Protection of personal data is among the top priorities of Moss Dental Oral and Dental Health Polyclinic. We pay attention to the security of personal data and attach great importance to patient privacy and to preserving all kinds of personal data of our patients in the best possible way and with care. In addition to our patients, companions, visitors, all employees and employees of the institutions and organizations we cooperate with; According to the Law on the Protection of Personal Data No.6698, the Regulation on the Processing of Personal Health Data and Ensuring Privacy and the Related Legislation, protecting personal data has been adopted as an institutional policy within the framework of the following basic principles.
Processing personal data in accordance with the law and good faith
Keeping personal data accurate and up to date when necessary
Processing personal data for specific, explicit and legitimate purposes
Processing personal data related to the purpose for which they are processed, limited and measured
Keeping personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed
Enlightening and informing personal data owners
Setting up the necessary system for personal data owners to exercise their rights
Taking necessary precautions in the preservation of personal data
To act in accordance with the relevant legislation and the regulations of the KVK Board in transferring personal data to third parties in line with the requirements of the processing purpose
Showing the necessary sensitivity to the processing and protection of special quality personal data
Deleting and destroying personal data in a legally defined manner and time
The main purpose of this Policy is to make statements about the personal data processing activities carried out by Moss Dental Oral and Dental Health Polyclinic in accordance with the law and the protection of personal data, in this context, our patients, visitors, employees and institution officials, employees, shareholders and officials of the institutions we cooperate with, and third parties To ensure transparency by informing the persons whose personal data are processed by our institution, especially. Although personal data processed by Moss Dental Oral and Dental Health Polyclinic may vary depending on the health services provided, it is collected by automatic or non-automatic methods. Our patient representatives, physicians, healthcare professionals, etc. Our employees, subcontractors and employees and companies engaged in all kinds of commercial activities; Special quality personal data, especially health data collected verbally, in writing or electronically, through our call center, website, online services and similar means, and general quality personal data can be processed for the following purposes.
Carrying out medical diagnosis, treatment and care services, protection of public health, planning and management of preventive medicine and its financing; To inform our patients about the appointment; planning and managing the internal procedures of our hospital, analyzing to improve healthcare services; to train and develop our employees, to protect the personal processes and legal rights of our employees, to monitor and prevent abuse and unauthorized transactions; carrying out risk management and quality improvement activities; conducting research; fulfillment of legal and regulatory requirements; billing for our services; confirm your identity; newborn baby notification; Confirming your relationship with the institutions contracted with our hospital; to share all kinds of information requested by private insurance companies within the scope of financing health services; To answer all your questions and complaints regarding our health services; to take all necessary technical and administrative measures within the scope of data security of our hospital's systems and applications; analyzing your use of healthcare services and storing your health data in order to improve and improve the healthcare services we provide to you; preserving information about your health data that should be kept in accordance with the relevant legislation; Providing financial agreement with the institutions we have contracted with, banks and all institutions (public and private) for which health expenditures are collected; sharing the requested information with the Ministry of Health and other public institutions and organizations in accordance with the relevant legislation; measuring patient satisfaction, increasing patient satisfaction.
Personal data are collected and processed in all kinds of verbal, written or electronic media, in order to provide the above-mentioned purposes and health services within the determined legal framework and to fulfill the contracts and legal obligations of Moss Dental Oral and Dental Health Polyclinic as required.
This Policy; Our patients, companions, visitors, institution officials, employees, employees, shareholders and officials of the persons, organizations and institutions with which we cooperate and have all kinds of legal relations, and third parties
This Policy; It covers the following personal data of our patients, companions, visitors, institution officials, employees, employees, shareholders and officials of the persons, organizations and institutions with whom we cooperate and have any legal relationship, and third parties, which are processed automatically or not.
Name, Surname, TR Identity Number, Passport Number or temporary TR Identity Number, Place and Date of Birth, Gender, Marital Status, protocol number specific to the hospital and other identification data identifying patients; address, telephone number, e-mail address, etc. financial data such as contact data, payment and billing information; audio and digital information that may be acquired by electronic or non-electronic means; General and special quality personal data, especially personal health data obtained during the execution of all medical diagnosis, examination, treatment and care services; Data on private health insurance and Social Security Institution data for the purpose of financing and planning health services, health and identity data sent over websites, all visual (digital and non-digital) records.
According to the groups of personal data owners, the scope of application of this policy may be the entire policy (such as our patients); There may be only some provisions (eg only our employees, suppliers, etc.).
Personal data can also be processed when the call center or website is used to use online services, in the intranet, training, participating in events organized by the hospital or visiting websites.
Explicit Consent: Consent on a specific subject, based on information and expressed with free will Anonymization: It is the change of personal data in a way that loses the quality of personal data and this situation cannot be recovered. For example, masking, aggregation, data destruction, etc. making personal data unrelated to a natural person with techniques Employees, Shareholders and Authorities of the Institutions We Cooperate with: Real persons working in the institutions with which our institution has all kinds of business relations (such as but not limited to business partners, suppliers), including the shareholders and officials of these institutions Processing of Personal Data: Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, through fully or partially automatic means of personal data or non-automatic means provided that it is a part of any data recording system, Any action on the data, such as classification or prevention of use Personal Data Owner: Real person whose personal data is processed. For example, patients and staff Personal Data: All kinds of information regarding an identified or identifiable natural person. Therefore, the processing of information on legal persons is not covered by the Law. For example Name, Surname, T.C. Identity Number, E-mail Address, Address, Date of Birth, Credit Card Number, Bank Account Number etc. Patient: A person who applied to our institution for examination and treatment and received outpatient or inpatient treatment Special Qualified Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, association foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. data of special nature Hospital Responsible: General Manager of the Institution and other authorized real persons Third Party: Third party real persons associated with these persons (For example, employees or officials of the service company, Companion etc.) in order to ensure the security of the commercial transactions between our institution and the parties mentioned above or to protect the rights of the mentioned persons and to obtain benefits. Data Processor: Real and legal person who processes personal data on behalf of the data controller based on the authority given by him. For example, the information company that keeps the data of our institution, all employees who enter patient data into the system Data Supervisor: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system). Visitor: Real persons who have entered the physical areas owned by our institution for various purposes or visited our websites.
Implementation of the Policy and Relevant Legislation
The processing and protection of personal data are carried out within the framework of the relevant legal regulations in force. Moss Dental Oral and Dental Health Polyclinic Personal Data Protection Policy has been prepared in accordance with current regulations.
The policy was created by integrating with Moss Dental Oral and Dental Health Polyclinic practices within the framework of the rules laid down by the relevant legislation. It carries out the necessary preparations by adhering to the validity periods stipulated in the KVK Law. When the above-mentioned personal data is required, the Health Services Basic Law No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Institutions, the Regulation on Private Hospitals, the Regulation on the Processing of Personal Health Data and the Protection of Privacy, and the Ministry of Health regulations. can be processed within the framework of the provisions of the legislation, and transferred to the physical archives and information systems of our hospitals and / or suppliers. As a result, Personal data will be protected in both digital and physical environments in accordance with the legal periods defined in institution procedures.
Ensuring the Security of Personal Data
Our institution takes the necessary technical and administrative measures to ensure the optimum security level in order to prevent the unlawful processing of the personal data it processes and to ensure the preservation of the data, and in this context, it carries out or has it done.
The actions and measures taken by our institution to ensure "data security" in accordance with Article 12 of the KVK Law are listed below.
Our institution takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that personal data are processed in accordance with the law. Employees are informed that they cannot disclose the personal data they have learned to anyone in violation of the provisions of the KVKK and cannot use it for purposes other than processing, and this obligation will continue after they leave the job, and in this direction, necessary commitments are taken from them.
Our institution takes technical and administrative measures to prevent the imprudent or unauthorized disclosure of personal data, their access, transfer or any other illegal access.
Our institution raises awareness as data processing institutions such as business partners and suppliers, to whom personal data has been transferred, to prevent unlawful processing of personal data, to prevent unlawful access to data, and to ensure legal protection of data.
The obligations that our institution has to comply with when processing personal data as a data controller and the obligation to comply with the legal, administrative and technical measures it has developed in this regard. Contracts are made to data processing institutions with various titles such as suppliers and business partners, in accordance with the nature of their data processing activities.
Our institution carries out the necessary inspections or has it done within its own structure. These audit results are reported to the relevant department within the scope of the internal functioning of the Agency and necessary actions are carried out to improve the measures taken.
Our institution carries out a system that ensures that personal data processed in accordance with Article 12 of the KVK Law are obtained by others illegally, and this situation is notified to the relevant personal data owner and the KVK Board as soon as possible.
Rights of the Data Owner; Claiming Claims, Communication Channels and Evaluation of Data Owners' Requests
Our institution carries out the necessary channels, internal functioning, administrative and technical regulations in accordance with Article 13 of the KVK Law in order to evaluate the rights of personal data owners and to provide the necessary information to personal data owners.
In the event that personal data owners submit their requests regarding their rights listed below to our Institution in person with an application and a specially authorized power of attorney, our Institution finalizes the request as soon as possible and free of charge within thirty days at the latest, depending on the nature of the request. Personal data owners have the following rights:
Learning whether personal data is processed or not
Requesting information if personal data has been processed
Learning the purpose of processing personal data and whether they are used appropriately for their purpose
To know the third parties in the country or abroad to whom personal data are transferred
Requesting correction of personal data if it is incomplete or incorrectly processed
Requesting the deletion or destruction of personal data
In case of correction, deletion or destruction of personal data, requesting that these transactions be notified to third parties to whom personal data has been transferred
Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated system.
To demand the compensation of the damage in case of damage due to the unlawful processing of personal data In accordance with paragraph 1 of Article 13 of the KVK Law, the request for the use of the above-mentioned rights must be submitted to our Institution (data officer) in "written" form.
In order to use the rights specified within the framework of the KVK, the request, together with the necessary information identifying the rights and explanations about the rights to be used, should be conveyed to our institution by stating which right is related to the use of the Law in Article 11; It will ensure that the application regarding the request is answered more quickly and effectively.
Protection of Special Quality Personal Data
Moss Dental Oral and Dental Health Polyclinic carefully protects personal data with its technical and administrative facilities. Security measures taken by our hospital are provided at an optimum level by considering technological possibilities and possible risks.
When a group of personal data is processed unlawfully, it is defined as "special quality personal data" in the KVK Law due to the risk of causing victimization or discrimination.
These data; Biometric and genetic data regarding race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction and security measures.
The protection of the above-defined data determined as "special quality" by the KVK Law and processed in accordance with the law is carefully treated.
Clarifying and Informing Personal Data Owner
In accordance with Article 10 of the KVK Law, it enlightens the personal data owners during the acquisition of personal data. In this context, our Institution provides personal data owners with the identity of our Institution during the acquisition of personal data, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason of collecting personal data and the rights of the personal data owner under Article 11 of the Law on KVK. makes relevant lighting.
In the 20th article of the Constitution, it has been revealed that everyone has the right to be informed about their personal data. Accordingly, in Article 11 of the KVK Law, "requesting information" is included among the rights of the personal data owner. In this context, our institution provides the necessary information in case the personal data owner requests information in accordance with the 20th article of the Constitution and the 11th article of the KVK Law.
Our institution informs those concerned about personal data processing activities and ensures accountability and transparency within this framework by announcing the corporate policy in the protection of personal data to the personal data owners and those concerned with various publicly available documents. In addition, our Institution related persons; It also informs people about their activities and the articles in the law in different ways, especially when they apply for their express consent.
Processing of Personal Data
Our institution, in accordance with Article 20 of the Constitution and Article 4 of the Law on KVK, regarding the processing of personal data; correct and up to date, in accordance with the law and honesty rules; by pursuing specific, explicit and legitimate purposes; performs personal data processing activities related to the purpose, limited and measured.
Our institution retains personal data for the period stipulated by laws or as required by the purpose of processing personal data.
Our institution processes personal data in accordance with Article 20 of the Constitution and Article 5 of the Law on KVK, based on one or more of the conditions in Article 5 of the KVK Law regarding the processing of personal data.
Our institution acts in accordance with the regulations stipulated in terms of processing special quality personal data in accordance with Article 6 of the KVK Law.
Our institution acts in accordance with the 8th and 9th articles of the KVK Law, in accordance with the regulations stipulated in the law and set forth by the KVK Board regarding the transfer of personal data.
Processing of Personal Data in Compliance with the Principles Prescribed in Legislation
Processing in accordance with the Law and the Rules of Honesty
Our institution; acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. Our institution takes into account the proportionality requirements in the processing of personal data, and does not use personal data for other purposes.
Ensuring that Personal Data is Accurate and Updated when Required
Our institution; takes the necessary measures to ensure that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legal interests.
Processing for Specific, Clear and Legitimate Purposes
Our institution clearly and precisely determines the purpose of processing personal data that is legitimate and lawful. Our institution processes personal data in connection with the service it provides and as required for them. The purpose of processing personal data is notified by our institution before the personal data processing activity begins.
Being Related, Limited and Measured for the Purpose of Processing
Our institution processes personal data in a way that is convenient for the realization of the specified purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed. For example, personal data processing activities are not carried out to meet the needs that may arise later.
Retaining for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are processed
Our institution keeps personal data only for the period specified in the relevant legislation or for the purpose for which they are processed. In this context, our Institution first determines whether a period is stipulated for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period, if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. Personal data are deleted, destroyed or anonymized by our Institution in the event of the expiration of the period or the disappearance of the reasons requiring processing.
Conditions of Processing Personal Data
Protection of personal data is a constitutional right. Pursuant to the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by the law or with the express consent of the person. Our institution in this direction and in accordance with the Constitution; processes personal data only in cases stipulated by law or with the express consent of the person.
Although the legal bases for the processing of personal data by our institution differ, all kinds of personal data processing activities are acted in accordance with the general principles specified in Article 4 of the Law No. 6698.
The explicit consent of the personal data owner is only one of the legal bases that allow the processing of personal data in accordance with the law. Apart from express consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity can be only one of the conditions stated below, and more than one of these conditions can also be the basis of the same personal data processing activity. In case the processed data is personal data of special nature; The following conditions apply.
Obtaining the Explicit Consent of the Personal Data Owner
Clearly Stipulated in Laws
Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility
Directly Related to the Establishment or Execution of the Contract
Fulfilling the Legal Obligation of the Institution
Making Personal Data Public by Personal Data Owner
When Data Processing is Mandatory for the Establishment or Protection of a Right
Data Processing being Mandatory for the Legitimate Interest of our Institution
Processing Special Quality Personal Data
In the processing of personal data determined as "special quality" with the KVK Law by our institution, the regulations stipulated in the KVK Law are acted carefully.
In the 6th article of the KVK Law, some personal data that have the risk of causing victimization or discrimination when processed illegally are determined as "special quality". These data; Biometric and genetic data regarding race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction and security measures.
In accordance with the KVK Law, by our Institution; Special quality personal data are processed in the following cases, provided that adequate measures are taken by the KVK Board:
If the personal data owner has explicit consent, or
If there is no explicit consent of the personal data owner;
Special quality personal data other than the health and sexual life of the personal data owner, in cases stipulated by law
Personal data of special quality regarding the health and sexual life of the personal data owner, only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, persons or authorized institutions and organizations under the obligation to keep confidentiality. It is processed by.
Transfer of Personal Data
Our institution is able to transfer the personal data and special quality personal data of the personal data owner to third persons (third party companies, institutions, group companies, third natural persons) by taking the necessary security measures in line with the legal personal data processing purposes. In this direction, our institution acts in accordance with the regulations stipulated in the 8th article of the KVK Law.
Your personal data, Moss Dental Oral and Dental Health Polyclinic, Medical Centers, Group Companies, Universities, Ministry of Health, affiliated sub-units and family medicine centers, private insurance companies (health, pension and life insurance, etc.) social Security institution, General Directorate of Police and other law enforcement agencies, National headquarters, Turkey Pharmacists Association, courts and all public institutions and organizations without being connected thereto, laboratories located within the country that we are in cooperation or abroad for medical diagnosis, medical centers and third parties, regulatory and supervisory institutions that we receive consultancy, including third parties providing healthcare services, the healthcare institution to which the patient is referred or to whom the patient applied, your authorized representatives, the institution you are affiliated with and / or work with, lawyers, tax consultants and auditors, and official authorities for the dormitory and / or companies within the group of companies that our Hospital is affiliated with, our suppliers, support service providers and business partners with whom we benefit or cooperate (you can apply to our hospital in writing for more detailed information).
Transfer of Personal Data Abroad
Moss Dental Oral and Dental Health Polyclinic takes necessary security measures in line with personal data processing purposes and can transfer personal data and special quality personal data of the personal data owner to contracted private and public institutions of foreign countries, foreign health and insurance organizations, service providers that need to be shared for medical necessity. Personal data by our institution; KVK Board by adequate protection where it has been declared to foreign countries ( "Adequate Protection with Foreign Countries") or in case of the absence of adequate protection commits an adequate protection of responsible data in Turkey and in the foreign countries in writing and to foreign countries where the KVK Board's permission (Foreign Country of Data Controller Committing Sufficient Protection) is transferred. In this direction, our institution acts in accordance with the regulations stipulated in the 9th article of the KVK Law.
Building, Facility Entrances and Personal Data Processing Activities within the Building Facility and Website Visitors
Our institution acts in accordance with the regulations in the KVK Law in the execution of camera surveillance activities for security purposes.
Personal data processing is carried out in our institution's buildings and facilities to monitor the entrance and exit of patients, personnel, visitors and supplier company employees with security cameras.
Personal data processing activity is carried out by our Institution by using security cameras and recording guest entrance and exit.
In this context, our Institution acts in accordance with the Constitution, KVK Law and other relevant legislation.
Image records of our visitors and sound recordings where necessary are taken by means of camera monitoring system at the building, facility entrances and inside the facility of our institution.
Our institution, within the scope of surveillance activity with security cameras; It aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of the institution, patients and employees, and to protect the interests of the patients regarding the healthcare and other services they receive.
The camera surveillance activity carried out by our institution is carried out in accordance with the Law on Private Security Services and relevant legislation.
Only authorized institution employees and / or supplier company employees have access to digitally recorded and maintained records. On the other hand, the live camera images can be followed by the security duties from outside.
Camera recordings are kept for 2 months.
Necessary technical and administrative measures are taken by our institution to ensure the security of personal data obtained as a result of camera surveillance, in accordance with Article 12 of the KVK Law.
Conditions for Deletion, Destruction and Anonymization of Personal Data
Although it has been processed in accordance with the provisions of the relevant law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the KVK Law, in case the reasons for processing disappear, the personal data will be deleted, destroyed or anonymized in accordance with the relevant procedures of our Institution or upon the request of the personal data owner. is brought.
In this context, our Institution trains and assigns relevant business units and increases their awareness in order to fulfill its obligation.
While obtaining the names and surnames of the persons who come to the buildings of our Institution, or through texts posted at the Institution or made available to the guests in other ways, the personal data owners are enlightened within this scope.
For ensuring security by our institution and for the purposes specified in this Policy; Internet access can be provided to our visitors who request during their stay in our buildings and facilities by our institution. In this case, log records regarding internet access are recorded in accordance with the Law No. 5651 and the governing provisions of the legislation regulated in accordance with this Law; These records are only processed if requested by the authorized public institutions and organizations or to fulfill our legal obligation in the audit processes to be carried out within the Agency.
Only a limited number of employees of the Agency have access to the log records obtained within this framework. Employees of the Agency, who have access to the aforementioned records, only access these records for use in the request or audit processes from the authorized public institutions and organizations and share them with legally authorized persons. A limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality undertaking.
On the websites owned by our institution; to ensure that those who visit these sites perform their visits on the sites in a suitable manner for visiting purposes; Internet movements within the site are recorded by technical means in order to show them customized content and to perform online promotion activities.
Enforcement of the Policy
Moss Dental Oral and Dental Health Polyclinic Personal Data Protection and Processing Policy enters into force on 16.01.2020. In the event that all or certain articles of the policy are renewed, the effective date of the Policy is the date on which that article is revised for the renewed item.
The policy is published on our institution's website (https://mossdental.com/en/).
You can download the "Personal Data Protection Law (KVKK)" Application Form by clicking here.
1. Etap Prof. Dr. N. Erbakan Cad. No:7/A 34480 Basaksehir - Istanbul Turkey