KVKK Policy

Yeni Karamursel Turizm Ltd Sti. As (“Ykm Turizm”), as the data controller, we attach great importance to the protection of your personal data within the scope of the Personal Data Protection Law no. In order to enlighten you about the sources from which we obtain your personal data, our legal reasons for obtaining and processing personal data, the purposes for which we process your personal data, whether we transfer personal data and to whom we transfer it, and your legal rights, this Clarification Text on the Processing and Protection of Personal Data (" Text") has been prepared.

Ykm Tourism processes your personal data in accordance with the law, prevents unlawful processing of your personal data and illegal access to this data, and has taken all necessary technical and administrative measures to ensure the most appropriate level of security in order to ensure the protection of personal data.

PERSONS WE PROCESS DATA

Ykm Tourism, as a data controller, processes personal data limited to the following groups of people.

1. Our workers,
2. Our Worker Candidates (including reference persons declared by job applicants)
3. Our Interns and On-the-Job Trainees,
4. Our patients,
5. Persons who are interviewed and contacted for diagnosis, treatment or to receive such services,)
6. Relatives and companions of the patient,
7. Parties of all kinds of commercial activities or persons with whom we cooperate or will cooperate due to commercial activities, or authorized or employees of companies (supply, advertising, support, marketing, accommodation, transportation, reference resources, etc.)
8. Shareholders or persons with whom shareholder interviews are held,
9. Our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies,
10. Visitors
11. Legal representatives, parents, guardians or guardians of all data subjects
12. Persons who are parties in legal processes and their legal representatives
13. Third parties with whom we communicate, although they do not have a commercial or legal connection with our company.

PERSONAL DATA WE PROCESS

Ykm Tourism, as the data controller, processes the following personal health data, general and special quality personal data in accordance with the principles of "compliance with the law", "necessity", "fitness for purpose" and "limitation".

Identity Data

Name, surname, nationality, T.R. of the persons whose data will be processed. ID number, passport number and information if not a Turkish citizen, or all identity-related data such as temporary TR identity number, place and date of birth, marital status, gender information.

Contact Data

It is all communication-related data such as residence address, correspondence address, mobile phone number, e-mail address.

Visual and Audio Data

The image and sound recording taken by the closed circuit camera system recorded by the company security cameras, the audio recordings kept if you contact our call center, the confirmation and proof of the promotion, research, medical or aesthetic / cosmetic procedure with special written consent and permission (consent). Person data recorded by photograph or video in order to persuade other patient candidates for medical treatment are the data within this scope.

Personnel Data

It is the data obtained in accordance with the law or employment contract regarding the personnel transactions such as the starting date of the workers, the wage, the number of working days per month.

Training Data

It is the data on the educational status of the workers, candidate workers, trainees or on-the-job training trainees or other related persons working in the company.

Job and Occupation Data

It is all data related to the job or profession in terms of workers, worker candidates, trainees or on-the-job training trainees or other related persons working in the company. (Including professional experience, diploma, course data)

Comment and Complaint Data

It is the data of comments and complaints transmitted to our Company by giving approval and consent, on the website or through other channels, in order to evaluate the services we offer.

Location Data

It is the address or location data that people transmit by any means and with their own consent.

Transaction Security Data (IP Data and Cookies)

This includes IP address, browser information, website login and password information, (Mac ID, IP address information, website login and password information).

Legal Data

It is all the data and enforcement data regarding the persons being the plaintiff or the defendant. It is the data about the workers working in the company and any person who has a lawsuit or enforcement proceeding with the company.

Financial Data

It is the data of individuals such as bank account number and IBAN number. It is the data requested and processed in terms of employees working in the company and patients receiving service from the company.

Health Data

All kinds of health data obtained during the execution of medical diagnosis, treatment and care services such as laboratory and imaging results, medical test results, blood group, examination data, prescription information, which must be followed in medical files for legal reasons, processed with the consent of the person. In addition, the health report and other medical documents in the employee's personnel file are also within this scope.

Vehicle License Plate Data

If the company's car park or private valet service is used, the license plate data is within this scope.

Customer Transaction Data

Call center records, invoice, promissory note, check, box office receipt, order information, request information, etc. data in this context.

Clothing Data

size data etc. fixture, uniform, material and shoe size etc. data is in this scope.

Biometric Data

Palm information, fingerprint, retina scan, face recognition etc. data is in this scope.

Risk Management Data

The data processed for the management of commercial, technical and administrative risks are within this scope.

Physical Space Security

Entry and exit registration information of employees and visitors, security camera records are the data within this scope.

Association, Foundation and Union Data

Association and foundation data may be required in social responsibility and workplace organizations, and union data may be required during union dues deduction.

III.PROCESSING PERSONAL DATA

A.OBTAINING PERSONAL DATA

1.Through Which Channels and How Personal Data Are Collected

Your Personal Data;

Ykm Tourism, as a data controller, processes personal data limited to the following groups of people.

1. 1.2.As a result of the conversation with our call center,
2. 1.3.As a result of the conversation made through the live support application on our website,
3. 1.4.As a result of the meeting to be made by contacting Ykm Tourism doctors or related personnel via phone, WhatsApp Application or e-mail.,
4. 1.5.Over the phones used by Ykm Tourism marketing and promotion personnel, or via SMS or WhatsApp etc. as a result of communication established through applications,
5. 1.6.If you apply to Ykm Tourism, you can contact the doctors or related personnel by phone, SMS or WhatsApp etc. As a result of the interviews you will make over the applications,
6. 1.7.If you apply to Ykm Tourism, as a result of face-to-face meetings with doctors or related personnel.,
7. 1.8.Personal data on the contract and other commercial activity documents of the persons and company officials or employees with whom the business relationship is made as a requirement of the commercial activity, on the communication platforms,
8. 1.9.As a result of personal data taking place on the contract and other commercial activity documents of our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies, on communication platforms,
9. 1.10.As a result of the applications made through panels such as "contact us" or "get information" through the promotion and advertisement on social media.,
10. 1.11.As a result of requesting a mobile phone number for personal data and encryption requested in accordance with the legislation, in order to connect to the broadcast on the wireless network (Wi-Fi) special for the guests within the scope of the wireless Internet service.,
11. 1.12.Obtaining data in the form of recording the MAC ID (Device Identity Information) from the logins to the website,
12. 1.14.Similarly, with other legal data acquisition means, It is obtained from channels such as.

B.PURPOSE OF PROCESSING PERSONAL DATA AND LEGAL REASONS

1.Purposes of Collection and Processing of Personal Data

Your personal data mentioned above and your personal data of special nature will be processed for the following purposes.

1. 1-Fulfilling legal obligations and carrying out all kinds of business within the legal framework,
2. 2-Fulfillment of contract provisions,
3. 3-Providing Health Services (medical or medical/cosmetic diagnosis, examination, treatment and all kinds of care services)
4. 4-Business activity and business requirements,
5. 5-Sectoral (health) requirements;
• 5.1.Whether sick or not, protection of public health, preventive medicine, medical diagnosis, treatment and care services,
• 5.2.Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations in accordance with the health legislation,
• 5.3.Financing of your health services, examination, diagnosis and treatment expenses by patient services, financial affairs, marketing departments,
• 5.4.Informing patients about the appointment through customer representatives, call centers and other channels,
• 5.5.Patient services, identity verification by other operating units,
• 5.6.Measuring, increasing and researching patient satisfaction by hospital management, patient rights, patient experience departments,
• 5.7.Billing by patient services, financial affairs, marketing departments,
• 5.8.Answering all kinds of questions and complaints about our health services by the hospital management, patient rights and call center, patient relations department,
6. 6.Technical Requirements;
• 6.1.Planning and management of the internal functioning of the institution by the call center, patient relations, hospital management,
• Research and analyzes made by the service delivery quality, patient experience, information technology departments to increase the quality of health services,
• Training of workers by human resources management and quality departments,
• Monitoring and prevention of abuse or unauthorized transactions by the internal audit and IT department,
• Carrying out risk management and quality improvement activities by the quality, IT departments,
• Taking all necessary technical and administrative measures within the scope of data security by the hospital management and data processing department,
• Ensuring the necessary communication by the officials in order to carry out transportation, accommodation and attendance services within the scope of health tourism.,
• Participation in campaigns and providing campaign information by the patient relations, marketing, call center, department, designing special content, tangible and intangible benefits on the web and other mobile channels, social media and communicating them to the interlocutors,
• To be able to carry out training and activities by the educational institutions with which the institution cooperates,

Legal Reasons for the Collection and Processing of Personal Data

Your personal data mentioned above and your personal data of special nature;

1. 1.2.As a result of the conversation with our call center,
2. Health Services Basic Law No. 3359,
3. Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,
4. Law No. 6698 on the Protection of Personal Data,
5. Private Hospitals Regulation,
6. Regulation on Processing of Personal Health Data and Protection of Privacy
7. Identity Notification Law No. 1774,
8. Labor Law No. 4857,
9. Social Insurance and General Health Insurance Law No. 5510,

It will be processed for legal reasons.

Protection of Personal Data No. 6698, as stated in paragraph 3 of Article 6 of the Law, personal data related to health and sexual life can only be used for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. It may be processed by persons or authorized institutions and organizations under the obligation to keep secrets without seeking the explicit consent of the person concerned.

C.TRANSFERRING PERSONAL DATA

Your personal data,

1. Basic Law on Health Services No. 3359,
2. Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,
3. Law on Protection of Personal Data No. 6698 and all relevant sub-legislation,
4. Private Hospitals Regulations,
5. Regulation on the Processing of Personal Health Data and Protection of Privacy
6. Identity Notification Law No. 1774,
7. Labor Law No. 4857,
8. Social Insurance and General Health Insurance Law No. 5510,
9. Within the framework of its terms and for the purposes described above;
10. Ministry of Health, sub-units and family medicine centers affiliated to the ministry,
11. Private insurance companies (health, pension, life insurance, etc.),
12. Social Security Institution,
13. Ministry of Family, Labor and Social Policies,
14. General Directorate of Security and other law enforcement agencies,
15. General Directorate of Population and Citizenship Affairs,
16. Other authorized official institutions and organizations,
17. Turkish Pharmacists Association,
18. Judicial authorities, enforcement offices, mediators,
19. Laboratories, medical centers, ambulances, medical devices and institutions providing health services in the country or abroad with which we cooperate for medical diagnosis and treatment
20. The health institution to which the patient was referred or the patient himself applied,
21. Legal representatives, parents and guardians authorized in writing
22. All natural or legal third parties who receive consultancy services, including lawyers, tax consultants and auditors we work with under the contract,
23. Regulatory and supervisory institutions and official authorities,
24. Companies within the group of companies that our hospital is affiliated with,
25. Banks where our company or the patients or our employees who are related to our company pursuant to any contract have accounts,
26. Individual pension companies that work within the scope of compulsory or optional IPS (Individual Pension System),
27. Our suppliers, support service providers, archive service providers and business partners whose services we benefit from or cooperate with (for more detailed information, you can obtain information by applying to our hospital in writing.)
28. To our business partners and business contacts,
29. To our shareholders and real or legal persons with whom shareholder interviews were made
30. Outsourcing service providers,
31. Cargo or courier companies,
32. Air, land or sea passenger transport companies, It can be shared with.

IV.OUR MEASURES AND COMMITMENTS TO PROTECT PERSONAL DATA

Ykm Tourism, as the data controller, protects the above-mentioned personal and private personal data in its own physical and electronic environments with great sensitivity and by fully complying with the provisions of the legislation, by taking all kinds of administrative and technical measures. Ykm Tourism has taken all kinds of administrative and technical measures to protect your personal data, as recorded in VERBIS and included in the Personal Data Inventory. Ykm Tourism is committed to protecting all personal data. In order to prevent the illegal processing and access of personal data and to ensure the preservation of personal data, technical and administrative measures are carried out by using various methods and security technologies to ensure the appropriate level of security. Ykm Tourism will not disclose the personal data it has obtained to anyone else in violation of the provisions of the Law on the Protection of Personal Data No. 6698 and will not use it for purposes other than processing. Ykm Tourism has prepared and signed all warnings or consent statements, undertakings, and has implemented the necessary multi-faceted audit activities in cases where it is necessary and necessary to share (transfer) personal data with outsourcing service providers and suppliers, consultants or lawyers.

V.PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES

Ykm Tourism does not position cookies on its website. During the use of our website and mobile application, IP address, browser information. (Mac ID, IP address information, website login and password information) are not received.

VI.YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA

Pursuant to Article 11 of the Personal Data Protection Law, you can exercise your rights regarding the processing and protection of your personal data, provided that you prove your identity by applying to Ykm Tourism as a Data Controller through the following ways.

A.YOUR RIGHTS REGARDING YOUR PERSONAL DATA

1. 1Learning whether your personal data is processed,
2. 2 If your personal data has been processed, request information about it,
3. 3Learning the purpose of processing your personal data and whether they are used in accordance with the purpose,
4. Knowing the third parties to whom your personal data is transferred, at home or abroad,
5. 5To request correction of personal data if it is incomplete or incorrectly processed
6. Request the deletion or destruction of personal data,
7. In case your personal data has been transferred to third parties, requesting that your personal data be corrected and deleted or destroyed, in case your personal data has been incomplete or incorrectly processed, to be notified or forwarded to the relevant third party,
8. Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
9. Demanding the elimination of damage in case of loss due to unlawful processing of personal data,

You own the rights.

You can request the destruction (deletion, destruction or anonymization) of your personal data from Ykm Tourism within the framework of the conditions stipulated in Article 7 of the Law on the Protection of Personal Data. However, by evaluating your destruction request, which method is appropriate will be evaluated by our company according to the conditions of the concrete case. In this context, you can always request information from Ykm Tourism about why we chose the destruction method we chose.

Personal data collected about persons under the age of 18 are limited to their name, surname, age and degree of affinity, and these data can only be given to us by the relevant adult (parent or guardian).

SITUATIONS OUT OF THE SCOPE OF THE RIGHT OF APPLICATION

Pursuant to Article 28 of the Personal Data Protection Law, personal data owners will not be able to assert their right of application, since the following cases are excluded from the scope of the KVK Law:

1. Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.v
2. Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
3. Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
4. Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution proceedings.
Pursuant to paragraph 2 of Article 28 of the Law on the Protection of Personal Data, it is not possible to assert rights in the following cases, with the exception of the right to demand compensation:
5. Personal data processing is necessary for the prevention of crime or for criminal investigation,
6. Processing of personal data made public by the person concerned,
7. Personal data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
8. The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.

B.YOUR WAYS TO CONTACT OUR COMPANY TO EXERCISE YOUR RIGHTS

Your rights under the Personal Data Protection Law;

1. Filling the Application Form on the Protection of Personal Data on our company's website at "www.ykmturizm.com.tr",
2. Coming to the address of Altunizade Mahallesi Kısıklı Caddesi No:7 Üsküdar İstanbul, where our company's headquarters is located, filling in the Application Form on the Protection of Personal Data to be obtained from the Human Resources Management department and handing it in person against signature,
3. By sending a letter through the notary public,
By sending an e-mail to
4. iletisim@ykmhelathtourism.com with a secure electronic or mobile signature, to the registered e-mail address,
5. by sending an e-mail to ykmturizmperakende@hs02.kep.tr with secure electronic or mobile signature,
You can use it.

Depending on the nature of your request and your application method, additional verifications (such as sending a message to your registered phone, calling you) may be requested by the Company in order to determine whether the application belongs to you and thus to protect your rights. For example, if you apply through your e-mail address registered with the Company, you may be contacted using another communication method registered with the Company and you may be asked to confirm whether the application belongs to you. As a rule, your requests in your application will be concluded free of charge within thirty working days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost for the Company, as stated in the Communiqué on the Procedures and Principles of Application to the Data Controller published in the Official Gazette dated 10.03.2018 and numbered 30356 by the Personal Data Protection Authority, a total of 50 (Fifty) TL cannot be exceeded. A fee may be charged. If your application is caused by the fault of our company, which is the Data Controller, the paid fee will be refunded to you.

Your duly requests for the Protection of Personal Data will generally be concluded free of charge, within thirty business days at the latest, from their receipt to our company. In order to confirm that you are the right person in case of your application, "Ykm Tourism" has the right to request some confirmatory information from you. Unless you cancel your application, you are deemed to have accepted these demands of Ykm Tourism.

CONSENT and APPROVAL

When you read this Clarification Text, you accept, declare and undertake that you are fully and completely informed about the fact that Yeni Karamürsel Turizm Ltd Şti carries out a data processing process in this context, and that you have been informed about the processing of your personal data and that you have given your consent to the processing of your personal data.

CONTACT INFORMATION

YENİ KARAMÜRSEL TURIZM LTD ŞTİ

IATA NO :3102

Contact url: www.yenikaramurselturizm.com

E-Mail:iletisim@ykmhealthtıurism.com

Address: İcadiye Mah.Cumhuriyet Cad.No:167/5 Üsküdar, İstanbul

Phone: 0212 368 49 00

Update Date 24.02.2022 19:33