Last Updated: 08/11/2024
At Aydın Adnan Menderes University Hospital, we prioritize your security and privacy. This Cookie Policy explains how we use cookies on our website, their purposes, and how you can manage your cookie preferences.
To better serve you, please read this Cookie Policy to understand the types of personal data collected via cookies, their purposes, and how they are processed. For more information, feel free to contact us.
What Are Cookies?
Cookies are small text files stored on users’ devices to enhance website functionality and improve user experience. As user data is processed through cookies, users must be informed and provide consent in accordance with the Personal Data Protection Law No. 6698.
1. Essential Cookies
Essential cookies are necessary for the basic functionality of the website, ensuring it operates smoothly. Without these cookies, the website cannot function properly.
2. Performance Cookies
Performance cookies collect anonymous data about visitors’ usage and preferences to help us enhance the website’s performance and user experience.
3. Functional Cookies
Functional cookies remember users’ preferences based on their past interactions with the website, providing personalized services such as language and region settings for future visits.
4. Advertising Cookies
Advertising cookies are third-party cookies used to track visitor behavior and display advertisements relevant to their interests. The responsibility for these cookies lies with the third parties managing them.
What Personal Data Is Processed via Cookies?
Personal data such as identity (name, surname, date of birth, etc.) and contact information (address, email, phone, IP address, location, etc.) may be processed automatically or non-automatically through cookies. This data is collected, stored, and updated during our service and contractual relationship under the legitimate interest condition.
What Are Cookies Used For?
Cookies on our website are used for:
• Ensuring security by detecting suspicious activities,
• Enhancing functionality and performance based on user preferences,
• Improving and personalizing products and services,
• Facilitating access to services,
• Fulfilling contractual and legal responsibilities.
Additionally, advertising cookies and third-party information sharing are used to connect users with broader service providers.
How Are Cookies Managed?
The use of cookies is entirely at your discretion. You can manage or change your cookie preferences at any time by deleting or blocking cookies through your browser settings. For more details, please review our Privacy Policy or contact us at aduhealth1993@adu.edu.tr
This information text has been prepared by Aydın Adnan Menderes University Hospital as the data controller, in accordance with Article 10 of the Personal Data Protection Law No. 6698 and the "Communiqué on the Procedures and Principles for Fulfilling the Obligation to Inform"
The purposes, categories, and legal grounds for processing your personal data are outlined below:
|
PURPOSES OF PROCESSING PERSONAL DATA |
CATEGORIES OF PERSONAL DATA |
LEGAL BASIS FOR PROCESSING PERSONAL DATA |
|---|---|---|
|
Performing medical diagnosis, treatment, and care processes for patients |
"Identity, Contact, Professional Experience, Sexual Life, Health Information, Client Transactions, Criminal Records, Security Measures, Other (Patient Information) |
Explicitly stipulated by law (Article 6/3 of the Personal Data Protection Law No. 6698) |
|
Conducting educational activities |
Identity, Other (Patient Information) |
Explicitly stipulated by law (Article 6/3 of Law No. 6698) |
|
Conducting financial and accounting activities |
Identity, Contact, Client Transactions, Other (Patient Information) |
Necessary for the establishment or performance of a contract |
|
Conducting communication activities |
Identity, Contact, Visual and Audio Records |
Necessary for the establishment or performance of a contract |
|
Conducting product/service sales processes |
Identity, Contact, Visual and Audio Records |
Necessary for the establishment or performance of a contract |
|
Conducting storage and archiving activities |
Identity, Contact, Visual and Audio Records |
Explicitly stipulated by law (Article 6/3 of Law No. 6698) |
|
Following up on requests/complaints |
Identity, Contact |
Necessary for establishing, exercising, or protecting a legal right |
|
Conducting and ensuring continuity of treatment processes |
Identity, Contact, Other (Patient Information) |
Necessary for establishing, exercising, or protecting a legal right |
At Aydın Adnan Menderes University Hospital, we prioritize the security of your personal data. We are committed to processing and storing all types of personal data associated with our hospital in compliance with the Personal Data Protection Law No. 6698
In accordance with the relevant law, you can download and view the following forms through the provided links:
The Personal Data Protection Authority, in its decision No. 2018/10 dated January 31, 2018, titled "Adequate Precautions Required for Data Controllers to Take When Processing Special Categories of Personal Data," emphasizes the need for a systematic, clearly defined, manageable, and sustainable policy and procedure to ensure the security of special categories of personal data.
In this context, Aydın Adnan Menderes University Hospital (hereinafter referred to as the "Hospital"), as the Data Controller, has prepared this Policy to establish a framework for the secure processing of special categories of personal data.
Special categories of personal data are those that, if disclosed, may cause harm to the data subject or lead to discrimination. The law explicitly defines which types of personal data fall under special categories; data not listed is not considered special. Thus, special categories of personal data are interpreted narrowly.
Under Article 6 of the Personal Data Protection Law No. 6698 (KVKK), special categories of personal data include:
Information related to an individual’s race,
Ethnic origin,
Political opinions,
Religious or philosophical beliefs,
Attire,
Membership in associations, foundations, or unions,
Health,
Sexual life,
Criminal convictions,
Security measures,
Biometric or genetic data.
For the purposes of this Policy:
"Hospital" refers to Aydın Adnan Menderes University Hospital.
"Data Subject" refers to the individual whose personal data is processed.
"Authority" refers to the Personal Data Protection Authority.
"Employee" refers to the hospital personnel.
The Hospital processes special categories of personal data in compliance with the Personal Data Protection Law No. 6698 (KVKK) and by taking the precautions determined by the Personal Data Protection Authority, provided one of the following conditions is met:
1. With the explicit consent of the Data Subject, or
2. Without the explicit consent of the Data Subject,under the following circumstances:
▪ If the data does not pertain to the Data Subject’s health or sexual life, and the processing is explicitly stipulated by law.
▪ If the data pertains to health or sexual life, it may only be processed for the following purposes:
◦ The protection of public health,
◦ Preventive medicine,
◦ Medical diagnosis,
◦ The execution of treatment and care services,
◦ The planning and management of healthcare services and financing.
This processing must be conducted by persons or institutions subject to confidentiality obligations or authorized entities.
The Hospital, as the Data Controller, takes the following measures in accordance with the Personal Data Protection Authority’s decision No. 2018/10 dated January 31, 2018:
A. Systematic and Defined Policies
A systematic, clearly defined, manageable, and sustainable policy has been established to ensure the security of special categories of personal data.
B. Measures for Employees Involved in Data Processing
• Regular Training: Employees receive regular training on the Personal Data Protection Law No. 6698 (KVKK), related regulations, and the security of special categories of personal data.
• Confidentiality Agreements: Employees are required to sign confidentiality agreements.
• User Access Rights: User access rights and scopes are explicitly defined and managed.
• Periodic Audits: Access rights are periodically audited to ensure compliance.
• Access Revocation: Access rights are immediately revoked for employees who change roles or leave their positions, along with retrieving assigned inventory.
C. Electronic Environments
• Secure Logging: All transactions involving personal data are securely logged.
• Regular Updates: Environments where personal data is stored are regularly updated and monitored for security vulnerabilities.
D. Physical Environments
• Physical Security Measures: Adequate physical security measures are implemented to protect environments containing personal data, including protection against risks such as power surges, fire, flooding, theft, etc.
• Access Control: Physical areas are secured to prevent unauthorized access.
E. Data Transfer Procedures
• Encrypted Communication: Data is transferred via encrypted email communication through corporate email addresses or Registered Electronic Mail (KEP) systems.
• Encrypted Storage Devices: Data transferred via portable storage devices (USBs, CDs, DVDs) is encrypted using cryptographic methods, with the decryption key stored separately.
• Physical Document Security: Physical documents are secured against risks such as theft, loss, or unauthorized access, and marked as "Confidential."
F. Additional Measures
The Hospital also applies technical and administrative measures outlined in the Personal Data Security Guide published by the Personal Data Protection Authority.
The Hospital may transfer special categories of personal data, obtained lawfully, to third parties under the following conditions:
1. With the explicit consent of the Data Subject. 2. If explicitly permitted by law. 3. If necessary to protect the life or physical integrity of the Data Subject or others, and the Data Subject is incapable of giving consent. 4. If required for the performance of a contract to which the Data Subject is a party. 5. If processing is mandatory for the Hospital to fulfill its legal obligations. 6. If the data has been made public by the Data Subject. 7. If necessary for the establishment, exercise, or protection of a legal right. 8. If processing is mandatory for the legitimate interests of the Hospital, provided it does not harm the fundamental rights and freedoms of the Data Subject.
For special categories of personal data to be transferred abroad, one of the conditions under Article 6, paragraph 3 of the Personal Data Protection Law No. 6698 (KVKK) must be met:
Health and Sexual Life Data:
• May be transferred without the Data Subject’s consent for the following purposes:
◦ The protection of public health,
◦ Preventive medicine,
◦ Diagnosis,
◦ Treatment and care services,
◦ Planning and management of healthcare services and financing.
This must be conducted by persons subject to confidentiality obligations or authorized entities.
If Sufficient Protection is Not Available in the Destination Country:
• Both the data controller in Türkiye and the foreign country must commit in writing to adequate protection, and the Personal Data Protection Authority’s approval must be obtained.
This Policy became effective on January 1, 2024. It may be updated periodically to align with changing conditions and regulations. The latest version will be announced within the Hospital and will be binding for all departments.
