Privacy Policy

Information Regarding the Law on the Protection of Personal Data
The purpose of Law No. 6698 on the Protection of Personal Data is to protect individuals’ fundamental rights and freedoms, particularly the right to privacy, with respect to the processing of personal data, and to set forth the obligations, procedures, and principles binding natural and legal persons who process such data.

This personal data protection notice explains the policy of ERC Estetik Turizm Sağlık Hizmetleri Tic. Ltd. Şti. (Private DR.CINIK Medical Center) regarding the transfer, use, and protection of your personal data during the services provided.

In accordance with Law No. 6698 on the Protection of Personal Data (hereinafter referred to as “the Law” and/or “KVKK”) and the relevant legislation, your personal data will be processed solely by our clinic, acting as the Data Controller, within the framework described below and in compliance with the regulations of the Ministry of Health and other applicable legal provisions.

Personal Data We Collect
As part of the healthcare services we provide, we collect a wide range of information from our patients. All such data is collected in accordance with the data processing principles and requirements set out in Law No. 6698. The data we collect for the purposes described in Section 2 may include:

Identification Information: Your full name, Turkish ID number, passport number or temporary ID number, place and date of birth, mother’s and father’s name, marital status, gender, blood type, insurance and/or patient protocol number, and other identification data.

Contact Information: Your address, phone number, email address, and other contact details.

Communication Records: Voice recordings made by call center agents or patient service representatives in accordance with call center standards, and personal data obtained through your communication with us via email, letter, or other channels.

Financial Data: Limited to data on credit card slips, billing information, etc.

Insurance Data: Your private health insurance information and data from the Social Security Institution (SGK), used for financing and planning healthcare services.

Health Data: Your medical reports, diagnosis data, biometric and genetic data, laboratory and test results, consultation details, appointment records, prescriptions, medical diagnosis, treatment, and care data collected during or after your treatment.

Feedback: Responses from surveys, thank-you or complaint letters, and satisfaction evaluations provided by patients.

Camera Surveillance: Audio and visual recordings from common areas of our clinic monitored for legal reasons.

Online Submissions: Health-related and other personal data submitted or entered on our websites.

Purposes of Personal Data Processing
In accordance with health legislation and Law No. 6698, our clinic, as the data controller, processes personal data for the following purposes:

Fulfilling our legal obligations under the Basic Law on Health Services No. 3359, the Decree-Law No. 663 on the Organization and Duties of the Ministry of Health and Affiliated Institutions, the Regulation on Processing and Protection of Personal Health Data, and other relevant regulations.

Protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of healthcare services and financing.

Operational planning and management of our clinic.

Notifying you about your appointment, if applicable.

Sharing required information with the Ministry of Health and other public institutions as per legislation.

Analyzing the services used and storing your health data to improve and develop healthcare services.

Verifying your identity.

Ensuring the necessary technical and administrative security measures for data protection in our systems and applications.

Protecting legally required health data.

Providing necessary information to regulatory and supervisory authorities or official bodies upon request.

Sharing necessary data with private insurance companies for healthcare financing purposes.

Conducting quality improvement and risk management activities.

Measuring patient satisfaction and responding to inquiries or complaints related to our services.

Communicating with you (via email, SMS, phone call) to inform you about our services.

Provision of medication or medical devices.

And generally, for the execution and improvement of diagnosis, treatment, and care services; for planning and managing healthcare services and financing; for increasing patient satisfaction; and for related research and development activities. Your personal rights will not be violated during this process.

Transfer of Your Personal Data
In accordance with the relevant legislation, your personal data may be recorded, stored, classified, processed, transferred, updated physically and/or electronically, and shared with official authorities upon lawful request (e.g., courts, public prosecutors, ministries, etc.).

Your personal data, within the scope of Law No. 6698 and for the purposes outlined above, may be shared under appropriate security measures with:

Institutions and organizations permitted by law (e.g., the Basic Law on Health Services No. 3359, Decree-Law No. 663, Regulation on Processing and Protection of Personal Health Data, etc.)

Private insurance companies

Law enforcement authorities (e.g., General Directorate of Security)

Civil Registry Directorate

Turkish Pharmacists’ Association

Domestic and international organizations we collaborate with to carry out our services and other third parties

Our clinic’s legal counsel in the event of legal disputes

Official regulatory and auditing authorities

Methods and Legal Grounds for Processing Personal Data
Your personal data is collected via verbal, written, or digital communication for the duration of your interaction with our clinic to fulfill our contractual and legal obligations.

Your Rights Regarding Your Personal Data
As per Article 11 of the Law, you have the following rights concerning your personal data processed by our clinic:

To learn whether your personal data is being processed.

To request information regarding such processing.

To learn the purpose of processing and whether it is being used appropriately.

To learn the third parties to whom your data is transferred.

To request correction if your data is incomplete or inaccurate.

To request deletion or destruction of your data within the framework of Article 7 of the Law, provided that legal obligations regarding the retention of patient records under health regulations are preserved.

To request notification of any correction or deletion made to third parties.

To object to any outcome that is against you based on automated processing.

To claim compensation if you suffer damages due to unlawful processing of your data.

Our clinic will respond to your request as quickly as possible and within no more than thirty days. If processing your request incurs a cost, a fee may be charged as determined by the Personal Data Protection Board.

Data Security
As ERC Estetik, we emphasize the utmost importance of protecting your personal data. We take all necessary technical and administrative measures in compliance with information security standards and procedures. All our products and services are provided with a strong awareness of data security, and the safeguards implemented take into account all potential risks and technological capabilities. We assure you that we approach this matter with the highest level of care and responsibility.