- DATA CONTROLLER AND REPRESENTATIVE
In accordance with Law No. 6698 on the Protection of Personal Data (“Law No. 6698”), we, as Medalion Healthcare Services Inc., act as the data controller and attach great importance to the confidentiality of personal data and the privacy of private life.
We process your personal data for the purposes stated below and within the scope of our commercial relationships:
- In accordance with the purpose that necessitates their processing, in a limited, proportional, and lawful manner,
- By maintaining the accuracy and most up-to-date status of the personal data you provide to us,
- We may process, record, store, classify, update, and, if permitted by legislation, disclose and/or transfer to third parties for the purpose they were processed.
- PROCESSABLE PERSONAL DATA
Within this scope, the following data is collected as personal data:
- Identity Data: Information related to personal identity such as name, surname, ID number, signature, mother’s name, father’s name, place of birth, date of birth, registered location (province/district/neighborhood), ID card serial and number, family order number, civil status, identity registration numbers, issue reason/place/date, ID card, driver’s license, and passport copies, persons responsible to care for, gender, nationality, social security number, tax number, license copy, employee card, gender,
- Contact Data: Data that can be used to reach the person.
Phone (home/mobile), address, email address
- Health Data: Data related to the individual’s health.
Psychological tests and results, evaluation scales (projective and neuropsychological assessments), medications used, medical history, alcohol and tobacco use, diagnosis, epicrisis, anamnesis, sick leave reports, condition reports, prescription, medication reports, genetic disease information of family members, laboratory results, doctor’s analysis and comments, health reports, pregnancy status, disability status
- Biometric Data: Fingerprint, biometric and genetic tests and data
- Visual/Auditory Data: Data containing visual and auditory information about the person.
Photograph, audio recording, camera recording, driver’s license/ID copy/scan
- Financial Data: Data containing the person’s financial information.
Bank account number, IBAN number, card information, bank name, invoice, current account
- Signature Data: Data containing the person’s signature information.
Wet signature, e-signature, signature copy/scan, ID copy, signature circular/declaration
- Professional Data: Data containing information about the person’s profession.
Company worked, professional information
- Education Data: Data containing education information about the person.
School, education information
- Work Data: Information about the company, department, and position worked
- Family and Relative Data: Name, surname, number, and ID number of their relatives
- Legal Transactions: Correspondence with official institutions and organizations, file and debt information related to execution follow-up files
- Other: Position applied for in human resources applications, applied position, center applied, and CV if uploaded by you, military service status information,
Website: Log records, browser data, and session cookies
- PURPOSE OF PROCESSING YOUR PERSONAL DATA
Personal data obtained from our clients, patients, visitors, customers, and suppliers can be processed for the following purposes, among others:
- To comply with legal obligations under the Health Services Basic Law No. 3359, Law on the Organization and Duties of the Ministry of Health and its Affiliated Institutions No. 663, Regulation on Private Health Institutions where Outpatient Diagnosis and Treatment are Performed, Regulation on Personal Health Data, and other legal regulations related to health and financial matters,
- Planning and management of public health, medical diagnosis, treatment and care services, early diagnosis and preventive medicine, planning and management of health services and financing,
- Fulfillment of legal and regulatory requirements,
- Notification to relevant authorities if deemed necessary by the physician,
- In case of membership; notification of medical diagnosis, treatment, and educational services, newsletter sending, notification about our experts’ books, new publications, and event days,
- In case of appointment scheduling; informing you and/or your parent/guardian about the appointment, confirming your relationship with our center, online and live support,
- Invoicing and payments related to the services/products purchased,
- Responding to any questions and complaints related to our health services,
- Measurement of patient/customer satisfaction,
- Implementation of medical diagnosis and treatment services, improvement of these services, obtaining laboratory results,
- Use of data in scientific studies,
- Increasing patient/customer satisfaction,
- Analysis and similar studies for the improvement of services,
- Planning and execution of Risk Management and quality improvement activities,
- Quality and efficiency studies and reports,
- Preservation, storage, and archiving activities for health data required by relevant legislation,
- Financial reconciliation related to health services provided with contracted institutions,
- Execution of assignment processes,
- Follow-up and execution of legal affairs and court decisions,
- Legal obligations of information storage, reporting, and informing required by legislation
- Planning and execution of in-house training and orientation programs, tracking of participation,
- Planning and execution of information security processes,
- Planning and execution of corporate communication activities,
- Execution of document procedures and follow-up,
- Ensuring the legality of activities,
- Execution of financial and accounting affairs,
- Execution and audit of business activities, execution of business continuity activities, receiving and evaluating suggestions for the improvement of business processes,
- Improvement of services offered to you by enhancing the functionality and performance of the website,
- Improvement of the website and offering new features according to your preferences, ensuring legal and commercial security of the website and the institution
- Execution of the purchase process for goods/services,
- Execution of post-sale support services for goods/services, management of customer relationship management processes, execution of activities for customer satisfaction, execution of advertising, marketing, and analysis studies, execution of advertising campaign promotion processes, execution of web push services,
- Execution of performance evaluation processes,
- Execution of risk management processes,
- Execution of contract processes,
- Execution of strategic planning activities,
- Execution of archiving activities,
- Tracking of requests and complaints,
- Execution of the fee policy,
- Execution of marketing processes for products and services,
- Ensuring the security of data controller operations,
- Providing information to authorized individuals, institutions, and organizations,
- Execution of management activities. During call center calls;
- TRANSFER OF YOUR PERSONAL DATA DOMESTICALLY
Your personal data may be shared with relevant institutions and organizations specified under Law No. 6698, within the framework of the personal data processing conditions and purposes stated in Articles 8 and 9 of Law No. 6698, with necessary security measures taken. We may share your data with Social Security Institution, Ministry of Health, Provincial Health Directorate, Public Prosecutors, Courts, and execution directorates, laboratories with which we have agreements, affiliated companies, contracted physicians, and online service units for effective service delivery via the internet.
- TRANSFER ABROAD
Your personal data obtained within the framework of the membership agreement you signed, distance sales agreement, or services received, etc., may be transferred abroad to foreign countries declared by the Board to have sufficient protection, or with your explicit consent, for the purposes specified and limited to similar purposes, with the necessary security measures taken.
- METHOD AND LEGAL BASIS OF COLLECTING PERSONAL DATA
Your personal data, which you have personally or voluntarily shared with us through our website/phone, or which we have requested from you, is collected securely in physical and electronic media, and processed within the framework of legal obligations, protection of our legitimate interests, the performance of the distance sales contract between us, and for reasons prescribed by laws, for health, diagnosis, and treatment purposes. The legal basis for processing your personal data is based on Article 5/2-c of Law No. 6698: “Processing of personal data is necessary for the establishment, exercise, or protection of a right,” Article 5/2-c: “Processing of personal data is mandatory for compliance with a legal obligation to which the data controller is subject,” and Article 5/2-f: “Processing of personal data is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.”
- RIGHTS OF THE DATA SUBJECT UNDER ARTICLE 11 OF LAW NO. 6698
As data subjects, you have the following rights under Article 11 of Law No. 6698:
- Learning whether personal data is being processed,
- Requesting information if personal data has been processed,
- Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
- Knowing the third parties to whom personal data are transferred domestically or abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing and, in this context, notifying third parties to whom personal data have been transferred,
- Requesting the deletion or destruction of personal data in the event that the reasons requiring their processing cease to exist, despite being processed in accordance with the KVKK and other relevant legislation, and notifying third parties to whom personal data have been transferred,
- Objecting to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
- Claiming compensation for damages in case of suffering damage due to the processing of personal data unlawfully.
You can apply to Medalion Healthcare Services Inc. in writing for your requests related to these rights. Your request will be responded to within 30 (thirty) days at the latest, free of charge, depending on the nature of the request. However, if the process requires an additional cost, Medalion Healthcare Services Inc. may charge a fee according to the tariff determined by the Personal Data Protection Board. In this context, personal data subjects have the right to:
- Learn whether personal data is processed,
- Request information if personal data has been processed,
- Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- Know the third parties to whom personal data are transferred domestically or abroad,
- Request correction of personal data if it is incomplete or processed incorrectly,
- Request the deletion or destruction of personal data in accordance with the conditions specified in the legislation,
- Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
- Claim compensation for damages in case of suffering damage due to the unlawful processing of personal data.
To exercise these rights, you must submit your written and wet-signed application to Medalion Healthcare Services Inc. with documents that identify and confirm your identity and address.
If you have any further questions or need additional assistance, please feel free to ask.
Application Method
|
Application Address |
Information to be specified on the envelope |
In Person |
Atatürk Boulevard No: 229 Kavaklıdere-Çankaya/Ankara
|
“GDPR Information Request”
|
Notary |
Atatürk Boulevard No: 229 Kavaklıdere-Çankaya/Ankara
|
“GDPR Information Request”
|
Secure Email |
madalyon@hs2.kep.tr |
In the subject line of the email: “GDPR Information Request” |
Using your registered email address |
madalyon@madalyonklinik.com |
In the subject line of the email: “GDPR Information Request” |
8.PERSONAL DATA STORAGE:
Your personal data may be stored for the duration required by the purposes of processing. In the absence of any other justification or legal reason, and when there is no international law or regulation and the contractual obligations cease to exist, your personal data whose processing purposes have ceased are deleted, destroyed, or anonymized.
9.REQUEST FOR UPDATING YOUR INFORMATION
Your personal data obtained and processed by us should be accurate and updated when necessary. Therefore, if any changes occur in your personal data, you can inform the relevant department of our Center about this matter.
Best regards.
Click here for the Information Request Form.