CLARIFICATION TEXT ON THE PROTECTION OF PERSONAL DATA

This Clarification Text has been prepared within the scope of the Law No. 6698 on the Protection of Personal Data and contains information on matters such as how and for what purposes your personal data is obtained and used, with whom it may be shared for which purposes, by which methods it is collected, and on which legal grounds it may be processed.

With regard to the personal data to be obtained and processed by our hospital, the data controller is Göz Vakfı. All obligations stipulated for the data controller under Law No. 6698 are fulfilled by Göz Vakfı.

Your personal data may be processed for the purpose of providing healthcare services to you and, where necessary, for other purposes such as security services and judicial processes. For detailed information regarding the purposes of processing and retention / preservation periods of your personal data, you may review the relevant text (ANNEX-1).

Your personal data may be shared with institutions and organizations within the framework of exceptional provisions regarding the provision of healthcare services or based on your consent. For detailed information on the institutions and organizations with whom your personal data is shared and the purposes of such sharing, you may review the relevant text (ANNEX-2).

Your personal data is obtained, used, and shared with relevant institutions and organizations in accordance with Article 5, paragraph 2 of Law No. 6698, and for your health data, the relevant provisions of Article 6 of the Law. For information on which of your data is obtained and used on which legal grounds, you may review the relevant text (ANNEX-3).

You may exercise your rights set forth under Article 11 of Law No. 6698 by submitting a written petition to our hospital. For detailed information regarding your rights under the relevant article, you may review the explanatory text (ANNEX-4A) and the application form (ANNEX-4B).

3.1. Data Processing and Retention Period (ANNEX-1)

The following text has been prepared to define the limits of the purposes for which personal data is processed.

Your personal data shall be processed, limited to the purposes specified in our clarification text, in compliance with the data processing and statute of limitations periods stipulated in all relevant laws and other legal regulations to which Göz Vakfı’s hospital and affiliated centers are subject. In the event of any amendment to the legal retention periods, the newly determined periods shall apply.

Your personal data is processed, as a requirement of the principle of purpose limitation, only for the period necessary to fulfill the purposes described in this Clarification Text and, in any case, for the period required by the practices of Göz Vakfı and its affiliated institutions and commercial customs. Upon expiration of such periods, the data is deleted, destroyed, or anonymized. Within this scope, the retention periods for personal data on a process basis are set out below.

• Execution of Patient Registration and Treatment Processes: Within the scope of the regulation requiring the retention of personal health data for 20 years
• Laboratory Processes: 20 years from the completion of the process
• Accounting Processes: 5 years from the completion of the process
• Human Resources Processes: 10 years following the end of employment
• Log Recording and Monitoring Systems: 10 years
• Execution of Hardware and Software Access Processes: 3 years
• Camera Records: 2 months
• Preparation and Performance of Contracts: 10 years following the termination of the contract
• Execution of Corporate Communication Activities: 10 years following the end of the activity

3.2. Institutions with Which Data Is Shared (ANNEX-2)

The following text has been prepared to specify the institutions with which data is shared.

Your personal data shall be processed, limited to the purposes specified in our clarification text, in compliance with the data processing and statute of limitations periods stipulated in all relevant laws and other legal regulations to which Göz Vakfı’s hospital and affiliated centers are subject.

Within the framework of exceptional provisions regarding the provision of healthcare services or based on your consent, your personal data may be shared with the institutions and organizations listed below.

Official Institutions

• Social Security Institution (SGK)
• TRNC Ministry of Health
• Ministry of Health of Kosovo
• Council of State of the Republic of Türkiye
• Court of Cassation of the Republic of Türkiye
• Grand National Assembly of Türkiye

Bank Pension Funds

• T. Garanti Bankası A.Ş.
• Memur ve Müstahdemleri Emekli ve Yardım Sandığı Vakfı
• T.C. Ziraat Bankası / T. Halk Bankası Emekli Sandığı Yardım Vakfı
• Türkiye İş Bankası A.Ş.
• Türkiye Sınai Kalkınma Bankası
• Memur ve Müstahdemleri Yardım ve Emekli Vakfı
• Vakıflar Bankası

Insurance Companies (Private Health Insurance - ÖSS)

• Acıbadem Health and Life Insurance Inc.
• AcnTürk Insurance Inc.
• Ak Insurance Inc.
• Aegon Pension and Life Inc.
• Anadolu Turkish Insurance Inc.
• Anadolu Turkish Insurance Company Officers Pension Fund Foundation
• Allianz Insurance Inc.
• Ana Insurance Inc.
• Ankara Insurance Inc.
• Ankara Turkish Insurance Inc.
• Aveon Insurance Inc.
• Axa Insurance Inc.
• Chubb European Insurance
• Demir Health and Life Insurance Inc.
• Doğa Insurance Inc.
• Emaa Insurance Inc.
• Fortis Bank Fund
• Fiba Pension and Life Inc.
• Groupama Insurance Inc.
• Generali Insurance Inc.
• Gulf Insurance Inc.
• GIG Insurance Inc.
• HDI Insurance Inc.
• Hepiyi Insurance Inc.
• Katılım Pension and Life Inc.
• Mapfre Insurance Inc.
• Magdeburger Insurance Inc.
• Medisa Insurance Inc.
• MetLife Pension and Life Inc.
• Neova Katılım Insurance Inc.
• Prive Insurance Inc.
• Quick Insurance Inc.
• Ray Insurance Inc.
• Referans Insurance Inc.
• Sompo Insurance Inc.
• T-Sigorta Inc.
• Türk Nippon Insurance Inc.
• Türkiye Katılım Hayat Inc.
• Türkiye Insurance Inc.
• Unico Insurance Inc.
• Zurich Insurance Inc.

Supplementary Health Insurance Companies (TSS)

• Acıbadem Health and Life Insurance Inc.
• AcnTürk Insurance Inc.
• Ak Insurance Inc.
• Aegon Pension and Life Inc.
• Anadolu Turkish Insurance Inc.
• Allianz Insurance Inc.
• Ana Insurance Inc.
• Ankara Insurance Inc.
• Arex Insurance Inc.
• Aveon Insurance Inc.
• Axa Insurance Inc.
• Chubb European Insurance
• Demir Health and Life Insurance Inc.
• Doğa Insurance Inc.
• Ethica Insurance Inc.
• Eureko Insurance Inc.
• Fiba Pension and Life Inc.
• Generali Insurance Inc.
• Gulf Insurance Inc.
• HDI Insurance Inc.
• Hepiyi Insurance Inc.
• Katılım Pension and Life Inc.
• Mapfre Insurance Inc.
• Magdeburger Insurance Inc.
• Medisa Insurance Inc.
• MetLife Pension and Life Inc.
• Neova Katılım Insurance Inc.
• Prive Insurance Inc.
• Quick Insurance Inc.
• Ray Insurance Inc.
• Referans Insurance Inc.
• Sompo Insurance Inc.
• Türk Nippon Insurance Inc.
• Türkiye Katılım Hayat Inc.
• Türkiye Insurance Inc.
• Unico Insurance Inc.
• Zurich Insurance Inc.

3.3. Data Categorization and Purpose of Processing (ANNEX-3)

The following text has been prepared to specify data categorization and the purposes of processing.

Categorization of Personal Data Processed by Göz Vakfı and Purposes of Processing

In accordance with Article 10 of the Personal Data Protection Law, Göz Vakfı informs data subjects, upon request, regarding which groups of personal data subjects’ data are processed, the purposes for which such personal data is processed, and the retention periods of such data, within the scope of its obligation to inform.

Classification of Personal Data

• Identity Information: Information such as name, surname, Turkish ID number, nationality, place of birth, date of birth, gender, workplace information, registry number, tax number, title, biography, as well as documents such as driver's license, professional ID, identity card, and passport
• Contact Information: Information such as phone number, address, e-mail address, fax number, and similar data
• Location Data: Information determining the location of the personal data subject during the use of services or the use of institution vehicles
• Customer Information: Information obtained and generated about the relevant person as a result of commercial activities and operations carried out by business units
• Family Members and Relatives Information: Information relating to family members and relatives processed for the purpose of the services provided or to protect the legal interests of the institution and the data subject
• Customer Transaction Information: Records regarding the use of products and services and information relating to necessary instructions and requests
• Physical Space Security Information: Personal data relating to records and documents collected during entry into and stay within physical premises
• Transaction Security Information: Personal data processed to ensure technical, administrative, legal, and commercial security
• Risk Management Information: Personal data processed through methods used to manage commercial, technical, and administrative risks
• Financial Information: Personal data relating to any information, documents, and records showing the financial results arising according to the type of legal relationship between the institution and the data subject
• Personnel Information: Personal data forming the basis of the employment rights of employees or natural persons in a working relationship with the institution
• Job Applicant Information: Data relating to persons who apply for a job or are evaluated as candidates in line with human resources needs
• Employee Transaction Information: Data relating to all types of transactions carried out by employees or natural persons in a working relationship with the institution within the scope of their work
• Employee Performance and Career Development Information: Personal data processed for the purpose of performance measurement and career development planning
• Fringe Benefits and Benefits Information: Data relating to the planning and follow-up of fringe benefits and benefits provided to employees or other natural persons in a working relationship with the institution
• Legal Transaction and Compliance Information: Personal data processed within the scope of determination and follow-up of legal receivables and rights, performance of debts, and compliance with legislation
• Audit and Inspection Information: Personal data processed within the scope of legal obligations and compliance with institutional policies
• Special Categories of Personal Data: Personal data regarded as special categories under the Law, especially health data
• Marketing Information: Data relating to the marketing of products and services customized according to the usage habits, preferences, and needs of the personal data subject
• Request / Complaint Management Information: Personal data relating to the receipt and evaluation of all kinds of requests or complaints directed to the institution
• Reputation Management Information: Information collected and evaluations made for the purpose of protecting the commercial reputation of Göz Vakfı and its affiliated institutions
• Incident Management Information: Personal data processed in relation to legal, technical, and administrative measures taken against incidents in order to protect the commercial rights and interests of Göz Vakfı and its affiliated institutions, as well as the rights and interests of customers

You retain all the rights listed above.

Form for Requesting Access to Personal Data