GDPR & OUR PDP POLICY
Personal Data Protection Information
The Physician and the practice under his responsibility place the utmost importance on protecting and processing personal data, particularly the privacy of personal life as regulated in Article 20 of the Constitution, as well as protecting the basic rights and freedoms of individuals. Within this framework, the organization takes great care to ensure that personal data is protected and processed in accordance with the law and acts with this understanding in all planning and activities.
The Physician does not view the protection and processing of personal data only in the context of compliance with laws, but rather places the value given to humans at the foundation of his approach. Acting with this awareness, the Physician and the practice under his responsibility take all necessary administrative and technical measures to ensure the safe storage of personal data and prevent its processing in violation of the law.
a. Data Collector
A data controller refers to the real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. According to the Personal Data Protection Law numbered 6698 (“the Law”), your personal data is collected and processed by “the phsycian” as the data controller within the scope explained below.
b. Personal Data Collection Method and Legal Reason
Your personal data is collected through various channels by fully or partially automatic or non-automatic means, in all kinds of oral, written, and electronic media; such as various documents submitted to the physician, job application forms obtained through various channels such as job search portals, customer information forms, mail and e-mails, call center, website, social media tools, communication accounts and devices, examination center information systems and devices, security cameras, third parties such as doctors, business partners, and companies that provide services/products to the doctor and the doctors employed by the physician, in order to be stored for as long as necessary.
Your personal data is processed based on your explicit consent. However, your personal data can also be processed without seeking explicit consent, based on legal grounds such as: (i) being explicitly provided for by laws, (ii) personal data being made public by the data subject themselves, (iii) the data subject being unable to provide consent due to factual impossibility, and it being necessary for the protection of the life or physical integrity of the data subject or another person, (iv) being necessary for the performance of a contract or for the conclusion of a contract to which the data subject is a party, (v) being necessary for the fulfillment of the legal obligation of the controller, (vi) being necessary for the establishment, exercise or protection of a right, (vii) being necessary for the legitimate interests of the controller, provided that it does not harm the fundamental rights and freedoms of the data subjects.
c. Purposes of Processing Personal Data
Your personal data is processed for the following purposes: to fulfill legal and professional obligations as per the conditions mentioned in the second paragraph of Article 5 of the Law; to properly plan and carry out our commercial relationships, partnerships, and strategies; to ensure the legal, commercial and physical security of the doctor and our business partners; to ensure the smooth operation of the doctor; to best plan and implement our human resources policies; to ensure the functionality and security of the doctor’s information systems and create necessary databases; to improve the services offered on the doctor’s website and fix any errors; to create and keep track of visitor records and ensure management of requests and complaints.
If you provide your explicit consent, your personal data may be processed by the physician for the purpose of allowing you to benefit from the products and services offered in the best way (statistics, analysis, profiling, and reporting of preferences) and to keep you informed (promotion, advertising, announcements, and information, as well as personal process tracking); to plan, develop and carry out corporate communication activities and to analyze your financial profile.
Medical imaging data including X-ray, CT (Computed Tomography), MRI (Magnetic Resonance Imaging), DEXA (Bone Density Measurement Device), Scintigraphy, Angiography, Ultrasonography, etc. obtained from Medical Imaging Systems will be destroyed in accordance with the “Regulation on the Deletion, Destruction or Anonymization of Personal Data” after it is viewed by the Physician.
d. To Whom and For What Purpose the Processed Personal Data Can Be Transferred
Your personal data may be shared with our group of doctors, affiliates, partners, external doctors (such as those providing services in areas like security, health, workplace safety, and law) we contract with to fulfill our contractual or legal obligations, and authorized institutions and organizations, within the scope of the purposes mentioned in the first paragraph of this section (c) and under the conditions specified in Articles 8 and 9 of the Law, provided that the necessary security measures are taken. If you provide your explicit consent, your personal data may be shared with our group of doctors, affiliates and partners, within the scope of the purposes mentioned in the second paragraph of this section (c).
e. Rights of Personal Data Owners Pursuant to Article 11 of the Law
The physician, in accordance with Article 10 of the Law, informs you of your rights and guides you on how to exercise them, and implements the necessary internal procedures, administrative and technical regulations. As the data subject, you have the rights, in accordance with Article 11 of the Law, to: (a) learn whether or not your personal data is being processed, (b) request information about your personal data if they are being processed, (c) learn the purpose of the processing of your personal data and whether or not they are being used in accordance with that purpose, (ç) find out about third parties to whom your personal data is transferred within or outside of the country, (d) request the correction of your personal data if they are incomplete or inaccurate, (e) request the deletion or destruction of your personal data in accordance with the conditions set out in Article 7 of the Law, (f) request that the operations carried out in accordance with the provisions of paragraphs (d) and (e) of this Article be notified to third parties to whom your personal data is transferred, (g) object to the processing of your personal data by means of automatic systems that results in an outcome that is not favorable to you, (ğ) request the compensation of damages if you are harmed due to the illegal processing of your personal data.
You can submit requests and applications related to the implementation of the Law by preparing the Data Owner Application Form in accordance with the legislation, either by delivering it personally to the address “Mimar Sinan Mah., Ziya Gökalp Blv. No:28 Mi’Marin Medical D:1, 35220 Konak/İzmir”, or by sending it through a Notary Public, or by sending it electronically to the registered electronic mail (KEP) address [email protected] using a secure electronic signature or mobile signature.
In your requests and applications, the following elements must be present:
- Name, surname, and signature if the application is written,
- Identity number for citizens of the Republic of Turkey, nationality for foreigners, passport number
- or if available, identity number,
- Address for delivery or workplace address,
- Electronic mail address, telephone and fax numbers,
- Subject of request,
Information and documents related to the subject must be attached to the application.
The physician will handle the requests included in the application as soon as possible and within thirty days for free, depending on the nature of the request. However, if the process requires additional cost, fees may be charged according to the tariff determined by the Board.
The physician may accept the request or reject it with an explanation and notify the person concerned in writing or electronically. If the request is accepted, the physician will take the necessary steps as soon as possible and inform the person concerned. Should the fee is charged due to a mistake made by the physician, it will be refunded to the data owner.
If the request is rejected or the response given is deemed insufficient or if a response is not given within the time period, the data owner has the right to file a complaint with the Personal Data Protection Board within thirty days of learning about the response and, in any case, within sixty days from the date of the request.
More detailed information about the subject can be found in the “Protection and Processing of Personal Data Policy” of the physician.
Application to the data controller Article 13:
(1) The individual submits their requests related to the implementation of this law to the data controller in writing or through other methods determined by the Board.
(2) The data controller will handle the requests included in the application as soon as possible and within thirty days for free, depending on the nature of the request. However, if the process requires additional cost, fees may be charged according to the tariff determined by the Board.
(3) The data controller may accept the request or reject it with an explanation and notify the person concerned in writing or electronically. If the request is accepted, the data controller will take the necessary steps. If the fee is charged due to a mistake made by the data controller, it will be refunded to the person concerned.
Complaint to the Board Article 14:
(1) If the request is rejected, if the response given is deemed insufficient or if a response is not given within the time period, the individual may file a complaint with the Board within thirty days of learning about the response and, or in any case within sixty days from the date of the request.
(2) The complaint procedure cannot be used before the application procedure is exhausted.
(3) Those whose personal rights have been violated have the right to compensation according to general rules.
Website Cookie Disclosure
Website Cookie Disclosure Text
According to the Personal Data Protection Law No. 6698, in order to provide better service to you and to carry out the physician activities in a better way, this Website Cookie Disclosure Text has been prepared by Op. Dr. Özgür Akşan (Physician) as the data controller.
We are informing you with the purpose of processing the personal data procured by the use of cookies on the website, and identifying the rules and procedures regarding the transfer, recording and processing of the contents available on drozguraksan.com (which is Physician’s official website) by the Physician who is the data controller of the personal data shared with himself and the personal data that was processed during its use by; customers, suppliers, managers and employees of the service providers, Physician’s partners, employees, employee candidates, interns, visitors, employees of state institutions and organizations and employees of private legal entities, third parties.
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, numbered 108 and opened for signature in Strasbourg on January 28, 1981 and came into operation on October 1, 1985, was signed by our country on January 28, 1981. This convention was incorporated into our domestic law by being published in the Official Gazette on March 17, 2016 with the number 29656. As a result of this, the Law on the Protection of Personal Data was published in the Official Gazette on April 7, 2016 and came into effect. The European Union (EU) legislation on the protection of personal data, the General Data Protection Regulation (GDPR; see https://gdpr-info.eu/) regulates the right of internet website visitors to obtain current information on which countries, when, for what purpose, why, and where their data is recorded. In our country, cookies are considered within the scope of the Law on the Protection of Personal Data No. 6698, as they contain “regulations related to personal data”. This law and related legislation are evaluated in this context. This Disclosure Text is a disclosure and information text that informs and clarifies the processing, storage, usage and operation of your personal data for all types of devices that provide access to the computer, smartphone, tablet, and physician website.
When you visit the physician’s website, you have the right and freedom to choose to accept or reject the use of cookies. However, if you reject cookies, it may not be possible for you to use the website effectively. Your personal data is processed in accordance with the Law on the Protection of Personal Data No. 6698 within the scope of this Disclosure Text. You can submit your requests to the physician as the data controller by reviewing the Disclosure Text and Personal Data Storage and Destruction Policy specified in the link below in connection with the Internet Site Cookie Disclosure Text.
PRIVACY TERMS:
1. Personal information (Identity Information, Contact Information, Address and Location Information, etc.) is processed for the purpose of providing better service to users (Users) who use or visit the website (Internet Site) operated by Op. Dr. Özgür Akşan (Physician) as the data controller under the domain name “drozguraksan.com” and facilitating communication with contacts related to the physician. These data collected through the Internet Site are used and stored in accordance with the principle of personal data and privacy protection by the Physician.
2. The physician does not share the information found and filled in on the website with third parties outside of the cases specified in the policies and disclosure texts on the website, without the knowledge or consent of the users. The physician does not use them for any other purpose other than his activity. The physician commits not to sell this information to third parties.
3. On the physician’s website, cookies for blocking harmful publications and unwanted advertisements are used together with first-party cookies with third party cookies by third-party providers (internet search engines).
4. The processed and stored personal data will be reported to the relevant official institutions and authorities in accordance with the mandatory legislation in force, in cases they are requested by the relevant public institutions and official authorities, provided that the person’s explicit consent is obtained in cases where the person’s consent is sought.
5. The user, who is the owner of personal data, by approving these privacy terms/clauses within the scope of this disclosure statement and the policy announced by the physician, confirms that the information provided is his/her own, filled by himself/herself, and that this information can be shared with the physician’s affiliates for the purpose of carrying out the physician’s recruitment processes, communication, sales and marketing activities.
6. If the internet site user accepts the use of the website, it will be considered that the user has read all the conditions written in this Disclosure Text, has been informed about the processing of personal data, has accepted the processing of personal data within the scope and purposes specified, and has explicitly given consent for this.
7. The Physician reserve the right to change the provisions of the “Internet Site Cookie Disclosure Text” in accordance with changes in the legislation, decisions of the Personal Data Protection Board and new conditions that arise within the Physician organization, without prior notice. You can submit your requests to the Physician by filling out the “Application Form” that you can prepare in accordance with the legislation regarding your personal data.
8. When using the internet site, it is possible to connect to other sites and social media sites via link connections. When you click on the links that provide access to the physician’s website or third-party sites, please keep in mind that these sites have personal data privacy policies. Please review the privacy policies of these sites when using them. The physician is not responsible for the contents and policies of third-party sites that are directed from the physician’s site. The physician has no control or responsibility over these sites.
9. It is a known and announced fact by IT experts and national and international authorities that it is not possible to completely protect personal data on the internet. The doctor has taken the necessary administrative and technical measures to protect your personal data.
10. The physician has established the necessary policy for the processing, protection, storage and destruction of personal data in compliance with the legislation. The physician declares that personal data will not be disclosed and will not be shared with third parties, in compliance with the principle of confidentiality, except for the cases specified in the policy. It has been determined that the responsibility for the confidentiality of personal data will continue even after the termination of the employment contract between the doctor and the employees, and if legal obligations are not fulfilled, the employment contract will be terminated for valid reasons, and necessary sanctions will be applied. All persons involved have been informed.
1- Your Processed Personal Data
This information text details the types of automatically processed personal data of the users accessing the internet website operated by (the doctor) and the personal data automatically processed based on the online transactions made on the website, as described below:
- Internet Protocol Address (IP Number)
- Online browsing/transaction information etc.
- Your browser type and language settings
- Your operating system (such as Windows 7, 8, XP… Android, iOS, MacOS)
- Your internet service provider (ISP)
- Website date/time stamp information
- The URL address of the website accessed
- The domain name of the internet access provider.
- Location Data: Data group where location data related to the person is found (city, district, legal/commercial transaction made through website, GPS location).
When filling out job application or contact forms and health information request forms on the website;
- Personal information
- Contact information
- Communication/Request/Complaint Management Information
- Educational Data: Data group where the person’s educational information is found (information about the university graduated from, graduation year)
- Professional Data: Data group where information about the person’s profession is found (information about the institution they work for, professional registry)
- Visual/Auditory Data: Data group where the person’s visual and auditory data is found (photo)
- Location Data: Data group where the person’s location data is found (city, district, legal/commercial transactions made through website, GPS location)
- Financial Data: Data group where the person’s financial information is found (bank account number, IBAN number, card information, bank name, billing information)
- User/Member Information Data: Membership information, membership ID number.
- User/Member Transaction Data: Purchased products/services, purchase amount, purchase date, call center conversation records, commercial communication permission, campaigns/competitions used, coupons used, order-related information.
- Transaction Security Data: Password, login information
- Marketing Data: Marketing-related SMS, email messages or calls made by call center, cookie records, targeting information, evaluations of interests and preferences, sent according to the commercial electronic message consent given by the relevant person.
- Request/Complaint Management/Reputation Management Data: Complaints and/or requests made by the relevant person regarding the purchased product or service through website, mobile application, social media accounts or call center, and records of the processes conducted during the evaluation or management of these requests.
- Health Information: including but not limited to, laboratory results, test results, examination data, appointment information, prescription information, in order to provide medical diagnosis, treatment and care services and to manage the health information of the person.
2- Purposes of Processing Personal Data
This text is for informational and disclosure purposes. The purpose of the Disclosure Text is to inform you about the processing of personal data – obtained through cookies – of visitors to the internet website operated by the doctor.
Personal data is processed for reasons such as performing basic functions necessary for the operation of the website, analyzing the website, improving the performance of the website, determining the number of visitors to the website, providing ease of use, sharing on third-party social media pages, etc. In this text, the necessary information about the purposes for which we use cookies on the website and how to control these cookies is explained. We reserve the right to change the provisions of this disclosure text at any time. Any updates will be announced on the website or through methods determined by the institution.
3- Method and Legal Reason of Collecting Personal Data
Personal data in collected within the purpose and scope of users visit to the website, via electronic cookies on the media through the usage of the website, based on the legal reason of the establishment and execution of the agreements that is made or is to be made with the relevant persons, and on the legal reasons towards legitimate interests of the Physician that is the Data Controller.
Your personal data is processed in accordance with the legal regulations such as the Law on the Regulation of Electronic Commerce, the Law on Electronic Signature, the Law on the Regulation of Broadcasts and the Fight Against Crimes Committed Through These Broadcasts on the Internet, the Regulation on Consumer Rights in the Electronic Communications Sector, the Regulation on the Processing and Protection of Personal Data in the Electronic Communications Sector, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, the Regulation on Commercial Communications and Commercial Electronic Messages, the Regulation on the Electronic General Assembly System to be Applied in Anonymous General Assemblies, the Circular on Processes and Technical Criteria Related to the Registered Electronic Mail System, the Regulation on Internet Sites to be Opened by Capital Companies and the 5th and 6th articles of the 6698 numbered Law regarding the conditions and purposes of personal data processing as stated in this text and the specific purposes mentioned in this text.
Medical imaging systems, such as X-ray, CT (computed tomography), MRI (magnetic resonance imaging), DEXA (bone densitometry), scintigraphy, angiography, and ultrasound, produce health data images that are viewed by a physician. These images are then properly disposed of in accordance with the “Regulation on the Erasure, Destruction or Anonymous Processing of Personal Data” once they are no longer needed.
4- To Whom Personal Data Can Be Transferred And For What Purpose
In this text, we state that your personal data may be shared with our group of physicians, suppliers, authorized public institutions and organizations, and private legal entities for the purposes mentioned above and in compliance with the laws. We also inform you that we may store your personal data on domestic and foreign servers, and in compliance with the laws, we may transfer your personal data abroad for the limited purpose of physician activities by taking necessary administrative and technical measures. If your personal data is transferred, sent or processed in countries outside the European Union (EU), it is transferred abroad in accordance with Article 5, 6, and 9 of Law 6698. We assure you that we will not sell or share your personal data with third parties without informing you or obtaining your explicit consent, unless it is necessary.
5- Your Rights as Personal Data Owner
In accordance with Article 11 of the Personal Data Protection Law No. 6698, which regulates the rights of the relevant person, you can submit your requests to us as the data controller at Mimar Sinan Mah. Ziya Gökalp Bulv. No:28 MiMarin Medikal D:1 35220 Konak İZMİR address, by filling out the application form attached and sending a signed copy of the form along with identification documents in person, by secure electronic signature, mobile signature, or by sending an email to [email protected] using the personal Registered Electronic Mail (KEP) address that you have notified to us, or by making the application through a notary, or by using the methods determined by the Personal Data Protection Authority.
According to Article 11 of the law, everyone has the right to apply to the data controller and request to:
- Learn whether their personal data is being processed or not,
- Request information about the processing of their personal data if it is being processed,
- Learn the purpose of processing their personal data and whether it is being used in accordance with that purpose,
- Know the third parties to whom their personal data is being transferred within or outside of the country,
- Request correction of their personal data if it is incomplete or incorrect,
- Request the deletion or destruction of their personal data in accordance with the conditions specified in Article 7 of the KVKK,
- Request that the deletion, destruction or correction of their personal data is also notified to third parties to whom the personal data is transferred,
- Object to the production of a result that is detrimental to the person as a result of the analysis of the data processed exclusively by automated systems,
- Request compensation for any damage incurred due to the unlawful processing of personal data.
According to Article 11 of the law, everyone has the right to apply to the data controller and request to:
- Find out if their personal data is being processed,
- Request information about the processing of their personal data if it is being processed,
- Learn the purpose of processing their personal data and whether it is being used in accordance with that purpose,
- Know the third parties to whom their personal data is being transferred within or outside of the country,
- Request correction of their personal data if it is incomplete or incorrect,
- Request the deletion or destruction of their personal data in accordance with the conditions specified in Article 7 of the PDPL,
- Request that the deletion, destruction or correction of their personal data is also notified to third parties to whom the personal data is transferred,
- Object to the production of a result that is detrimental to the person as a result of the analysis of the data processed exclusively by automated systems,
- Request compensation for any damage incurred due to the unlawful processing of personal data.
In accordance with Article 13/1 of the Personal Data Protection Law No. 6698, you are required to submit your applications to exercise your rights mentioned above in writing or by using the methods specified by the Personal Data Protection Authority and send them to the physician. The physician will handle your requests in the shortest time possible and within thirty days at the latest, free of charge, according to the nature of the request. However, if the process requires additional costs, a fee according to the tariff determined by the Authority will be requested according to the legislation. If you have any questions, comments, or requests regarding this Website Cookie Disclosure Text, you can contact the physician.
INFORMATION ABOUT COOKIES
1- What is a cookie?
Cookies are small text files that are created by a website on your device and store data in the name-value format. These are known as cookies in literature and are used by the website to remember the visitors. Cookies allow the website you visit to store information on your device and use it during subsequent visits. The cookies created by a website are stored by the internet browser you use to access the site. The information contained in these cookies can only be accessed by the internet sites provided under the domain name that created the cookie and only if you use the same browser. Cookies became an important part of modern internet technologies and their main functions are to remember online visitors’ preferences and recognize the device, and almost all websites use cookies.
2- Purposes of Use of Cookies
The website uses cookies to perform necessary basic functions to ensure the proper functioning of the site. These include allowing logged in visitors to navigate the site without having to re-enter passwords or information, enabling the proper filling out of forms necessary for carrying out business processes, analyzing the website to improve performance, such as integrating different servers that the website runs on, determining statistical data on the number of visitors to the site, remembering user names and search queries for the visitor’s later online connection, ensuring the legitimate interests of the clinic and making performance adjustments accordingly, and facilitating the online use and functionality of the site for visitors. Cookies are also used to connect to the clinic’s or third-party social media tools.
3- Who Sends Cookies and How?
Cookies are sent through the communication channel established between your device’s browser such as Google, Chrome, Safari, Opera, Mozilla Firefox, Internet Explorer and internet servers during your internet browsing. For more detailed information about cookies, you can visit the websites www.allaboutcookies.org or www.aboutcookies.org.
4- Compulsory Cookies
These cookies are necessary for the proper functioning of the website and for you to be able to benefit from the site’s features and services. No personal data is processed through these cookies. Personal information is deleted when the browser is closed. Authentication cookies that come into effect when you log in ensure the continuity of your online access as you navigate from one page to another.
5- Performance Cookies
These cookies help us to measure and improve the performance of the website by identifying visitors and traffic sources. They allow us to access the number of visitors to the pages of the website and to see which pages our visitors are spending time on. All the information collected by these cookies is anonymous, as it is evaluated together, and it does not contain personal information. The aim is to try to use the website more efficiently through these cookies.
6- Functionality Cookies
These cookies are used to provide advanced functionality and personalization opportunities such as remembering the language or region selection of our visitors on the website. If you do not allow the use of these related cookies, it will not be possible to save your personalized settings on our website.
7- Marketing/Targeting Cookies
These cookies are first-party and third-party cookies that are created during your visit to the website and third-party domains. These cookies enable tracking of your click and visit history on the domains on which they are created and match records between different domains. These types of cookies are used for recognizing and profiling users, targeting advertising and marketing activities, and personalizing content.
Session Cookies: The main function of these cookies is to ensure the proper functioning of the website. They are temporary cookies and are deleted from your device when you close the browser.
Permanent Cookies: Cookies that remain on your device until they are deleted by the user or their expiration date is reached, even after closing the browser.
First-Party Cookies: Cookies that are placed on your device by the website operator you are visiting.
Third-Party Cookies: Cookies that are placed on your device by individuals other than the website operator you are visiting, and are controlled by those individuals.
8- How Can The Use of Cookies Be Controlled?
You can use your right to allow or deny cookies according to the type of your internet browser as follows:
Google Chrome: By clicking on the “lock” or “i” icon in the “address bar” of your browser, you can allow or block cookies in the “Cookies” tab.
Internet Explorer: You can control cookie usage in the form of “allow” or “deny” by clicking on the “Security” tab in the “Tools” section in the upper right corner of your browser.
Mozilla Firefox: Click on the “Open menu” tab in the upper right corner of your browser. You can control cookies using the “Privacy and Security” button in the “Options” section.
For other browsers such as Opera and Microsoft Edge, you can check the help or support pages of the relevant browser to control cookie usage.
Safari: You can manage all your cookies by selecting the “Safari” tab from the “Settings” section of your mobile phone, and checking the “Privacy and Security” section.
In addition, by using the links below, it is possible to customize and change your preferences for cookies by changing your browser settings.
Adobe Analytics | http://www.adobe.com/uk/privacy/opt-out.html |
Google Adwords | https://support.google.com/ads/answer/2662922?hl=en |
Google Analytics | https://tools.google.com/dlpage/gaoptout |
Google Chrome | http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647 |
Internet Explorer | https://support.microsoft.com/en-us/help/17442/windows-internet-explorerdelete-manage-cookies |
MozillaFirefox | http://support.mozilla.com/en-US/kb/Cookies |
Opera | http://www.opera.com/browser/tutorials/security/privacy/ |
Safari | https://support.apple.com/kb/ph19214?locale=tr_TR |
Our Personal Data Protection and Processing Policy
Table of Contents
FIRST CHAPTER
INTRODUCTION
1.1. Introduction ……………………………………………………………………………………………………………..
1.2. Purpose of the Policy ……………………………………………………………………………………………….
1.3. Scope of the Policy ………………………………………………………………………………………………….
1.4. Definitions ……………………………………………………………………………………………………………….
1.5. Effective Date of the Policy …………………………………………………………………………………….
SECOND CHAPTER
PROTECTION OF PERSONAL DATA
2.1. Security of Personal Data ………………………………………………………………………………………..
2.2. Auditing ……………………………………………………………………………………………………………….
2.3. Confidentiality ………………………………………………………………………………………………………..
2.4. Unauthorized Disclosure of Personal Data ………………………………………………………………….
2.5. Protection of Legal Rights of Data Subjects ……………………………………………………………..
2.6. Protection of Sensitive Personal Data ………………………………………………………………………
THIRD CHAPTER
PROCESSING AND TRANSFER OF PERSONAL DATA
3.1. General Principles of Personal Data Processing ………………………………………………………..
3.2. Conditions for Processing Personal Data …………………………………………………………………..
3.3. Conditions for Processing Sensitive Personal Data ……………………………………………………
3.4. Conditions for Transfer of Personal Data …………………………………………………………………..
FOURTH CHAPTER
CLASSIFICATION, PROCESSING, AND TRANSFER PURPOSES OF PERSONAL DATA AND RECIPIENTS OF TRANSFER
4.1. Classification of Personal Data …………………………………………………………………………………
4.2. Purposes of Processing Personal Data ………………………………………………………………………
4.3. Purposes of Transfer of Personal Data ………………………………………………………………………
4.4. Recipients of Personal Data Transfers ……………………………………………………………………….
FIFTH CHAPTER
METHOD AND LEGAL BASIS FOR COLLECTION OF PERSONAL DATA, ERASURE, DESTRUCTION, ANONYMIZATION, AND RETENTION PERIOD
5.1. Method and Legal Basis for Collection of Personal Data ……………………………………………
5.2. Erasure, Destruction, and Anonymization of Personal Data ………………………………………
5.3. Retention Period of Personal Data ……………………………………………………………………………
SIXTH CHAPTER
INFORMATION OF THE DATA SUBJECT, RIGHTS OF THE DATA SUBJECT ACCORDING TO THE PERSONAL DATA PROTECTION LAW
6.1. Information of the Data Subject ……………………………………………………………………………….
6.2. Rights of the Data Subject According to the Personal Data Protection Law …………………….
6.3. Cases Where the Policy and the Law Will Not Be Fully or Partially Implemented ………….
SEVENTH CHAPTER
CLASSIFICATION OF DATA SUBJECTS AND MATCHING WITH PERSONAL DATA
7.1. Classification of Data Subjects ………………………………………………………………………………..
7.2. Matching Personal Data with Data Subjects ……………………………………………………………..
CHAPTER ONE
INTRODUCTION
1.1. Introduction
As your physician (“Physician”), we attach utmost importance to the lawful protection and processing of personal data in accordance with the Law on Protection of Personal Data No. 6698 (“Law”) and act with utmost care in all our planning and activities. With this awareness, we take all administrative and technical measures for the protection and processing of personal data.
1.2. Purpose of the Policy
The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to protect and uphold the fundamental rights and freedoms of individuals, especially the privacy of private life regulated in Article 20 of the Constitution, in accordance with the purpose of the Law and to inform the Data Subjects about the obligations of the Physician and the principles and procedures to be followed under the Law.
As a Physician holding a Health Tourism Authorization Certificate, the Physician lawfully processes various personal data of all applicants/patients, healthcare tourists, potential healthcare tourists, individuals who communicate directly with the Physician either on their behalf or as representatives, employees of the Physician, and other individuals who establish a relationship through any purpose or channel, in order to carry out the medical activities within this scope. The Physician acts as the “Data Controller” in this regard.
Another aim of this policy is to inform the relevant individuals about the processing activities carried out by the Physician and the personal-related systems and thus provide transparency regarding personal data. In this context, the Physician has detailed and explained the processing of personal data, the rights of data subjects, and the use of cookies and similar technologies in this “Policy” in accordance with the Law.
1.3. Scope of the Policy
This Policy has been prepared for individuals who are real persons, including partners, authorized persons, employees, employee candidates, visitors, company customers, patients, healthcare tourists, potential patients and/or clients, and other third parties, and it will be applied within the scope of these individuals. The Physician informs these Data Subjects about the Law by publishing this Policy on the website.
This Policy will be applied when the Physician processes personal data, either in whole or in part, automatically or non-automatically, as part of the administration of the clinic and any diagnostic and treatment activities, for these individuals regardless of whether they have any contractual relationship with the Physician. If the data does not fall within the scope of “Personal Data” as defined below or if the processing of personal data by the Physician is not carried out through the mentioned ways, this Policy will not be applied.
1.4. Definitions
The terms used in the implementation of this Policy have the following meanings:
Explicit Consent: Consent based on information and freely given will on a particular subject.
Anonymization: Rendering personal data completely unrelated to any identified or identifiable natural person, even by matching it with other data.
Employee Candidate: Individuals who have applied to the Physician for employment in any way or have made their resumes and related information available for review by the Physician.
Contact Person: The real person notified by the data controller during registration to the Data Controllers Registry Information System for communication with the Authority regarding the obligations of the legal entity data controllers residing in Turkey or the legal entity data controllers’ representatives in Turkey within the scope of the Law and secondary regulations to be issued based on this Law.
Processing Inventory: An inventory created by data controllers by associating personal data processing activities they perform depending on their business processes, detailing the personal data processing purposes, data category, recipient group to whom the data is transferred, the group of data subjects, and specifying the maximum period required for the purposes for which personal data are processed, the personal data to be transferred to foreign countries, and the measures taken for data security.
Personal Data: Any information relating to an identified or identifiable natural person.
Company Customer: Individuals who use or have used the products and services provided by the Physician, regardless of whether they have a contractual relationship.
Special Categories of Personal Data: Race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, dress code, membership of association, foundation, or trade union, health, sexual life, criminal conviction, and security measures-related data, as well as biometric and genetic data, are special categories of personal data.
Potential Customer: Real persons who have shown an interest in or have the potential to show interest in our products and services in accordance with commercial customs and integrity, regardless of whether they have made any use of our products and services or have any contractual relationship.
Third Party: Individuals other than the data subjects covered by the Physician’s Personal Data Protection and Processing Policy and who do not fall within any category of the data subjects mentioned in this Policy.
Data Category: It is the personal data class based on the common characteristics of personal data, belonging to the group or groups of data subjects whose personal data are processed by data controllers.
Group of Data Subjects: The relevant person category of data controllers, whose personal data are processed.
Data Controller: The natural or legal person who determines the purposes and means of the processing of personal data and manages the place where the data is systematically kept (data recording system).
Visitor: All individuals who have entered the physical premises owned by the Physician for various purposes or have visited our websites for any purpose.
Management Procedure for Requests from Data Subjects: A procedure prepared within the Physician and the clinic team, which will be used to meet the requests that may be made by data subjects within the scope of the Law.
1.5. Effective Date of the Policy
The Policy, which is prepared and put into effect, will be published on the website of the Physician and made accessible to the relevant individuals upon request. The Physician or individuals or organizations authorized by the Physician have the right to change this Policy at any time within the framework of secondary legislation and decisions of the Personal Data Protection Board.
CHAPTER TWO
PROTECTION OF PERSONAL DATA
2.1. Security of Personal Data
The Physician takes all necessary technical and administrative measures to ensure an appropriate level of security to prevent the unlawful processing and unauthorized access to Personal Data, in accordance with the Law.
2.2. Auditing
The Physician conducts and ensures necessary audits to establish the abovementioned data security and to maintain the regularity and continuity of the implemented measures.
2.3. Confidentiality
The Physician takes all necessary technical and administrative measures, considering the technological possibilities and application costs, to prevent the relevant data controllers and data processors from disclosing the Personal Data they possess to others in violation of the Law and the Policy, and from using it for purposes other than processing. In this context, the Physician conducts training and awareness programs for its employees regarding the Law and the Policy.
2.4. Unauthorized Disclosure of Personal Data
In the event that Personal Data processed by the Physician is obtained by others through unlawful means, the Physician undertakes the necessary procedures to notify the relevant Data Subject and the Personal Data Protection Board as soon as possible. If deemed necessary by the Personal Data Protection Board, this situation may be announced on the Board’s website or through any other method deemed appropriate by the Board.
2.5. Protection of Legal Rights of Data Subjects
The Physician respects the legal rights of Data Subjects, ensures the implementation of the Policy and the Law, and takes all necessary measures to protect these rights.
2.6. Protection of Special Categories of Personal Data
The Physician takes utmost care in processing and protecting Special Categories of Personal Data in accordance with the measures determined by the Personal Data Protection Board, within the framework of the Processing and Protection Policy for Special Categories of Personal Data.
CHAPTER THREE
PROCESSING AND TRANSFER OF PERSONAL DATA
3.1. General Principles of Processing Personal Data
The Physician processes Personal Data in accordance with the Law and the provisions set forth in this Policy. The Physician adheres to the following principles when processing Personal Data:
Compliance with the Law and Ethical Standards Accuracy and Currency when Necessary Processing for Specific, Clear, and Legitimate Purposes Relevance, Limitation, and Proportionality with the Purpose of Processing Retention for the Period Prescribed by the Relevant Legislation or the Purpose of Processing
3.2. Conditions for Processing Personal Data
Personal data is processed by the Physician based on the activities that can be conducted without the explicit consent of the data subjects in accordance with Articles 5 and 6 of the Law, or through explicit consent obtained from the data subjects. These data are processed within the framework of the purposes exemplified in the “Purposes of Processing Personal Data” section of this Policy. The Physician may process Personal Data without the data subject’s explicit consent if one of the following conditions is met.
3.3. Conditions for Processing Special Categories of Personal Data
The Physician does not process Special Categories of Personal Data without the explicit consent of the data subject, except for cases where the processing of Personal Data other than health and sexual life is allowed by the laws. Personal Data related to health and sexual life can be processed by the Physician without the explicit consent of the data subject only under the conditions of protecting public health, preventive medicine, medical diagnosis and treatment, and care services, and planning and managing the financing of healthcare services, within the obligation of confidentiality. The Physician carries out the necessary procedures to comply with the measures determined by the Board regarding the processing of Special Categories of Personal Data.
3.4. Conditions for the Transfer of Personal Data
The Physician may transfer Personal Data and Special Categories of Personal Data of Data Subjects to third parties in compliance with the Law, by establishing necessary confidentiality conditions and taking security measures, in line with the purposes of data processing. The Physician complies with the regulations stipulated in the Law during the transfer of Personal Data. In this regard, the Physician may transfer Personal Data to third parties based on one or more of the Personal Data processing conditions specified in Article 5 of the Law, limited to the legitimate and lawful purposes of Personal Data processing, and depending on the circumstances:
If the data subject has given explicit consent; If there is an explicit regulation in the law regarding the transfer of Personal Data; If it is necessary for the protection of the life or bodily integrity of the data subject or someone else, and if the data subject is unable to disclose their consent due to physical impossibility or if their consent is not legally valid; If it is directly related to the establishment or performance of a contract, and if the transfer of Personal Data belongs to the parties of the contract; If it is necessary for the fulfillment of the legal obligations of the Physician; If the Personal Data has been made public by the data subject; If the transfer of Personal Data is necessary for the establishment, exercise, or protection of a right; If the transfer of Personal Data is necessary for the legitimate interests of the Physician, provided that it does not harm the fundamental rights and freedoms of the data subject.
3.4.1. Conditions for the Transfer of Personal Data Abroad
The Physician may transfer Personal Data and Special Categories of Personal Data of Data Subjects to third parties located abroad, taking necessary security measures in accordance with the purposes of data processing. The transfer of Personal Data by the Physician is allowed to foreign countries declared to have sufficient protection by the Personal Data Protection Board or, in cases where sufficient protection does not exist, to foreign countries where the data controllers in Turkey and the relevant foreign country provide sufficient protection in writing and with the permission of the Personal Data Protection Board.
CHAPTER FOUR
CLASSIFICATION, PROCESSING, AND TRANSFER PURPOSES OF PERSONAL DATA, RECIPIENTS OF TRANSFER
4.1. Classification of Personal Data
4.1.1. Identity Information
Data containing information about the individual’s identity: name, surname, T.C. identification number, marital status, nationality, mother and father’s name, place and date of birth, gender, curriculum vitae information, employee’s factory and registration number, title deed and other official registration information, and other identity information contained in driver’s licenses, identity cards, passports, and other documents, as well as tax number, social security number, signature information, vehicle registration plate, and other information.
4.1.2. Contact Information
Telephone number, address, email address, fax number, IP address, and other information.
4.1.3. Transaction Security Information
Personal data processed concerning the technical, administrative, legal, and commercial security of both the Data Subject and the Physician during the conduct of the Physician’s activities.
4.1.4. Financial Information
Personal data processed regarding any financial result arising from the employment relationship established between the Physician and the Data Subject, as well as information, documents, and records showing this, including bank account number, branch code, bank card information, IBAN number, credit card information, financial profile, credit rating, wealth data, income information, and other information.
4.1.5. Visual and Audio Information
Photographs and camera recordings, audio recordings, and other data and information in which these data are contained.
4.1.6. Employment Information
All kinds of personal data processed to obtain information that will form the basis for the protection of the employment rights of individuals who have a working relationship with the Data Subject.
4.1.7. Location Information
Information determining the location of the Data Subject while using Company vehicles within the framework of the activities and operations of the Physician or other physicians, individuals, legal and private institutions, such as GPS location, travel data, and other information.
4.1.8. Family Members and Close Relatives Information
Identity and contact information, as defined above, about the Data Subject’s family members (e.g., spouse, parents, children), close relatives, and other individuals who can be contacted in case of emergency, within the scope of the activities and operations of the Physician or other physicians, individuals, legal and private institutions, or for the purpose of protecting the legal and other interests of the Physician and the Data Subject.
4.1.9. Physical Space Security Information
Personal data related to records and documents obtained during entry into physical spaces, during the stay inside the physical space, and other data related to security points, such as camera recordings, fingerprint records, and other data related to workplace security.
4.1.10. Legal Transaction Information
Personal data processed within the scope of the Physician’s determination, follow-up, and performance of its legal receivables and rights and its legal obligations.
4.1.12. Personal Data of Special Nature
Data specified under Article 6 of the Law (health data, biometric data, religious and association membership information, and other data).
4.1.13. Request/Complaint Management Information
Personal data related to the receipt and evaluation of requests or complaints addressed to the Physician.
4.2. Purposes of Processing Personal Data
The Physician informs the data subjects about the purposes for which Personal Data will be processed, to fulfill the obligation of informing stipulated in Article 10 of the Law. Your Personal Data will be processed within the scope of the purposes of planning and implementing our human resources policies, ensuring the correct planning and implementation of our business partnerships and strategies, ensuring the legal, commercial, and physical security of the Physician and our business partners, ensuring the corporate functioning of the Physician, conducting studies to provide you with the best benefit from the products and services offered by the Physician, customizing the products and services offered by the Physician according to your requests, needs, and preferences, ensuring the highest level of data security, creating databases, developing the services provided on the Physician’s website, contacting those who submit requests and complaints to the Physician, rectifying errors on the Physician’s website, within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law.
4.3. Purposes of Transferring Personal Data
Your Personal Data may be transferred to our business partners, suppliers, subsidiaries, companies and institutions we cooperate with, and authorized institutions and organizations in order to fulfill our contractual or legal obligations. The nature of these transfers and the parties with whom sharing is made may vary depending on the relationship type and nature between the data subject and the Physician, the purpose of the transfer, and the relevant legal basis. These parties generally include:
Legal authorities and institutions that provide support in legal matters, such as law firms, Business units within the Physician’s organization to ensure coordination, cooperation, and efficiency, Research firms within the scope of customer satisfaction and similar purposes, Banks that enable the realization of financial transactions, Ministry of Health and Ministry of Culture and Tourism of the Republic of Turkey, Health institutions or hospitals affiliated with the Ministry of Health of the Republic of Turkey.
4.4. Recipients of Data Transfer
Your Personal Data may be transferred to our business partners, suppliers, subsidiaries, companies and institutions we cooperate with, and authorized institutions and organizations in order to fulfill our contractual or legal obligations. The nature of these transfers and the parties with whom sharing is made may vary depending on the relationship type and nature between the data subject and the Physician, the purpose of the transfer, and the relevant legal basis. These parties generally include:
Legal authorities and institutions that provide support in legal matters, such as law firms, Business units within the Physician’s organization to ensure coordination, cooperation, and efficiency, Research firms within the scope of customer satisfaction and similar purposes, Banks that enable the realization of financial transactions, Ministry of Health and Ministry of Culture and Tourism of the Republic of Turkey, Health institutions or hospitals affiliated with the Ministry of Health of the Republic of Turkey.
CHAPTER FIVE
METHOD AND LEGAL BASIS OF PERSONAL DATA COLLECTION, ERASURE, ANONYMIZATION, AND STORAGE PERIOD
5.1. Method and Legal Basis of Personal Data Collection
Personal Data is collected by the Physician through various methods such as verbal, written, electronic means, technical and other methods, including but not limited to call centers, the Physician’s website, mobile applications, in order to ensure compliance with the purpose stated in Article 1 of the Law and the scope specified in Article 2 of the Law. Personal Data is collected and processed by the Physician or data processors appointed by the Physician within the framework of legal grounds based on legislation, contracts, requests, and consent, in order to fulfill the obligations arising from the law completely and accurately.
5.2. Erasure, Destruction, or Anonymization of Personal Data
Without prejudice to the provisions of other laws regarding the erasure, destruction, or anonymization of Personal Data, the Physician, even if it has processed Personal Data in compliance with this Law and other legal provisions, erases, destroys, or anonymizes Personal Data in accordance with the Personal Data Retention and Destruction Policy resolutely or upon the request of the data subject when the reasons requiring processing cease to exist.
Health data images obtained through Medical Imaging Systems, including advanced radiological imaging such as X-ray, CT (Computed Tomography), MR (Magnetic Resonance), DEXA (Bone Densitometry Device), Scintigraphy, Angiography, Ultrasound, etc., are destroyed in accordance with the “Regulation on the Erasure, Destruction, or Anonymization of Personal Data”.
The erasure of Personal Data means the deletion of data in such a way that it cannot be used or recovered in any form. Accordingly, the data is permanently deleted in a way that it cannot be recovered from the records, documents, CDs, floppy disks, hard disks/servers/cloud, etc., where they are stored.
The destruction of data refers to the physical destruction of materials suitable for data storage, such as records, documents, CDs, floppy disks, and hard disks, in a way that the information cannot be retrieved or used again.
Anonymization of data refers to rendering Personal Data unidentifiable or not capable of being associated with an identified or identifiable natural person, even if it is matched with other data.
5.3. Storage Period of Personal Data
The Physician stores Personal Data for the periods prescribed by laws and other regulations. If there is no specific time regulation in the laws and other regulations regarding the storage period of Personal Data, the Personal Data is processed until the realization of the purpose of processing the Personal Data related to the activity conducted by the Physician at the time of processing, and then it is erased, destroyed, or anonymized in accordance with the Personal Data Retention and Destruction Policy.
CHAPTER SIX
- INFORMATION OF THE DATA SUBJECT, RIGHTS OF THE DATA SUBJECT UNDER THE PDPA
6.1. Information of the Data Subject
The Physician informs the data subjects in accordance with Article 10 of the PDPA during the collection of personal data. In this context, if applicable, the identity of the Contact Person, the purposes of the processing of personal data, to whom and for what purposes the processed personal data may be transferred, the method and legal basis of personal data collection, and the rights of the data subject are provided.
6.2. Rights of the Data Subject under the PDPA
The Physician informs you about your rights in accordance with Article 10 of the Law, guides you on how to exercise these rights, and establishes the necessary internal procedures, administrative, and technical arrangements for this purpose. The Physician discloses the existence of the following rights to individuals whose personal data is processed in accordance with Article 11 of the Law:
To learn whether personal data is processed, To request information if personal data is processed, To learn the purpose of the processing of personal data and whether they are used in accordance with their purpose, To know the third parties to whom personal data is transferred, both domestically and internationally, To request the correction of personal data if it is incomplete or inaccurately processed, To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law, To request the notification of the operations carried out in accordance with Article 11(d) and (e) to the third parties to whom personal data is transferred, To object to the occurrence of a result against the data subject by analyzing the processed data exclusively through automated systems, To demand the compensation of damages in case the data subject incurs damages due to the unlawful processing of personal data.
As a result, you can submit your requests regarding the implementation of the Law using the Personal Data Protection Law Data Subject Request Form, in writing, securely signed electronically, or by following the procedures specified in the application form through other methods determined by the Personal Data Protection Board (“Board”). The Physician resolves your requests specified in the application within the shortest time and no later than thirty days free of charge, depending on the nature of the request. However, if the process requires a separate cost, the fee specified in the tariff determined by the Board may be charged.
The Physician may accept the request or reject it with an explanation; the response is communicated to the relevant person in writing or electronically. If the request specified in the application is accepted, the Physician fulfills it. The “cost” mentioned above will be refunded to the data subject if it arises from an error by the Physician or the authorized personnel.
In case the application is rejected, the response is found inadequate, or if no response is given within the specified period, the data subject has the right to file a complaint with the Board within thirty days from the date of learning the response and in any case within sixty days from the date of the application.
6.3. Cases Where the Policy and the Law Will Not Be Fully or Partially Applicable
This Policy and the provisions of the Law shall not apply in the following cases:
The processing of personal data by individuals themselves or by family members living in the same household, provided that personal data is not disclosed to third parties and compliance with the obligations regarding data security, The processing of personal data for research, planning, and statistical purposes by anonymizing them through official statistics, The processing of personal data for artistic, historical, literary, or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy, or personal rights or constitute a crime, The processing of personal data by public institutions and organizations authorized by law to ensure national defense, national security, public security, or economic security within the scope of preventive, protective, and intelligence activities, The processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial, or enforcement proceedings,
The provisions of this Policy and the Law regulating the data controller’s obligation to inform, except for the right to claim compensation for damages under Article 10, the rights of the data subject under Article 11, and the obligation to register with the Data Controllers Registry under Article 16, shall not be applicable in the following cases:
When the processing of personal data is necessary for the prevention of crime or for the investigation of a crime, The processing of personal data that has been made public by the data subject themselves, When the processing of personal data is necessary for the exercise of supervisory or regulatory duties by authorized public institutions and organizations and professional organizations with public institution status or for disciplinary investigation or prosecution, When the processing of personal data is necessary for the protection of the State’s economic and financial interests in relation to budget, taxation, and financial matters, provided that it does not violate national defense, national security, public security, or economic security and privacy of private life or constitute a crime.
CHAPTER SEVEN
- CLASSIFICATION OF DATA SUBJECTS AND ASSOCIATION WITH PERSONAL DATA
7.1. Classification of Data Subjects
Only natural persons can benefit from the protection of this Policy and the Law. The data subjects within this scope are classified as follows:
Job Applicant: Individuals who have applied for a job or have made their resumes and relevant information available for review by the Physician.
Physician Partner, Shareholder/Authorized Personnel/Employee of Partners: All natural persons who are in any kind of business relationship with the Physician, including employees, shareholders, and authorized personnel of partners, both individuals and legal entities (such as business partners, suppliers).
Physician Customer: Individuals who use or have used the products and services provided by the Physician, regardless of whether they have a contractual relationship with the Physician.
Potential Customer: Individuals who have expressed an interest in or have the potential to use our products and services, evaluated in accordance with commercial customs and integrity.
Third Party: Other individuals who are not within the scope of the Personal Data Protection and Processing Policy and do not fall into any category of data subjects in this Policy.
Visitor: All natural persons who have entered the physical premises owned by the Physician for various purposes or have visited our websites for any purpose.
7.2. Association of Personal Data with Data Subjects
The association of classified Personal Data, as defined and described above, with classified Data Subjects is presented below.
Identity Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; patients, medical tourists, potential patients, health tourists, and clients; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee of Partners; Job Applicant; Visitor; Third Parties.
Contact Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee of Partners; Job Applicant; Visitor; Third Parties.
Transaction Security Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee of Partners; Job Applicant; Visitor; Third Parties.
Financial Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee of Partners; Job Applicant; Visitor; Third Parties.
Visual and Audio Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee of Partners; Job Applicant; Visitor; Third Parties.
Personal Information: Clinic/Physician/Company Partner, Shareholder; Clinic/Company Authority, Employee; Job Applicant; Third Parties.
Location Information: Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee.
Family Members and Close Relations Information: Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee of Partners; Job Applicant; Visitor; Third Parties.
Physical Space Security Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee; Job Applicant; Visitor; Third Parties.
Legal Transaction Information: Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee; Third Parties.
Sensitive Personal Information:
Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee; Job Applicant; Visitor; Third Parties.
Request/Complaint Management Information: Physician/Clinic/Company Shareholder; Clinic/Company Authority; Clinic/Physician/Company Customer; Potential Customer; Clinic/Physician/Company Partner, Shareholder/Authorized Personnel/Employee; Job Applicant; Visitor; Third Parties.