GDPR Policy | HospitalTürk

GDPR Policy

As Üsküdar Hospital Türk Hospital, we pay attention to matters such as ensuring that your personal data is recorded, secured and shared in accordance with the relevant law.  In accordance with the Constitution of the Republic of Turkey and the Law on Protection of Personal Data No. 6698, your personal data shared with our company will be stored in accordance with our operating areas. Article 20 of the Constitution states that “Everyone has the right to demand the protection of their personal data.
This right; which also includes being informed about the personal data about the person, accessing these data, requesting their correction or deletion, and learning whether they are used for their purposes. Personal data can only be processed in cases stipulated by law or with the explicit consent of the person. The principles and procedures regarding the protection of personal data are regulated by law. The Law on Protection of Personal Data No. 6698
(“GDPR”) was published in the Official Gazette dated 07.04.2016 within the framework of the supervisory provision. Then, it entered into force and regulations and board resolutions, which are derivative legislation in terms of implementation of the law, were published. The aforementioned law regulates the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and the obligations of natural and legal persons who process personal data, as well as the procedures and principles to be followed. In this context, we fulfill our responsibility to enlighten and inform about your rights and obligations. Your personal data, by Üsküdar Hospital Türk Hospital; For medical diagnosis, treatment and care services, the records shared in verbal, written, visual or electronic media for outpatient and inpatient services, the Social Insurance Institution (SGK) and private insurance companies, the e-mails you send through the records of other hospitals in case you come to our hospital by referral ( e-mails), appointment information, call center call records, website, verbal, written and similar channels. Üsküdar Hospital Türk (“Hospital”), in its capacity as “data controller”, may process your personal data within the scope described in this Notice. Employees also provide their services in terms of business requirements; The patient receives service, patient relatives and other third parties and organizations (generally referred to as the “Contacts”), including the suppliers within the framework of the health service relationship, in line with the GDPR and derivative legislation, and the employees are obliged as personnel within the scope of the protection of personal data in their relationship with the “Respondents” and abide by its responsibilities. In the event of a conflict between this Notice and the applicable legislation provisions, the Hospital agrees that the provisions of the legislation will be enforced in accordance with the term “Data Owner”.


  • Explicit consent: It refers to the consent that is based on information and expressed with free will on a specific subject.
  • Anonymization: It means making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
  • Relevant person: Refers to the natural person whose personal data is processed.
  • Personal data: It refers to any information relating to an identified or identifiable natural person.
  • Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, means all kinds of operations performed on data such as classification or prevention of use.
  • Special Quality Personal Data: People’s race, ethnicity, political thought, philosophical belief, religion, it refers to biometric and genetic data related to his cult or other beliefs, disguises and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures.
  •  Data-processing: Refers to the real or legal person who processes personal data on his behalf based on the authority provided by the data manager.
  • Data Officer: Refers to the real or legal person who determines the purposes and means of processing personal data, who is responsible for the establishment and management of the data logging system.




In both its internal and external procedures, the hospital accepts that it will process personal data in accordance with the following principles with this Statement in accordance with Article 4 of the GDPR:

  • Compliance with law and honesty
  • Accuracy and timeliness
  • Processing for specific, explicit and legitimate purposes
  • Processing data in a limited and measured way in connection with the purpose for which they are processed
  • Processing limited to the period stipulated by the provisions of the legislation or required by the purpose of processing



In accordance with Article 5 of the  GDPR, the processing processes of “personal data” by the Hospital are carried out in accordance with the following conditions specified in the GDPR and the relevant legislation:

  • Finding the Explicit Consent of the Person Concerned
  • Processing of Data Due to Legal Requirements
  • The Processing of the Data of the Person Who Could Not Explain the Consent of the Related Person Due to the Actual Impossibility or whose Consent could not be Legally Validated, Must Be Processed for the Protection of Him/herself or Someone else’s Life or Body Integrity
  • Obligation to Process the Personal Data of the Parties to the Contract, Provided that it is Directly Related to the Establishment and Performance of a Contract
  • Obligatory for the Data Controller to Fulfill his Legal Obligation
  • Processing of Personal Data Made Public by the Relevant Person
  • Processing of Data Mandatory for the Establishment, Use or Protection of a Right
  • Processing of Personal Data for the Legitimate Interests of the Data Controller




Collected personal data, personal data for the purposes listed below; It can be processed, provided that it remains within the personal data processing conditions specified in Articles 5 and 6 of the Law No. 6698:

  • Public health medical diagnosis under the Basic Law of Health Services numbered 3359, the Law on the duties and duties of the Ministry of Health and its subsidiaries numbered 663, the Regulation on the Special hospitals, the provision of Personal Health Data and other regulations on the provision of the nature of
  • Personal Health Data, conduct treatment and maintenance services
  • Early diagnosis and preventive medicine, planning and management of health care and financing
  • Be able to notify you of the appointment if you make an appointment; bank and counter transactions; planning and managing the internal workings of our hospital, analyzing to improve health services; putting our employees into training activities to better serve you, monitoring and blocking abuse and unauthorized transactions
  • Carrying out risk management and quality improvement activities; research and supply of devices for diagnosis and treatment within the limits of the legislation; fulfilling legal and regulatory requirements; payment for our services through billings and legal processes; confirming your identity; newborn baby notification
  • Confirming your relationship with the institutions contracted with our hospital; sharing the requested information with the Ministry of Health, other public institutions and organizations and private organizations in accordance with the relevant legislation; Sharing requested information with private insurance companies within the scope of financing health services
  • To be able to answer all your questions and complaints about our health services; Analyzing your use of health services and storing your health data in order to develop and improve the health services we provide to you
  • Making the meetings with the call centers more effective and efficient, enabling the hospital security guards to perform their services better, preserving the information about your health data, which should be kept as per the relevant legislation; Providing financial agreement regarding the health services offered to you with the institutions we have contracted with; Execution, development, planning and management of health services and financing of medical diagnosis, treatment and care services, including but not limited to measuring patient satisfaction
  • To improve patient satisfaction, to inform you of our medical diagnosis, treatment and maintenance services, to provide online and live support, secondary opinion, information and distribution activities via websites, to improve and improve human resources policies, to receive support from group companies and academic institutions where necessary to improve health care effectiveness, the ability to perform the auxiliary services of the hospital building, including parking and valet service
  • To protect public health, to carry out medical diagnosis, treatment and care services, to confirm your identity, to do the necessary work for you to benefit from the services of our hospital, to inform you if you make an appointment.
  • The purpose of storing health data about your use of health services for the planning and management of the internal functioning of our hospital and daily operations and for the improvement of our health services and a better understanding of service.



The personal data collected is not limited to those provided by the GDPR and the derivative legislation and to the extent and conditions of the carpet, but to the extent necessary, for contracted purposes, the performance of health care, maintaining and improving effective employee management, the provision of referral and information between departments, assessing the performance of employees, in order to carry out legal and legally required administrative actions, in the event that the obligations arising from the contracts incurred by our hospital are not legally prohibited from transferring data, For the purposes of ensuring and improving business safety, as well as the provision of the legal and commercial safety of the persons involved in the business relationship with our Hospital and Hospital; for the purposes of determining and implementing the business strategies of our hospital;

  • Health Services Basic Law Numbered 3359, Decree on the duties and duties of the Ministry of Health and its subsidiaries numbered 663, Regulation on Special hospitals, Labor Law, Labor Health and Safety Law, Social Fuses and General Health Insurance Law, The Law on the Regulation of Publications in the Internet and the fight against Crimes committed through these Publications, Turkish Code of obligations, Turkish Commercial Code, Tax procedure Law, Personal Data Protection Act No. 6698, and the institutions or organizations permitted by other legislation provisions


Public legal entities such as Personal Data Protection Authority, Ministry of Health and its organization, Council of Higher Education, Ministry of Finance, Ministry of Customs and Trade, Ministry of Labor and Social Security, Social Security Institution, Information Technologies and Communication Institution


  • To enable secondary and live support services over the Internet to provide effective health care,
  • Turkish Pharmacists Association, Private insurances, Offices of Chief Public Prosecutor and judicial units, Laboratory and imaging centers where we receive support for medical diagnosis
  • Program partner domestic/foreign organizations and other 3 companies, which are jointly and severally responsible with us for taking workplace safety measures such as keeping all kinds of personal data, preventing unauthorized access and illegal processing, with which we receive contractual services, cooperate to carry out our activities as a hospital.

Personal data may be transferred to persons limited to the conditions and purposes of processing specified in Articles 8 and 9 of the Law No. 6698.

Üsküdar Hospital Turkish hospital and medical centers, Social Security Institution, Ministry of Health and Organization, Family Health Centers, private insurance companies (law enforcement, pension and life insurance and similar Security General Directorate, population General Directorate, Turkey Pharmaceuticals Association, courts, laboratory in which we are collaborating for medical diagnosis, third parties such as the center and similar third parties, our suppliers, who we have obtained from, or collaborated with, your authorized representatives, the health organization, lawyers, tax advisors and auditors that the patient has been referred to, or who have received advice from, including the health agency, lawyers, tax advisors and auditors, Our support service providers and partners and other third parties are also included in this scope and are also included in the scope of the GDPR’s 8. and 9. the personal data processing requirements and purposes specified in the articles shall be transferred to such organizations.




Your personal data is based on different channels and different legal reasons by the Hospital; Hospital health services are collected in physical and electronic environment for the purposes of effective and efficient execution of legal requirements, fulfillment of care obligations, implementation and execution of human resources policies, fulfillment of obligations arising from contracts, evaluation of employee performance, ensuring job safety and development, and for the legal reasons of conducting our activities and operational processes. Your personal data collected for this legal reason can also be processed and transferred for the purposes indicated in this notification within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law No. 6698.



With Article 8 of the Personal Data Protection Law, the transfer of personal data to third parties in the country is regulated. As a main rule, personal data cannot be transferred to third parties without the explicit consent of the person concerned. Our employees are also aware with this Notice that the personal data of the REFERRALS cannot be transferred to third parties as a rule. Compliance with the following criteria is ensured in the processes regarding the transfer of personal data. It is the responsibility of the hospital to act in accordance with all legislative provisions regarding the transfer of personal data and to adapt the transfer processes according to the provisions of the legislation in force or to come into force, and these processes will be followed and coordinated by the Personal Data Protection Committee. Explicit consent of the person concerned for the transfer of personal data Pursuant to Article 8 of the Personal Data Protection Law, the main rule for the transfer of personal data to third parties is the explicit consent of the person concerned. Transfer of personal data, provided that the conditions regarding the processing of personal data are met, even if the data subject does not have express consent; In cases where the data subject does not have his explicit consent for the transfer of his personal data in the country,  it is possible to transfer personal data to third parties under the conditions regulated by the second paragraph of  Article 5 of the GDPR regarding the processing of personal data and the third paragraph of Article 6, provided that adequate measures are taken. Even if the person concerned does not have express consent, it is possible to transfer personal data, provided that the relevant conditions are met for the transfer of sensitive personal data and other legislation provisions require it.



Pursuant to Article 9 of the GDPR, as a main rule, personal data cannot be transferred abroad without the explicit consent of the person concerned. If consent is given, it can be shared with our affiliates abroad in proportion to the legitimate requirements arising from educational activities, and personal data can be transferred taking into account the safe country list to be published by the Data Protection Board.



Personal data must be deleted, destroyed or anonymized by the individual, or by the Hospital itself, for the elimination of any reason requiring the processing of the data, even if it has been processed in accordance with the GDPR and other legislation provisions in accordance with this Notice. The hospital provides administrative and technical infrastructure that is capable of fulfilling all new legislation provisions that are in force or will come into force on the deletion, destruction or anonymization of data. Employees are obliged to implement all new legislation provisions that are in force or will be effective in the event of data deletion, destruction or anonymity.



As personal data owners, by filling in the “Personal Data Information and Request Form” below, your requests regarding your rights, by hand-signed delivery to the hospital address where you received service, by sending it through a notary public, by sending an e-mail with an e-mail signed with your secure electronic signature. or if you send a “Word or PDF” file with a secure electronic signature to via e-mail; Üsküdar Hospital Turkish Hospital will conclude the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost other than free legal requirements, Üsküdar Hospital Turkish Hospital may charge the fee in the tariff determined by the Personal Data Protection Board. In this context, personal data owners;

  • Find out if personal data has been processed
  • Request information if personal data has been processed
  • Find out the purpose of processing personal data and whether they are used for their purpose
  • Know the third parties in which personal data is transferred, whether domestic or abroad
  • Request that personal data be corrected in the event of incomplete or mishandled, and request that the transaction in this context be notified to third parties where personal data is transferred
  • Despite being processed in accordance with Law Numbered 6698 and other relevant laws, do not request the removal or destruction of personal data in the event that the reasons for which it is to be processed are eliminated, and ask that the transaction in this context be notified to third parties where personal data is transferred
  • Objection to the appearance of a result against the individual by analyzing the processed data through the individual automated systems
  • They have the right to request that damage be remedied if the damage is caused by illegal

processing of personal data.
You can also review the Law on the official website of the TBMM and visit the Personal Data Protection Agency website ( for detailed information on your rights under the Law.

Sincerely, it is presented for your information.



Bizi arayarak veya aşağıdaki formu doldurarak randevu talebinde bulunabilirsiniz.