Instagram Whatsapp Envelope

Personal Data Processing Policy

Personal Data Processing Policy

The data controller, **MUDA HEALT TOURISM AND TRAVEL AGENCY LIMITED COMPANY**, places great importance on protecting the personal data of its customers, employees, and other real persons with whom it interacts, in accordance with the **Law on the Protection of Personal Data (KVKK)** and relevant regulations. This commitment is based on the principles of **high service quality, respect for individual rights, transparency, and honesty**. Special attention is given to patient privacy and the careful processing and storage of personal data in the best possible manner. This policy has been established to protect and process the personal data of patients, their companions, visitors, and employees of partner institutions, in compliance with fundamental legal principles. The purpose of this policy is to ensure transparency by informing individuals whose personal data is processed within the scope of our company’s data processing activities. In this context, administrative and technical measures are taken to comply with **Law No. 6698** and relevant legislation. Throughout this policy, **data subjects** are referred to as **Data Owners, Relevant Persons, or Personal Data Holders**.

Definitions

Explicit Consent: Freely given, specific, informed, and unambiguous consent regarding a particular matter. Anonymization: The process of altering personal data so that it permanently loses its personal data status. This may include masking, aggregation, or scrambling techniques to ensure that data cannot be linked to an identifiable individual. Necessary precautions are taken to prevent re-identification. Employees, Shareholders, and Representatives of Partner Institutions: Individuals working at institutions with which we maintain business relationships, including partners, suppliers, and contractors. Processing of Personal Data: Any operation performed on personal data, such as collection, recording, storage, alteration, disclosure, transfer, classification, or blocking its use. Personal Data: Any information relating to an identified or identifiable natural person. Examples include name, ID number, email address, phone number, residential address, date of birth, and bank account details. Special Categories of Personal Data: Data related to **race, ethnicity, political opinions, philosophical beliefs, religion, sect, dress preferences, trade union membership, health, sexual life, criminal convictions, and biometric/genetic data**. Third Party: Individuals associated with the data subject in order to ensure transaction security or protect the rights of those involved (e.g., company employees, companions, service providers). Data Processor: A natural or legal person who processes personal data on behalf of the data controller, based on authorization. Data Controller: The person or entity that determines the purposes and means of processing personal data and manages the data recording system. Our company is registered as a **data controller** in the **VERBIS system**. A **Personal Data Protection Team** has been established within our company, and all decisions regarding personal data are made based on legal consultation and management approval.

Purposes of Personal Data Processing

Personal data is collected **physically and digitally** through **patients, physicians, healthcare personnel, subcontractors, call centers, websites, and online services**. This data, which includes **general and special categories of personal data**, may be processed for the following purposes:
  • Providing medical diagnosis, treatment, and healthcare services.
  • Protecting public health.
  • Planning and managing preventive healthcare services and financing.
  • Informing patients about their appointments.
  • Managing internal procedures.
  • Conducting legal compliance audits and risk assessments.
  • Carrying out quality improvement activities.
  • Responding to patient inquiries and complaints.
  • Fulfilling legal and regulatory obligations.
  • Billing for services provided.
  • Confirming patient identity.
  • Verifying relationships with affiliated institutions.
  • Sharing required information with **insurance companies** for health service financing.
  • Ensuring financial reconciliation with contracted institutions.
  • Providing patient satisfaction surveys and improving patient experience.
  • Ensuring technical and administrative data security.
  • Sharing information with **government agencies** when legally required.

Categories of Processed Personal Data

Identity Data: Information from ID cards, passports, driver’s licenses, marriage certificates, and other official documents. Contact Information: Phone numbers, addresses, residence information, and email addresses. Location Data: Data indicating a person’s whereabouts. Family and Relatives’ Information: Information related to family members for legal or health-related purposes. Physical Security Data: Surveillance camera recordings, fingerprint data, and other security-related records. Transaction Security Data: Personal data used to ensure business security. Financial Data: Information related to **financial transactions, invoices, payroll, and bank records**. Employee Candidate Data: Information collected during recruitment processes (e.g., resumes, job applications). Personnel Data: Employment contracts, performance evaluations, disciplinary records, salary details, and social security information. Legal Transaction Data: Information related to legal claims, obligations, and regulatory compliance.

Legal Basis for Data Processing

Personal data processing is based on at least one of the following legal grounds:
  • **Explicit consent** of the data subject.
  • **Legal obligations** requiring data processing.
  • **Contractual necessity** to fulfill an agreement.
  • **Legitimate interest** that does not infringe on fundamental rights.
  • **Public availability** of the data by the data subject.
  • **Vital interests** such as protecting life or physical integrity.
  • **Public health requirements** under authorized institutions.

Technical and Administrative Security Measures

Our company implements the following security measures:
  • Using **strong passwords and encryption** for data storage.
  • Restricting access to data through **role-based authorization**.
  • Providing **regular data protection training** to employees.
  • Signing **confidentiality agreements** with employees and third parties.
  • Maintaining **secure data backups**.
  • Conducting **periodic security audits** to ensure compliance.
  • Ensuring **compliance with the KVKK and data protection regulations**.

Retention and Deletion of Personal Data

Personal data is retained for the legally required period or for as long as necessary to fulfill its purpose. Once processing conditions cease, data is **deleted, anonymized, or destroyed**.

Sharing of Personal Data

Personal data may be shared with the following third parties in accordance with **KVKK Articles 8 and 9**: – **Government institutions** such as the Ministry of Health, SGK, law enforcement agencies, and regulatory authorities. – **Insurance companies** for healthcare financing. – **Medical laboratories, diagnostic centers, and healthcare providers** for medical services. – **Contracted banks and financial institutions** for financial reconciliation. – **Legal advisors, auditors, and consultants** for compliance and risk management. – **Third-party service providers and business partners**. Personal data is **not shared with foreign countries**.

Rights of Data Subjects

Data subjects have the right to:
  • Learn whether their personal data is processed.
  • Request access to their personal data.
  • Request correction of inaccurate or incomplete data.
  • Request the deletion or anonymization of data under certain conditions.
  • Object to automated decision-making.
  • Seek compensation for damages due to unlawful processing.
Requests can be submitted via written application to our company’s **………………** address.

Use of Surveillance Cameras

Our company uses **security cameras** at entrances and exits for safety purposes. Digital records are **stored for two months**, and access is restricted to **authorized personnel**. **Effective Date:** This policy takes effect upon publication on our website.

Contact Me!

0545 460 10 00

WhatsApp

Click to message

Contact us

Click for our location.

Redefining beauty under the guidance of science in plastic and aesthetic surgery, Muda Health Tourism Clinic has been offering trust and professionalism for years with the motto of ‘Be Beautiful with Science, Not with Adventure’.

Instagram Whatsapp Envelope
Plastic Surgery
Medical Aesthetics
Muda Health Tourism

Our treatment services are provided at high quality standards in contracted healthcare institutions that have a health tourism authorization certificate.

© 2024 Muda Health Tourism All Rights Reserved | Web Design WpSup

×

Hello!

Click one of our contacts below to chat on WhatsApp

× Whatsapp