INFORMATION ABOUT PROCESSING PERSONAL DATA
Hisar Sağlık Hizmetleri A.Ş. (“Hisar Hospital Intercontinental”) attaches importance for the safety of your personal data. Accordingly, we show great sensitivity for processing and protecting all your personal data meticulously in the best way possible. Since we clearly comprehend our responsibility, we process your personal data as described below, as we are the Data Supervisor (Controller) pursuant to Personal Data Protection Law (Law No. 6698) (“Law”) and the relevant legislation.
Collecting and Processing Personal Data and Aims of Processing
We obtain your personal data by verbal, written, visual or electronic means via Call Center, internet, mobile applications, physical spaces and similar channels depending on the essence of service rendered to provide high standard services for you.
Within this scope, general and specific personal data, especially the personal health data necessary for maintaining all medical diagnosis, examination, treatment and care services and obtained for this purpose are listed below;
- Your identity details such as name, surname, R.T. ID number, passport number and temporary R.T. ID number if you are not a Turkish citizen, your place and date of birth, marital status, gender information as well as copy of your R.T. ID Card or Driving License that you have submitted,
- Your contact information such as your address, phone number, electronic mail address,
- Your financial data such as bank account number, IBAN,
- Your y information regarding health and sexual life obtained while you receive medical diagnosis, treatment and care services, such as laboratory and imaging test results, other test results, examination data, prescription data, which you submitted so that they are followed up in your file,
- Your responses and comments you share to evaluate your services,
- Your imagery and voice recordings in closed circuit camera system obtained during your visits to our hospitals,
- Your voice interview recording if you contact our Call Center,
- Your Social Security Institution data and private health insurance data in order to finance and plan your healthcare services,
- Information regarding your car’s license plate in cases you receive vale/parking service.
- Your web navigation information, IP address, browser information obtained when you use our web site and mobile applications and medical documents, surveys, form data and location data that you submit voluntarily.
Your personal data listed above and your sensitive personal data can be processed for below stated purposes;
- Protection of public health, conduction of protective medicine, medical diagnosis, treatment and care services,
- Share of demanded information with Ministry of Health and other state institutions and organizations pursuant to related regulations,
- Fulfillment of legal and regulatory obligations,
- Share of demanded information with private insurance companies by Patient Services, Financial Affairs, Marketing departments regarding financing the healthcare services, meeting your examination, diagnosis and treatment costs within the scope of claims investigations,
- To be informed about your appointment via our Call Center and Digital Channels,
- Verification of your identity by Patient Services, Healthcare Professionals and Call Center departments,
- Planning and management of in-house operation by Hospital Management,
- Analyses by Quality, Patient Experiences, Information Systems departments to elaborate healthcare services,
- Training our employees by Human Resources and Quality departments,
- Observation and prevention of abuse and unauthorized processes by Supervision and Information Systems departments,
- Fulfillment of risk management and quality improvement activities by Quality, Patient Experiences, Information Systems departments,
- Invoicing in return of our services by Patient Services, Financial Affairs, Marketing departments,
- Verification of relations with contract institutions of our hospital by Patient Services, Financial Affairs, Marketing departments,
- Answering of all your questions and complaints regarding healthcare services provided by Hospital Management, Patient Experiences, Patient Rights, Call Center departments,
- Taking of all necessary technical and administrative precautions by Hospital Management, Information Systems departments within the scope of data security of our hospital’s systems and applications,
- Participation to campaigns by Marketing, Media and Communication, Call Center departments and providing information on campaign, design and conduction of special contents in web and mobile channels and concrete and abstract benefits
- Measurement, boosting and investigation of patient satisfaction by Hospital Management, Patient Rights and Patient Experiences departments,
- Fulfillment of education and training activities by educational institutions cooperating with the institution.
- Your “Personal and Sensitive Data” stated above will be kept in physical and electronic archives of Hisar Hospital Intercontinental and external service providers meticulously and by complying with legal provisions.
Transfer of Personal Data
Within the frame of Fundamental Law on Health Services No. 3359, Decree Law No. 663 Concerning the Structure and Duties of Ministry of Health and Affiliated Institutions, Law no 6698 on the Protection of Personal Data, Regulation on Private Hospitals, Regulation on Processing and Protecting Confidentiality of Personal Healthcare Data and regulations issued by Ministry of Health as well as provisions of other regulations, for the purposes stated above, your personal data can be shared with
- Ministry of Health, affiliated departments and family practice centers,
- Private insurance companies (health, retirement, life insurance etc.),
- Social Insurance Institute,
- General Directorate of Security and other law enforcement officers,
- General Directorate of Census,
- Turkish Pharmacists’ Association,
- Judicial authorities,
- With local and abroad laboratories, medical centers, ambulance, medical device and healthcare institutions we are in cooperation with for medical diagnosis and treatment,
- Healthcare institution to which the patient is referred or present to,
- With the legal representatives authorized by your party,
- Third parties rendering consultancy services to our party including lawyers, tax consultants and auditors you work with,
- Regulatory and auditory agencies and official authorities,
- Your employer,
- Suppliers, supportive service providers, archiving service providers and business partners who provide services to our party or our business partners (you can receive more detailed information by submitting a written application to our hospital).
Collection Method of Personal Data and Legal Grounds
Your personal data stated above are collected and processed in all kinds of verbal, written, visual or electronic environments for the purposes stated above and to ensure that Hisar Hospital Intercontinental performs all types of procedures regarding its activities within legal framework and fulfils its contractual and legal obligations fully and properly within this scope. Legal grounds for collection of your data by those parties are;
- Law no 6698 on the Protection of Personal Data,
- Fundamental Law on Health Services No. 3359,
- Decree Law No. 663 Concerning the Structure and Duties of Ministry of Health and Affiliated Institutions,
- Regulation on Private Hospitals,
- Regulation on Processing and Protecting Confidentiality of Personal Healthcare Data, regulations issued by Ministry of Health and provisions of other regulations.
Moreover, pursuant to Clause 3 of Article 6 of the Law, personal data on health and sexual life can only be processed by persons under confidentiality obligation or authorized institutions and organizations to protect the public health, manage preventive medicine, medical diagnosis, treatment and care services, plan and manage the healthcare services and financing.
Your Rights about Protection of Personal Data
Pursuant to law and related legislation, you have the right to
- Learning whether personal data is processed or not,
- Requesting relevant information, if personal data is processed,
- Request access to the personal health data,
- Learning the intent of processing personal data and whether they are used in line with the intention,
- Learning local and international third parties who are shared the personal data,
- Request correction, if the personal data are processed incompletely or incorrectly,
- Request deletion or disposal of the personal data,
- Request for notification of the third parties with whom the personal data are shared about processes regarding correction if the personal data are processed incompletely or incorrectly and/or deletion or disposal of the personal data,
- Raising an objection to a negative outcome arising out of analyzing the data exclusively with automated systems,
- Requesting compensation of loss and damage that arises out of illegal processing of personal data.
Data Safety and Right of Petition
Your personal data are meticulously preserved with the technical and administrative means and necessary security measures are taken at risk-based level by taking the technological means into consideration.