CLARIFICATION TEXT ON THE PROTECTION OF PERSONAL DATA

As Medera Clinic, in our capacity as data controller, the personal data of our clients will be recorded, classified, stored, updated, and processed in accordance with the Law on the Protection of Personal Data No. 6698 (“the Law”), primarily adhering to the principle of protecting the privacy of private life. The data will be processed within the framework of the processing conditions enumerated in the Law and will be transferred to third parties where and to the extent permitted by legislation.

This Clarification Text has been prepared in accordance with the applicable relevant legislation, especially the Law, and the rules specified in the regulations, communiqués, decisions, and guides published by the Personal Data Protection Board. In the event of a change in the Law or other relevant legislation after the publication date of this Clarification Text, and should the Clarification Text become inconsistent with the said change, the amended provisions and rules will apply. All communiqués, decisions, and guides published by the Board are monitored by the Clinic, and the Clarification Text is kept continuously updated.

DATA SUBJECT / CONCERNED PERSON

The data subjects within the scope of this Clarification Text are the patients and their relatives whose personal data are processed.

IDENTITY OF THE DATA CONTROLLER AND ITS REPRESENTATIVE

In accordance with the Law, your personal data will be collected and may be processed by Medera Clinic as the data controller within the scope described below.

For your questions regarding the processing of your personal data, you can contact the Medera Clinic Contact Person via info@mederaclinic.com.

PURPOSES, LEGAL GROUNDS, AND COLLECTION METHODS OF PERSONAL DATA PROCESSING

Data Processing Activity: Execution of Patient Registration, Appointment, and Call Center Line Activities

Processed Personal Data: Name-Surname, Name-Surname of Patient’s Relative (if transactions are handled by the relative), Phone Number, Phone Number of Patient’s Relative, E-mail Information, E-mail Information of Patient’s Relative, Call Center Records, Requests and Complaints

Purpose: Conducting identity verification and confirmation processes, creating appointments, performing cancellation and modification procedures, providing information, managing call center processes, sending reminders, ensuring activities are conducted in compliance with legislation, tracking requests and complaints, managing patient relations and communication activities, storage and archiving activities, providing information to authorized persons, institutions, and organizations.

Legal Ground: The necessity of processing personal data, provided that it is directly related to the establishment or performance of a contract.

Collection Method: Call center line, electronic forms via https://www.mederaclinic.com, contracted appointment websites, mobile applications, and call centers.

Data Processing Activity: Execution of Health Services

Processed Personal Data: Name-Surname, T.R. Identity No, Gender, Nationality, Marital Status, Place/Date of Birth, ID Serial No, Mother’s Name, Father’s Name, Passport Information, Blood Pressure, Height, Weight, Chronic Disease and Allergy Information, Menstruation Information, Examination and Prescription Data, Diagnosis, Treatment, Examination, Laboratory and Test Information, SSI and private health insurance information, birth procedure, and religious needs information.

Purpose: Identity verification, protection of public health, preventive medicine, execution of medical diagnosis, treatment, and care services, providing information to the Ministry of Health and other public institutions, procurement of medicine, planning of operations, conducting laboratory and imaging processes, archiving and storage, providing information to authorized institutions.

Legal Ground: Execution of medical diagnosis, treatment, and care services.

Collection Method: Call center, communication tools, clarification and consent forms, clinic registration forms.

Data Processing Activity: Execution of Patient Discharge and Finance/Accounting Processes

Processed Personal Data: Name-Surname, Bank Account Information, Credit Card Number, Invoice Information, Receipt Information, Signature

Purpose: Execution of finance and accounting activities, planning of health financing, archiving in compliance with legislation, conducting invoicing and reconciliation processes with contracted institutions.

Legal Ground: Being directly related to the establishment or performance of a contract, the necessity for the data controller to fulfill its legal obligation.

Collection Method: Payment documents, release forms, invoice documents.

Data Processing Activity: Execution of Website Activities

Processed Personal Data: IP address, user traffic information

Purpose: Execution of website activities, information security, storage, archiving, and creation of visitor records.

Legal Ground: Being explicitly stipulated in the laws.

Collection Method: Via the website https://www.mederaclinic.com.

Data Processing Activity: Ensuring Physical Space Security

Processed Personal Data: Camera recordings

Purpose: Ensuring the security of the physical space, securing the data controller’s operations, archiving activities.

Legal Ground: The legitimate interests of the data controller.

Collection Method: CCTV cameras.

Data Processing Activity: Execution of Legal Transaction Activities

Processed Personal Data: Information from judicial and administrative correspondence, information within the scope of warning/notification letters, contract information, lawsuit file data

Purpose: Compliance with legislation, contract processes, execution of legal affairs, providing information to authorized institutions.

Legal Ground: Being explicitly stipulated in the laws, the data controller’s fulfillment of its legal obligation.

Collection Method: Powers of attorney, contracts, petitions, and electronic documents.

TRANSFER OF PERSONAL DATA

Your personal data may be shared with business partners, suppliers, private insurance companies, laboratories, imaging centers, medical centers, ambulance and healthcare service providers, hospitals, consultants, lawyers, auditors, your employer (in case of invoicing), companions, and public institutions for the purposes stated above.

TRANSFER OF PERSONAL DATA ABROAD

Your personal data may be transferred via e-mail systems, cloud services, and communication applications whose infrastructure is located abroad.

YOUR RIGHTS UNDER THE LAW

Data subjects may exercise their following rights by filling out the Data Subject Application Form available at https://www.mederaclinic.com or by applying through methods that allow for identity verification: To learn whether personal data is being processed, To request information if it has been processed, To learn the purpose of processing and whether it is used in line with its purpose, To know the third parties to whom data is transferred, To request correction of incomplete or incorrect data, To request its deletion or destruction, To object to processing exclusively through automated systems, To demand compensation in case of damage.

You can send your applications to info@mederaclinic.com or by mail to the following address: 📍 Hasanpaşa Mah. Lavanta Sok. Etap İş Merkezi B Blok No:18/12 Ofis 3 Kadıköy / İstanbul, Türkiye

Requests are concluded within 30 days at the latest. If the transaction requires an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.

EFFECTIVENESS AND UPDATE

Medera Clinic regularly monitors legislative changes and updates the Clarification Text when necessary.

Data Controller: Medera Clinic Address: Hasanpaşa Mah. Lavanta Sok. Etap İş Merkezi B Blok No:18/12 Ofis 3 Kadıköy / İstanbul Phone: +90 530 889 69 62 E-mail: info@mederaclinic.com Web: https://www.mederaclinic.com