Levent Hospital Inc. Corporate Personal Data Protection Policy
Document Information
The right of every individual to demand the protection of their personal data is a fundamental right arising from the Constitution. At Levent Hospital Inc., we consider it one of our most valuable duties to fulfill the requirements of this right. Therefore, we prioritize the lawful processing and protection of your personal data.
This policy has been prepared to establish the principles and procedures we follow while processing and protecting personal data.
This policy applies to all personal data managed by Levent Hospital Inc. The scope includes any operation performed on data, such as obtaining, recording, storing, preserving, altering, organizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of data, whether by fully or partially automated means or non-automated means, as part of any data recording system.
It applies to the personal data of the shareholders, officials, customers, employees, suppliers, and third parties of Levent Hospital Inc.
Levent Hospital Inc. may amend the Policy for compliance with regulations and decisions of the Personal Data Protection Authority, aiming for better protection of personal data.
Abbreviation | Definition |
---|---|
Recipient Group | Categories of natural or legal persons to whom personal data is transferred by the data controller. |
Explicit Consent | Freely given, specific, informed, and unambiguous consent relating to the processing of personal data. |
Anonymization | Rendering personal data no longer identifiable with a specific individual even if combined with other data. |
Data Subject | The natural person whose personal data is processed. |
Related User | Individuals who process personal data within the data controller organization, excluding those responsible for technical storage, protection, and backup of the data. |
Destruction | The deletion, destruction, or anonymization of personal data. |
Law/KVKK | Law No. 6698 on the Protection of Personal Data. |
Recording Medium | Any environment where personal data is processed through fully or partially automated or non-automated means, provided it is part of a data recording system. |
Personal Data | Any information relating to an identified or identifiable natural person. |
Data Inventory | The inventory that details the personal data processing activities carried out by data controllers, including the purpose, legal basis, category, and retention period, among other aspects. |
Data Processing | Any operation carried out on personal data, including obtaining, recording, storing, altering, or disclosing. |
Commission | The Personal Data Protection Commission established by Levent Hospital Inc. to manage and ensure compliance with this Policy. |
Board | The Personal Data Protection Board. |
Institution | The Personal Data Protection Authority. |
Sensitive Personal Data | Data relating to a person’s race, ethnicity, political opinions, religious beliefs, or other sensitive areas such as health or criminal records. |
Periodic Destruction | Routine deletion or anonymization of personal data according to the data retention and destruction policy when the legal grounds for data processing no longer exist. |
Policy | The Personal Data Protection Policy. |
Data Processor | A natural or legal person processing personal data on behalf of the data controller, based on authority granted. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for managing the data recording system. |
Levent Hospital Inc. reviews the compliance of personal data with the following principles for every new data processing workflow. Workflows that are not compliant are not implemented.
Levent Hospital Inc. ensures that personal data is processed in accordance with:
Levent Hospital Inc. has established the Personal Data Protection Commission to manage this Policy and related procedures and to ensure compliance. The Commission comprises the General Manager, Human Resources Manager, Administrative and Financial Affairs Chief, and Quality Assurance Chief. Additionally, the hospital may obtain consultancy services for compliance with the KVKK.
The responsibilities of the Commission include:
Levent Hospital Inc. implements necessary technical and administrative measures to ensure an appropriate level of security, including the prevention of unlawful processing and access to personal data and its secure retention.
6. TRANSFER OF PERSONAL DATA
Levent Hospital A.Ş. may transfer personal data to third parties only within the framework specified by the relevant laws and with the explicit consent of the data subject. Personal data may be shared domestically and internationally with the following parties, when necessary for the continuation of hospital operations:
When transferring personal data, the protection of the rights and freedoms of the individuals concerned is prioritized, and all necessary security measures are taken. Levent Hospital A.Ş. ensures that third parties receiving the data also comply with confidentiality and data protection principles.
7. PURPOSE OF PROCESSING PERSONAL DATA
Levent Hospital A.Ş. processes personal data based on the explicit consent of the data subject or in situations where the law allows such processing without consent. Personal data is processed for the following purposes:
The processing of personal data is conducted in accordance with the principles of fairness, transparency, confidentiality, and security, aiming to safeguard the rights and freedoms of individuals.
8. STORAGE PERIOD OF PERSONAL DATA
Personal data collected by Levent Hospital A.Ş. is stored for the period necessary to fulfill the purposes for which it is processed. The retention period may vary depending on the type of data and the legal obligations associated with it. Once the relevant retention periods have expired, personal data will be deleted, destroyed, or anonymized in accordance with the regulations.
In cases where legal regulations require a longer retention period, personal data may be stored for the duration stipulated by the law.
9. RIGHTS OF DATA SUBJECTS
Data subjects whose personal data is processed by Levent Hospital A.Ş. have the following rights under applicable law:
Data subjects can exercise their rights by contacting Levent Hospital A.Ş. via written communication or through the designated contact points specified by the hospital.
10. AMENDMENTS TO THE PRIVACY POLICY
Levent Hospital A.Ş. reserves the right to update this Privacy Policy in line with legal regulations and institutional needs. Any changes made will be effective upon publication on the hospital’s official website. Data subjects are encouraged to regularly review the Privacy Policy to stay informed about how their personal data is processed and protected.