Este Medical Group (data controller) prioritizes the protection of personal data of its clients, employees, and other individuals it interacts with in accordance with the high standards of service quality, respect for individual rights, transparency, and integrity, as regulated by the Personal Data Protection Law. Ensuring patient privacy and carefully processing and safeguarding all personal data related to patients is essential. This policy is established to protect and process the personal data of not only our patients but also companions, visitors, and the employees of institutions we cooperate with, in line with the fundamental principles outlined in legislation.
The purpose of this policy is to ensure transparency by informing individuals whose personal data is processed, including our patients, companions, visitors, employees, company officials, and employees and officials of institutions we cooperate with, regarding personal data processing activities carried out by our company in compliance with legislation. In this context, administrative and technical measures are taken for the processing and protection of personal data in accordance with Law No. 6698 and relevant regulations. Individuals whose personal data are processed under this policy are referred to as Data Subjects, Related Persons, or Personal Data Owners.
Explicit Consent: Consent based on information and freely given regarding a specific subject.
Anonymization: Altering personal data in such a way that it can no longer be associated with an identifiable individual. For example, masking, aggregation, and data corruption techniques may be used to anonymize data. Necessary precautions are taken within our company to prevent anonymized personal data from being made identifiable by any means, in accordance with KVKK.
Employees, Shareholders, and Officials of Partner Institutions: Refers to individuals in institutions with whom we have business relationships, such as partners and suppliers, but not limited to these.
Processing of Personal Data: Any operation performed on personal data, including collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, retrieval, classification, or prevention of use, whether partially or fully by automated means or manually as part of a data recording system.
Personal Data: Any information related to an identifiable or identified individual, such as national ID, name, surname, email, phone number, residence address, date of birth, and bank account number.
Sensitive Personal Data: Includes data on race, ethnicity, political opinion, philosophical belief, religion, sect, or other beliefs; appearance, association membership, health, sexual life, criminal record, and biometric and genetic data.
Third Party: Refers to third-party individuals associated with the mentioned individuals, ensuring transaction security or protecting the rights and interests of the individuals mentioned (e.g., employees or officials of service providers, companions).
Data Processor: Refers to a person or legal entity authorized by the data controller to process personal data on their behalf, such as our IT service providers.
Data Controller: Refers to the individual who determines the purposes and means of processing personal data and who manages the place where data is systematically held (data recording system).
Our company has registered with the VERBIS system as a data controller under the KVKK. A Personal Data Responsible Team has been established within the company. In cases requiring a decision, this team consults an expert lawyer and implements decisions following management approval.
Personal data processed may vary based on provided health tourism services and is collected through physical and/or digital means. Health data, among others, is collected verbally, in writing, or digitally from patients, doctors, healthcare personnel, subcontractors and employees, firms involved in commercial activities, our call center, our website, and similar channels.
General and sensitive personal data is processed for the following purposes:
Categories of Processed Personal Data
The personal data listed above may be processed in compliance with the relevant legislation, including the Fundamental Law on Health Services, the Decree Law on the Organization and Duties of the Ministry of Health and Affiliated Institutions, and other regulations.
Our company undertakes to process personal data in accordance with the following principles:
Personal data processing can be carried out based on one or more of the following conditions, in addition to obtaining explicit consent:
Sensitive personal data is processed by our company under sufficient precautions as determined by the Personal Data Protection Board and only in the following circumstances:
Under Article 12 of the KVKK and applicable regulations, our company takes the following technical and administrative measures based on available technological means and application costs:
Your personal data may be shared in accordance with the basic principles set by the Law, as well as for the purposes specified above, with the Ministry of Health, affiliated sub-units, and family medicine centers; private insurance companies (health, retirement, life insurance); Social Security Institution, law enforcement agencies, Population and Citizenship Affairs General Directorate, Turkish Pharmacists’ Association, prosecution offices and courts; domestic or international hospitals, clinics, medical centers, and third parties providing health services in cooperation for medical diagnosis; hotels, transportation companies, consultants, regulatory and supervisory bodies, and official authorities, and service providers and business partners we cooperate with. Your personal data is not shared with foreign countries.
Rights of the Data Subject
Data subjects have the right to request information on whether personal data is processed, access data if processed, verify the purpose of use, learn about third-party disclosures, request corrections in case of incorrect data, request deletion or destruction of personal data, notify third parties of corrections, object to unfavorable outcomes resulting from automated processing, and seek compensation for damages due to unlawful processing. These rights can be exercised by submitting a petition to our company.
The use of security cameras and recording of visitor entries and exits also constitutes data processing by our company, conducted in compliance with the Personal Data Protection Law and security legislation.
This policy is deemed effective upon publication on the company website.
Our Worldwide Clinics
3 Jumeirah Beach Road,
Al Athar Street,
Dubai
UK
Worldwide
Milan
Este Medical Group Italia Srl,
Via Curtatone, 16,
20122 Milano
Suvastu Suraiya Trade Center,
Plot No. 57,
Block B, (5th Floor),
Kemal Ataturk Avenue,
Banani, Dhaka-1213
3 Jumeirah Beach Road,
Al Athar Street,
Dubai
© Copyright 2023. Este Medical Group Turkey. | Privacy Policy | Cookies Policy | KVKK Request Form | Data Destruction Policy | Data Protection & Processing Policy | Terms of use