates the participation in the relevant trainings, seminars and information sessions, and organizes new trainings in parallel with the updating of the relevant legislation.
- ISSUES REGARDING THE PROCESSING OF PERSONAL DATA
3.1. PROCESSING PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES PROVIDED IN THE LEGISLATION
3.1.1. Processing in Compliance with Law and Integrity
Personal data is processed in accordance with the general rule of trust and honesty, without harming the fundamental rights and freedoms of individuals. In this framework, personal data is processed to the extent and limited to the business activities of our Company.
3.1.2. Ensuring Personal Data Is Accurate and Up-to-Date When Necessary
Our company takes the necessary measures to ensure that personal data is accurate and up-to-date throughout the period of processing, and establishes the necessary mechanisms to ensure the accuracy and up-to-dateness of personal data for certain periods.
3.1.3. Processing for Specific, Explicit, and Legitimate Purposes
Our company clearly reveals the purposes of processing personal data and processes it within the scope of purposes related to these activities in line with its business activities.
3.1.4. Being Related to the Purpose for which they are Processed, Limited and Measured
Our company collects personal data only in the quality and extent required by business activities and processes it limited to the determined purposes.
3.1.5. Retention for as Long as Required for the Purpose of Processing or Envisioned in the Relevant Legislation
Our company keeps personal data for the period required for the purpose for which they are processed and for the maximum period stipulated in the relevant legislation. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion, destruction or anonymization).
3.2. PERSONAL DATA PROCESSING CONDITIONS
Except for the express consent of the personal data owner, the basis of the personal data processing activity may be only one of the conditions stated below, or more than one condition may be the basis of the same personal data processing activity. In case the processed data is sensitive personal data, the conditions in the 3.3 heading (“Processing of Special Quality Personal Data”) of this Policy will be applied. • Finding the Explicit Consent of the Personal Data Owner One of the conditions for the processing of personal data is the explicit consent of the data owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will. In case of existence of any of the personal data processing conditions listed below, personal data may be processed without the need for the explicit consent of the data owner.
- Clearly Provided in Laws
If the personal data of the data owner is expressly stipulated in the law; In other words, if there is a clear provision in the relevant law that allows the processing of personal data, the existence of this data processing condition may be mentioned.
- Failure to Obtain Explicit Consent of the Related Person Due to Actual Impossibility
The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility, or whose consent cannot be validated, in order to protect the life or physical integrity of himself or another person.
- Direct Concern with the Establishment or Performance of the Contract
Provided that it is directly related to the conclusion or performance of a contract to which the data owner is a party, this condition may be deemed to be fulfilled if the processing of personal data is necessary.
- Fulfilling the Company’s Legal Obligation
The personal data of the data owner may be processed if the processing is necessary for our company to fulfill its legal obligations.
- Publicizing the Personal Data of the Personal Data Owner If the data owner has made his personal data public, the relevant personal data may be processed for the purpose of making it public.
- Mandatory Data Processing for the Establishment or Protection of a Right If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
- Mandatory Data Processing for the Legitimate Interest of Our Company
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of our Company.
3.3. PROCESSING OF SPECIAL QUALITY PERSONAL DATA
Special quality personal data will be processed by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board. Special categories of personal data can be processed if there is an explicit consent of the personal data owner in this regard. In the absence of an explicit consent given in this regard, it can be processed in the presence of the following conditions:
- Special categories of personal data other than health and sexual life, expressly stipulated in the law; In other words, if there is a clear provision in the relevant law regarding the processing of personal data of this nature, it may be processed without the explicit consent of the data owner. Otherwise, the explicit consent of the data owner will be obtained.
- Personal data of special nature regarding health and sexual life, for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, by persons or authorized institutions and organizations under the obligation of keeping confidentiality. may be processed without explicit consent. Otherwise, the explicit consent of the data owner will be obtained.
3.4. DISCLOSURE OF THE PERSONAL DATA OWNER
In accordance with Article 10 of the Law and the secondary legislation, our company informs the personal data owners about who, as the data controller, for what purposes their personal data is processed, for what purposes they are shared, with what methods it is collected, the legal reason and the rights of the data subjects within the scope of the processing of their personal data. informs.
3.5. TRANSFERRING PERSONAL DATA
Our company can transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, group companies, third party real persons) by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. Accordingly, our company acts in accordance with the regulations stipulated in Article 8 of the Law. Detailed information on this subject can be found in the APPENDIX 4 (“ANNEX 4-Third Parties to which Personal Data Transferred by Our Company and Purposes of Transfer”) document of this Policy.
3.5.1. Transfer of Personal Data
Our company will transfer personal data if there is an explicit consent given by the personal data owner in this regard. However, even if there is no explicit consent of the personal data owner, in case one or more of the conditions stated below are present, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, with due diligence by our Company. Provisions in other laws regarding the transfer of personal data are reserved.
- The relevant activities regarding the transfer of personal data are clearly stipulated in the laws,
- The transfer of personal data by the Company is directly related to and necessary for the establishment or performance of a contract,
- The transfer of personal data is mandatory for our Company to fulfill its legal obligations,
- Transferring personal data by our Company in a limited manner for the purpose of making it public, provided that the personal data has been made public by the data owner,
- The transfer of personal data by the Company is mandatory for the establishment, exercise or protection of the rights of the Company or the data owner or third parties,
- It is mandatory to carry out personal data transfer activities for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner,
- Being obligatory for the protection of life or bodily integrity of himself or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized.
If personal data will be transferred abroad within the scope of the fulfillment of one or more of the conditions mentioned above, personal data may be transferred to foreign countries (“Foreign Country with Sufficient Protection”) that will be declared to have sufficient protection by the Board. In the event that there is no adequate protection in the country to which the transfer will be made, in line with the data transfer conditions stipulated in the legislation, the personal data will be sent to foreign countries (“Data Controller Undertaking Adequate Protection”, provided that the data controllers in Turkey and the relevant foreign country undertake in writing to provide adequate protection and that the Board has permission. Foreign Country”) can be transferred.
3.5.2. Transfer of Private Personal Data
Special quality personal data may be transferred by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board. Special categories of personal data can be transferred if there is an explicit consent of the personal data owner in this regard. In the absence of an explicit consent given in this regard, it can be transferred in the presence of the following conditions:
- Special categories of personal data other than health and sexual life, expressly stipulated in the law; In other words, if there is a clear provision in the relevant law regarding the processing of personal data, the data can be transferred without the explicit consent of the data owner. Otherwise, the explicit consent of the data owner will be obtained.
- Explicit consent by persons or authorized institutions and organizations under the obligation to keep confidential for the purpose of protecting private health and sexual life, protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. can be processed without a call. Otherwise, the explicit consent of the data owner will be obtained.
If there will be a transfer of sensitive personal data abroad within the scope of the fulfillment of one or more of the above-mentioned conditions, the sensitive personal data may be transferred to foreign countries (“Foreign Country with Sufficient Protection”) that will be declared to have sufficient protection by the Board. In the event that there is no adequate protection in the country to which the transfer will be made, in line with the data transfer conditions stipulated in the legislation, the data controllers in Turkey and the relevant foreign country undertake in writing to provide adequate protection and there is the permission of the Board, and special quality personal data is sent to foreign countries (“Data Undertaking Sufficient Protection”). Foreign Country of Responsible Person”).
- CATEGORIZATION OF PERSONAL DATA PROCESSED
BY OUR COMPANY AND THE PURPOSE OF PROCESSING Before our Company, by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation, in line with the personal data processing purposes of our Company, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, in particular, the processing of personal data. Personal data is processed in accordance with the general principles set forth in the Law, including the principles set forth in Article 4 of the Law. Within the framework of the purposes and conditions specified in this Policy, the personal data categories processed and detailed information about the categories can be accessed in the ANNEX 3 (“Annex 3- Personal Data Categories”) document of the Policy. Detailed information regarding the personal data processing purposes in question is included in the APPENDIX 1 of the Policy (“Annex 1- Personal Data Processing Purposes”).
- STORAGE AND DISPOSAL OF PERSONAL DATA
Our company keeps personal data for the period required for the purpose for which they are processed and for the minimum period stipulated in the relevant legal legislation. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion, destruction or anonymization).
- RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS
- RIGHTS OF PERSONAL DATA OWNER Personal data owners have the following rights:
(1) Learning whether personal data is processed or not,
(2) If personal data has been processed, requesting information about it,
(3) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
(4) To know the third parties to whom personal data is transferred in the country or abroad,
(5) Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
(6) Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and requesting that the transaction carried out within this scope be notified to the third parties to whom the personal data has been transferred,
(7) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
(8) To request the compensation of the damage in case of loss due to unlawful processing of personal data.
6.2. USE OF THE PERSONAL DATA OWNER’S RIGHTS
Personal data owners may submit their requests regarding their rights listed in section 6.1 (“Personal Data Owner’s Rights”) to our Company through the methods determined by the Board. Accordingly, they will be able to benefit from the “Application Form to the Data Controller under the Law on the Protection of Personal Data”, which can be accessed digitally or physically at our workplaces at www.esencanhastanesi.com.tr.
6.3. OUR COMPANY’S ANSWER TO APPLICATIONS
Our company takes the necessary administrative and technical measures to finalize the applications to be made by the personal data owner in accordance with the Law and secondary legislation. In case the personal data owner submits his request regarding the rights in section 6.1. (“Rights of the Personal Data Owner”) to our Company in accordance with the procedure, our Company will conclude the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. . However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
- DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA
Although Sistem Sağlık Hizmetleri Ticaret Anonim Şirketi has been processed in accordance with the provisions of the relevant law as set forth in Article 138 of the Turkish Penal Code and Article 7 of the Law, the data destruction periods determined by the Company or the personal data owner, in case the reasons requiring processing are eliminated, Upon request, personal data is deleted, destroyed or anonymized.
7.1. THE COMPANY’S OBLIGATION TO DELETE, DESTROY AND ANONYMIZE PERSONAL DATA
Although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Law, in the event that the reasons for processing disappear, personal data is deleted or destroyed upon the request of the personal data owner or during the data destruction periods of the Company. or anonymized. In this context, the Company fulfills its obligations with the methods described in this section.
7.2. THE COMPANY’S TECHNIQUES FOR DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA
7.2.1. Deletion and Destruction Techniques of Personal Data
Although the company has been processed in accordance with the provisions of the relevant law, it may delete or destroy the personal data upon the request of the personal data owner or the data destruction periods, in case the reasons for processing are eliminated. The most commonly used deletion or destruction techniques by the company are listed below: (a) Physically Destroyed Personal data can also be processed in non-automatic ways, provided that it is part of any data recording system. While such data is being deleted/destroyed, a system of physical destruction of personal data is applied so that it cannot be used later. (b) Securely Delete from Software While deleting/destroying data processed by fully or partially automated means and stored in digital media; methods are used to delete the data from the relevant software and hardware in a way that cannot be recovered. (c) Expert Secure Erase In some cases, the company may hire an expert to delete personal data on its behalf. In this case, personal data is securely deleted/destroyed by the person who is an expert in this field, in a way that cannot be recovered.
7.2.2. Techniques to Anonymize Personal Data
Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data. The company can anonymize personal data when the reasons that require the processing of personal data processed in accordance with the law are eliminated. In accordance with Article 28 of the Law; Personal data can be processed for purposes such as research, planning and statistics by making them anonymous with official statistics. Such processing is outside the scope of the Law and the explicit consent of the personal data owner will not be sought. Since the personal data processed by making it anonymous will be outside the scope of the Law, the rights set out in the Policy will not be valid for these data. The most used anonymization techniques by the company are listed below.
(a) Masking: It is the method of anonymizing personal data by removing the basic identifier information of personal data from the data set by data masking. Example: Name, TR Identity Number, etc. that enables the identification of the personal data owner. transforming personal data into a data set where it becomes impossible to identify data subjects by extracting the information.
(b) Aggregation: With the data aggregation method, many data are aggregated and personal data is rendered incapable of being associated with any person. Example: Revealing that there are Z number of employees at the age of X without showing the age of the employees one by one.
(c) Data Derivation: With the data derivation method, a more general content than the content of the personal data is created and it is ensured that the personal data cannot be associated with any person. Example: Specifying ages instead of birth dates; specifying the area of residence instead of the full address.
(d) Data Mixing: With the data mixing method, the values in the personal data set are mixed, thereby breaking the bond between the values and individuals. Example: Changing the quality of the sound recordings so that the sounds and the data owner cannot be associated. APPENDIX 1 – Purposes of Personal Data Processing
- Execution of Emergency Management Processes
- Execution of Information Security Processes
- Execution of Employee Candidate / Intern / Student Selection and Placement Processes
- Execution of Application Processes of Employee Candidates
- Execution of Employee Satisfaction and Loyalty Processes
- Fulfillment of Employment and Legislation Obligations for Employees
- Execution of Benefits and Benefits Processes for Employees
- Execution of Audit / Ethical Activities
- Conducting Educational Activities
- Execution of Access Authorizations
- Execution of Activities in Compliance with the Legislation
- Execution of Finance and Accounting Affairs
- Execution of Company / Product / Services Loyalty Processes
- Ensuring Physical Space Security
- Execution of Assignment Processes
- Follow-up and Execution of Legal Affairs
- Carrying out Internal Audit / Investigation / Intelligence Activities
- Execution of Communication Activities
- Planning Human Resources Processes
- Execution / Supervision of Business Activities
- Execution of Occupational Health / Safety Activities
- Receiving and Evaluating Suggestions for Improvement of Business Processes
- Execution of Business Continuity Activities
- Execution of Logistics Activities
- Execution of Goods / Services Procurement Processes
- Execution of Goods / Services After-Sales Support Services
- Execution of Goods / Services Sales Processes
- Execution of Goods / Services Production and Operation Processes
- Execution of Customer Relationship Management Processes
- Execution of Activities for Customer Satisfaction
- Organization and Event Management
- Conducting Marketing Analysis Studies
- Execution of Performance Evaluation Processes
- Execution of Advertising / Campaign / Promotion Processes
- Execution of Risk Management Processes
- Execution of Storage and Archive Activities
- Conducting Social Responsibility and Civil Society Activities
- Execution of Contract Processes 39. Execution of Sponsorship Activities
- Follow-up of Requests / Complaints
- Ensuring the Security of Movable Property and Resources
- Execution of Supply Chain Management Processes
- Execution of Compensation Policy
- Execution of Marketing Processes of Products / Services
- Ensuring the Security of Data Controller Operations
- Foreign Personnel Work and Residence Permit Procedures
- Conducting Talent / Career Development Activities
- Providing Information to Authorized Persons, Institutions and Organizations
- Execution of Management Activities
- Creation and Tracking of Visitor Records
- Ensuring that data is accurate, up-to-date and available
APPENDIX 2 – Personal Data Owners EK 2 –
PERSONAL DATA OWNERS EXPLANATION
Patient / Client Real persons who use or have used the
products and services offered by our Company,
regardless of whether they have any contractual
relationship with our Company.
Visitor Real persons who have entered the physical campuses
owned by our company for various purposes, contacted
our company there or visited our websites.
Third Party In order to ensure the security of commercial transactions between our company and the above-mentioned parties or to protect the rights of the aforementioned persons and to obtain benefits, third-party real persons (e.g. guarantor, family members and relatives) or other natural persons not covered by this Policy.
Worker Real persons working within our company, regardless of the nature of the contractual relationship
Employee Candidate Natural persons (including trainee candidates) who have applied for a job in our company by any means or have opened their CV and related information to our company’s review.
Company Shareholder Natural persons who are shareholders of our company (Information about the shareholders of our company can be found in the Istanbul Trade Registry Gazette.)
Company official Member of our company’s board of directors and other authorized natural persons
and Officials of the Institutions
We Cooperate With
Natural persons, including shareholders and officials of these institutions, working in institutions (such as but not limited to business partners, suppliers) with which our company has any business relationship
PERSONAL DATA CATEGORIES EXPLANATION
ID information Data containing information about the identity of the person: name-surname, T.C. Documents such as driver’s license, identity card and passport containing information such as identity number, nationality information, parents’ name, place of birth, date of birth, gender, tax number, SGK number, vehicle license plate, etc. Informations
Contact information Phone number, address, e-mail, fax number
Location Information that determines the location of the personal data owner during the use of our products and services or when using the vehicles of our Company
Personal Information All kinds of personal data processed for obtaining the information that will form the basis for the personal rights of real persons who are in a working relationship with our company
Legal Transaction Information Personal data processed within the scope of determination, follow-up and performance of our legal receivables and rights, and compliance with our legal obligations and our Company’s policies
Customer Transaction Information The customer’s instructions and requests for the use of products and services, information such as invoices, promissory notes, checks, call center records, and information obtained and produced about the person concerned as a result of our commercial activities and the operations carried out by our business units within this framework
Physical Space Security Information Clearly belonging to an identified or identifiable natural person and included in the data recording system; Personal data regarding the records and documents taken at the entrance to the physical space, during the stay in the physical space; camera records, fingerprint records and records taken at the security point, etc.
Transaction Security Information Your personal data (for example, log records) processed to ensure our technical, administrative, legal and commercial security while carrying out our commercial activities
Risk Management Information In order to manage our commercial, technical and administrative risks, personal data processed through the methods used in accordance with the generally accepted legal, commercial practice and good faith in these fields
Financial Information Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the personal data owner, and data such as bank account number, IBAN number, credit card information, financial profile, asset data, income information.
Professional Experience Information It includes the personal data of the personal data owner such as education level, diploma, courses attended, occupation.
Marketing Information Personal data processed for the marketing of our products and services by customizing them in line with the usage habits, tastes and needs of the personal data owner, and the reports and evaluations created as a result of these processing results
Association and Foundation Memberships Information about which association or foundation they belong to, requested from the patient in order to present special offers to the members of the Associations or Foundations that have an agreement with our company.
Health Information Information about the disability of the personal data owner is information such as blood group, blood test result, personal health information, disease history, device used and prosthesis information.
Sexual Life Information Information about the sexual life of the personal data owner, which is requested when necessary in order to provide the necessary medical service correctly.
Criminal Conviction and Security
Measures Information Information on the criminal conviction of the personal data owner and the security measures applied to him, provided to inform the law enforcement authorities, such as the police, gendarmerie and other law enforcement officers, and the prosecutor’s office, about the qualifications of patients coming to emergency or other hospital units.
Biometric Data Biometric data such as palm information, fingerprint information, retinal scan information, facial recognition information, which are requested from the personal data owner in order to provide appropriate and accurate medical services.
Genetic Data Data containing information such as DNA, requested/provided from the personal data owner in order to provide appropriate and accurate medical services.
APPENDIX 4 – Third Parties and Purposes of Transfer of Personal Data by Our Company EK4
Our company may transfer the personal data of customers to the following categories of persons in accordance with Articles 8 and 9 of the Law:
- Real Persons and Private Law Legal Entities
- Authorized Public Institutions and Organizations
|Persons to whom Data Transfer can be made||Definition Data||Transfer Purpose|
|Real Persons and Private Law Legal Entities||They are the persons with whom our company contacts for technical, commercial or other purposes in order to achieve its purposes within the scope of its commercial activities.||The realization of the function of the commercial, technical or other purpose relationship that our company has established with the other party, and thus ensuring that our company can offer the requested products and services to its patients/customers.|
|Supplier||Parties providing services to our Company in line with our Company’s data processing purposes and instructions within the scope of the conduct of our company’s commercial activities||Limited in order to ensure that the products and services that are outsourced by our company from the supplier and necessary to carry out the commercial activities of our company|
|Authorized Public Institutions and Organizations||According to the provisions of the relevant legislation, public institutions and organizations authorized to receive information and documents from our Company For example; such as Ministry of Health, Police, Tax Offices||Limited to the purpose requested by the relevant public institutions and organizations within their legal authority.|