Voila Health Tourism

Voila is here for you

Personal Data Protection Law Information Notice

Voila Health Tourism

Personal Data Protection Law Information Notice

  1. Data Controller

As Voila Health Tourism (Voila), we process your personal data in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”), the Regulation on Personal Health Data, and other relevant legislation, as well as regulations by the Ministry of Health of the Republic of Turkey and relevant authorities, within the framework of this Information Notice.

The “Data Controller,” Voila’s corporate identity information is as follows:

Headquarters Address: Atatürk Mah. Ertuğrul Gazi Sk. No:2E / 27 Ataşehir / ISTANBUL

Phone: +908504605724

Website: www.voilahealthtourism.com/

Email Address: info@voilahealthtourism.com

Voila adopts the principle of ‘patient confidentiality’ while providing healthcare services and respects the privacy of its patients, potential patients, and their relatives, as well as the protection of their personal data. In this regard, your personal data is processed in compliance with the KVKK and all relevant legislation, stored securely, and all necessary administrative and technical measures are taken against possible unlawful accesses. This Information Notice explains what personal data collected within the scope of the services provided by our clinic are, the methods of collection, legal grounds for processing, purposes of processing, to whom they are transferred, and your rights regarding this matter.

  1. Method of Collecting Your Personal Data and Legal Grounds for Processing

Your personal data are collected by Voila, either entirely or partially through automatic or non-automatic means, provided that they are part of any data recording system, during communication via the website or social media, filled-in printed forms and surveys during patient registration processes at our clinic, medical examinations conducted by the Doctor, medical tests/examinations, communication with the Doctor and other staff members at our clinic, Doctor’s and clinic’s information management system, Doctor’s and clinic’s website, communication channels, email, telephone, fax, WhatsApp, other online and/or offline electronic communication platforms, shipping/mail, our social media accounts, health institutions and laboratories with which we collaborate due to consultations or services received, and their integrated systems, authorized public institutions and private organizations, and their integrated systems, as well as other methods (channels) that may be added in the future, for the purposes of protecting public health, preventive healthcare, conducting medical diagnosis, treatment, and care services, planning and managing the financing of healthcare services, by persons or authorized institutions and organizations under confidentiality obligation, as stipulated in the laws, explicitly foreseen in the laws, establishment or performance of a contract, legitimate interest, legal obligation, establishment, exercise or protection of a right, explicit consent within the scope of personal data processing conditions (legal grounds) in cases where your personal data are found to be publicly available as a result of your contacts from social media accounts.

  1. Categories of Processed Personal Data and Purposes of Processing Your Personal Data

Identity Data: All data related to identity such as the name-surname of the individuals whose data will be processed, nationality, Turkish identification number, passport number and information in case of not being a Turkish citizen, or temporary Turkish identification number, place and date of birth, marital status, gender information.

Contact Data: All data related to communication such as residential address, mailing address, mobile phone number, email address.

Visual and Auditory Data: Data within this scope includes images and sound recordings obtained through the closed-circuit camera system recorded by clinic security cameras, audio recordings kept in case of communication with our call center, personal data captured in photographs or videos for promotional, research, or confirmation and evidence of medical or aesthetic/cosmetic procedures or for the purpose of persuading other prospective patients for medical treatment.

Comments and Complaint Data: Data consisting of comments and complaints submitted to our clinic via the website, social media platforms, or other channels with consent and approval for the purpose of evaluating the services we provide.

Location Data: Address or location data voluntarily provided by individuals through any means with their consent.

Transaction Security Data (IP Data and Cookies): Data within this scope includes IP addresses, browser information, website login and exit information, (Mac ID, IP address information, website login and exit information).

Financial Data: Data such as bank account number and IBAN number of individuals requested and processed for employees working in the company and patients receiving services from the company.

Health Data: Any and all health data obtained during the provision of medical diagnosis, treatment, and care services, such as laboratory and imaging results processed with the consent of the individual, blood type, examination data, prescription information, which need to be followed for legal reasons in medical files.

Vehicle Plate Data: Data within this scope includes vehicle plate data in case of benefiting from company-owned parking lots or private valet services.

Customer Transaction Data: Data such as call center records, invoices, promissory notes, checks, counter receipts, order information, request information, and similar data.

Physical Space Security: Data within this scope includes entry and exit record information of employees and visitors, security camera recordings.

Your personal data and special categories of personal data mentioned above will be processed for the following purposes:

  1. 1. Fulfillment of legal obligations and the lawful conduct of any and all activities within the scope of operations,
  2. 2. Performance of contractual obligations,
  3. 3. Provision of healthcare services (conducting medical or cosmetic diagnoses, examinations, treatments, and all types of care services),
  4. 4. Commercial activities and operational requirements,
  5. 5. Sectoral (health) requirements;

   5.1. Provision of preventive healthcare, medical diagnosis, treatment, and care services for public health, whether or not the individual is a patient,

   5.2. Sharing of information requested by the Ministry of Health and other relevant official institutions and organizations in accordance with health legislation,

   5.3. Financing of healthcare services, covering expenses for examinations, diagnosis, and treatment, by patient services, financial affairs, and marketing departments,

   5.4. Informing patients about appointments through customer representatives, call centers, and other channels,

   5.5. Verification of identity by patient services and other operational units,

   5.6. Measuring, enhancing, and researching patient satisfaction by hospital management, patient rights, and patient experience departments,

   5.7. Invoicing by patient services and financial affairs departments,

   5.8. Responding to any inquiries and complaints regarding our healthcare services by hospital management, patient rights, call center, and patient relations departments,

  1. 6. Technical requirements;

   6.1. Planning and managing internal processes by call centers, patient relations, and hospital management,

   6.2. Research and analysis conducted by service quality, patient experience, and information technology departments to improve the quality of healthcare services,

   6.3. Providing training to employees by human resources management and quality departments,

   6.4. Monitoring and preventing misuse or unauthorized transactions by internal audit and information technology departments,

   6.5. Execution of risk management and quality improvement activities by quality and information technology departments,

   6.6. Taking all necessary technical and administrative measures for data security by hospital management and information technology departments,

   6.7. Facilitating necessary communications for transportation, accommodation, and hospitality services under health tourism by officials,

   6.8. Participation in campaigns and provision of campaign information by patient relations, marketing, and call center departments; designing and conveying special content, tangible, and intangible benefits on the web, other mobile channels, social media,

   6.9. Execution of training and activities by educational institutions collaborating with the organization.

Your personal data obtained and processed in accordance with the relevant legislation may be transferred to Voila’s physical archives and/or information systems and kept both in digital and physical formats.

  1. The transfer of your personal data and special categories of personal data to third parties located domestically and internationally will be carried out for the following purposes:
  1. 1. Only employees with limited authorization access to your personal data within the doctor’s clinic/facility are allowed to access it to fulfill their duties.
  1. 2. In accordance with Articles 8 and 9 of the KVKK, personal data may be processed by individuals or authorized institutions and organizations who are subject to confidentiality obligations or have legal obligations, legitimate interests, the establishment, use, or protection of a right, the protection of public health, preventive healthcare, the execution of medical diagnosis, treatment, and care services, and the planning and management of healthcare services and financing, subject to explicit consent in cases of processing:
  • Under relevant legislation including the Basic Law on Health Services No. 3359, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and Its Affiliated Institutions, Law No. 6698 on the Protection of Personal Data, Regulation on the Processing of Personal Health Data and Protection of Privacy, and other relevant legislation:
  • To individuals/companies or institutions and/or organizations permitted by law for the purpose of supplying products and/or services for the operation of the doctor’s clinic/clinic (e.g., social security, sworn financial advisors and legal consultants, information technology and data hosting service providers, platforms for appointment scheduling and consultations),
  • To family members/close relatives, attendants, representatives, legal guardians, and other authorized third parties for the purpose of informing about the patient’s health condition, accompanying the patient, receiving and delivering the patient’s personal belongings/medications, and conducting payment transactions in accordance with medical necessity, court orders, or with the patient’s/legal heirs’ consent under relevant legislation such as the KVKK, Patient Rights Regulation, Regulation on Personal Health Data,
  • To our business partners, potential business partners, and their employees for the purpose of ensuring the continuity of clinic activities and establishing potential collaborations (e.g., contracted laboratories and pharmaceutical warehouses),
  • With your explicit consent on our social media accounts,
  • To banks, contracted private health or supplementary insurance companies, or contracted institutions and organizations for planning or conducting financial and accounting transactions related to healthcare services,
  • To institutions where patient referrals/transfers are made, other healthcare institutions, doctors, healthcare professionals, and domestic/international laboratories for the purpose of ensuring accurate diagnosis and treatment processes and obtaining consultations,
  • To legally authorized institutions and private individuals (e.g., Ministry of Health of the Republic of Turkey, Provincial health directorates, other units affiliated with the Ministry of Health, Social Security Institution of the Republic of Turkey, courts) for fulfilling the legal obligations and pursuing legal matters of the clinic,
  • With our shareholders and legal representatives with whom we have contractual relationships, collaborate, or conduct business, both domestically and internationally, including our attorneys, consultants, and auditors.
  1. Duration of Processing Your Personal Data

Your personal data is stored and destroyed in accordance with the general principles and regulations specified in the storage and destruction policies and procedures prepared in compliance with the Regulation on the Deletion, Destruction, or Anonymization of Personal Data and other relevant legislation.

In this context, your personal data will be destroyed when all the conditions for processing personal data specified in Articles 5 and 6 of the KVKK cease to exist. Your personal data will continue to be processed for the statutory limitation periods following the termination of your relationship with our clinic. Personal data processed based on explicit consent will be destroyed in the first destruction period upon withdrawal of your consent. For requests regarding the destruction of your personal data, we kindly ask you to review section 6 of this Information Notice.

  1. Your Rights under the KVKK

As the data subject, we hereby inform you that you have the following rights under Article 11 of the KVKK:

  • To learn whether your personal data is processed,
  • To request information if your personal data has been processed,
  • To learn the purpose of processing your personal data and whether they are used for their intended purpose,
  • To know the third parties to whom your personal data is transferred domestically or internationally,
  • To request the correction of your personal data if it is incomplete or inaccurate and to request notification of such correction to third parties to whom your personal data has been transferred, in this context,
  • To request the deletion or destruction of your personal data in accordance with the law and other relevant laws, if the reasons requiring their processing have ceased to exist, and to request notification to third parties to whom your personal data has been transferred of such deletion or destruction, if your personal data is processed despite being processed in accordance with the law,
  • To object to a decision made against you as a result of analyzing your processed data exclusively through automated systems,
  • To request compensation for damages if you suffer any damage due to the unlawful processing of your personal data.

To exercise the rights mentioned above, you can send your request (application text) containing your explanations regarding the right you wish to exercise, along with the necessary information to identify your identity, to our address Atatürk Mah. Ertuğrul Gazi Sok. 2E/27 Ataşehir/İSTANBUL by notary, or you can personally deliver it to our address with identity verification documents and information, or you can send it electronically signed securely to info@voilahealthtourism.com.

  1. Cases Where Personal Data/Personal Data May Be Processed Without Explicit Consent According to KVKK:

In accordance with Article 5 of the KVKK and Article 7 of the Regulation, your personal data/personal data may be processed without your explicit consent in the following cases:

  • Cases explicitly stipulated by laws,
  • When it is impossible to obtain your consent due to physical impossibility or when it is necessary to process your personal data for the protection of your or someone else’s life or bodily integrity in cases where your consent is not legally valid,
  • When it is necessary for the establishment or performance of a contract, provided that it is directly related to the parties to the contract, the processing of personal data/personal data belonging to the parties to the contract,
  • When it is necessary for the fulfillment of a legal obligation,
  • When your personal data/personal data has been made public by you,
  • When data processing is necessary for the establishment, exercise, or protection of a right,

Personal health data; for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment, and care services, and for the planning and management of health services and financing, may be processed without the explicit consent of the data subject by persons or authorized institutions and organizations under the obligation of secrecy, and may be transferred to the relevant institutions and organizations in accordance with the law and relevant regulations.