Protection of Personal Data

INFORMATION TEXT ON PROCESSING AND PROTECTION OF PERSONAL DATA

Medi Hair ‎Center Health Group (“Medihaircenter”), as the data controller, we attach great importance to the protection of your personal data within the scope of the Personal Data Protection Law No. 6698 (“Law”) and relevant sub-legislation, as well as in accordance with the General Data Protection Regulation GDPR (General Data Protection Regulation). This Information Text on the Processing and Protection of Personal Data (” Text”) has been prepared.

Medihaircenter processes your personal data in accordance with the law, prevents unlawful processing of your personal data and unlawful access to these data, and has taken all necessary technical and administrative measures to ensure the most appropriate level of security to ensure the preservation of personal data.

PEOPLE WHOSE DATA WE PROCESS

Medihaircenter, as the data controller, processes personal data limited to the following groups of people.

Our workers,
Our Worker Candidates (including reference persons declared by job applicants)
Our interns and on-the-job training trainees,
Our patients,
Persons interviewed and contacted for the purpose of diagnosis, treatment or receiving such services,
Patient relatives and companions,
Parties of all kinds of commercial activities or officials or employees of persons or companies with whom we cooperate or will cooperate in accordance with commercial activities (Supply, advertising, support, marketing, accommodation, transportation, reference sources, etc.).
Shareholders or persons with whom shareholding negotiations are held,
Officials or employees of our Legal Counselors, Lawyers and Consultants or consultancy companies,
visitors
Legal representatives, parents, guardians or guardians of all data subjects
Persons who are parties to legal processes and their legal representatives
Third parties we have contacted even though they have no commercial or legal connection with our company.

PERSONAL DATA WE PROCESS

Medihaircenter, as the data controller, processes the following personal health data, general and special personal data in accordance with the principles of “compliance with law”, “necessity”, “fitness for purpose” and “limitation”.

Identity Data
Name-surname, nationality, Turkish Republic of the persons whose data will be processed. All identity-related data such as identity number, passport number and information if not a Turkish citizen, or temporary Turkish identity number, place and date of birth, marital status, gender information.

Communication Data
All communication data such as residence address, correspondence address, mobile phone number, e-mail address.

Visual and Audio Data
Image and audio recordings taken with the closed-circuit camera system recorded by the company security cameras, voice call recordings kept if you contact our call center, confirmation and evidence that promotion, research, medical or aesthetic/cosmetic procedures have been carried out with special written consent and permission (approval). Personal data recorded in photographs or videos for the purpose of convincing patients or other prospective patients to undergo medical treatment are data within this scope.

Personnel Data
It is the data obtained in accordance with the law or employment contract regarding the personnel affairs of the workers, such as starting date of employment, wages, number of working days per month.

Training Data
Data on the educational status of workers working in the company, candidate workers, interns or on-the-job training trainees or other relevant persons.

Business and Occupation Data
It is all data regarding the job or profession in terms of workers working in the company, candidate workers, interns or on-the-job training trainees or other relevant persons. (Including professional experience, diploma, course data)

Comment and Complaint Data
These are the comment and complaint data transmitted to our Company through the website or other channels, with approval and consent, in order to evaluate the services we offer.

Location or Location Data
It is the address or location data that people transmit by any means and with their own consent.

Transaction Security Data (IP Data and Cookies)
IP address, browser information, website login and password information (Mac ID, IP address information, website login and password information) are included in this scope.

Legal Data
All data regarding people being plaintiffs, defendants and enforcement data. These are data regarding workers working in the company and any person who has a lawsuit or enforcement proceeding with the company.

Financial Data
These are people’s data such as bank account numbers and IBAN numbers. These are the data requested and processed by the workers working in the company and the patients receiving service from the company.

Health Data
All kinds of health data obtained during the execution of medical diagnosis, treatment and care services, such as laboratory and imaging results, medical test results, blood type, examination data, prescription information, processed with the consent of the person, which must be followed in medical files for legal reasons. In addition, the health report and other medical documents in the workers’ personnel files are also included in this scope.

Vehicle License Plate Data
If the company’s parking lot or private valet service is used, vehicle license plate data is included in this scope.

Customer Transaction Data
Call center records, invoices, promissory notes, checks, teller receipts, order information, request information, etc. data in this scope.

Clothing Data
Body data etc. fixtures, uniforms, material and shoe size etc. The data is within this scope.

Biometric Data
Palm information, fingerprint, retina scan, facial recognition, etc. The data is within this scope.

Risk Management Data
This includes data processed to manage commercial, technical and administrative risks.

Physical Space Security
Entry and exit registration information of employees and visitors, security camera records are the data within this scope.

Association, Foundation and Union Data
Association and foundation data may be required in social responsibility and workplace organizations, and union data may be required during union dues deductions.

III. PROCESSING OF PERSONAL DATA
A. OBTAINING PERSONAL DATA
1. Through Which Channels and How Personal Data is Collected
Your Personal Data;

1.2.As a result of the conversation with our call center,
1.3.As a result of the conversation made through the live support application on our website,
1.4.As a result of the meeting with Medihaircenter doctors or relevant personnel by phone, WhatsApp Application or e-mail,
1.5. Via phones used by Medihaircenter marketing and promotion personnel or via SMS or WhatsApp, etc. As a result of communication established through applications,
1.6.If you apply to Medihaircenter, you can contact doctors or relevant personnel by phone, SMS or WhatsApp, etc. As a result of the interviews you will make through the applications,
1.7.If you apply to Medihaircenter, as a result of face-to-face meetings with doctors or relevant personnel,
1.8. As a requirement of commercial activity, personal data is included in the contracts and other commercial activity documents and communication platforms of the persons and company officials or employees with whom business relations are made,
1.9. As a result of personal data being included in contracts and other commercial activity documents and communication platforms of our Legal Advisors, Lawyers and Consultants or the officials or employees of consultancy companies,
1.10.As a result of applications made through panels such as “contact us” or “get information” through promotions and advertisements on social media,
1.11. Within the scope of Wireless Internet service, a private wireless network (Wi-Fi) is available for guests, as a result of requesting personal data required by the legislation and a mobile phone number for encryption in order to connect to the broadcast,
1.12. Obtaining data by recording MAC ID (Device Identity Information) from logins to the website,
1.13. If personal data is included in the communication platforms of third parties with whom we communicate or are contacted even though they have no commercial or legal connection with Medihaircenter,
1.14.Similarly, through other legal data acquisition methods,
It is obtained through such channels.

B. PURPOSES OF PROCESSING PERSONAL DATA AND LEGAL REASONS
1. Purposes of Collection and Processing of Personal Data
Your above-mentioned personal data and special personal data will be processed for the following purposes.

1- Fulfilling legal obligations and carrying out all kinds of business within the legal framework,
2- Fulfillment of the provisions of the contract,
3- Providing Health Services (Medical or medical/cosmetic diagnosis, examination, treatment and carrying out all kinds of care services)
4-Commercial activity and business requirements,
5-Sectoral (health) requirements;
5.1.Protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, whether sick or not,
5.2.Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations in accordance with the health legislation,
5.3.Financing of your health services, covering examination, diagnosis and treatment expenses by the patient services, financial affairs and marketing departments,
5.4. Informing patients about appointments through customer representatives, call centers and other channels,
5.5.Identity confirmation by patient services and other operation units,
5.6. Measuring, increasing and researching patient satisfaction by hospital management, patient rights and patient experience departments,
5.7. Invoicing by patient services, financial affairs and marketing departments,
5.8. Answering all kinds of questions and complaints regarding our health services by the hospital management, patient rights and call center, patient relations department,
6.Technical requirements;
6.1.Planning and managing the internal functioning of the institution by the call center, patient relations, and hospital management,
6.2. Service delivery quality, patient experience, research and analysis conducted by IT departments to increase the quality of healthcare services,
6.3. Providing training to workers by human resources management and quality departments,
6.4.Monitoring and preventing abuse or unauthorized transactions by the internal audit and IT department,
6.5. Carrying out risk management and quality improvement activities by quality and IT departments,
6.6. Taking all necessary technical and administrative measures within the scope of data security by the hospital management and IT department,
6.7. Ensuring the necessary communication by officials in order to provide transportation, accommodation and hospitality services within the scope of health tourism,
6.8.Participating in campaigns and providing campaign information by the patient relations, marketing, call center department, designing special contents and concrete and intangible benefits on the Web and other mobile channels and social media and conveying them to the addressees,
6.9.To be able to carry out training and activities by the educational institutions with which the institution cooperates,
2.Legal Reasons for Collection and Processing of Personal Data
Your personal data mentioned above and your special personal data;

Health Services Basic Law No. 3359,
Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Subsidiaries,
Personal Data Protection Law No. 6698,
Private Hospitals Regulation,
Regulation on Processing of Personal Health Data and Protection of Privacy
Identity Notification Law No. 1774,
Labor Law No. 4857,
Social Insurance and General Health Insurance Law No. 5510,
It will be processed for legal reasons.

As stated in the 3rd paragraph of Article 6 of the Personal Data Protection Law No. 6698, personal data regarding health and sexual life can only be used for the protection of public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and their financing. It may be processed by persons or authorized institutions and organizations who are under the obligation of confidentiality, without the express consent of the person concerned.

C. TRANSFER OF PERSONAL DATA
Your personal data,

Health Services Basic Law No. 3359,
Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Subsidiaries,
Personal Data Protection Law No. 6698 and all relevant sub-legislation,
Private Hospitals Regulation,
Regulation on Processing of Personal Health Data and Protection of Privacy
Identity Notification Law No. 1774,
Labor Law No. 4857,
Social Insurance and General Health Insurance Law No. 5510,
Within the framework of its provisions and for the purposes explained above;

Ministry of Health, sub-units and family medicine centers affiliated to the ministry,
Private insurance companies (health, pension, life insurance and similar),
Social Security Institution,
Ministry of Family, Labor and Social Policies,
General Directorate of Security and other law enforcement agencies,
General Directorate of Population and Citizenship Affairs,
Other authorized official institutions and organizations,
Turkish Pharmacists Association,
Judicial authorities, enforcement offices, mediators,
Laboratories, medical centers, ambulances, medical devices and institutions providing health services at home or abroad with which we cooperate for medical diagnosis and treatment,
The health institution to which the patient is referred or to which the patient himself applies,
Legal representatives, parents and guardians authorized in writing
All real or legal third parties from whom consultancy services are received, including the lawyers, tax consultants and auditors with whom we work within the scope of the contract,
Regulatory and supervisory institutions and official authorities,
Companies within the group of companies to which our hospital is affiliated,
Banks where our company or the patient or our workers or anyone related to our company pursuant to any contract have an account,
Private pension companies worked within the scope of compulsory or optional BES (Individual Pension System),
Our suppliers, support service providers, archive service providers and business partners whose services we benefit from or cooperate with (for more detailed information, you can contact our hospital in writing.)
To our business partners and business contacts,
To our shareholders and real or legal persons with whom shareholder negotiations have been held
Outsourcing service providers,
Cargo or courier companies,
Air, land or sea passenger transportation companies,
It can be shared with.

C. TRANSFER OF PERSONAL DATA
Your personal data,

IV. OUR MEASURES AND COMMITMENTS TOWARDS THE PROTECTION OF PERSONAL DATA
Medihaircenter, as the data controller, protects your above-mentioned personal and special personal data in physical and electronic environments with great sensitivity and in full compliance with the legislative provisions, by taking all kinds of administrative and technical measures.

Medihaircenter has taken all kinds of administrative and technical measures to protect your personal data, as recorded in VERBIS and included in the Personal Data Inventory.

Medihaircenter is committed to protecting all personal data. In order to prevent unlawful processing and access of personal data and to ensure the preservation of personal data, technical and administrative measures are carried out using various methods and security technologies to ensure the appropriate level of security.

Medihaircenter will not disclose the personal data it obtains to anyone else in violation of the provisions of the Personal Data Protection Law No. 6698 and will not use it for purposes other than processing.

Medihaircenter has prepared and signed all warning or consent statements and letters of undertaking in cases where it is mandatory and necessary to share (transfer) personal data with outsourcing service providers and suppliers, consultants or lawyers, and has implemented the necessary multifaceted audit activities.

V. PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES
Medihaircenter does not position cookies on its website. During the use of our website and mobile application, IP address and browser information. (Mac ID, IP address information, website login and password information) are not collected.

VI. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA
In accordance with Article 11 of the Personal Data Protection Law, you can exercise your rights regarding the processing and protection of your personal data by applying to Medihaircenter as the Data Controller in the following ways, provided that you prove your identity.

A. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
1. Learning whether your personal data is being processed or not,
2. Requesting information if your personal data has been processed,
3. Learning the purpose of processing your personal data and whether they are used for their intended purpose,
4. Knowing the third parties to whom your personal data is transferred at home or abroad,
5. Request correction of personal data if they are incomplete or incorrectly processed
6. Requesting the deletion or destruction of personal data,
7. In case your personal data has been transferred to third parties, to request that your personal data be corrected and deleted or destroyed if your personal data has been processed incorrectly or incompletely, to be notified or forwarded to the relevant third party,
8. Objecting to the emergence of a result that is unfavorable to the person by analyzing the processed data exclusively through automatic systems,
9. Requesting compensation for damages in case of damage due to unlawful processing of personal data,
You have the rights.

You can request Medihaircenter to destroy (delete, destroy or anonymise) your personal data within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law. However, by evaluating your destruction request, our company will evaluate which method is appropriate according to the circumstances of the concrete case. In this context, you can always request information from Medihaircenter about why we chose the destruction method we chose.

Personal data collected about people under the age of 18 is limited to their name, surname, age and degree of closeness, and this data can only be given to us by the relevant adult (parent or guardian).

SITUATIONS EXCLUDED FROM THE SCOPE OF APPLICATION RIGHT
In accordance with Article 28 of the Personal Data Protection Law, personal data owners will not be able to assert their application rights since the following situations are excluded from the scope of the Personal Data Protection Law:

Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public security, public order or economic security.
Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings.
In accordance with the 2nd paragraph of Article 28 of the Personal Data Protection Law, except for the right to request compensation for damage, it is not possible to assert rights in the following cases:

Processing personal data is necessary for the prevention of crime or criminal investigation,
Processing of personal data made public by the relevant person,
Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law,
Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters.

B.WAYS TO CONTACT OUR COMPANY TO EXERCISE YOUR RIGHTS
Your rights under the Personal Data Protection Law;

1- By filling out the Application Form for the Protection of Personal Data on our company’s website “www.medihaircenter.com”,
2- By coming to Barbaros Mah. Ahmet Yesevi Cad.No: 149 Bagcilar – Istanbul, where our company’s headquarters is located, filling out the Application Form for the Protection of Personal Data to be obtained from the Human Resources Management department and submitting it in person against signature,
3- By sending a letter through a notary public,
4- By sending an e-mail to the registered e-mail address with a secure electronic or mobile signature to the e-mail address medihaircenter@gmail.com,
You can use it.

Depending on the nature of your request and your application method, the Company may request additional verifications (such as sending a message to your registered phone or calling you) in order to determine whether the application belongs to you or not and thus to protect your rights. For example, if you apply through your e-mail address registered with the Company, you may be contacted using another communication method registered with the Company and confirmation may be requested whether the application belongs to you or not.

Your requests in your application will be concluded free of charge, as a rule, within thirty business days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, a total cost not exceeding 50 (Fifty) TL, as stated in the Communiqué on the Procedures and Principles of Application to the Data Controller published by the Personal Data Protection Authority in the Official Gazette dated 10.03.2018 and numbered 30356. A fee may be charged. If your application is caused by an error of our company, which is the Data Controller, the paid fee will be refunded to you.

Your duly requested requests regarding the Protection of Personal Data will generally be resolved free of charge within thirty business days after they are received by our company.

In case of your application, “Medihaircenter” has the right to request some confirmatory information from you in order to confirm that you are the correct person. Unless you cancel your application, you are deemed to have accepted these requests of Medihaircenter.

CONSENT AND APPROVAL
When you read this Information Text, you accept, declare and undertake that you have full and complete information about the fact that Medi Hair Center Health Group carries out a data processing process in this context and that you have been informed about the processing processes of your personal data and that you consent to the processing of your personal data. you are counted.

CONTACT INFORMATION

Medi Hair Center Health Group

Contact link: www.medihaircenter.com

E-Mail: medihaircenter@gmail.com

Address: Barbaros Mah. Ahmet Yesevi Cad. No: 149 Bagcilar – Istanbul

Phone: +90 541 951 99 65

Protection of Personal Data

About Us

Working Hours

Contacts