KVKK Privacy Statement
CLARIFICATION TEXT OF THE LAW ON THE PROTECTION OF PERSONAL DATA
The way in which the information we obtain regarding you and the services you request will be used and protected during your visit to this website and benefiting from the services we offer through this site is subject to the conditions set forth in this text. By visiting this website and requesting to benefit from the services we offer through this site, you accept the conditions set forth in this “Law on the Protection of Personal Data and the Clarification Text on the Processing of Personal Data”.
CLARIFICATION /INFORMATION ON THE PROCESSING OF PERSONAL DATA WITH THE LAW ON THE PROTECTION OF PERSONAL DATA
The purpose of the Law No. 6698 on the Protection of Personal Data is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations of natural and legal persons who process personal data, and the procedures and principles to be followed. For this reason, this text is explained in order to fulfill the obligation of disclosure arising from the Law, and the “Permission for Protection of Personal Data and Personal Data Sharing” is presented to the information and examination of the visitors.
Vera Research and Analytical Consultancy Services Trading Joint Stock Company (hereinafter referred to as the Company) will be able to process your personal data as Data Controller within the scope of the Personal Data Protection Law No. 6698 and the European Union General Data Protection Regulation (“GDPR”) and the relevant legislation.
COLLECTION, PROCESSING AND PROCESSING PURPOSE OF PERSONAL DATA
Although your personal data may vary in relation to the product and service offered by the company or the commercial activity, it may be processed by the company in order to ensure that the products and services are offered in the best way possible.
By the Company, for the purposes of protecting public health, preventive medicine, records related to your applications to our health institutions, conducting medical diagnosis, treatment and care services, planning and managing health services and financing; verbal, written, visual or electronic media, online via SGK/SSI (Social Security Institution) system, records shared in case of benefiting from our private insurance company, e-mails you send (e-mails), call center call records, in case you come to our health institutions by referral, through the records of other health institutions, if you attend training/seminars or organizations; website, verbal, written and similar channels.
Your personal data is obtained in all kinds of verbal, written, visual or electronic media, in order to provide the above-mentioned purposes and health services within the determined legal framework, and in this context, for the company to fully and properly fulfill its contractual and legal obligations.
COLLECTION OF PERSONAL DATA
Your personal data that you share with our company may be collected verbally, in writing or electronically through automatic or non-automatic methods, offices, agencies, branches, call center, website, social media channels, sms channels, mobile applications and similar means via business/program partner.
The company may use cookies to better offer its services and to adapt the content to individual needs and interests. Disabling cookies in the browser does not prevent the use of the services on the website, but it may cause some technical problems. Cookies are also used to collect general, statistical information about the user’s use of the website. Our detailed cookie policy is available on our website.
Personal data can also be collected from digital media such as company websites, software and applications made available on computers or some smart devices, and social media accounts activated by persons authorized to provide services on behalf of the company.
Video recordings of our visitors are taken through our company’s building, facility entrances and inside the facility through the camera monitoring system. The company, within the scope of monitoring with security cameras; It aims to increase the quality of the service provided, to ensure its reliability, to ensure the safety of our company, customers and other people, and to protect the interests of the customers regarding the service they receive.
The camera monitoring activity carried out by our company is carried out in accordance with the Law on Private Security Services and the relevant legislation. Only a limited number of company employees have access to the records that are recorded and maintained in the digital environment. In accordance with Article 12 of the KVK Law, our company takes the necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring.
PROCESSING PERSONAL DATA
The company may process your private and general personal data, especially your health data, for the stated purposes:
Your Identity Information: Your name, surname, TR Identity number, passport number or temporary TR Identity number, place and date of birth, marital status, gender, insurance and/or any other identification data that can identify you;
Your Contact Information: Your address, telephone number, e-mail address and other communication data, your voice call records kept by customer representatives or customer services in accordance with call center standards, and your personal data obtained when you contact us via e-mail, letter or other means, your other personal data that you send to us through our communication channels;
Family Members and Relatives Information: Children, spouses and identity information of the data owner;
Your Bank Account Information: Your financial data such as your bank account number, IBAN number, credit card information only on the slip, billing and invoicing information;
Physical Space Security Information: If you use the parking lot of our customers, your vehicle plate information, visit information, entry and exit information, your images obtained from the constantly recorded camera records in the common areas, your sound recording;
Legal Transaction Information: Information requests received from judicial and administrative institutions, data generated as a result of audit and inspection, If you apply for a job to the company, your other personal data, including the CV provided in this regard, and all kinds of personal data related to your service contract if you are a company employee or a related employee, your data on private health insurance and your Social Security Institution data for the purpose of financing and planning health services;
Marketing Information: Targeting information that may affect the service, cookie records, surveys completed by our customers, letters of thanks and complaints, satisfaction results, etc. notifications you make to evaluate;
Sensitive Personal Data: Data on race, health and sexual life, data on criminal convictions and security measures, biometric data, in particular the information required to be obtained as required by the service provided or legal regulations,
All kinds of personal data, including special quality personal data, obtained by the company that has the qualification of “Data Controller” in accordance with the Personal Data Protection Law No. 6698 and other legislation, can be processed for the following purposes.
PURPOSE OF PROCESSING PERSONAL DATA
Your personal data shared by you;
Carrying out necessary studies, including but not limited to the determination and implementation of our company’s commercial and business strategies, marketing activities, business development and planning activities, in order to benefit you and/or the institutions and organizations you represent from the products and services offered by our company,
Ensuring the physical security and control of the locations in use by our company,
Establishing business partner/customer/supplier (authorized or employees) relations,
Receive press releases, print publications and notices via e-mail,
To process your reservation requests and manage your account,
Ensuring contractual requirements and financial reconciliation regarding the products and services offered with our business partners, suppliers or other third parties,
Follow-up of legal and administrative affairs, human resources policies,
It may be processed for the purpose of calling our company’s call center or using the website and/or participating in training, seminars or organizations organized by our company.
Your personal data will be stored in electronic and/or physical media. Necessary business processes are designed and technical security infrastructure developments are implemented in order to prevent your personal data provided and stored by our company from being exposed to unauthorized access, manipulation, loss or damage in the environments where they are stored.
Your personal data will be processed by taking all necessary information security measures, provided that it is not used outside the purposes and scope notified to you, and will be stored and processed during the legal retention period or, if such a period is not foreseen, for the period required by the processing purpose. When this period expires, your personal data will be removed from our company’s data streams by deletion, destruction or anonymization methods.
In case of collection, processing and use of personal data on company websites and other systems or applications, the relevant persons are informed about the privacy statement and, if necessary, about cookies. People are informed about our practices on web pages. Personal data will be processed in accordance with the law.
The company adopts the principle of acting in accordance with the law when sharing data with both business and solution partners. Data is shared with business and solution partners with the commitment of data confidentiality and only as much as the service requires, and these parties are compelled to take measures to ensure data security.
In accordance with the Law on the Regulation of Commerce and the Regulation on Commercial Communications and Commercial Electronic Messages, e-mails for advertising purposes can only be sent to persons with prior approval. The explicit consent of the person to whom the advertisement is sent is essential. The Company complies with the details of the “approval” determined in accordance with the same legislation. The approval to be obtained should cover all commercial electronic messages sent to the electronic communication addresses of the recipients in order to promote our company’s goods and services, to market it, to promote its business or to increase its recognition with content such as congratulations and wishes. This approval can be obtained in writing, in the physical environment or by any electronic means of communication. The important thing is that the buyer has a positive declaration of will that he accepts the sending of commercial electronic messages, her/his name and surname and electronic communication address.
If a contractual relationship is established with our customers and prospective customers, the collected personal data can be used without the customer’s consent. However, this use takes place in accordance with the purpose of the contract. The data is used to the extent of better execution of the contract and the requirements of the service and updated when necessary by contacting the customers. On the other hand, the data left to us by our prospective customers (prospective customers) are processed in order to provide them with an easier and higher quality service afterwards. If this data has not turned into a contractual relationship upon request, it will be deleted.
According to this policy, which is called the principle of maximum savings or the principle of stinginess, the data received by our company is processed into the system only as much as necessary. Therefore, what data we collect is determined by the purpose. Unnecessary data is not collected. Other data transmitted to our company are transferred to company information systems in the same way. Redundant information is not recorded in the system, deleted or anonymized. These data can be used for statistical purposes. Health data, which is one of the special quality data, is taken only in order to provide better service to customers and protect their health and is kept in the system with care.
Your personal data that we have mentioned above will be processed within the framework of the Health Services Basic Law No. 3359, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates, Regulation on Private Hospitals, Regulation on the Processing and Privacy of Personal Health Data and the regulations of the Ministry of Health and other legislation. We inform you that it can be transferred to the physical archives and information systems of the hospital and / or our suppliers, and can be kept in both digital and physical environment, within the scope of the disclosure obligation of the data controller.
Although you choose not to share your personal data on this site, you will not be able to benefit from certain rights such as accessing certain areas of the site, making online reservations, providing feedback about our company or sending us an e-mail.
DURATIONS WHEN PERSONAL DATA WILL BE PROCESSED
In accordance with the KVK Law No. 6698, your personal data that has been processed for the purposes specified in this “Information Text on the Processing of Personal Data” is no longer required for the processing of your personal data pursuant to Article 7/f.1. When the expiry of the time-out periods we have made, your personal data will be deleted, destroyed or anonymized by us and will continue to be used.
TRANSFERRING PERSONAL DATA
In accordance with the additional regulations listed in Articles 8 and 9 of the Law and determined by the Personal Data Protection Board; In case there are conditions for the transfer of personal data, it can transfer personal data at home or abroad.
Your personal data can be transferred by the company, provided that at least one of the data processing conditions specified in the 5th and 6th articles of the Law is present and that the basic principles regarding the data processing conditions are complied with.
Upon the transfer of personal data to third parties abroad, the company and the data controller in the relevant country undertake in writing to provide adequate protection, personal data can be transferred to third parties abroad, provided that at least one of the data processing conditions specified in Articles 5 and 6 of the Law are fulfilled, with the permission of the Board for this process.
If the country to which the transfer will be made is not a safe country to be announced by the Personal Data Protection Board, upon the written commitment of the company and the data controller in the relevant country to adequate protection, the Personal Data of the Board allows this process, as specified in Articles 5 and 6 of the Law. Personal data can be transferred to third parties abroad if at least one of the data processing conditions (see Policy Title 3) is present.
Within the scope of the general principles of the law and the data processing conditions in Articles 8 and 9, the company can transfer data to the parties, the example of which is considered in the table below.
Although personal data is not limited to the extent permitted and necessary by KVKK and derivative legislation and according to the circumstances of the case; In line with the contractual purposes, the performance of the service, the maintenance and development of effective employee management, the fulfillment of the obligations arising from the contracts concluded by our company, except in cases where data transfer is legally prohibited, the transfer and information supply between the departments in order to carry out legally necessary administrative actions, for the purposes of evaluating their performance, ensuring and improving occupational safety, as well as ensuring the legal and commercial security of our company and those who have a business relationship with our company; for the purposes of determining and implementing our company’s business strategies; Labor Law, Occupational Health and Safety Law, Social Insurance and General Health Insurance Law, Law on Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications, Turkish Code of Obligations, Turkish Commercial Code, Tax Procedure Law, Personal Data No. 6698 Institutions or organizations permitted by the Law on the Protection of the Law and other legislation; Public legal entities such as Personal Data Protection Authority, Ministry of Finance, Ministry of Customs and Trade, Ministry of Labor and Social Security, Information Technologies and Communication Authority; our subsidiaries and/or direct/indirect domestic/foreign affiliates; In order for the secondary opinion and live support units to provide effective service over the internet, our online service units are with us in taking workplace security measures such as the protection of all kinds of personal data that we contractually serve as a company to carry out our activities, the protection of all kinds of personal data, the prevention of unauthorized access and the prevention of their unlawful processing. It can be transferred to the program partner domestic/foreign organizations and other third parties who are jointly and severally responsible, limited to the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law No. 6698.
hMinistry of Health and its organization, Family Practice Centers Social Security Institution, private insurance companies (including health, retirement and life insurance and similar General Directorate of Security, law enforcement, General Directorate of Population, courts, laboratories, centers and similar third parties with which we cooperate , the representatives you have authorized, the third parties we consult, including the health institution, lawyers, tax consultants and auditors, regulatory and supervisory institutions, official authorities, our suppliers whose services we benefit from or cooperate with, the health institution to which the patient is referred or the patient herself/himself applies, our support service providers and business partners, and laboratories, centers and other similar third parties with whom we cooperate for medical diagnosis are included; and personal data may be transferred to the said organizations within the framework of the processing conditions and purposes specified in Articles 8 and 9 of the KVKK.
SHARED PARTY CATEGORIZATION
EXTENT
PURPOSE OF TRANSFER
Business Partner
EXTENT
Parties with whom the company establishes business partnerships while carrying out its commercial activities
PURPOSE OF TRANSFER
Limited sharing of personal data in order to ensure the fulfillment of the founding purposes of the business partnership
Supplier
EXTENT
Parties providing services for the company to continue its commercial activities in line with the instructions received from the company and based on the contract with the company
PURPOSE OF TRANSFER
Transfer limited to the receipt of outsourced services from the supplier
Participation
EXTENT
Subsidiaries of the company
PURPOSE OF TRANSFER
Limited transfer of personal data for the purpose of conducting commercial activities that require the participation of affiliates
Legally Authorized Public Institution
EXTENT
Public institutions and organizations that are legally authorized to receive information and documents from the company
PURPOSE OF TRANSFER
Limited personal data sharing for the purpose of requesting information by relevant public institutions and organizations
Legally Authorized Private Institution
EXTENT
Private officers of the court who are legally authorized to receive information and documents from the company
PURPOSE OF TRANSFER
Sharing of data limited to the purpose requested by the relevant private officers of the court within the legal authority
NECESSITY AND LEGAL REASON OF PERSONAL DATA TRANSFER
Your personal data by the company based on different channels and different legal reasons; To carry out our activities and operational processes for the purposes of effective and efficient realization of company health services within the framework of legal requirements, fulfillment of the duty of care, implementation and execution of human resources policies, fulfillment of contractual obligations, evaluation of employee performance, ensuring and improving occupational safety, due to legal reasons. are collected electronically. Your personal data collected for this legal reason can also be processed and transferred for the purposes specified in the articles of this notification within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law No. 6698.
DISPOSAL OF YOUR PERSONAL DATA
Despite the fact that it has been processed in accordance with the provisions of the relevant law, it may delete or destroy personal data at its own discretion or upon the request of the personal data owner, in the event that the reasons for its processing disappear. The deletion or disposal techniques used by us are listed below:
Physical Destruction
Personal data can also be processed in non-automatic ways, provided that it is part of any data recording system. While such data is being deleted/destroyed, a system of physical destruction of personal data is applied so that it cannot be used later.
Safe Deletion from Software
While deleting/destroying data processed by fully or partially automated means and stored in digital media; methods are used to delete the data from the relevant software in a way that cannot be recovered again.
Safe Deletion by an Expert
In some cases, the company may hire an expert to delete personal data on its behalf. In this case, personal data is securely deleted/destroyed by the person who is an expert in this field, in a way that cannot be recovered.
Techniques to Anonymize Personal Data
Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data. The company can anonymize personal data when the reasons that require the processing of personal data processed in accordance with the law are eliminated.
In accordance with Article 28 of the KVK Law; Anonymized personal data may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of the KVK Law and the explicit consent of the personal data owner will not be sought. Personal data processed by anonymizing are outside the scope of the KVK Law. The most used anonymization techniques by the company are listed below:
A- Masking
With data masking, it is a method of anonymizing personal data by removing the basic determinant information of personal data from the data set.
B- Aggregation
With the data aggregation method, many data are aggregated and personal data is rendered unrelated to any person.
C- Data Derivation
With the data derivation method, a more general content is created than the content of the personal data and it is ensured that the personal data cannot be associated with any person.
D- Data Mixing
With the data mixing method, the values in the personal data set are mixed, thereby breaking the bond between the values and the individuals. (The company can get detailed information about the subject from the IT Department from which it receives support)
CASES WHERE DATA MAY BE PROCESSED WITHOUT EXPRESS CONSENT UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA:
Pursuant to Article 5 of the KVK Law, the following personal data may be processed without your explicit consent in the following cases:
To be stipulated clearly in the law.
It is compulsory for the protection of life or physical integrity of the person or another person, who is unable to express her/his consent due to actual impossibility or whose consent is not legally valid.
It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
It is mandatory for the data controller to fulfill its legal obligation.
The fact that the person concerned has been made public by herself/himself.
Data processing is mandatory for the establishment, exercise or protection of a right.
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
SECURITY OF DATA
As a company; We attach importance to the protection of your personal data. For this reason, we present to your information that we provide protection against possible risks within our technical and administrative possibilities in accordance with information security standards and procedures.
The Company reserves the right to update this “Clarification Text on the Protection of Personal Data” at any time within the framework of the changes that can be made in the current official legislation.
YOUR RIGHTS TO PROTECT YOUR PERSONAL DATA
To the extent that your personal data is processed as the data controller of the Company, Art. In accordance with 11, you can fill in the ” Law on Personal Data Protection (KVKK) Application Form” at the end of this text, deliver it by hand over the web network connections, to the address of the workplace where you received the service, send it through a notary public, and send an e-mail signed with your own secure electronic signature. In accordance with the relevant legislation, by sending an e-mail by mail or by sending a “Word or PDF” file signed with a secure electronic signature to kvkk@veraarastirma.com by e-mail;
Learning whether it has been processed; if it has been processed, to request information about it and to learn whether it is used in accordance with the purpose of processing,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of these in case of incomplete or incorrect processing,
If your personal data is incomplete or incorrectly processed, requesting the notification of the third parties to whom the personal data has been transferred,
Requesting correction of your personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom your personal data has been transferred,
Objecting to adverse results that may arise as a result of processing through automated systems,
In case of damage due to processing contrary to the law and the relevant legislation, the compensation of the damage
We inform you that you have the right to demand everything listed above.
If you exercise your right to learn whether personal data is processed, your right to request information if personal data has been processed, your right to learn about the purpose of processing personal data and whether they are used in accordance with its purpose, or your right to know the third parties to whom personal data is transferred, in the country or abroad, the relevant information will be provided to you, upon your request. Your applications will be notified free of charge, in a clear and understandable way, in writing or electronically, via the contact information provided by you, as soon as possible, depending on their nature, and within thirty days at the latest. However, if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.
During the evaluation of the applications, the company first determines whether the person making the request is the real right holder. However, the company may request detailed and additional information in order to better understand the demand when it deems necessary.
Responses to data subject applications are notified by the company in writing or electronically. If the application is rejected, the reasons for the rejection will be explained to the data owner with justification.
If you apply to us in writing regarding your above-mentioned rights, a free response will be given within 30 (thirty) days at the latest, depending on the nature of your request. You must send your application to the company address by hand, by mail or by notary public, in a clear and agreeable manner, by attaching the documents identifying the identity and address information, and with a written and wet signature.
Click to download the application form
Address: Esentepe Mah. D100 Güney Yanyol N.25 Lapishan Bağımsız Böl.119 Kartal, İstanbul
E-mail: info@veraarastirma.com
Kep Address: veraarastirmaas@hs01.kep.tr