Online Appointment +90 216 581 42 00

INFORMATION NOTICE ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
Last updated: 26.02.2024


Your privacy is important to us. Therefore, the personal data you share with us is protected with utmost care.


TUSA Hospital, operated by TEGAŞ TERSANELER GEMİ İNŞA SAĞLIK TURİZM VE İNŞAAT HİZMETLERİ ANONİM ŞİRKETİ, as the data controller, aims to inform you through this privacy and personal data protection policy, in accordance with the Law No. 6698 on the Protection of Personal Data ("KVKK"), the Regulation on Personal Health Data, the Communiqué on the Procedures and Principles to Be Followed in the Fulfillment of the Obligation to Inform, and other relevant legislation, about:

which personal data of yours is processed and for what purposes,

with whom and why the data may be shared,

our data processing methods and legal bases, and

your rights regarding the processed data.

  1. Collection, Processing, and Purpose of Processing of Personal Data
    When you are admitted to our hospital as a guest, your personal data is processed for the purposes of public health protection, preventive healthcare, medical diagnosis and treatment services, planning of health services and financing, identity verification, medication supply, appointment notifications, risk management and quality improvement, fulfilling legal and regulatory requirements, participation in campaigns, delivery of campaign information, and personalized content delivery through web and mobile platforms.

Your data is processed in accordance with legal regulations under the legal grounds of:

"being directly related to the establishment or performance of a contract" and

"being necessary for the data controller to fulfill its legal obligations."

The data is recorded in our Hospital Information Management System (HBYS) and stored both physically and digitally.

Processed personal data includes:

Identity Information: Name, surname, Turkish ID number, passport number or temporary ID number for non-citizens, date and place of birth, marital status, gender, private insurance or SGK data, scanned ID card.

Each patient is assigned a “Patient Number” and “Protocol Number”, and these records are instantly transferred to the SGK’s Medula system via HBYS.

Contact Information: Address, phone number, email, and other contact details.

Accounting Information: Bank account number, IBAN, credit card details, billing information.

During the provision of healthcare services, the following health data is processed by our healthcare personnel and physicians under confidentiality obligation, primarily based on the legal ground of “the execution of medical diagnosis, treatment, and care services,” as stipulated by:

Law No. 2219 on Private Hospitals,

Law No. 3359 on the Basic Law of Health Services,

Decree-Law No. 663,

Private Hospitals Regulation,

Healthcare Implementation Communiqué,

Patient Rights Regulation, and

Turkish Code of Obligations No. 6098.

Health Data: Includes (but is not limited to) data obtained through medical diagnosis, treatment, and care services and is instantly transferred to the Ministry of Health’s E-Nabız system.

Our hospital operates a closed-circuit camera system for security. All visitors’ visual and audio data may be recorded and processed automatically for the purpose of physical space security and visitor tracking under the legal grounds of “legitimate interest of the data controller” and “fulfilling legal obligations” provided that it does not harm fundamental rights and freedoms.

  1. Method and Legal Grounds for Collecting Your Personal Data
    Your personal data is collected and processed through all kinds of verbal, written, visual, or electronic means for the purposes stated above and to allow TUSA Hospital to carry out its operations and fulfill its contractual and legal obligations.

Your IP address and browser agent details collected via our website are used solely for analytical purposes and are processed via cookies and similar technologies, either automatically or manually, sometimes in collaboration with third parties such as analytics providers, ad networks, and search engines, under the legal ground of “legitimate interest.”

According to Article 6/3 of the Law, personal data related to health and sexual life may be processed without explicit consent, provided that it is carried out by persons or authorized institutions under confidentiality obligation for the purposes of public health protection, preventive healthcare, medical diagnosis, treatment, and management of healthcare services and financing.

  1. Transfer of Collected Personal Data and Purposes of Transfer
    Your data may be shared with authorized institutions including the Ministry of Health, Provincial Health Directorates, Public Health Centers, and systems such as Medula and E-Nabız, for the purpose of mandatory reporting and cooperation in diagnosis and treatment.
    It may also be transferred to domestic or international labs, ambulance services, medical device providers, group companies, SGK (for insured patients), your insurance company (if applicable), your employer (for corporate invoicing), referred healthcare institutions, foreign specialists (if a second opinion is requested), and your legal representatives, under the legal ground of "protection of public health, preventive medicine, medical diagnosis, treatment, care, and management of health services and financing."

It may also be shared—only to the extent necessary and within the scope of signed confidentiality agreements—with:

contractors,

legal advisors, auditors, and consultants,

business partners,

other legally authorized third parties.

If you benefit from private or complementary health insurance, your personal data (e.g., name, contact number, billing details, health records) may be shared with contracted consultants, insurance providers, or affiliated institutions under the same legal ground. The follow-up process is conducted by those external entities.

  1. Your Rights as the Data Subject
    According to Article 11 of the KVKK, you have the following rights:

To learn whether your personal data is being processed,

To request information about the processing if it has occurred,

To learn the purpose of processing and whether it is used accordingly,

To know the third parties to whom the data is transferred domestically or internationally,

To request correction if your data is incomplete or incorrectly processed,

To request deletion or destruction of your personal data,

To request notification of rectification or deletion to third parties,

To object to any adverse result obtained through automated data processing,

To demand compensation for damages arising from unlawful processing.

  1. Complaints and Contact
    You are free to accept or reject the processing of your personal data as outlined in this policy. All your data is stored with utmost confidentiality, and appropriate technical and administrative measures are in place to ensure security.

To exercise your rights, in accordance with the Communiqué on the Principles and Procedures of Application to the Data Controller, you may:

Send a petition bearing your wet signature via post to:
Aydıntepe, Güzin Street No:6, 34959 Tuzla/İstanbul, addressed to the Chief Physician, with the subject “Request for Information Under the Personal Data Protection Law”,

Send a digitally signed file via KEP (registered electronic mail) to your registered address, or

Send a digitally signed Word or PDF file to:
info@tusahospital.com
with the subject: "Request for Information Under the Personal Data Protection Law"

If you continue using the website, you are deemed to have accepted this policy. For further details, feel free to contact us at info@tusahospital.com.




This privacy policy was created via: https://sartlar.com

Last Modified 19.05.2025 Published Date 22.03.2024