INFORMATION NOTICE ON THE PROCESSING AND PROTECTION OF PERSONAL DATA

As the data controller, Op. Dr. Abdulhalim İş attaches great importance to the protection of your personal data within the scope of the Personal Data Protection Law No. 6698 (“Law”) and the relevant secondary legislation, and also in accordance with the General Data Protection Regulation GDPR (General Data Protection Regulation).

This Information Notice on the Processing and Protection of Personal Data (“Notice”) has been prepared to inform you about: the sources from which we obtain your personal data, our legal grounds for obtaining and processing personal data, the purposes for which we process your personal data, whether we transfer your personal data and for what purposes and to whom we transfer it, and your legal rights.

Op. Dr. Abdulhalim İş processes your personal data in accordance with the law, prevents unlawful processing of your personal data and unlawful access to such data, and has taken all necessary technical and administrative measures to ensure an appropriate level of security in order to safeguard the storage of personal data.

PERSONS WHOSE DATA WE PROCESS

As the data controller, Op. Dr. Abdulhalim İş processes personal data limited to the following groups of persons:

Our employees,

Our job applicants (including reference persons declared by applicants),

Our interns and on-the-job training course participants,

Our patients,

Persons with whom we have meetings or establish communication in order to receive diagnosis, treatment, or similar services,

Patients’ relatives and companions,

Parties to any commercial activity or the authorized persons or employees of individuals or companies with whom we cooperate or will cooperate due to commercial activities (supply, advertising, support, marketing, accommodation, transportation, referral sources, etc.),

Shareholders or persons with whom shareholder negotiations are conducted,

Our legal counsel, lawyers and consultants, or the authorized persons or employees of consultancy companies,

Visitors,

Legal representatives of all data subjects, parents, guardians or custodians,

Persons who are parties in legal processes and their legal representatives,

Third parties who contacted us even though they have no commercial or legal connection with our company.

PERSONAL DATA WE PROCESS

As the data controller, Op. Dr. Abdulhalim İş processes the personal health data, general and special category personal data listed below in accordance with the principles of “lawfulness”, “necessity”, “purpose limitation” and “data minimization”.Identity Data

These are all identity-related data such as the name and surname, nationality, Republic of Türkiye ID number, in case of not being a Turkish citizen the passport number and information or temporary Turkish ID number, place and date of birth, marital status, and gender information of the persons whose data will be processed.

Contact Data

These include all contact-related data such as residence address, correspondence address, mobile phone number, and e-mail address.

Visual and Audio Data

These include images and audio recordings obtained via the closed-circuit camera system recorded by the company’s security cameras, audio call records kept if you contact our call center, and, with explicit written consent and permission (consent), the personal data of individuals recorded by photo or video for promotion, research, confirmation and proof that a medical or aesthetic/cosmetic procedure has been performed, or for persuading other patient candidates for a medical procedure.

Employee Records Data

These are the data obtained for employee record processes such as employees’ start date, salary, number of working days per month, as required by law or employment contract.

Education Data

These are data regarding the education status of employees, job applicants, interns or on-the-job training participants, or other relevant persons.

Job and Profession Data

These are all data regarding job or profession for employees, job applicants, interns or on-the-job training participants, or other relevant persons (including professional experience, diploma, and course data).

Comments and Complaint Data

These are comments and complaint data submitted to our Company via the website or other channels with approval and consent, in order to evaluate the services we provide.

Location Data

These are address or location data communicated by individuals in any way and with their own consent.

Transaction Security Data (IP Data and Cookies)These include IP address, browser information, website login-logout and password information (Mac ID, IP address information, website login-logout and password information).

Legal Data

These include all data regarding whether individuals are plaintiffs or defendants, and enforcement data. They include data related to employees and any person who has a lawsuit or enforcement proceeding with the company.

Financial Data

These include individuals’ bank account number and IBAN number. These are requested and processed for employees and patients receiving services from the company.

Health Data

These include all health data obtained during the provision of diagnosis, treatment and care services such as laboratory and imaging results processed with the individual’s consent and required to be followed for legal reasons in medical files, medical test results, blood type, examination data, and prescription information.

In addition, health reports and other medical documents included in employees’ personnel files are also within this scope.

Vehicle Plate Data

If the company car park or private valet service is used, vehicle plate data are within this scope.

Customer Transaction Data

These include call center records, invoices, promissory notes, cheques, cashier receipts, order information, request information, etc.

Clothing Data

These include size data and data such as fixed assets, uniforms, materials, and shoe size, etc.

Biometric Data

These include palm print information, fingerprints, retina scans, facial recognition, etc.

Risk Management Data

These include data processed for the management of commercial, technical and administrative risks.

Physical Premises SecurityThese include entry and exit record information of employees and visitors, and security camera records.

Association, Foundation and Trade Union Data

Association and foundation data may be required in social responsibility and workplace organizations, and trade union data may be required during the deduction of union dues.

III. PROCESSING OF PERSONAL DATA

A. OBTAINING PERSONAL DATA

1. Through Which Channels and How Personal Data Are Collected

Your personal data are obtained through the following channels:

1.2. As a result of the interview conducted with our call center,

1.3. As a result of the interview conducted via the live support application on our website,

1.4. As a result of the interview to be conducted by contacting Op. Dr. Abdulhalim İş doctors or relevant personnel by phone, WhatsApp application, or e-mail,

1.5. As a result of communication established via phones used by Op. Dr. Abdulhalim İş marketing and promotion staff or via SMS or WhatsApp and similar applications,

1.6. If you apply to Op. Dr. Abdulhalim İş, as a result of your interviews with doctors or relevant personnel via phone, SMS or WhatsApp and similar applications,

1.7. If you apply to Op. Dr. Abdulhalim İş, as a result of your face-to-face interviews with doctors or relevant personnel,

1.8. As personal data are included on contracts and other commercial activity documents of authorized persons or employees of individuals and companies with whom business relations are established due to commercial activities, and on communication platforms,

1.9. As personal data are included on contracts and other commercial activity documents of authorized persons or employees of our legal counsel, lawyers and consultants, or consultancy companies, and on communication platforms,

1.10. As a result of applications made via panels such as “contact us” or “get information” through promotions and advertisements on social media,

1.11. Within the scope of wireless Internet service, through guest-specific wireless network (Wi-Fi) broadcast, as a result of requesting personal data required by legislation and a mobile phone number for password encryption in order to connect,

1.12. Obtaining data by saving the MAC ID (Device Identity Information) from website logins,

1.13. If we contact or are contacted by third parties even though they have no commercial or legal connection with Op. Dr. Abdulhalim İş, as personal data are included on communication platforms,

1.14. Similarly, through other legal data acquisition methods.

B. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA 1. Purposes of Collecting and Processing Personal Data

Your personal data and special category personal data mentioned above will be processed for the following purposes:

1- Fulfillment of legal obligations and carrying out all works within the scope of activity within the legal framework,

2- Fulfillment of contractual provisions,

3- Provision of health services (carrying out medical or medical/cosmetic diagnosis, examination, treatment and all kinds of care services),

4- Requirements of commercial activity and business operations,

5- Sectoral (health) requirements;

o 5.1. Protection of public health whether the person is a patient or not, preventive medicine, and carrying out medical diagnosis, treatment and care services,

o 5.2. Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations as required by health legislation,

o 5.3. Financing of your health services by patient services, financial affairs and marketing departments, and covering examination, diagnosis and treatment expenses,

o 5.4. Informing patients about appointments via customer representatives, call center and other channels,

o 5.5. Identity verification by patient services and other operational units,

o 5.6. Measuring, increasing and researching patient satisfaction by hospital management, patient rights and patient experience departments,

o 5.7. Billing by patient services, financial affairs and marketing departments,

o 5.8. Responding to all kinds of questions and complaints regarding our health services by hospital management, patient rights, call center and patient relations department,

6. Technical requirements;

o 6.1. Planning and managing internal operations by call center, patient relations and hospital management,

o 6.2. Research and analyses conducted to improve the quality of health services by service delivery quality, patient experience and IT departments,

o 6.3. Providing training to employees by human resources management and quality departments,

o 6.4. Monitoring and preventing misuse or unauthorized transactions by internal audit and IT department,

o 6.5. Carrying out risk management and quality improvement activities by quality and IT departments,

o 6.6. Taking all necessary technical and administrative measures within the scope of data security by hospital management and IT department,

o 6.7. Ensuring necessary communications by assigned personnel for transportation, accommodation and protocol services within the scope of health tourism,

o 6.8. Providing campaign participation and campaign information by patient relations, marketing and call center department, designing and delivering special content, tangible and intangible benefits on web and other mobile channels and on social media,

o 6.9. Carrying out education and activities by educational institutions with which the institution cooperates,

2. Legal Grounds for Collecting and Processing Personal Data

Your personal data and special category personal data mentioned above will be processed based on the following legal grounds:

Law No. 3359 on the Basic Law on Health Services,

Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Institutions,

Personal Data Protection Law No. 6698,

Regulation on Private Hospitals,

Regulation on the Processing of Personal Health Data and Protection of Privacy,

Law No. 1774 on Identity Notification,

Labor Law No. 4857,

Law No. 5510 on Social Insurances and General Health Insurance.

As stated in paragraph 3 of Article 6 of the Personal Data Protection Law No. 6698, personal data related to health and sexual life may be processed without the explicit consent of the data subject by persons or authorized institutions and organizations under an obligation of confidentiality, for the purposes of protecting public health, preventive medicine, conducting medical diagnosis, treatment and care services, and planning and managing the financing of health services.

C. TRANSFER OF PERSONAL DATA

Your personal data may be shared, within the framework of:

Law No. 3359 on the Basic Law on Health Services,

Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Institutions,

Personal Data Protection Law No. 6698 and all relevant secondary legislation,

Regulation on Private Hospitals,

Regulation on the Processing of Personal Health Data and Protection of Privacy,

Law No. 1774 on Identity Notification,

Labor Law No. 4857,

Law No. 5510 on Social Insurances and General Health Insurance,

and for the purposes explained above, with:

Ministry of Health, its affiliated sub-units and family medicine centers,

Private insurance companies (health, pension, life insurance and similar),

Social Security Institution,

Ministry of Family, Labor and Social Policies,

General Directorate of Security and other law enforcement units,

General Directorate of Population and Citizenship Affairs,

Other authorized public institutions and organizations,

Turkish Pharmacists’ Association,

Judicial authorities, enforcement offices, mediators,

Laboratories, medical centers, ambulances, medical device and healthcare service providers located domestically or abroad with whom we cooperate for medical diagnosis and treatment,

The healthcare institution to which the patient is referred or which the patient applies to, Duly authorized legal representatives, parents and guardians,

All third parties receiving consultancy services, including lawyers, tax consultants and auditors we work with under a contract,

Regulatory and supervisory authorities and official bodies,

Companies within the group of companies to which our hospital is affiliated,

Banks where the accounts of our company, the patient, or our employees or related persons are held due to any contract with our company,

Individual pension companies used within the scope of mandatory or optional private pension system (BES),

Our suppliers, support service providers, archive service providers and business partners whose services we use or with whom we cooperate (for more detailed information, you may obtain information by applying to our hospital in writing),

Our business partners and business connections,

Our shareholders and natural or legal persons with whom shareholder negotiations are conducted,

Outsourced service providers,

Cargo or courier companies,

Air, land or sea passenger transportation companies.

IV. OUR MEASURES AND COMMITMENTS REGARDING THE PROTECTION OF PERSONAL DATA

As the data controller, Op. Dr. Abdulhalim İş protects your personal data and special category personal data specified above in physical and electronic environments within its organization with great care, in full compliance with the legislation, by taking all administrative and technical measures.

As registered in VERBİS and included in the Personal Data Inventory, Op. Dr. Abdulhalim İş has taken all administrative and technical measures regarding the protection of your personal data.

Op. Dr. Abdulhalim İş undertakes to protect all personal data. In order to prevent unlawful processing and unlawful access and to ensure the safekeeping of personal data, technical and administrative measures aimed at ensuring an appropriate level of security are implemented by using various methods and security technologies.

Op. Dr. Abdulhalim İş will not disclose the personal data obtained to others in violation of the provisions of the Personal Data Protection Law No. 6698 and will not use it for purposes other than the purpose of processing.

Op. Dr. Abdulhalim İş has ensured that all warnings or consent statements and undertakings are prepared and signed, and has implemented necessary multi-directional audit activities, in cases where it is mandatory and necessary to share (transfer) personal data with outsourced service providers and suppliers, consultants or lawyers.

V. PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES

Op. Dr. Abdulhalim İş does not place cookies on the website. During the use of our website and mobile application, IP address and browser information (Mac ID, IP address information, website login-logout and password information) are not collected.

VI. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATAUnder Article 11 of the Personal Data Protection Law, by applying to Op. Dr. Abdulhalim İş as the Data Controller through the methods specified below, and provided that you prove your identity, you may exercise your rights regarding the processing and protection of your personal data.

A. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

1. To learn whether your personal data are processed,

2. If your personal data have been processed, to request information regarding this,

3. To learn the purpose of processing your personal data and whether they are used in accordance with the purpose,

4. To know the third parties to whom your personal data are transferred domestically or abroad,

5. To request correction of your personal data if they are processed incompletely or incorrectly,

6. To request deletion or destruction of personal data,

7. If your personal data have been transferred to third parties, to request that the correction of incomplete or incorrect processing and the deletion or destruction of personal data be notified and communicated to the relevant third party,

8. To object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,

9. To request compensation for the damage in cases where you suffer damage due to unlawful processing of personal data.

You may request from Op. Dr. Abdulhalim İş the destruction (deletion, destruction or anonymization) of your data within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law. However, by evaluating your destruction request, our company will determine which method is appropriate according to the conditions of the specific case. In this context, you may request information from Op. Dr. Abdulhalim İş at any time about why we chose the destruction method.

Personal data collected about persons under the age of 18 are limited to name, surname, age and degree of kinship, and such data may only be provided to us by the relevant adult (parent or guardian).

SITUATIONS OUTSIDE THE SCOPE OF THE RIGHT TO APPLY

Pursuant to Article 28 of the Personal Data Protection Law, since the following cases are excluded from the scope of the Law, it will not be possible for data subjects to assert their right to apply:

Processing of personal data for purposes such as research, planning and statistics by anonymizing them for official statistics.

Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights, and does not constitute a crime.

Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.

Processing of personal data by judicial authorities or enforcement authorities relating to investigation, prosecution, trial or execution proceedings.

Pursuant to paragraph 2 of Article 28 of the Personal Data Protection Law, except for the right to claim compensation, it is not possible to assert rights in the following cases:

Where processing of personal data is necessary for the prevention of crime or for criminal investigation,

Where personal data have been made public by the data subject,

Where processing of personal data is necessary for the performance of supervisory or regulatory duties or for disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations with the status of a public institution, based on the authority granted by law,

Where processing of personal data is necessary for the protection of the State’s economic and financial interests relating to budget, tax and financial matters.

B. YOUR CONTACT METHODS TO EXERCISE YOUR RIGHTS

You may exercise your rights under the Personal Data Protection Law through the following methods:

1- By filling out the Application Form on the Protection of Personal Data at our Company’s website address “www.drhalimis.com”,

2- By coming to our headquarters address at Caddebostan Mah. Bağdat cad. Kantarcı Rıza Sok. No:4 Ferid Bey Apartmanı Kat:10 Daire:10 Kadıköy / İstanbul, filling out the Application Form on the Protection of Personal Data to be obtained from the Human Resources Management department, and submitting it in person in return for signature,

3- By sending a letter via a notary public,

4- By sending an e-mail to dr.halimish@yandex.com via secure electronic or mobile signature, to the registered e-mail address,

5- By sending an e-mail to dr.halimish@yandex.com via secure electronic or mobile signature.

Depending on the nature of your request and your application method, additional verification (such as sending a message to your registered phone number or calling you) may be requested by the Company in order to determine whether the application belongs to you and thus to protect your rights. For example, if you apply via your registered e-mail address in the Company’s records, the Company may contact you using another registered contact method and request confirmation that the application belongs to you.

Your requests in your application will be concluded, in principle free of charge, within a maximum of thirty business days depending on the nature of the request. However, if the transaction requires an additional cost for the Company, a fee not exceeding 50 (Fifty) TRY may be requested, as stated in the Communiqué on the Procedures and Principles of Application to the Data Controller published in the Official Gazette dated 10.03.2018 and numbered 30356 by the Personal Data Protection Authority. If your application is caused by the fault of our company as the data controller, the paid fee will be refunded to you.

Your duly submitted requests regarding the Protection of Personal Data will generally be concluded free of charge within a maximum of thirty business days from the date they reach our company.

In case of your application, “Op. Dr. Abdulhalim İş” has the right to request certain verifying information from you in order to confirm that you are the correct person. Unless you cancel your application, you will be deemed to have accepted these requests of Op. Dr. Abdulhalim İş.

CONSENT AND APPROVAL

By reading this Information Notice, you are deemed to have full and complete information about the fact that Op. Dr. Abdulhalim İş carries out a data processing process within this scope, that you have been informed about the processing of your personal data and that you have consented to the processing of your personal data, and you are deemed to have accepted, declared and undertaken this.

CONTACT INFORMATION

Op. Dr. Abdulhalim İş

Tax Number: 65716303876

Contact Link: www.drhalimis.com

E-Mail: dr.halimish@yandex.com

Address: Caddebostan Mah. Bağdat cad. Kantarcı Rıza Sok. No:4 Ferid Bey Apartmanı Kat:10

Daire:10 Kadıköy / İstanbul

Phone: +90 507 683 07 48

Update Date: 18.12.2019 19:33