INFORMATION TEXT ON THE PROCESSING AND PROTECTION OF PERSONAL DATA

 

CAB Health and Tourism Services Trade Ltd. Sti. As (“Esteinnova”), in the capacity of data controller, we attach great importance to the protection of your personal data within the scope of the Personal Data Protection Law No. In order to enlighten you about the sources from which we obtain your personal data, our legal reasons for obtaining and processing personal data, for what purposes we process your personal data, whether we transfer personal data and to whom we transfer it, and your legal rights, this Clarification Text on the Processing and Protection of Personal Data (" Text") has been prepared. Esteinnova processes your personal data in accordance with the law, prevents unlawful processing of your personal data and illegal access to this data, and has taken all necessary technical and administrative measures to ensure the most appropriate level of security in order to ensure the protection of personal data.

​

PERSONS WE PROCESS DATA

​

Esteinnova, as a data controller, processes personal data limited to the following groups of people.

• Our workers

• Our Worker Candidates (including reference persons declared by job applicants)

• Our Interns and On-the-Job Trainees,

• Our patients,

• Persons interviewed and contacted for diagnosis, treatment or to receive such services,

• Relatives and companions of the patient,

• Parties of any commercial activity or persons with whom we cooperate or will cooperate due to commercial activity, or authorized or employees of companies (supply, advertising, support, marketing, accommodation, transportation, reference resources, etc.)

• Shareholders or persons with whom shareholding negotiations are held,

• Our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies,

• visitors

• Legal representatives, parents, guardians or guardians of all data subjects

• Persons who are parties in legal processes and their legal representatives

• Third parties with whom we have contacted, although they do not have a commercial or legal connection with our company.

​

PERSONAL DATA WE PROCESS

​

• Esteinnova, as a data controller, processes the following personal health data, general and special personal data in accordance with the principles of "compliance with the law", "necessity", "fitness for purpose" and "limitation".

• Identity Data

• It is all data related to identity such as name, surname, nationality, TR identity number, passport number and information if not a Turkish citizen or temporary TR identity number, place and date of birth, marital status, gender information of the persons whose data will be processed.

• Communication Data

• It is all communication-related data such as residence address, correspondence address, mobile phone number, e-mail address.

• Visual and Audio Data

• The image and sound recording taken by the closed circuit camera system recorded by the company security cameras, the audio recordings kept if you contact our call center, the confirmation and proof of the promotion, research, medical or aesthetic / cosmetic procedure with special written consent and permission (consent). Personal data recorded by photograph or video for convincing medical treatment of the patient or other patient candidates are the data within this scope.

• Personnel Data

• It is the data obtained in accordance with the law or employment contract regarding personnel transactions such as the starting date of the workers, the wage, the number of working days per month.

• Training Data

• It is the data on the educational status of the workers, candidate workers, trainees or on-the-job training trainees or other related persons working in the company.

• Job and Occupation Data

• It is all data related to the job or profession in terms of workers, worker candidates, trainees or on-the-job training trainees or other related persons working in the company. (Including professional experience, diploma, course data)

• Comment and Complaint Data

• It is the data of comments and complaints transmitted to our Company by giving approval and consent, on the website or through other channels, in order to evaluate the services we offer.

• Location or Location Data

• It is the address or location data that people transmit by any means and with their own consent.

• Transaction Security Data (IP Data and Cookies)

• This includes IP address, browser information, website login and password information, (Mac ID, IP address information, website login and password information).

• Legal Data

• It is all the data and enforcement data regarding the persons being the plaintiff or the defendant. It is the data about the employees working in the company and any person who has a lawsuit or enforcement proceeding with the company.

• Financial Data

• It is the data of individuals such as bank account number and IBAN number. It is the data requested and processed in terms of employees working in the company and patients receiving service from the company.

• Health Data

• All kinds of health data obtained during the execution of medical diagnosis, treatment and care services, such as laboratory and imaging results, medical test results, blood group, examination data, prescription information, which must be followed in medical files for legal reasons, processed with the consent of the person. In addition, the health report and other medical documents in the employee's personnel file are also within this scope.

• Vehicle License Plate Data

• If the company's car park or private valet service is used, the license plate data is within this scope.

• Customer Transaction Data

• Call center records, invoice, promissory note, check, box office receipt, order information, request information, etc. data in this context.

• Clothing Data

• size data etc. fixture, uniform, material and shoe size etc. data is in this scope.

• Biometric Data

• Palm information, fingerprint, retina scan, face recognition etc. data is included in this scope.

• Risk Management Data

• The data processed for the management of commercial, technical and administrative risks are within this scope.

• Physical Space Security

• Entry and exit registration information of employees and visitors, security camera records are the data within this scope.

• Association, Foundation and Union Data

• Association and foundation data may be required in social responsibility and workplace organizations, and union data may be required during union dues deduction.

​

III.PROCESSING OF PERSONAL DATA

​

A. OBTAINING PERSONAL DATA

​

1. Through Which Channels and How Personal Data are Collected

Your Personal Data;

​

• 1.2.As a result of the meeting with our call center,

• 1.3.As a result of the conversation made over the live support application on our website,

• 1.4. As a result of the meeting to be made by contacting Esteinnova doctors or related personnel via phone, WhatsApp Application or e-mail,

• 1.5. Esteinnova's marketing and promotion personnel use the telephones or via SMS or WhatsApp etc. As a result of communication established through applications,

• 1.6.In case you apply to Esteinnova, you can communicate with the doctors or related personnel by phone, SMS or WhatsApp etc. As a result of the interviews you will make over the applications,

• 1.7. If you apply to Esteinnova, as a result of face-to-face meetings with doctors or related personnel,

• 1.8. Personal data of the person and company officials or employees with whom business relations are made as a requirement of the commercial activity, on the contract and other commercial activity documents, on the communication platforms,

• 1.9. As a result of personal data being included on the contract and other commercial activity documents of our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies, on communication platforms,

• 1.10. As a result of the applications made through panels such as "contact us" or "get information" through the promotion and advertisement on social media,

• 1.11. As a result of requesting a mobile phone number for personal data and encryption requested in accordance with the legislation in order to be able to connect to the broadcast in the wireless network (Wi-Fi) specific to the guests within the scope of the wireless Internet service,

• 1.12. Obtaining data in the form of recording the MAC ID (Device Identity Information) from the logins to the website,

• 1.13. Personal data of third parties are included in communication platforms, in case we communicate with Esteinnova or are contacted without any commercial or legal connection,

• 1.14. Similarly, with other legal data acquisition methods,

It is obtained from such channels.

​

B. PURPOSE OF PROCESSING PERSONAL DATA AND LEGAL REASONS

​

1. Purposes of Collection and Processing of Personal Data

​

Your personal data mentioned above and your sensitive personal data will be processed for the following purposes.

• 1- Fulfilling legal obligations and carrying out all kinds of business within the legal framework,

• 2- Fulfillment of the provisions of the contract,

• 3-Providing Health Services (Execution of medical or medical/cosmetic diagnosis, examination, treatment and all kinds of care services)

• 4-Commercial activity and management requirements,

• 5-Sectoral (health) requirements;

  • 5.1. Protection of public health, preventive medicine, medical diagnosis, treatment and care services whether or not they are sick,

  • 5.2. Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations in accordance with the health legislation,

  • 5.3. Financing your health services, examination, diagnosis and treatment expenses by the patient services, financial affairs, marketing departments,

  • 5.4. Informing the patients about the appointment through the customer representative, call center and other channels,

  • 5.5. Identity confirmation by patient services, other operating units,

  • 5.6. Measuring, increasing and researching patient satisfaction by hospital management, patient rights, patient experience departments,

  • 5.7. Invoicing by patient services, financial affairs, marketing departments,

  • 5.8. To be able to answer all kinds of questions and complaints about our health services by the hospital management, patient rights and call center, patient relations department,

• 6.Technical requirements;

  • 6.1. Planning and management of the internal functioning of the institution by the call center, patient relations, hospital management,

  • 6.2. The quality of service delivery, patient experience, research and analysis made by the IT departments to increase the quality of health services,

  • 6.3. Training of workers by human resources management and quality departments,

  • 6.4. Monitoring and preventing abuse or unauthorized transactions by the internal audit and data processing department,

  • 6.5. Carrying out risk management and quality improvement activities by quality, information technology departments,

  • 6.6. Taking all necessary technical and administrative measures within the scope of data security by the hospital management and IT department,

  • 6.7. Ensuring the necessary communication by the officials in order to carry out transportation, accommodation and courtesy services within the scope of health tourism,

  • 6.8. Patient relations, marketing, call center, participation in campaigns and giving campaign information by the department, designing special content, tangible and intangible benefits on the web and other mobile channels, social media and communicating them to the addressees,

  • 6.9. To be able to carry out training and activities by the educational institutions with which the institution is in cooperation,

​

2.Legal Reasons for the Collection and Processing of Personal Data

​

Your personal data mentioned above and your personal data of special nature;

• Health Services Basic Law No. 3359,

• Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,

• Law No. 6698 on the Protection of Personal Data,

• Private Hospitals Regulation,

• Regulation on Processing of Personal Health Data and Protection of Privacy

• Identity Notification Law No. 1774,

• Labor Law No. 4857,

• Social Insurance and General Health Insurance Law No. 5510,

It will be processed for legal reasons.

​

Protection of Personal Data No. 6698, as stated in paragraph 3 of Article 6 of the Law, personal data related to health and sexual life can only be used for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. may be processed by persons or authorized institutions and organizations under the obligation to keep secrets without seeking the explicit consent of the person concerned.

​

C. TRANSFER OF PERSONAL DATA

​

Your personal data,

• Health Services Basic Law No. 3359,

• Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,

• Law on Protection of Personal Data No. 6698 and all relevant sub-legislation,

• Private Hospitals Regulation,

• Regulation on Processing of Personal Health Data and Protection of Privacy

• Identity Notification Law No. 1774,

• Labor Law No. 4857,

• Social Insurance and General Health Insurance Law No. 5510,

​

Within the framework of its terms and for the purposes described above;

​

• Ministry of Health, sub-units and family medicine centers affiliated to the ministry,

• Private insurance companies (health, pension, life insurance, etc.),

• Social Security Institution,

• Ministry of Family, Labor and Social Policies,

• General Directorate of Security and other law enforcement agencies,

• General Directorate of Population and Citizenship Affairs,

• Other authorized official institutions and organizations,

• Turkish Pharmacists Association,

• Judicial authorities, enforcement offices, mediators,

• Laboratories, medical centers, ambulances, medical devices and institutions providing health services in the country or abroad with which we cooperate for medical diagnosis and treatment,

• The health institution to which the patient was referred or to which the patient applied himself,

• Legal representatives, parents and guardians authorized in writing

• All natural or legal third parties who receive consultancy services, including lawyers, tax consultants and auditors we work with under the contract,

• Regulatory and supervisory institutions and official authorities,

• Companies within the group of companies to which our Hospital is affiliated,

• Banks where our company or the patients or our employees who are related to our company pursuant to any contract have accounts,

• Private pension companies that work within the scope of compulsory or voluntary IPS (Individual Pension System),

• Our suppliers, support service providers, archive service providers and business partners whose services we benefit from or cooperate with (for more detailed information, you can obtain information by applying to our hospital in writing.)

• To our business partners and business contacts,

• To our shareholders and real or legal persons with whom shareholder interviews were held.

• outsourcing service providers,

• Cargo or courier companies,

• Air, land or sea passenger transport companies,

It can be shared with.

​

IV. OUR MEASURES AND COMMITMENTS ON THE PROTECTION OF PERSONAL DATA

​

Esteinnova, as the data controller, protects the above-mentioned personal and private personal data in its own physical and electronic environments with great sensitivity and by fully complying with the provisions of the legislation, by taking all kinds of administrative and technical measures.

Esteinnova has taken all kinds of administrative and technical measures to protect your personal data, as recorded in VERBIS and included in the Personal Data Inventory.

Esteinnova is committed to protecting all personal data. In order to prevent the illegal processing and access of personal data and to ensure the protection of personal data, technical and administrative measures are carried out by using various methods and security technologies to ensure the appropriate level of security.

Estainnova will not disclose the personal data it has obtained to others in violation of the provisions of the Law on the Protection of Personal Data No. 6698 and will not use it for purposes other than processing.

Esteinnova has prepared and signed all warnings or consent statements, undertakings, and has implemented the necessary multi-faceted audit activities in cases where it is necessary and necessary to share (transfer) personal data with outsourcing service providers and suppliers, consultants or lawyers.

​

V. PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES

​

Esteinnova does not position cookies on its website. During the use of our website and mobile application, IP address, browser information. (Mac ID, IP address information, website login and password information) are not received.

VI. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with Article 11 of the Personal Data Protection Law, you can exercise your rights regarding the processing and protection of your personal data, provided that you prove your identity by applying to Esteinnova as a Data Controller through the following ways.

​

A. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

​

• 1. Learning whether your personal data is processed or not,

• 2. If your personal data has been processed, requesting information about it,

• 3. To learn the purpose of processing your personal data and whether they are used in accordance with the purpose,

• 4. Knowing the third parties to whom your personal data is transferred, at home or abroad,

• 5. Requesting correction of personal data if it is incomplete or incorrectly processed

• 6. Requesting the deletion or destruction of personal data,

• 7. In case your personal data has been transferred to third parties, requesting that your personal data be corrected and deleted or destroyed, in case your personal data is incomplete or incorrectly processed, to be notified or forwarded to the relevant third party,

• 8. Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

• 9. To request the elimination of the damage in case of damage due to the unlawful processing of personal data,

you have the rights.

​

You can request the destruction (deletion, destruction or anonymization) of your personal data from Esteinnova within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law. However, by evaluating your destruction request, which method is appropriate will be evaluated by our company according to the conditions of the concrete case. In this context, you can always request information from Esteinnova about why we have chosen the method of destruction we have chosen.

Personal data collected about persons under the age of 18 are limited to their name, surname, age and degree of affinity, and these data can only be given to us by the relevant adult (parent or guardian).

​

SITUATIONS OUT OF THE SCOPE OF APPLICATION

​

Pursuant to Article 28 of the Personal Data Protection Law, personal data owners will not be able to assert their right of application, since the following cases are excluded from the scope of the KVK Law:

• Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.

• Processing your personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.

• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.

• Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Pursuant to paragraph 2 of Article 28 of the Law on the Protection of Personal Data, it is not possible to assert the rights in the following cases, with the exception of the right to demand the compensation of the damage:

​

• Personal data processing is necessary for the prevention of crime or for criminal investigation,

• Processing of personal data made public by the person concerned,

• Personal data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority given by the law,

• The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.

​

B. YOUR WAYS TO CONTACT OUR COMPANY TO USE YOUR RIGHTS

​

Your rights under the Personal Data Protection Law;

• 1- By filling out the Application Form on the Protection of Personal Data on the website of our company "www.esteinnova.com",

• 2- By coming to the address of Cevizli Mahallesi Tugay Yolu Caddesi Ofisim Istanbul Plaza No:20A Flat 10-11 34846 Maltepe / IST of the headquarters of our company, filling in the Application Form on the Protection of Personal Data to be obtained from the Human Resources Management department and handing it in person against signature,

• 3- By sending a letter through a notary public,

• 4- info@esteinnova.comBy sending an e-mail to the registered e-mail address, with a secure electronic or mobile signature to the e-mail address,

You can use it.

​

Depending on the nature of your request and your application method, additional verifications (such as sending a message to your registered phone, calling) may be requested by the Company in order to determine whether the application belongs to you or not, and thus to protect your rights. For example, if you apply through your e-mail address registered with the Company, you may be contacted using another communication method registered with the Company and you may be asked to confirm whether the application belongs to you.

​

As a rule, your requests in your application will be concluded free of charge within thirty working days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost for the Company, as stated in the Communiqué on the Procedures and Principles of Application to the Data Controller published in the Official Gazette dated 10.03.2018 and numbered 30356 by the Personal Data Protection Authority, a total of 50 (Fifty) TL cannot be exceeded. A fee may be charged. If your application is caused by the fault of our company, which is the Data Controller, the paid fee will be refunded to you.

Your duly requests for the Protection of Personal Data will generally be concluded free of charge, within thirty business days at the latest, from their receipt to our company.

​

In order to confirm that you are the right person in case of your application, “Esteinnova” has the right to request some confirming information from you. Unless you cancel your application, you are deemed to have accepted these demands of Esteinnova.

​

CONSENT and APPROVAL

​

When you read this Clarification Text, in this context, CAB Health and Tourism Services Trade Ltd. Sti. You agree, declare and undertake that you are fully and completely informed about the processing of your personal data and that you have consented to the processing of your personal data.

​

CONTACT INFORMATION

​

CAB Health and Tourism Services Trade Ltd. Sti.

Contact link: www.esteinnova.com

E-Mail: info@esteinnova.com

Address: Cevizli Mahallesi Tugay Yolu Caddesi My Office Istanbul Plaza No:20A Flat 10-11 34846 Maltepe / İST.

Phone: +90 538 545 34 42