INFORMATION NOTICE ON THE ACQUISITION AND PROCESSING OF PERSONAL DATA

At the address Akarca Neighborhood, Mustafa Kemal Boulevard, No:162 Fethiye, MUĞLA – 48300, “Dt. Barış Özgür” (hereinafter referred to as “Barış Özgür”), in the capacity of Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”) and the relevant legislation, may process your personal data within the framework explained below and in compliance with the Basic Law on Health Services No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Its Affiliates, the Regulation on the Provision of Remote Health Services, the Private Hospitals Regulation, Ministry of Health regulations and other applicable legislation. I have been informed by the “Information Notice on the Acquisition and Processing of Personal Data” (“Information Notice”) prepared by Barış Özgür within the framework of the Law No. 6698 (“KVKK”).

1. Acquisition, Processing, and Purposes of Processing Personal Data

Your personal data are obtained by Barış Özgür for the purposes of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, and planning and managing healthcare services and their financing, and in a manner aligned with Barış Özgür’s fields of activity; verbally, in writing, visually or electronically (via our website and/or mobile application), through the call center, verbally, in writing and via similar channels. Your special categories of personal data, particularly your health data, as well as your general personal data, may be processed by Barış Özgür for the purposes stated in this section, in a manner connected with and proportionate to those purposes, including but not limited to the following:

• Identity Information: Name, surname, Turkish ID number, passport number, nationality information or temporary Turkish ID number, place and date of birth, marital status, gender, insurance or patient protocol number and other identity data by which you can be identified, and, if shared with us, the name–surname data of the patient’s relative;
• Contact Information: Address, phone number, email address and other contact data; audio call recordings kept by customer representatives or patient services in line with call center standards; and personal data obtained when you contact us via email, letter or other means, as well as the contact data of the patient’s relative if shared with us;
• Visual Data: A photograph uploaded to the system if you prefer to upload one during registration to Barış Özgür’s physical or online system;
• Accounting Information: Financial data such as bank account number, IBAN, credit card details, billing information;
• Data regarding private health insurance and Social Security Institution (SGK) records for the financing and planning of healthcare services;
• Camera footage recorded for security and audit purposes when our hospitals or medical centers are visited;
• License plate data if the parking lot is used;
• Health Information: Laboratory results, test results, discharge summary (epicrisis), examination data, appointment information, check-up information, medical diagnosis information, prescription information, including but not limited to any personal data related to health and sexual life obtained during the execution of medical diagnosis, treatment and care services or as a result thereof;
• Health data and other personal data entered into, submitted to, or uploaded to the website, mobile application, or Barış Özgür’s online system;
• Browsing information, IP address, browser information, surveys, form information and location data obtained during the use of your website and mobile application;
• If applying for a job to Barış Özgür, any personal data obtained for this purpose including the résumé; and if you are an employee of Barış Özgür or a related worker, any personal data related to the employment contract and job fitness.

All kinds of your personal data obtained by Barış Özgür (including but not limited to special categories of personal data) may be processed, in accordance with the personal data processing conditions set out in Articles 5 and 6 of the Law, for the following purposes:

• Verifying your identity;
• Protecting public health; conducting preventive medicine, medical diagnosis, treatment and care services; and planning and managing healthcare services and their financing;
• Sharing information requested with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation;
• Planning and managing the internal operations and daily operations of our Hospitals and Medical Centers;
• Measuring, increasing, and researching patient satisfaction by the Hospital Management, Patient Rights, and Patient Experience departments;
• Supplying medicines;
• Informing you about your appointment if you make one;
• Carrying out risk management and quality improvement activities;
• Conducting analyses to improve healthcare services;
• Sharing information requested by private insurance companies or contracted institutions within the scope of the financing of your health services and covering your examination, diagnosis, and treatment expenses and/or eligibility inquiries;
• Conducting research;
• Fulfilling legal requirements within the scope of regulatory compliance;
• Carrying out risk management and quality improvement activities by the Quality, Patient Experience, and Information Systems departments;
• Issuing invoices for our services and confirming your relationship with contracted institutions;
• Providing participation in campaigns and campaign information by the Marketing, Media and Communication, and Call Center departments,
• Designing and delivering special content and tangible/intangible benefits on web and mobile channels,
• Fulfilling legal and regulatory requirements,
• By the Patient Services, Financial Affairs, and Marketing departments, sharing the information requested with private insurance companies within the scope of financing your health services and covering your examination, diagnosis and treatment expenses and eligibility inquiries,
• Being informed about my appointment via your Call Center and Digital Channels,
• Verification of my identity by your Patient Services, Health Professionals, and Call Center departments,
• Planning and managing internal processes by Hospital Management,
• Conducting analyses to improve healthcare services by the Quality, Patient Experience, and Information Systems departments,
• Providing training to your employees by the Human Resources and Quality departments,
• Monitoring and preventing abuse and unauthorized transactions by the Audit and Information Systems departments,
• Carrying out risk management and quality improvement activities by the Quality, Patient Experience, and Information Systems departments,
• Providing campaign participation and campaign information by Call Center departments; designing and delivering special content and tangible/intangible benefits on web and mobile channels,
• Enabling educational and training activities by the educational institutions with which the organization cooperates.

If you receive remote health services, any of your personal data (including but not limited to special categories of personal data) obtained electronically (via our website and/or mobile application) may be processed for the following purposes in addition to the personal data processing purposes stated above:

• Medical observation, monitoring and follow-up; evaluation of health status; monitoring diagnosed diseases; and providing medical consultation;
• Evaluating and monitoring clinical parameters such as blood glucose and blood pressure for the remote management and follow-up of diseases; ensuring treatment and medication management;
• Providing services for the protection and monitoring of health, supporting a healthy life, and providing psychosocial support services;
• Enabling comprehensive evaluation and follow-up of individuals at increased health risk or of advanced age;
• Subject to technological capabilities and obtaining the necessary permits from the Ministry of Health, providing individuals with interventional or surgical operation services as determined by the Ministry of Health;
• Carrying out necessary medical procedures and providing related information to protect public health in endemic or epidemic outbreaks in line with national guidelines;
• Measuring and monitoring the health data of the person requesting healthcare via wearable technologies and other medical devices;
• Issuing e-prescriptions and e-reports.

Your Personal Data obtained and processed in accordance with the relevant legislation may be transferred to Barış Özgür’s or Barış Özgür’s physical archives and/or information systems and may be kept both in digital and physical environments.

2. Transfer of Personal Data

Your personal data may, within the scope of the Law and other legislation and for the purposes set out above, be shared by Barış Özgür with private insurance companies, the Ministry of Health and its affiliated sub-units, the Social Security Institution, the General Directorate of Security and other law enforcement agencies, the General Directorate of Population and Citizenship Affairs, the Turkish Pharmacists’ Association, courts and all judicial authorities, centralized and other third parties, your authorized representatives, third parties from whom we receive consultancy services including lawyers, tax and financial advisors and auditors, regulatory and supervisory institutions, official authorities, our business partners and other third parties with whom we cooperate to develop or carry out healthcare services for the purposes stated above.

3. Method and Legal Grounds for Obtaining Personal Data

Your personal data are collected and processed, in all kinds of verbal, written, visual or electronic media, for the purposes stated above and to conduct any work within the scope of Barış Özgür’s field of activity within the legal framework and to enable Barış Özgür to fully and properly fulfill its contractual and legal obligations. The legal grounds for collecting your personal data are:

• Law No. 6698 on the Protection of Personal Data,
• Basic Law on Health Services No. 3359,
• Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Its Affiliates,
• Private Hospitals Regulation,
• Regulation on the Provision of Remote Health Services,
• Regulation on the Processing of Personal Health Data and Protection of Privacy,
• Ministry of Health regulations and other applicable legislation.

As also stated in Article 6, paragraph 3 of the Law, personal data related to health and sexual life may be processed without the explicit consent of the data subject by persons under confidentiality obligations or by authorized institutions and organizations, solely for the purposes of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, and planning and managing healthcare services and their financing.

4. Rights Regarding the Protection of Personal Data

Pursuant to Article 11 of the Law and the relevant legislation, you have the following rights:

• To learn whether personal data are processed,
• If personal data have been processed, to request information regarding this,
• To access personal health data and request them,
• To learn the purpose of processing personal data and whether they are used for their intended purpose,
• To know the third parties to whom personal data are transferred domestically or abroad,
• To request correction if personal data are incompletely or incorrectly processed,
• To request deletion or destruction of personal data,
• To request that the transactions carried out for the correction and/or deletion or destruction of personal data be notified to third parties to whom the personal data have been transferred,
• To object to a result arising against the person herself/himself through the exclusive analysis of the processed data by automated systems,
• To request the deletion or destruction of personal data if the reasons requiring processing cease to exist, even though they have been processed in accordance with the Law and other relevant legal provisions, and to request that the transaction carried out within this scope be notified to third parties to whom the personal data have been transferred,
• To claim compensation for damages in case of damage due to unlawful processing of personal data.

If you exercise one or more of the aforementioned rights, the relevant information will be notified to you in writing in a clear and understandable manner or electronically via the contact details you have provided.

5. Data Security

Barış Özgür protects your personal data in full compliance with all technical and administrative security controls required by information security standards and procedures. These security measures are provided at a level appropriate to the potential risk, taking into account technological capabilities.

6. Complaints and Contact

Your personal data are diligently protected within technical and administrative capabilities, and the necessary security measures are provided at a level appropriate to possible risks, taking into account technological capabilities. You can reach us for requests within the scope of the Law via the email address info@dtbarisozgur.com available at the web address https://dtbarisozgur.com.