Clarification Text

YEDITEPE UNIVERSITY HOSPITALS

PERSONAL DATA PROCESSING DISCLOSURE FORM

As Turkish Republic YEDITEPE UNIVERSITY HOSPITAL (hereinafter referred to as "YEDITEPE UNIVERSITY HOSPITAL" or "University Hospital"), we show maximum sensitivity to the security of your personal data. With this awareness, we take the necessary technical and administrative measures to process and preserve all kinds of personal data belonging to all persons associated with our Health Organization, especially our esteemed patients and patient guardians, in accordance with Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the "Law"). With the awareness of the responsibility, we bear and in the capacity of Data Controller, we process your personal data as explained below and within the limits prescribed in Article 4 of the Law;

• Complies with the law and good faith,
• Accurate and up-to-date,
• For specific, explicit, and legitimate purposes,
• Relevant, limited, and proportionate to the purpose for which they are processed,
• We process it by keeping it for periods appropriate for the purposes for which it is processed.

Types of Personal Data Processed, Processing Purposes, and Legal Basis

We, as YEDITEPE UNIVERSITY HOSPITAL, process your personal data below for the purposes specified in order to provide services to our valued patients and patient guardians and to fulfill our legal obligations. Accordingly, your personal data specified below will be processed for the purposes described.

Identity and Contact Data

Your Communication Data will be processed by our Health Institution for the purposes of creating patient files, providing appointment services, carrying out accounting processes, and transferring to the relevant institutions and systems of the state in accordance with subparagraphs a (processing activity is stipulated in the law, c (processing of personal data is mandatory due to the performance of health services) and ç (processing of personal data is mandatory for the fulfillment of legal obligations as a Health Institution) of paragraph 5/2 of the Law. In this context, your name-surname, date of birth, data contained in the identity document, e-mail address, mobile phone number, and home-work address information can be processed. Your personal data may be stored on the electronic platform belonging to a business partner company whose servers are in Türkiye and which our Health Institution will use for patient registration procedures. 

Accounting and Financial Information

In the event that service fee payments arise as a result of the health service you have received from our University, your credit card information, bank account information, and IBAN regarding the payment will be processed in accordance with subparagraph c (personal data processing is mandatory due to health service performance) of paragraph 5/2 of the Law and within the scope of our University fulfilling its legal obligations within the framework of the Tax Procedure Law. Your personal data may be stored on the electronic platform belonging to a business partner company that our University Hospital will use for accounting transactions and whose servers are located in Türkiye. 

Admission-Discharge Data

The data regarding your visits to our health institution in order to receive services or information will be processed in accordance with our legitimate interest within the framework of ensuring the security of the hospital area in accordance with subparagraph f of paragraph 5/2 of the Law and will be used in audits for the fulfillment of our obligations under the contract. In this context, the data regarding the admissions and discharges you have made will be collected through security cameras and will be stored for the periods stipulated in the legislation and will only be shared if requested by official institutions.

Audio and Visual Records

Within the scope of the health services, you will receive from our University Hospital, all kinds of audio, images and records, videos, pictures, and telephone call records that occur during the examination and operation processes will be processed in accordance with subparagraph c of paragraph 5/2 of the Law in order to provide health services and to ensure patient follow-up after the examinations. Your personal data may be stored on an electronic platform belonging to a business partner company whose servers are located in Türkiye and which our Healthcare Organization will use for patient registration and follow-up procedures.

Health Information

Diagnostic and Treatment Data, blood type information, device and prosthesis information, information on psychological status, all kinds of blood value information, allergy information, chronic disease information, disability status, regularly used medication information, information on past surgeries, chronic disease information that will arise within the scope of the health services you will receive from our University Hospital, all kinds of personal health data, including hereditary disease information will be processed by our Healthcare Organization in order to create patient files, to provide appointment services, to provide patient examinations, diagnoses and treatments in accordance with subparagraphs a (processing activity is stipulated in the law, c (processing of personal data is mandatory due to the performance of healthcare services) and ç (processing of personal data is mandatory for the fulfillment of legal obligations as a Healthcare Organization) of paragraph 5/2 of the Law. In this context, your relevant health data may be transferred to state systems, especially E-nabız, or the requested and domestic health institutions in case it is necessary for the protection of the body integrity of the person concerned.

The storage, processing, and transfer of these data in the status of special quality data will be implemented in accordance with the measures determined in accordance with the Decision of the Personal Data Protection Board dated 31/01/2018 and numbered 2018/10 regarding the "Adequate Measures to be Taken by Data Controllers in the Processing of Special Categories of Personal Data".

Genetic Data

Your genetic data, especially DNA information, which you will share within the scope of the health services you will receive from our University Hospital or which will arise within the scope of the health service to be provided, will be processed by our Health Institution in order to create patient files, to provide appointment services, to provide patient examinations, diagnoses, and treatments in accordance with subparagraphs a (processing activity is stipulated in the law, c (processing of personal data is mandatory due to the performance of health services) and ç (processing of personal data is mandatory to fulfill legal obligations as a Health Institution) of paragraph 5/2 of the Law. In this context, your relevant health data may be transferred to state systems, especially E-nabız, or the requested and domestic health institutions in case it is necessary for the protection of the body integrity of the person concerned.

The storage, processing, and transfer of these data in the status of special quality data will be implemented in accordance with the measures determined in accordance with the Decision of the Personal Data Protection Board dated 31/01/2018 and numbered 2018/10 regarding the "Adequate Measures to be Taken by Data Controllers in the Processing of Special Categories of Personal Data".

All data specified to be processed by our University within the scope of this article may be shared with business partner companies that provide servers and infrastructure services to our University Hospital under the conditions specified in the Law or in the presence of your explicit consent.

Rights of the Personal Data Subject Based on the Law

In this context, our valuable Participants may exercise the following rights by applying to Turkish Republic YEDITEPE UNIVERSITY HOSPITAL, which has the title of data controller within the scope of Article 11 of the Law, whenever they deem appropriate.

Accordingly, the persons concerned have the right to;

• Learn whether his/her personal data is being processed,
• Request information about processed personal data, if any,
• Learn the purpose of processing personal data and whether this data is used in accordance with the purpose,
• Know the third parties to whom his/her personal data has been transferred, request the correction of errors in his/her personal data, and request this correction from the relevant third party if the transfer has been made,
• In the event that the reasons requiring the processing of personal data disappear request the deletion, destruction, or anonymization of this data within thirty days in accordance with the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data, and if the transfer has been made, request that this request be communicated to the transferred third parties,
• Object to any negative result related to the person as a result of the processed data,
• Claim their damages within the framework of the law in case of damage due to data processing contrary to the Law.

Application Procedure and Content

Applications for the above-mentioned requests;
After filling out the 'Personal Data Owner Application Form' on the website of our hospital, it can be made in writing or electronically by the following methods.

Upon written request;

You can deliver an ink-signed copy of the Data Owner Application Form to the Registrar's Office of Yeditepe University Koşuyolu or Kozyatağı Hospitals in person with a document identifying your identity or by proxy with a notarized power of attorney showing that you are authorized to apply for the rights listed under Article 11 or you can send it to the address on the websites of our Hospitals via notary public.

In case of an electronic request;

By signing the Data Owner Application Form with an electronic or mobile signature with a "secure electronic signature" certificate defined in the Electronic Signature Law No. 5070, you can send it to "yeditepeuniversitesi@hs03.kep.tr", which is the Registered Electronic Mail (KEP) address of our University, or you can send it to infohastane@yeditepe.edu.tr by using the e-mail address previously notified to Turkish Republic YEDITEPE UNIVERSITY HOSPITAL and registered in the information systems of the University Hospital, or by e-mail to infohastane@yeditepe.edu.tr addresses or by means of these means if there is a software or application developed by our University for the purpose of application.

Responding to Applications

The applications to be received by the University Hospital and written in Turkish containing the requests of the person concerned will be responded to by e-mail or physical letter as soon as possible and within 30 (thirty) days at the latest, and the necessary procedures requested will be carried out by our relevant units.

Within the scope of the Notification on the Procedures and Principles of Application to the Data Controller (“Notification”) published by the Personal Data Protection Authority, if the reply process requires an additional cost, this process will be carried out for a fee based on the pricing regulated in the Communiqué.