PPPD POLICY OF ERASMUS FERTILITY AND WOMEN’S HEATHCARE CENTER
To date, as Erasmus Fertility and Women’s Healthcare Center (“the Company” or “Erasmus Healthcare Center”) per the sensitivity of the work we practice, the personal data collected are kept confidential and never shared with third parties for any purpose. Protection of personal data is the fundamental policy of our company. Even before there was any legal regulation decreed, our company has given great importance to the confidentiality of personal data and adopted this as a working principle. As Erasmus Healthcare Center, we undertake to comply with all the responsibilities imposed by the Law No. 6698 on the Protection of Personal Data (the “Law”).
2. Scope and Modification
This Policy on Protection and Processing of Personal Data that is constituted by our company (“PPPD Policy”) has been prepared in accordance with Law No. 6698 on Protection of Personal Data. As of today, the law has come into force with all its provisions.
The data obtained with your consent or as per compliance with other laws specified in the Law will be used for the purpose of improving the quality of our services and improving our quality policy. Nevertheless, some of the data we obtained become non-personalized and anonymized. These data are used for statistical purposes and not subject to the Law and our Policy.
Erasmus Healthcare Center PPPD Policy aims the protect the automatically collected data of our customers, potential customers and employees and the customers of other companies working with us within the solution partnership or other parties. And it includes regulations regarding this aim.
Our company is entitled to amend our policy on condition of being in accordance with the law and better protection of personal data.
3. Fundamental Rules About Processing Personal Data
a) Fundamental Rules About Processing Personal Data: Erasmus Healthcare Center questions the source of the data it collects or receives from other companies and attaches importance to obtaining them in accordance with the law and good faith.
b) Accuracy and up-to-dateness when required: Erasmus Healthcare Center is committed to ensuring that all data contained within the organization is accurate, does not contain incorrect information, and that, in the event of a change in personal data, the data is updated when notified.
c) Processing for specific, clear and legitimate purposes: Erasmus Healthcare Center processes the data in a limited way only for the purposes that it provides and for which it is approved by persons during service. It does not process, use and share the data without any business purpose.
d) Being related, limited and restrained with the purpose they are processed: Erasmus Healthcare Center uses data only for the purpose for which it is processed and to the extent required by the service.
e) Retention for the period required by the relevant legislation or the purpose for which it was processed: Erasmus Healthcare Center maintains contractual data within the terms of the conflict of law, the requirements of commercial and tax law. Nevertheless, when these purposes no longer exist, it erases or anonymizes the data. It deletes or destroys them in accordance with the Directive for Personal Data Deletion.
It is important to note that, regardless of whether Erasmus Healthcare Center has collected or processed data on the basis of consent or in accordance with the law, the above-mentioned principles still apply.
4. The Rights of the Personal Data Holder as enumerated in Article 11 of the PPPD Law
According to PPPD Article 11, you have the rights listed below. In order to facilitate the use of these rights, an application form has also been prepared by Erasmus Healthcare Center and presented to you on the website.
Persons whose personal data has been processed have the right to apply to the relevant person announced on our website by Erasmus Healthcare Center to take the actions listed below about his/her own data;
a) Learning whether personal data is processed or not,
b) Requesting information if personal data is processed,
c) Learning the purpose of processing personal data and whether they are used in accordance with such purpose,
d) Knowing the third parties to whom personal data is transferred at home or abroad,
e) Requesting the correction of the data in the cases of incomplete or incorrect processing; and notification of the third parties to whom your personal data is transferred about the transactions made within this scope,
f) Although it has been processed in accordance with the provisions of the PPPD and other relevant laws, requesting the deletion or destruction of personal data in case of disappearance and to inform the third parties to whom the personal data is transferred about the actions taken within this scope in accordance with the provisions envisaged in Article 7 of PPPD,
g) Objecting to the occurrence of a consequence against the person himself/herself by analyzing the processed data exclusively through automated systems,
h) Claim indemnification of the damages if the person incurs losses due to unlawful processing of personal data. Erasmus Healthcare Center respects these rights.
5. Principle of Maximum Saving/ Principle of Stinginess
According to this principle called principle of maximum saving or principle of stinginess, the data reaching Erasmus Healthcare Center are processed into the system only as much as necessary. Therefore, the data to be collected are determined depending on the purpose. Unnecessary data are not collected. Other data transferred to our company are transmitted to company information systems in the same way. Surplus data are not saved. They are either deleted or anonymized. These data may be used for statistical purposes.
6. Deletion of Personal Data
When the period of data storage required by law is expired, judicial proceedings are completed or other requirements are eliminated, our data are deleted, destroyed or anonymized by our company automatically or upon request of the relevant person.
7. Accuracy and Up-to-dateness of the Data
As a rule, the data contained within Erasmus Healthcare Center are processed upon the declaration of the relevant person and the method declared. As it is not mandatory for Erasmus Healthcare Center to investigate the accuracy of the data declared by the customers or those who contacted Erasmus Healthcare Center, it also disaccords with the law and our principles. The declared data is considered accurate. The principle of accuracy and up-to-dateness of personal data is also adopted by Erasmus Healthcare Center. Our company updates the personal data it has processed upon the request of the relevant person or the requirement by official documents being received. It takes necessary actions for that.
8. Confidentiality and Data Security
Personal data are confidential, and Erasmus Healthcare Center abides by such confidentiality. Personal data can be accessed only by authorized persons within the company. All necessary technical and administrative measures are taken to protect the data owner, the personal data collected by Erasmus Healthcare Center and to prevent unauthorized access to the data. In this context, we ensure that our software complies with the standards; we carefully select the third parties and adhere to the PPPD policy as the company. Companies in which we share personal data in accordance with the law are also required to protect the data.
9. Data Processing Purposes
Erasmus Healthcare Center´s purposes for processing personal data are as specified in the Information Text of Processing of Personal Data.
10. Data of Customer, Potential Customer, Business and Solution Partners
a. Data Collection and Processing for Contract Relation
If a contractual relation is established with our customers and potential customers, the collected personal data may be used without the customer´s consent. However, this use occurs in accordance with the purpose stated in the contract. Data are used with respect to better effectuation of the contract and the requirements of the service and it is updated by contacting the customers when necessary.
b. Business and Solution Partners Data
Erasmus Healthcare Center is committed to lawful conduct while sharing data with business and solution partners. Data are shared with business and solution partners with the commitment of data confidentiality and only as much as the service requires, and these parties are certainly requested to take measures to ensure data security.
11. Data Processing for Promotional Purposes
In accordance with the Law on the Regulation of E-Commerce and the Regulation on Commercial Communications and Commercial Electronic Messages, electronic messages can be sent to persons whose prior approval has been taken. Explicit consent of the person to whom the promotion would target is required.
Erasmus Healthcare Center also complies with the details of the “approval” determined under the same legislation. The approval must cover all commercial electronic messages sent to the recipient´s electronic contact addresses in order to promote the company´s goods and services, to market, to promote its business, or to promote its recognition with content such as celebrations and wishes. This approval may be obtained as a hard copy or by any means of electronic communication. What is important is the receiver´s approval regarding the sending of commercial electronic messages with a positive statement of will, including name and surname and electronic contact address.
12. Data Processing Due To The Legal Obligation of the Company and Law Providence
Personal data may be processed without prior consent if the processing is clearly stated in the relevant legislation or for the purpose of fulfilling a legal obligation set out in the legislation. The type and the scope of data processing must be required for legally permitted data processing activity and must comply with the relevant legal provisions.
13. Data Processing By The Company
Personal data can be processed in accordance with the services and legitimate purposes of the company. Still, the data can in no way be used for unlawful services.
14. Processing Sensitive Personal Data
Erasmus Healthcare Center shall take all appropriate measures, determined additionally by the Board, in the processing of sensitive personal data. In our company, sensitive personal data are processed in accordance with the “Policy on Protection and Processing of Sensitive Personal Data.”
15. Data Processed by Automated Systems
Erasmus Healthcare Center acts in accordance with the Law and secondary legislation on data processed through automated systems. Information obtained from these data cannot be used against the person without his/her explicit consent. However, Erasmus Healthcare Center can make decisions about the people it will take actions by using the data on its own system
16. User Information and the Internet
In the cases of personal data being collected, processed and used on Erasmus Healthcare Center´s websites and other systems or applications, the persons concerned are informed by a privacy statement and, if necessary, about cookies.
Users are informed about our applications on the web pages. Personal data shall be processed in accordance with the law.
17. Employee Data
a. Data Processing for Business Relations
The personal data of our employees can be processed to the extent necessary for the execution of labour contract and the fringe benefits. However, Erasmus Healthcare Center ensures the confidentiality and protection of the data of its employees.
b. Processing Due To Legal Requirements
Erasmus Healthcare Center may process the personal data of its employees without further approval if such processing in the relevant legislation is clearly specified or to fulfill a legal obligation determined by the legislation. This is limited to the obligations arising from the law.
c. Processing For the Sake of Employees
Erasmus Healthcare Center may process personal data without approval for the transactions that benefit the company´s employees, such as execution of fringe benefits. For business disputes, Erasmus Healthcare Center also may process employee data.
d. Processing of Sensitive Data
According to the Law, the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, clothing and dress of individuals, membership to associations, foundations or trade unions, health, sexual life, criminal convictions, security measures, biometric and genetic data are defined as sensitive data.
Erasmus Healthcare Center takes adequate measures additionally determined by the Board for the processing of sensitive data, as well as the approval of the relevant person. Sensitive data may only be processed without the consent of the person within limitations and the cases permitted by the Law.
e. Data Processed by Automated Systems
Employee data processed by automated systems can be used for internal promotions and performance evaluations. Our employees have the right to object against the results, and they are able to do this by following the internal procedures of the Company. The objections of the employees are also evaluated within the company.
f. Telecommunication and Internet
The computer, telephone, e-mail and other applications allocated to the employees within the company are allocated for business purposes only. An employee cannot use any of these means allocated by the company for his/her specific purposes and communication needs. The company may check and audit all data on these means. The employee undertakes not to hold any data or information other than the business related ones on the computer, the phones or other means allocated to him/her from the moment he/she starts the job.
18. Transfer of Personal Data Domestically and Abroad
Personal data may be shared by Erasmus Healthcare Center with the controlling shareholder, as well as with business and solution partners, to enable the service to be provided.
Erasmus Healthcare Center will be able to transfer personal data to Erasmus Healthcare Center ´s suppliers in a limited manner in order to ensure that the Company provides outsourced services from the supplier and the services necessary to perform the Company´s business activities
Erasmus Healthcare Center has the authority to transfer personal data in and out of the country within the scope of conditions set by the Board in accordance with the other conditions in the Law
19. Rights of the Relevant Person
Erasmus Healthcare Center recognizes that the relevant person´s right to approve before the data are processed, and right to determine the fate of his/her in the aftermath of processing within the scope of PPPD.
By contacting the authorized person we announced on our website, you have right to take the following actions:
a) To learn whether your personal data is processed or not,
b) To request information if personal data have been processed,
c) To learn the purpose of processing personal data and whether they are used in accordance with such purpose,
d) To know about the third parties to whom personal data have been transferred domestically or abroad
e) To request correction of personal data in case of incomplete and incorrect processing,
f) To request deletion or destruction of personal data in accordance with the conditions provided for in Article 7,
g) To request that the transactions carried out in accordance with paragraphs (d) and (e) be notified to the third parties to whom personal data are transmitted,
h) To object to the occurrence of a consequence against the person himself/herself by analyzing the processed data exclusively through automated systems,
i) To claim indemnification of the damages if the person incurs losses due to unlawful processing of his/her personal data
Nonetheless, persons do not have any rights with regard to data anonymized within the company. Erasmus Healthcare Center may share personal data with the relevant institutions and organizations for the execution of a judicial duty or the statutory powers of the state authority in accordance with the business and contractual relations.
Personal data holders may submit their requests regarding the above mentioned rights to the Company by filling the application form which you can obtain from the official website of the Company and signing it with a wet signature, then sending it as registered letter with advice of receipt to our Company address with photocopy of identity cards (only the front side for ID cards). Your applications shall be concluded as soon as possible (or within 30 days at the latest) after they reach our company, depending on the content of your application. You must submit your applications through registered letter with advice of receipt. In addition, we only respond to the applications you´ve sent for yourself, and do not accept any applications about your spouse, relative or friend.
Erasmus Healthcare Center may request further information and documents from applicants.
20. Principle of Confidentiality
The data of both employees and other persons with Erasmus Healthcare Center are confidential. Without any compliance with the contract and law, no one shall use, copy, and share these data for any purpose.
21. Transaction Security
All necessary technical and administrative measures are taken to protect the data owner, the personal data collected by Erasmus Healthcare Center and to prevent unauthorized access to the data. In this context, we ensure that our software complies with the standards; we carefully select the third parties and adhere to the PPPD policy as the company. Precautions regarding safety are constantly being renewed and improved.
Erasmus Healthcare Center gets necessary internal and external audits executed regarding the protection of personal data.
23. Notification of Violations
When Erasmus Healthcare Center is notified of any breach of personal data, it shall take immediate action to remedy the violation. It minimizes the damage to the relevant person and compensates the loss. When personal data are obtained by unauthorized persons from outside, Erasmus Healthcare Center immediately notifies the Personal Data Protection Board.
Changes made to this Policy are displayed in the table below