“Egepol Hospitals Group” prioritizes the processing and protection of personal data with the utmost care. Necessary technical and administrative measures are taken to prevent the unlawful processing of personal data, unauthorized access to personal data, and to ensure the preservation of personal data, in accordance with the Personal Data Protection Law, Basic Health Services Law, Regulation on Personal Health Data, Regulation on Private Hospitals, Patient Rights Regulation, and relevant legislation.

In accordance with Article 10 of the Personal Data Protection Law, we inform our patients, patient attendants, relatives of patients, visitors, hospital administrators and employees, job applicants, suppliers, service providers and their employees, managers and employees of business/solution partners, company partners, job applicants, interns, employees of public institutions and organizations, and employees of private legal entities we have contact with, and relevant third parties, through the policies and this information text created to cover you.

This information text has been prepared by Nasmed Private Health Services Trade Inc. (“Egepol Hospitals Group”) as the data controller, within the scope of Article 10 of the Personal Data Protection Law (“Law”), Article 5/8 of the Regulation on Personal Health Data, and the Procedure and Principles to be Followed in Fulfillment of the Obligation to Inform.

1- Data Controller:

Nasmed Private Health Services Trade Inc. (Güneşli Mahallesi 529.Sokak No:2/A Konak İzmir Turkey, Tax Office: Kemeraltı, Tax No: 6291331157, MERSIS No: 0629133115700001, Trade Registry No: 107488); processes your personal data as defined in Article 3 of the Personal Data Protection Law as the data controller.

2- Purpose of Processing Personal Data:

In accordance with the Personal Data Protection Law, Basic Health Services Law, Regulation on Personal Health Data, Regulation on Private Hospitals, Patient Rights Regulation, and relevant legislation, your personal data collected in accordance with the principles envisaged by the law is processed, either fully or partially, automatically or non-automatically, by being obtained, recorded, stored, altered, rearranged, and processed as part of any data recording system.

Your personal data is processed in accordance with Articles 4, 5, 6 of the Law and relevant legislation within the framework of the following purposes:

  • Protecting public health, conducting preventive medicine, medical diagnosis, treatment, and care services, ensuring the planning and management of healthcare financing,
  • Sharing the information we obtain regarding healthcare services with the Ministry of Health, Social Security Institution, and other relevant public institutions and organizations, responding to the requests of these institutions, making the necessary notifications to relevant public institutions and organizations, fulfilling legal obligations,
  • Ensuring the preservation of data that must be kept in accordance with the legislation within the scope of the healthcare service we provide,
  • Verifying your identity, confirming your legal relationship with contracted institutions within the scope of the provided healthcare services, ensuring invoicing and financial reconciliation, making notifications to relevant institutions and organizations arising from legislation such as births, deaths, forensic cases,
  • Making appointments, creating appointment schedules, providing necessary information, ensuring patient, patient attendant, visitor satisfaction, monitoring request and complaint processes, conducting necessary investigations and evaluations required by the provided healthcare services.

Please note that this is a translation of the provided text. In case of any discrepancies or legal concerns, please refer to the original document or consult with legal professionals.

  • To improve company services, maintain corporate development activities, continue advertising and marketing activities, sustain the company’s financial, accounting, administrative, legal, and technical processes, fulfill risk management and quality improvement processes,
  • Plan and execute human resources processes, carry out job application processes, create personnel files, fulfill financial obligations, determine the company’s salary policy,
  • Establish and ensure the performance of contracts made or to be made between our company and patients, suppliers, service providers, employees, legal consultants, relevant institutions and organizations, and third parties,
  • Assume the burden of proof in legal disputes with third parties involving our company,
  • Facilitate communication between our company and individuals and organizations, establish necessary contacts through our website, online applications, live support services, and social media accounts, continue the necessary processes for filling out relevant electronic and physical forms, ensure transaction security for individuals involved,
  • Provide necessary information to regulatory and supervisory authorities and private legal entities,
  • Facilitate the procurement of medical drugs, materials, or devices, ensure billing and payment processes related to services provided;
  • Monitor the security of patients, visitors, employees, and relevant third parties through closed-circuit camera recording systems, ensure legal, technical, and commercial security, prevent potentially criminal behavior by third parties, ensure physical security of company buildings, facilities, and surroundings,
  • Monitor the appropriate use of vehicles allocated to relevant employees within the scope of company activities, ensure vehicle security by tracking location information through vehicle tracking systems,
  • Ensure performance evaluation, attendance, and control of employees through employment contracts, within the scope of company interests, ensure control of entry and exit from company buildings and facilities,

3- In accordance with the aforementioned purposes and limited to company activities, the following personal data is processed:

Identity information (Turkish ID number/foreign ID number, name and surname, place and date of birth, mother and father’s name, marital status, gender, identity information on passport, foreign ID document, driver’s license, and other identity information on population ID document or Identity Sharing System, patient number, patient protocol number for patients)

Contact information (phone numbers, contact address, email address)

Location information (residential and work address, location information of your whereabouts)

Employee Information (personal information on contracts filled out by employees and interns, education, diploma information, certificate information, social security registration number, general health insurance, private health insurance information, SGK entry and exit declarations, identity information written on family status declaration, dependent individuals, spouse, child proximity information, population registration information of family members, personal information obtained according to the nature of work, work certificate, resignation, termination, severance and notice pay receipts, salary payroll information, disciplinary investigation information, service record, resume information, leave information, personnel performance evaluation reports, occupational and work accident information, reference information, bank account information, IBAN number information, survey information, personal information obtained within the scope of occupational health and safety, military service information, personal information obtained through personnel cards for entry and exit procedures to relevant departments, information on job application forms.)

Financial Information (Billing and payment information, bank account number, IBAN number, credit card information, private insurance information related to financial payments, policy information, General Health Insurance information, financial information obtained within the scope of notifications to SGK and the Ministry of Health, salary statement, expense advance information, tax identification number, tax office information, personal information on invoices, delivery notes, signature circulars, delivery receipts, information contained in contract attachments with third parties)

Legal Transaction Information (Personal information in legal correspondence with relevant parties and provided services, personal information in correspondence with courts, prosecutors, mediators, arbitration panels, judicial authorities, information in lawsuit and enforcement files, legal notification system including identity, contact, location information for identity verification purposes for patients and attendants to be reported to the police department, personal information in minutes and forms kept in cases of wrongful acts, legal disputes, and similar situations, personal information in forms, reports, and documents in the field of forensic examinations, autopsies, forensic medicine)

Professional Experience Information (Education status, school, diploma information, work experience, reference information, internship, seminars, hardware, software, computer knowledge, foreign language skills, previous workplaces, institution information, courses attended, in-service training information, certificates, driver’s license information, other information in reported forms, expertise, title, duty information)

Visual and Audio Recordings (Your photographs on health reports and documents, voice recordings in conversations with call centers during appointment scheduling, communication with the company, and tracking of request and complaint processes, job application forms, photographs on electronic and physical forms, documents, and official identification documents, photographs and videos shared on the company’s website, social media accounts, or written and visual media, photographs and images of patients in videos/camera recordings shared on the company’s website, social media accounts, or third-party social media platforms)

Physical Space Security Information (Camera recording information from image and sound recording cameras, security exit log information, information in completed forms, vehicle license plate information)

In the context of the company’s activities, professional experience, promotion, advertising, and information purposes, professional experience, promotion, information, resume, and photograph information of employees on the company’s website, social media accounts, mobile applications, promotional brochures

Personal data of patients, such as images and videos of patients included in photographs shared in written and visual media, on the company’s website, social media accounts, and third-party social media platforms, within the framework of public health protection, medical diagnosis, treatment, and care services, and the planning and management of health services and financing, with the obligation of confidentiality imposed by individuals or authorized institutions and organizations with the explicit consent of the individuals

Request and Complaint Information (Information and records collected from relevant individuals through electronic and physical channels, information related to request and complaint evaluations and management processes received via the internet, social media, online channels, call center)

Criminal Conviction and Security Measures Information (Criminal record, conviction, and legal status information)

Biometric data (Hand, palm, vein print information collected from patients for identification and billing of healthcare services financed by the Social Security Institution, fingerprint information for employee attendance control within our personnel for ensuring workflow and performance evaluation purposes)

Health Information (All health information obtained within the scope of the protection of public health, preventive medicine, medical diagnosis, treatment, and care activities for patients; examination, all kinds of laboratory, imaging, and test results, patient diagnosis, diagnosis, treatment, prescription, medication information, doctor analysis and comments, patient history (anamnesis), check-up information, examination information, diagnosis and prescription information, health reports, nutrition, diet information, and all health information obtained within the scope of health services, Health condition information written on the job application form, health reports, health tests, blood type information, personal health and physical disability status information, health board reports, personal data regarding diagnosis and treatment procedures)

Sexual Life and Genetic Data (Limited personal data within the scope of sexual life and genetic data of patients for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, and planning and management of health services and financing)

Regarding personal data belonging to the relevant individuals, in accordance with the principles set forth in Article 4/2 of the Personal Data Protection Law, by obtaining explicit consent texts or in the cases envisaged in Articles 5/2 and 6/3 of the Law, personal data may be transferred to individuals and organizations resident in foreign countries with sufficient protection, which will be declared by the Personal Data Protection Board (“Board”) after being determined by the Board, without requiring explicit consent. For countries where sufficient protection is not found and declared, personal data may be transferred within the scope of company activities, subject to the written commitment of data controllers in Turkey and the relevant foreign country to provide sufficient protection, and with the necessary permissions obtained from the Personal Data Protection Board for the relevant transfer. Within the limits prescribed by the legislation, and by taking all necessary measures, your personal information such as identity, contact, location, transaction security, service recipient/customer transaction information, financial information, visual and audio data, health information, sexual life information, genetic data, protocol number, patient number, etc., belonging to the relevant individuals, may be transferred abroad through applications used, software programs, websites, mobile applications, online services, live support services, and social media accounts.

4- Method and Legal Grounds for the Collection of Personal Data:

Your personal data is collected and processed through electronic means, software and hardware programs provided by us, the use of call centers and live support services, our mobile applications, social media accounts, email channels, filling out forms on the website, creating memberships, using online services, receiving patient applications, registration procedures, preparing printed forms, carrying out medical diagnosis, treatment and healthcare services within the scope of healthcare services, creating personnel files, preparing and performing contracts, accounting, finance, processing financial, legal transaction information, either entirely or partially through automated or non-automated means that are part of any data recording system.

Your personal data and sensitive personal data are processed based on the explicit consent of the relevant individual in compliance with the legal regulations applicable to our company. In addition, your personal data is processed based on the following legal grounds without the need for explicit consent. Accordingly, your personal data is processed:

  • When it is explicitly stipulated in the laws,
  • When it is necessary to protect the life or bodily integrity of a person who is unable to disclose their consent due to actual impossibility or whose consent is not legally valid,
  • When the processing of personal data belonging to the parties of the contracts between our company and real or legal persons is necessary directly related to the establishment or performance of the contract,
  • When the personal data has been made public by the data subject,
  • When data processing is necessary for the establishment, exercise, or protection of a right,
  • When data processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject,

Your personal data is processed, collected, and transferred within the limited purposes specified in compliance with Article 5 and 6 of the Law on Protection of Personal Data, and the principles and procedures to be followed in fulfilling the obligation of informing specified in the Communiqué on Procedures and Principles of Fulfilling the Obligation of Informing, and is stored by being kept for the period specified in the relevant legislation within the scope of company activities.

5- Rights of the Data Subject (Right to Apply):

According to Article 11 of the Law on Protection of Personal Data, which regulates the rights of the data subject, you can submit your requests within the scope of the mentioned article to the data controller, Nasmed Private Healthcare Services Joint Stock Company, at the address Güneşli Mahallesi 529.Sokak No:2/A Konak İzmir Türkiye, by filling out the APPLICATION FORM attached, signing one copy of the form, and submitting it to the company address in person with identification documents to establish your identity, by sending an email to info@egepolhastanesi.com using secure electronic signature, mobile signature, or the registered email address that you have notified and is recorded in our system, by sending an email to the registered email (KEP) address of the data subject to the registered email (KEP) address of our company, nasmedozelsaglik@hs03.kep.tr, or by making a personal application through a notary or using the methods determined by the Personal Data Protection Authority.

According to the mentioned Article 11 of the Law, everyone has the right to apply to the data controller and to:

  • Learn whether their personal data is processed,
  • Request information if their personal data has been processed,
  • Learn the purpose of the processing of personal data and whether they are used in accordance with their purpose,
  • Know the third parties to whom personal data is transferred domestically or abroad,
  • Request the correction of personal data if it is incomplete or incorrectly processed,
  • Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law on Protection of Personal Data,
  • Request that the operations carried out in compliance with the requests for correction, deletion, or destruction of personal data be notified to third parties to whom personal data has been transferred,
  • Object to the occurrence of a result against the data subject by analyzing the processed data exclusively through automated systems,
  • Request compensation for damages in case of suffering damage due to the unlawful processing of personal data.

In order to exercise your above-mentioned rights, which are regulated by Article 13/1 of the Law No. 6698 on Protection of Personal Data, you must submit your requests to our Company in writing or by using the methods specified by the Personal Data Protection Authority. Our Company will finalize your requests as soon as possible and no later than thirty days, free of charge, depending on the nature of the request. However, if the transaction also requires a cost, the fee specified in the tariff determined by the Board will be charged. In this context, no fee will be charged for responding to the application in writing up to ten pages, and an administrative fee of 1 TL per page will be charged for each page exceeding ten pages. If the response to the application is to be provided on an electronic recording medium such as a CD or flash drive, the fee that may be requested by our company will not exceed the cost required by the recording medium.