Privacy policy

INFORMATION TEXT ON THE PROCESSING AND PROTECTION OF PERSONAL DATA

Estherian clinic , in the capacity of data controller, within the scope of Personal Data Protection Law No. 6698 (the “Law”) and related sub-legislation, as well as in accordance with the General Data Protection Regulation GDPR We attach great importance to the protection of your data. In order to enlighten you about the sources from which we obtain your personal data, our legal reasons for obtaining and processing personal data, for what purposes we process your personal data, whether we transfer personal data and to whom we transfer it, and your legal rights, this Clarification Text on the Processing and Protection of Personal Data (” The text”) has been prepared. Estherian clinic  processes your personal data in accordance with the law, prevents your personal data from being processed and accessed unlawfully, and has taken all necessary technical and administrative measures to ensure the most appropriate level of security in order to ensure the protection of personal data. exists.

PERSONS WE WANT TAX

Estherian clinic , as a data controller, processes personal data limited to the following groups of people.

  • Our workers
  • Our Worker Candidates (including reference persons declared by job applicants)
  • Our Interns and On-the-Job Training Trainees,
  • Our patients,
  • Persons interviewed and contacted for diagnosis, treatment or to receive such services,
  • Relatives and companions of the patient,
  • Parties of any commercial activity or persons with whom we cooperate or will cooperate due to commercial activity, or authorized or employees of companies (supply, advertising, support, marketing, accommodation, transportation, reference resources, etc.)
  • Shareholders or persons with whom shareholding negotiations are held,
  • Our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies,
  • visitors
  • Legal representatives, parents, guardians or guardians of all data subjects
  • Persons who are parties in legal processes and their legal representatives
  • Third parties with whom we have contacted, although they do not have a commercial or legal connection with our company.

PERSONAL DATA WE PROCESS

Estherian clinic , as a data controller, processes the following personal health data, general and special personal data, in accordance with the principles of “compliance with the law”, “necessity”, “fitness for purpose” and “limitation”.

Identity Data

Name, surname, nationality, T.C. of the persons whose data will be processed. identity number, passport number and information if not a Turkish citizen, or all identity-related data such as temporary TR identity number, place and date of birth, marital status, gender information.

Communication Data

It is all communication-related data such as residence address, correspondence address, mobile phone number, e-mail address.

Visual and Audio Data

The image and sound recording taken by the closed circuit camera system recorded by the company security cameras, the audio recordings kept if you contact our call center, the confirmation and proof of the promotion, research, medical or aesthetic / cosmetic procedure with special written consent and permission (consent). Person data recorded by photograph or video for convincing medical treatment of the patient or other patient candidates are the data within this scope.

Personnel Data

It is the data obtained in accordance with the law or employment contract regarding the personnel transactions such as the start date of the workers, the wage, the number of working days per month.

Training Data

It is the data on the educational status of the workers, candidate workers, trainees or on-the-job training trainees or other related persons working in the company.

Job and Occupation Data

It is all data related to the job or profession in terms of workers, worker candidates, trainees or on-the-job training trainees or other related persons working in the company. (Including professional experience, diploma, course data)

Comment and Complaint Data

It is the data of comments and complaints transmitted to our Company through the website or other channels, by giving approval and consent, in order to evaluate the services we offer.

Location or Location Data

It is the address or location data that people transmit by any means and with their own consent.

Transaction Security Data (IP Data and Cookies)

This includes IP address, browser information, website login and password information, (Mac ID, IP address information, website login and password information).

Legal Data

It is all the data and enforcement data regarding the persons being the plaintiff or the defendant. It is the data about the employees working in the company and any person who has a lawsuit or enforcement proceeding with the company.

Financial Data

It is the data of individuals such as bank account number and IBAN number. It is the data requested and processed in terms of employees working in the company and patients receiving service from the company.

Health Data

All kinds of health data obtained during the execution of medical diagnosis, treatment and care services such as laboratory and imaging results, medical test results, blood group, examination data, prescription information, which must be followed for legal reasons in medical files, processed with the consent of the person. In addition, the health report and other medical documents in the employee’s personnel file are also within this scope.

Vehicle License Plate Tax

If the company’s car park or private valet service is used, the license plate data is within this scope.

Customer Transaction Data

Call center records, invoice, promissory note, check, box office receipt, order information, request information, etc. data in this context.

Clothing Data

size data etc. fixture, uniform, material and shoe size etc. data is included in this scope.

Biometric Data

Palm information, fingerprint, retina scan, face recognition etc. data is included in this scope.

Risk Management Data

The data processed for the management of commercial, technical and administrative risks are within this scope.

Physical Space Security

Entry and exit registration information of employees and visitors, security camera records are the data in this scope.

Association, Foundation and Union Data

Association and foundation data may be required in social responsibility and workplace organizations, and union data may be required during union dues deduction.

III.PROCESSING OF PERSONAL DATA

  1. OBTAINING PERSONAL DATA
  2. Through Which Channels and How Personal Data are Collected

Your Personal Data;

  • 2.As a result of the meeting with our call center,
  • 3.As a result of the conversation made over the live support application on our website,
  • 4.As a result of the interview to be made by reaching the Estherian clinic doctors or related personnel via phone, WhatsApp Application or e-mail,
  • 5.Estherian clinic marketing and promotion personnel over the phones or via SMS or WhatsApp etc. As a result of communication established through applications,
  • If you apply to 1.6.Estherian clinic, you can communicate with the doctors or related personnel by phone, SMS or WhatsApp etc. As a result of the interviews you will make over the applications,
  • If you apply at 1.7.Estherian clinic, as a result of face-to-face meetings with doctors or related personnel,
  • 8. Personal data of the persons and company officials or employees with whom business relations are made as a requirement of the commercial activity, on the contract and other commercial activity documents, on the communication platforms,
  • 9.As a result of personal data being included on the contract and other commercial activity documents of our Legal Advisors, Lawyers and Consultants or authorized or employees of consultancy companies, on communication platforms,
  • 10. As a result of applications made through panels such as “contact us” or “get information” through the promotion and advertisement on social media,
  • 11. As a result of requesting a mobile phone number for personal data and encryption requested in accordance with the legislation in order to be able to connect to the broadcast on a private wireless network (Wi-Fi) for guests within the scope of the wireless Internet service,
  • 12. Obtaining data in the form of recording the MAC ID (Device Identity Information) from the logins to the website,
  • 13. In case of contact or contact with Esteworld without any commercial or legal connection, personal data of third parties are included in communication platforms,
  • 14. Similarly, with other legal data acquisition ways,

It is obtained from such channels.

  • PURPOSE OF PROCESSING PERSONAL DATA AND LEGAL REASONS
  • Purposes of Collection and Processing of Personal Data
  • Your personal data mentioned above and your sensitive personal data will be processed for the following purposes.
  • 1- Fulfilling legal obligations and carrying out all kinds of business within the legal framework,
  • 2- Fulfillment of the provisions of the contract,
  • 3-Providing Health Services (Execution of medical or medical/cosmetic diagnosis, examination, treatment and all kinds of care services)
  • 4-Commercial activity and management requirements,
  • 5-Sectoral (health) requirements;
  • o 5.1.Protection of public health, preventive medicine, medical diagnosis, treatment and care services whether or not they are sick,
  • o 5.2. Sharing the information requested by the Ministry of Health and all other relevant official institutions and organizations in accordance with the health legislation,
  • o 5.3. Financing your health services, examination, diagnosis and treatment expenses by the patient services, financial affairs, marketing departments,
  • o 5.4. Informing the patients about the appointment through the customer representative, call center and other channels,
  • o 5.5. Confirmation of identity by patient services and other operating units,
  • o 5.6. Measuring, increasing and researching patient satisfaction by hospital management, patient rights, patient experience departments,
  • o 5.7. Invoicing by patient services, financial affairs, marketing departments,
  • o 5.8. To be able to answer all questions and complaints about our health services by the hospital management, patient rights and call center, patient relations department,
  • o 6.Technical requirements;
  • o 6.1. Planning and management of the internal functioning of the institution by the call center, patient relations, hospital management,
  • o 6.2. The quality of service delivery, patient experience, research and analysis made by the IT departments to increase the quality of health services,
  • o 6.3. Training of workers by human resources management and quality departments,
  • o 6.4. Monitoring and preventing abuse or unauthorized transactions by the internal audit and data processing department,
  • o 6.5. Carrying out risk management and quality improvement activities by quality, information technology departments,
  • o 6.6. Taking all necessary technical and administrative measures within the scope of data security by the hospital management and IT department,
  • o 6.7. Ensuring the necessary communication by the officials in order to carry out transportation, accommodation and courtesy services within the scope of health tourism,
  • o 6.8. Patient relations, marketing, call center, participation in campaigns and giving campaign information by the department, designing special content, tangible and intangible benefits on the web and other mobile channels, social media and communicating them to the addressees,
  • o 6.9. To be able to carry out training and activities by the educational institutions with which the institution is in cooperation,

2.Legal Reasons for the Collection and Processing of Personal Data

Your personal data mentioned above and your personal data of special nature;

  • Health Services Basic Law No. 3359,
  • Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,
  • Law on Protection of Personal Data No. 6698,
  • Private Hospitals Regulation,
  • Regulation on the Processing of Personal Health Data and Protection of Privacy
  • Identity Notification Law No. 1774,
  • Labor Law No. 4857,
  • Social Insurance and General Health Insurance Law No. 5510,

It will be processed for legal reasons.

Protection of Personal Data No. 6698, as stated in paragraph 3 of Article 6 of the Law, personal data related to health and sexual life can only be used for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. may be processed by persons or authorized institutions and organizations under the obligation to keep secrets without seeking the explicit consent of the person concerned.

  1. TRANSFER OF PERSONAL DATA

Your personal data,

  • Health Services Basic Law No. 3359,
  • Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates,
  • Law on Protection of Personal Data No. 6698 and all relevant sub-legislation,
  • Private Hospitals Regulation,
  • Regulation on the Processing of Personal Health Data and Protection of Privacy
  • Identity Notification Law No. 1774,
  • Labor Law No. 4857,
  • Social Insurance and General Health Insurance Law No. 5510,
  • Within the framework of its terms and for the purposes described above;
  • Ministry of Health, sub-units and family medicine centers affiliated to the ministry,
  • Private insurance companies (health, pension, life insurance, etc.),
  • Social Security Institution,
  • Ministry of Family, Labor and Social Policies,
  • General Directorate of Security and other law enforcement agencies,
  • General Directorate of Population and Citizenship Affairs,
  • Other authorized official institutions and organizations,
  • Turkish Pharmacists Association,
  • Judicial authorities, enforcement offices, mediators,
  • Laboratories, medical centers, ambulances, medical devices and institutions providing health services in the country or abroad with which we cooperate for medical diagnosis and treatment,
  • The health institution to which the patient was referred or to which the patient applied himself,
  • Legal representatives, parents and guardians authorized in writing
  • All real or legal third parties who receive consultancy services, including lawyers, tax consultants and auditors we work with under the contract,
  • Regulatory and supervisory institutions and official authorities,
  • Companies within the group of companies to which our Hospital is affiliated,
  • Banks where our company or those of our patients or workers who are related to our company pursuant to any contract, have accounts,
  • Private pension companies that work within the scope of compulsory or voluntary IPS (Individual Pension System),
  • Our suppliers, support service providers, archive service providers and business partners whose services we benefit from or cooperate with (for more detailed information, you can obtain information by applying to our hospital in writing.)
  • To our business partners and business contacts,
  • To our shareholders and real or legal persons with whom shareholder interviews were made.
  • Outsourcing service providers,
  • Cargo or courier companies,
  • Air, land or sea passenger transport companies,

It can be shared with.

  1. OUR MEASURES AND COMMITMENTS ON THE PROTECTION OF PERSONAL DATA

Estherian clinic, as the data controller, protects the above-mentioned personal and private personal data in its own physical and electronic environments with great sensitivity and by fully complying with the provisions of the legislation, by taking all kinds of administrative and technical measures.

Estherian Clinic has taken all kinds of administrative and technical measures to protect your personal data, as recorded in VERBIS and included in the Personal Data Inventory.

Estherian Clinic is committed to protecting all personal data. In order to prevent the illegal processing and access of personal data and to ensure the protection of personal data, technical and administrative measures are carried out by using various methods and security technologies to ensure the appropriate level of security.

Estherian clinic  will not disclose the personal data it has obtained to others in violation of the provisions of the Law on Protection of Personal Data No. 6698 and will not use it for purposes other than processing.

Estherian clinic has prepared and signed all warnings or consent statements, undertakings, and has implemented the necessary multi-faceted audit activities in cases where it is necessary and necessary to share (transfer) personal data with outsourcing service providers and suppliers, consultants or lawyers.

  1. PROCESSING OF PERSONAL DATA COLLECTED THROUGH COOKIES

Estherian clinic does not position cookies on its website. During the use of our website and mobile application, IP address, browser information. (Mac ID, IP address information, website login and password information) are not received.

  1. YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA

Pursuant to Article 11 of the Personal Data Protection Law, you can exercise your rights regarding the processing and protection of your personal data, provided that you prove your identity, by applying to Estherian Clinic as a Data Controller through the following ways.

  1. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

 

  • Learning whether your personal data is processed or not,
  • If your personal data has been processed, requesting information about it,
  • Learning the purpose of processing your personal data and whether they are used in accordance with the purpose,
  • Knowing the third parties to whom your personal data is transferred, at home or abroad,
  • Requesting correction of personal data if it is incomplete or incorrectly processed
  • Requesting the deletion or destruction of personal data,
  • In case your personal data has been transferred to third parties, requesting that your personal data be corrected and deleted or destroyed, in case your personal data is incomplete or incorrectly processed, to be notified or forwarded to the relevant third party,
  • Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  • Demanding the compensation of the damage in case of loss due to unlawful processing of personal data,

you have the rights.

You can request the destruction (deletion, destruction or anonymization) of your personal data from Estherian Clinic within the framework of the conditions stipulated in Article 7 of the Personal Data Protection Law. However, by evaluating your destruction request, which method is appropriate will be evaluated by our company according to the conditions of the concrete case. In this context, you can always request information from Estherian Clinic about why we have chosen the destruction method we have chosen.

Personal data collected about persons under the age of 18 are limited to their name, surname, age and degree of affinity, and these data can only be given to us by the relevant adult (parent or guardian).

SITUATIONS OUT OF THE SCOPE OF APPLICATION

Pursuant to Article 28 of the Personal Data Protection Law, personal data owners will not be able to assert their right of application, since the following cases are excluded from the scope of the KVK Law:

 

  • Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.
  • Processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or does not constitute a crime.
  • Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.
  • Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Pursuant to paragraph 2 of Article 28 of the Law on the Protection of Personal Data, it is not possible to assert the rights in the following cases, with the exception of the right to demand the compensation of the damage:

  • The processing of personal data is necessary for the prevention of crime or for criminal investigation,
  • Processing of personal data made public by the person concerned,
  • Personal data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by the law,
  • The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
  1. YOUR WAYS TO CONTACT OUR COMPANY TO USE YOUR RIGHTS

Your rights under the Personal Data Protection Law;

 

  • 1- By filling out the Application Form on the Protection of Personal Data on the website of our company “www.estherian.com”,
  • 2-19 mayıs mahallesi, 19 mayıs caddesi, Golden Plaza, no:3 Kat:4, 34360 Şişli/İstanbul address, filling in the Application Form on the Protection of Personal Data to be obtained from the Human Resources Management department and handing it in person against signature,
  • 3- By sending a letter through a notary public,
  • 4- By sending an e-mail to [email protected] with secure electronic or mobile signature, to the registered e-mail address,

Depending on the nature of your request and your application method, additional verifications (such as sending a message to your registered phone, calling) may be requested by the Company in order to determine whether the application belongs to you or not, and thus to protect your rights. For example, if you apply through your e-mail address registered with the Company, you may be contacted using another communication method registered with the Company and you may be asked to confirm whether the application belongs to you.

As a rule, your requests in your application will be concluded free of charge within thirty working days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost for the Company, as stated in the Communiqué on the Procedures and Principles of Application to the Data Controller published in the Official Gazette dated 10.03.2018 and numbered 30356 by the Personal Data Protection Authority, a total of 50 (Fifty) TL cannot be exceeded. A fee may be charged. If your application is caused by the fault of our company, which is the Data Controller, the paid fee will be refunded to you.

Your duly requests for the Protection of Personal Data will generally be concluded free of charge, within thirty business days at the latest, from their receipt to our company.

In order to confirm that you are the right person in case of your application, “Estherian Clinic” has the right to request some confirming information from you. Unless you cancel your application, you are deemed to have accepted these requests of Estherian Clinic.

CONSENT and APPROVAL

When you read this Clarification Text, you accept, declare and declare that you are fully and completely informed about the fact that Estherian Clinic. You are deemed to have committed.

CONTACT INFORMATION

Estherian Clinic

Contact link: www.estherian.com

E-Mail: [email protected]

Adress: 19 mayıs mahallesi, 19 mayıs caddesi, Golden Plaza, no:3 Kat:4, 34360 Şişli/İstanbul    Phone+90 (544) 169 90 00.

 

4. COOKIES

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.

NECESSARY COOKIES (ALL SITE VISITORS)
  • cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
  • PHPSESSID: To identify your unique session on the website.
NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)
  • wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
  • wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
  • wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
  • wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
  • wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
5. WHO HAS ACCESS TO YOUR DATA

If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.

If you are a client with a registered account, your personal information can be accessed by:

  • Our system administrators.
  • Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
6. THIRD PARTY ACCESS TO YOUR DATA

We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:

ENVATO PTY LTD

For the purpose of validating and getting your purchase information regarding licenses for our theme, we send your provided tokens and purchase keys to Envato Pty Ltd and use the response from their API to register your validated support data. See the Envato privacy policy here: Envato Privacy Policy.

TICKSY

Ticksy provides the support ticketing platform we use to handle support requests. The data they receive is limited to the data you explicitly provide and consent to being set when you create a support ticket. Ticksy adheres to the EU/US “Privacy Shield” and you can see their privacy policy here: Ticksy Privacy Policy.

7. HOW LONG WE RETAIN YOUR DATA

When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.

If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.

8. SECURITY MEASURES

We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.

In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.

9. YOUR DATA RIGHTS
GENERAL RIGHTS

If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.


You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).

If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.

GDPR RIGHTS

Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. AncoraThemes permits residents of the European Union to use its Service. Therefore, it is the intent of AncoraThemes to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.

10. THIRD PARTY WEBSITES

AncoraThemes may post links to third party websites on this website. These third party websites are not screened for privacy or security compliance by AncoraThemes, and you release us from any liability for the conduct of these third party websites.

All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties, unless you explicitly click on them.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to members of the Service or Site. AncoraThemes bears no responsibility for the information collected or used by any advertiser or third party website. Please review the privacy policy and terms of service for each site you visit through third party links.

12. AMENDMENTS

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our services.