Personal Data Protection Clarification Text

1.INTRODUCTION
This clarification text has been prepared for the purpose of enlightening and obtaining the consent of the relevant persons regarding the processing of personal data collected by the legal entity Patagonya Sağlık Turizm Hizmetleri Ltd. Şti. and its related units in accordance with Article 10 of the Law Nr. 6698 on the Protection of Personal Data (“Law”) and the relevant legislation.
The DATA RESPONSIBLE shows maximum sensitivity and endeavour to the processing, protection and security of personal data.
Personal data may be collected by the DATA RESPONSIBLE by all kinds of audio, written, visual or electronic methods.
In this context and in accordance with the Law, the personal data of the persons concerned may be processed by the DATA RESPONSIBLE in the capacity of Data Controller for the works and transactions to be carried out in accordance with the general principles listed in the Law.

2. PURPOSE OF PROCESSING PERSONAL DATA
Personal data are processed within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law and the purposes specified in the Law and for the purposes specified below, including but not limited to. Accordingly, the purpose of processing personal data;
– Providing health tourism services,
– To make appointments and travel arrangements,
– Liaising with your doctors and other health care providers to provide the health care services you need,
– To realise invoice and collection transactions,
– Use for customer satisfaction surveys and marketing activities,
– Fulfil our legal and administrative obligations.
– Managing external relations
– Carrying out studies on cultural, artistic activities, health tourism, health services, etc.
– Carrying out transactions related to hospitals, health institutions, hotels, companies related to transport services and museums
– Increasing the quality of service and management and carrying out studies in this context

3. PROCESSED PERSONAL DATA
Within the scope of the above-mentioned purposes, in the capacity of data controller within the scope of the Personal Data Protection Law No. 6698 (“KVKK”) and related legislation, your personal data that may be processed to be stored within the limits and periods stipulated by the law are listed below.
– Your name and surname,
– Your Turkish ID number,
– Your passport number,
– Your telephone number,
– Your e-mail address,
– Your health insurance details,
– Your travel information,
– Your visa information,
– Your medical history,
– Your treatment plan,
– Information about your doctor and other health care providers,
– Your bank account details,
– Your photograph.

4. SHARING AND TRANSFER OF PERSONAL DATA
Collected personal data, within the framework of the conditions specified in Articles 8 and 9 of the Law; Health service providers (hospitals, clinics, doctors, laboratories, etc.), insurance companies, travel agencies, visa consultancy firms, auditing institutions, public institutions and organisations required to fulfil our legal and administrative obligations, service providers, data processors and legally authorised institutions and organisations of the DATA RESPONSIBLE, within the framework of the relevant legislation, in line with the conditions and purposes of personal data processing.

DATA RESPONSIBLE endeavours to take the necessary legal, technical and administrative measures at the highest level in accordance with the principles set out in the law in order to prevent unlawful processing of personal data and unlawful access to data and to keep personal data securely.

4. PERSONAL DATA COLLECTION METHOD AND LEGAL REASON
The DATA RESPONSIBLE collects personal data in all kinds of audio, written, visual and electronic media and within the framework of the purposes specified in this clarification text, based on many legal reasons such as the provision of the services provided by the DATA RESPONSIBLE in accordance with the laws and the relevant legislation and the full fulfilment of the obligations of the DATA RESPONSIBLE arising from the contract and the law, the execution of business activities, and processes them in accordance with the conditions specified in the Law. Legal reasons are as follows;
– Existence of the explicit consent of the person concerned,
– Explicitly stipulated in the laws,
– It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
– It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
– It is mandatory for the data controller to fulfil its legal obligation,
– It has been publicised by the person concerned,
– Data processing is mandatory for the establishment, exercise or protection of a right,
– Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject

5. RIGHTS OF PERSONAL DATA SUBJECTS AND PROTECTION OF RIGHTS
Pursuant to Article 11 of the Law;
– To learn whether personal data is processed or not,
– Request information if personal data has been processed,
– To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
– To know the third parties to whom personal data are transferred domestically or abroad,
– To request correction of personal data in case of incomplete or incorrect processing,
– To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
– To request notification of the transactions made pursuant to Articles 5 and 6 to third parties to whom personal data are transferred,
– To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
– In case of damage due to unlawful processing of personal data, to demand compensation for the damage,
rights.
In the event that personal data owners apply to the DATA RESPONSIBLE in writing or by other methods to be determined by the Personal Data Protection Board for the exercise of such rights, the applications shall be finalised as soon as possible depending on the nature of the request, but in any case within 30 days at the latest. The address and contact details for application to the DATA RESPONSIBLE are given below.

6. STORAGE PERIOD OF PERSONAL DATA:
Your personal data will be stored for the period required for the purpose of providing health tourism services and for the periods stipulated in the legal legislation.

7.CONTACT
In order to use your rights arising from the Law, you can send your identity information, the right you want to use and your detailed explanation explaining the subject of your request to the data controller by the following methods:
– Written Application : Patagonya Sağlık Turizm Hizmetleri Ltd Şti. [Company Address]
– Electronic Application: info@caurishealth.com

8. EXPRESS CONSENT
I have read, understood and approved the text above. I understand the importance of the accuracy of the information I have provided in terms of my own health and the service I will receive, and I know that I am responsible if the information is incorrect. I give my explicit consent to the processing and transfer of my personal data for the purposes stated above.