INFORMATION ON THE COLLECTION, PROCESSING, AND PROTECTION OF PERSONAL DATA
As Hisar Sağlık Hizmetleri Eğitim Araştırma ve Tıbbi Cih. İnş. San. Ve Tic. A.Ş. (Hisar Hospital), we attach great importance to the security of your personal data. In awareness of this responsibility, as the Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data (“PDPL”), your personal data can only be processed in accordance with the purposes and scope described below, in compliance with Law No. 3359 on Basic Health Services, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Affiliated Institutions, Regulation on Private Hospitals, Regulation on the Processing and Confidentiality of Personal Health Data (“Regulation”), Ministry of Health regulations and other applicable legislation.
Your personal data processed by Hisar Hospital are collected verbally, in writing or electronically through call center, website, online services and similar means depending on the health services provided. Additionally, your personal data may also be collected when you participate in trainings, seminars or events organized by Hisar Hospital. Your health data, which are sensitive personal data, as well as general personal data, including but not limited to the personal data listed below, can be processed by Hisar Hospital in connection with and proportionate to the purposes stated in this article:
Primarily your health data, personal and sensitive personal data such as: name, surname, Turkish ID number and/or passport number and/or temporary Turkish ID number, place and/or date of birth, marital status, gender, health insurance, occupation, insurance card number, workplace registration number and/or patient identification number and other identification data that can identify you; address, phone number, email address and other contact data; voice recordings kept by our customer representatives and/or patient services in accordance with call center standards, as well as personal data obtained when you contact us via email, letter or other means; financial data such as bank account number, IBAN number, credit card information, invoicing and billing information; data related to private health insurance for financing and planning of health services and information of payers such as the Social Security Institution; patient medical reports, diagnostic data, biometric and genetic data, laboratory results, test results, examination data, doctor analyses and comments, appointment details, prescription information, including but not limited to all kinds of health information obtained during or as a result of medical diagnosis, treatment and care services; notifications such as surveys, thank-you letters, complaint letters, satisfaction results; vehicle plate information if you use the parking lot; surveillance footage obtained from cameras continuously recording in common areas of our hospitals as required by legislation; health data you submit or enter via all Hisar Hospital websites and online services, IP address, cookies and other personal data; personal data obtained in case of job application including resume; and all kinds of personal data related to your employment contract can be processed by Hisar Hospital in connection with the purposes specified in Article 2 and may be transferred to persons, institutions and organizations listed in Article 3.
Your personal data, including sensitive personal data, may be processed for purposes such as protecting public health, preventive medicine, conducting medical diagnosis, treatment and care services, planning and managing health services and their financing; informing you about appointments if you have booked one; planning and managing the internal operations of our hospital, performing analyses to improve health services; training and developing our employees, monitoring and preventing misuse and unauthorized actions; carrying out risk management and quality improvement activities; conducting research; fulfilling legal and regulatory requirements; invoicing for our services; verifying your identity; newborn notification; confirming your relationship with institutions contracted with our hospital; sharing requested information with the Ministry of Health and other public institutions and organizations as per applicable legislation; sharing requested information with private insurance companies within the scope of health service financing; responding to all inquiries and complaints related to our health services; taking all necessary technical and administrative measures for data security within our hospital’s systems and applications; analyzing your health service usage and storing your health data for improving and enhancing the health services we provide; preserving health data required to be stored under applicable legislation; providing financial reconciliation related to health services offered to you with contracted institutions; measuring patient satisfaction, including but not limited to these, processing your data for conducting, developing, planning and managing medical diagnosis, treatment and care services, health services and their financing, increasing patient satisfaction, research and similar purposes.
In accordance with the PDPL and relevant health legislation, by ensuring the necessary technical and administrative measures to provide an appropriate level of security, we may transfer your personal data within the scope of the purposes stated in Section 2 to persons, institutions and/or organizations permitted by Law No. 3359 on Basic Health Services, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Affiliated Institutions, Regulation on Private Hospitals, Law No. 6698 on the Protection of Personal Data, Regulation on the Processing and Confidentiality of Personal Health Data and other applicable legislation; to private insurance companies, banks, pension funds, foundations; domestic/foreign shareholders, subsidiaries and/or affiliates; group companies; auditors; consultants; business partners; domestic/foreign organizations with which we cooperate or have contractual service relationships; and other real and/or legal third parties.
Your personal data are collected verbally, in writing, visually or electronically, via telephone, SMS, MMS and similar telecommunication means, online through the Social Security Institution system, from records shared by private insurance companies if you benefit from them, via referral from other health institutions and organizations, by yourself, through emails sent, call center call recordings, website, verbal, printed and similar channels before, during, or after your visit to the health institutions within Hisar Hospital, and stored physically and digitally for the purposes described in Section 2.
Your personal data will be deleted, destroyed or anonymized when the purpose requiring processing of your personal data pursuant to Article 7/f.1 of the PDPL ceases to exist and/or when the statute of limitations/storage periods that obligate us to process your data under legislation expire.
As the Data Controller of your personal data processed by Hisar Hospital, pursuant to Article 11 of the PDPL, you have the right to fill out the “PDPL Application Form” below and submit it by hand to the hospital where you received service, send it via notary, email a secure electronic signature signed document or a “Word or PDF” file signed with your secure electronic signature to hisarsaglik@hs01.kep.tr, to learn whether your personal data has been processed, request information regarding processing activities, learn the purposes of processing, find out the third parties/institutions to whom your personal data have been transferred domestically or abroad, request correction/updating if your data is incomplete or inaccurate, request deletion or destruction if the reasons requiring the processing no longer exist or if Hisar Hospital lacks legal grounds or legitimate interest to process the data, object to adverse results arising from automatic systems, and demand compensation for damages in case of unlawful processing of your personal data.
According to Article 5 of the PDPL, your personal data may be processed without your explicit consent in the following cases:
Hisar Hospital protects your personal data in full compliance with the required technical and administrative security controls according to information security standards and procedures and at an appropriate level against possible risks.
You can fill out the “PDPL Application Form” below and submit it by hand to the hospital where you received service, send it via notary, email a secure electronic signature signed document or a “Word or PDF” file signed with your secure electronic signature to hisarsaglik@hs01.kep.tr.
APPLICATION FORM WITHIN THE SCOPE OF THE PERSONAL DATA PROTECTION LAW