Privacy and Personal Data Protection Policy | Özel Çankaya Yaşam Hastanesi

Dear Visitor,

As the data controller, DNC Healthcare Services Joint Stock Company (“DNC Healthcare”) or “the Company”, we are committed to complying with the principles and limits set forth by the Personal Data Protection Law No. 6698 (“Law”) and relevant secondary legislation in all processes related to the processing, transfer, storage, deletion, destruction, anonymization of your personal data, and fulfilling the obligation of informing.

Your personal data may be processed by DNC Healthcare or “the Company” in accordance with Law No. 6698 on the Protection of Personal Data, as described below.

1- Personal Data Collection Methods and Legal Grounds

Your personal data may be collected directly from you through verbal or written information provided by you when you visit Özel Çankaya Yaşam Hastanesi (“Hospital”) within our company, receive health services including medical diagnosis, treatment, or care from our hospital, visit the website https://www.cankayayasamhastanesi.com (“Site”), request an e-appointment through the site, access your test results within the scope of e-results service, or contact the hospital or our company via telephone, email, mail, or other communication channels.

Additionally, your personal data may be collected from website records, call center records, CCTV systems (records obtained through security cameras), cookies, online transactions through the Social Security Institution (SGK) system, records shared when benefiting from private insurance companies, records of other healthcare institutions in case of referral to our hospital, notifications from administrative and judicial authorities, and other communication channels. These data are processed with the explicit consent of the relevant individuals where necessary, or in cases where explicit consent is not required, the obligation to inform is fulfilled, and processing is carried out in accordance with the principles of proportionality and data minimization.

Your personal data,

Explicit consent of the persons concerned
Being clearly prescribed by law
It is necessary for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity.
Being directly involved in the establishment and execution of the contract
Being mandatory for the data controller to fulfill its legal obligation
Being made public by the person concerned
Data processing is mandatory for the establishment, exercise or protection of a right
Data processing is mandatory for the legitimate interests of the data controller

It operates based on legal reasons.

2-Data Categories and Data Types

Identity	Name – Surname, T.R. Identity Number, Passport Number or Temporary Identity Number for Non-Turkish Citizens, T.R. Identity Card Information (Serial No., Nationality, Gender, etc.), Place and Date of Birth, Marital Status
Contact	Phone number, E-mail address, Address (Home, Work)
Financial Information	Bank/credit card information, Financial Transaction Information, IBAN Number, Payment Information
Physical Space Security	CCTV (Security camera) records
Transaction Security	Your Browser Information, Your Website Login-Exit Information, Your Log Records Kept in accordance with Law No. 5651, Call Center Records
Your Special Personal Data	For services financed by SSI, all kinds of health and sexual life obtained within the scope of medical diagnosis, treatment and care services, including but not limited to fingerprints, laboratory results, test and analysis results, examination data, check-up information, prescription information. Your personal data and genetic data
Other	Your Private Health Insurance or Social Security Institution Data, provide audio and/or video in case a consent is given within the scope of the Law on Intellectual and Artistic Works,

3-Purposes of Processing Personal Data

Your personal data;

Protection of public health, preventive medicine, medical diagnosis, treatment and care services,
3359 p. Health Services Basic Law, 5510 p. Social Insurance and General Health Insurance Law, 663 p. Decree Law on the Organization and Duties of the Ministry of Health and its Subsidiaries, Regulation on Private Hospitals, Regulation on Processing and Ensuring the Privacy of Personal Health Data, Communiqué on the Implementation Procedures and Principles of Intensive Care Services in Inpatient Health Facilities, Implementation Procedures and Principles of Emergency Service Services in Inpatient Health Facilities Fulfilling the legal obligations included in the relevant Communiqué and other relevant regulations,
Carrying out the necessary work by the relevant business units in order to realize the commercial activities carried out by the company and carrying out the related business processes,
Ensuring workplace safety,
Verification of your identity in order to provide health services to our customers within the scope of SSI,
Confirming the relationship of our customers with institutions contracted with our company,
Allowing appointments to be made through the Call Center and website and providing information about appointments,
Ensuring the security of sensitive personal data and preventing access and misuse of these data by unauthorized third parties,
Planning and Execution of Operational Activities Necessary to Ensure Company Activities Are Conducted in Compliance with Company Procedures and/or Relevant Legislation
Planning and/or Execution of Business Continuity Ensuring Activities
Planning, Auditing and Execution of Information Security Processes
Follow-up of the Company’s Legal, Finance and Accounting Affairs
Management of Relationships with Business Partners and/or Suppliers
Planning and Execution of Sales Processes of Products and/or Services
Planning and/or Execution of After-Sales Support Services Activities
Planning and Execution of Customer Relationship Management Processes, Tracking of Customer Requests and/or Complaints, Planning and/or Execution of Customer Satisfaction Activities
Providing Information to Authorized Institutions as Required by Legal Obligation,
Ensuring the Security of the Company, Company Campuses, Facilities, Operations, Fixtures, Resources and Movables
Creating Visitor and Companion Records
It is processed for the purposes of creating and managing the information technology infrastructure.

4-Purposes of Transfer of Personal Data and Persons Transferred

Your personal data is processed by taking into account all your personal rights, in accordance with the law, by observing the principles of “need to know” and “need to use” and by ensuring the necessary data minimization; It can be shared with public institutions and organizations and private law legal entities in line with and limited to the fulfillment of the above-mentioned purposes. In this manner;

If you receive health care from our hospital, SSI is required by law; Ministry of Health, sub-units and family medicine centers affiliated to the Ministry; General Directorate of Population; Judicial Authorities and Police Department; During tax audits, invoices and collection receipts are shared with representatives of the Ministry of Finance,
If you visit our hospital or our website as a visitor; sharing with public institutions and organizations that are legally authorized to request this information within the scope of legal obligations (in cases where the Company has a legal or administrative obligation to notify or provide information, such as, but not limited to, fighting crime, threat to state and public security); Sharing log records with official institutions; If camera recordings are requested, contact official institutions such as the prosecutor’s office and the court.
In order to ensure the security of the store and its extensions, data such as camera recordings are shared with the security company and the service provider that establishes or operates the technical infrastructure,
Sharing with laboratories, medical centers, ambulances, medical devices and institutions providing health services in the country or abroad with which we cooperate for medical diagnosis and treatment;
With private insurance companies that the customer is affiliated with, in order to fulfill the rights of both the customer and our Company,
Your contact information will be shared with the SMS Supplier so that our customers can access the analysis results.
With your relative whom you have authorized in accordance with Article 18/3 of the Patient Rights Regulation; with the legal heirs of the deceased by submitting the deed of inheritance,
Your invoice information can be shared with the invoice/e-invoice integrator to prepare the customer’s invoice in written form or to prepare and send the e-invoice electronically.
Third parties from whom we receive consultancy, including the lawyers and Certified Public Accountants we work with, for the purpose of carrying out legal, financial and operational processes.
Sharing the information of the person to whom the purchased product will be delivered with the cargo company;
Within the scope of reporting and statistical studies, anonymised and with DNC Health shareholders,
With infrastructure providers for the purpose of storing physical and electronic data,
With authorized administrative and supervisory boards and/or other authorized supervisory institutions and organizations,
It may be transferred to administrative authorities, judicial authorities or relevant law enforcement forces upon request in order to resolve legal disputes or in accordance with the relevant legislation, for the purposes specified in this clarification text, and may be processed domestically or abroad.

5-Your Rights as a Relevant Person

As the person whose personal data is processed, you have your rights under Article 11 of the Law, which regulates the rights of the relevant person (learning about personal data processing, requesting information about processing, learning the purpose of processing and whether they are used in accordance with the purpose, knowing the persons to whom the transfer is made, requesting correction of incomplete or incorrect processing, You can contact [email protected] or use the form here to use it in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Your application prepared to exercise your rights over your personal data;

You can personally bring it to the address “Birlik Mahallesi Şehit Kurbani Akboğa Sokak (Eski 4. Caddesi) No:26 Çankaya/ANKARA”,
You can send it to the specified address, with a wet signature, through a notary public,
You can send it to the address with a secure electronic or mobile signature, via your registered e-mail address or your e-mail address registered in our system.
We would like to remind you that the relevant request must comply with the conditions set out in the Communiqué on Application Procedures and Principles to the Data Controller.

DNC Healthcare Services Joint Stock Company