As the Aesthetic, Plastic and Reconstructive Surgery Clinic registered in the name of Op. Dr. Berat Bora Ok (M.D./Surgeon), the health and satisfaction of our patients, as well as their privacy and following the best way to carefully process and protect all their personal data, is extremely important for us.

Your personal data and private personal data are processed and protected within the framework of the Personal Data Protection Law No. 6698 (PDPL) and all other national and international legal regulations related to the European Union General Data Protection Regulation (GDPR), by Op. Dr. Berat Bora Ok under the title, data controller within the scope of PDPL and GDPR, within the scope and conditions described below. This disclosure text is prepared to inform you about the identity of the data controller, the method and legal reasons for processing your personal data, the purposes of processing them, to whom and for what purpose they can be transferred, and finally, your rights within this scope under the provisions of the specified legislation.

 

Processing Methods, Purposes of Processing and Retention Period of Your Personal Data

Under the LPPD, personal data means any kind of information about an identified or identifiable natural person. Your private personal data, especially your personal health data, and your general personal data are processed in verbal, written, or electronic form, depending on the health services offered to you and in line with the purposes specified in this disclosure text, under the legislation on health services, LDDP and other national and international regulations on the protection of personal data, by the following methods:

• Through the health reports, medical analyses, imaging and laboratory test results you provide during your clinic visit for examination and treatment, and the "Patient Information and Consent Form" you submit for the evaluation of the treatment to be applied to you, and any other statement you make on your health data within the treatment and care process,
• Through the contact form you sent to us via drboraok.com, the corporate website of the clinic,
• Through the emails you send to the corporate email address of the clinic (This email address is being protected from spambots. You need JavaScript enabled to view it.),
• Through the text, audio and visual messages you send to us via WhatsApp, Facebook, Messenger, Instagram, Zoom, Skype, Google and similar service providers, by accepting privacy policies and international transfer policies you approve and from whom you receive services, and the online voice and video calls you make and request to be made via these applications,
• Through the photographs and videos that may be recorded before, after and/or during the medical procedure to be applied or that has already been applied to you,
• Through camera recordings and similar methods collected under the legislation to ensure that the necessary security measures are taken. The collected data may be stored both digitally and physically in the archives and information systems of the clinic.

Your personal data we process under the legal regulations, the purposes of processing them and the legal reasons for processing are explained in detail below:

 

Your Identity Data : Your name, surname, Turkish ID number, passport number, temporary Turkish ID number, place and date of birth, marital status, gender, patient registration/protocol number specific to the insurance and our clinic, and other identity data which may help us identify you.

Your Contact Data  : Your address, telephone number, email address and other communication data and your personal data collected as you contacted us via emails, websites, social media accounts, WhatsApp and other means.

Your Financial Data           : Your financial data such as your bank account number, IBAN number, credit card information, invoicing information.

Your Health Data    : Your health data such as your blood type, medical history, check-up reports, examination data, consultation reports, medical stats, laboratory, test and analysis results, diet form, surgery information, treatment method, disease and medication information, measurements, and drawings and all kinds of health data including but not limited to data collected during or as a result of medical diagnosis, treatment and care services. 

Your Insurance Information       : Data regarding your private health insurance and Social Security Institution data for financing and planning your health services.

Audio-Visual Records       : The audio/visual records you sent to the clinic at the application stage and the photographs and/or videos taken before, during and after the procedure.

Physical Space Security   : The camera footage shot in common areas for security and inspection purposes and in which you appear as you visit the clinic. (There are no cameras in the examination and operation rooms.)

Philosophical, Religious and Other Beliefs     :

 Your philosophical/religious belief information in our records due to the older version identity photocopy submitted to us.

Your Companion, Parent/Guardian/Legal Representative Information :

 Contact information of the companion to carry out the communication activities and emergency processes and the PCR results, and identity and contact information of your parent, guardian or legal representative whose consent must be obtained as per the legislation, if you are under the age of 18.

Transfer, Flight Ticket and Accommodation Information   :

 Transfer, flight ticket and accommodation information required for the transfer and accommodation services for foreign patients visiting us for international health tourism purposes and receiving the said services.

Your Customer Transaction Data          : Your data on patient satisfaction, invoices and receipts, and information on requests and complaints.

 

The listed personal data types do not cover all the data processed in our clinic, and other personal data of similar type and nature to those listed may be processed.

Your personal data within the specified scope and of a special nature are processed within the scope of the services we provide and as per the basic principles specified in Article 4 of LDDP and Article 5 of the GDPR,

• To execute emergency processes,
• To ensure risk management,
• To confirm your identity,
• To protect public health,
• To conduct preventive medicine, medical diagnosis, treatment and care services,
• To plan and manage health services and financing,
• To fulfill legal and administrative obligations,
• To share requested information with the Ministry of Health and other public institutions and organizations in accordance with relevant legislation,
• To measure, research and increase patient satisfaction,
• To plan and manage the internal functioning, inspection, control and operations of the clinic,
• To answer all your questions and complaints about the health services,
• To provide you with news and information about your appointments,
• To procure medications,
• To plan and execute hospital processes,
• To analyze and research your use of health services and retain your health data to develop and improve health services,
• To provide transfer and accommodation services to patients visiting as a part of international health tourism to ensure that said services are carried out,
• To take the necessary technical and administrative measures to ensure data security,
• To ensure the security of physical spaces in the clinic,
• To protect information about your health data, which must be retained as per the relevant legislation,
• To prevent misconduct and unauthorized transactions,
• To comply with the policies and procedures of the institutions and organizations from which we receive services or have business and cooperation relations,
• To execute hospital emergency processes and perform medical diagnosis, treatment and care services,
• To ensure performance of the supervision and regulation duties of assigned and authorized public institutions and organizations and professional organizations with public institution status,
• To allow financial reconciliations with the contracted institutions about the health services we provide,
• To fulfill the requests for information and documents from judicial bodies and administrative bodies,
• To share promotional content and messages through the website, social media accounts and other digital channels,
• To manage the marketing processes, advertising, campaigns and promotions for products and services,

and retained in accordance with the periods stipulated in the laws and other legislation. If the relevant law and other legislation do not stipulate a retention period, the personal data shall be retained for as long as the reason and purpose of the processing continues as per the “Op. Dr. Berat Bora Ok Muayenehanesi - Policy on Processing, Protecting and Destroying Personal Data,” and the data shall be destroyed by deletion, anonymization or destruction after the suitable method is chosen at the end of the specified period and in line with the destruction periods. Your personal data is retained and stored for 20 years from the end of the treatment in line with the legal provisions. The storage period of physical space security data is 2 months.

Legal Grounds and Express Consent

Your personal data may be processed without your explicit consent for the aforementioned purposes, and limited to these purposes alone, on the legal grounds that it is clearly stipulated in the law, that it is necessary for the execution or performance of the contract regarding your health service, for Op. Dr. Berat Bora Ok to fulfill his legal obligations or for the establishment, exercise or protection of a right, and for the legitimate interests of Op. Dr. Berat Bora Ok, and provided that it does not harm the fundamental rights and freedoms of the data subject.

Your health data considered personal data of a special nature may be processed without your explicit consent for the purposes of protecting public health, preventive medicine, medical diagnosis, carrying out treatment and care services, planning and management of health services and financing, and within the scope of duty of confidentiality.

Your contact data will be processed without your explicit consent to carry out checks after your treatment process and to manage appointments within this scope, and to perform patient satisfaction and demand management within the scope of our legitimate interests.

Your contact data will be processed without your explicit consent in case you contact us via the service providers and social media platforms (WhatsApp, Instagram, Facebook, etc.) you use, whose privacy policy and international transfer policy you have accepted, as you will be considered to have accepted your data to be processed within the scope of this disclosure text and our privacy policies and to be contacted through the same channels.

Your contact data will only be used with your explicit consent for the purpose of making promotions, announcements and information regarding the medical services and business activities provided by our clinic.

Your photos and videos taken before, after and/or during the medical procedure applied to you will only be published on YouTube, Instagram, TikTok, Facebook, and similar social media accounts and the corporate website of our clinic and used in medical and scientific publications and meetings and scientific training activities with your express consent.

We want to inform you that you always have the right to withdraw your explicit consent. Your consent will be withdrawn and the processing and usage of the relevant data will be terminated as you send us a statement regarding the withdrawal of the consent through the channels specified below, under the heading "Exercise of the Rights of the Data Subject" with the specified methods.

Transfer of Your Personal Data

Your personal data may be transferred to third parties and organizations to fulfill the legal obligations of our clinic regarding data processing and retention under LDDP and other relevant legislation, inform authorized persons, institutions, and organizations in Turkey and/or abroad, and coordinate with public institutions and organizations working with affiliates and suppliers, execute hospital operations and ensure safety, allow the execution and continuity of the health services, ensure risk management and execute emergency processes by following the conditions and procedures stipulated in Article 4 of the LDDP on the basic principles regarding the processing of personal data and Article 8 and 9 titled "Transfer of personal data" so long that the all possible technical and administrative measures are taken to ensure appropriate security conditions under LDDP and the relevant health legislation.

These third parties and organizations include public institutions and organizations, especially the Ministry of Health and its sub-units, regulatory and supervisory official institutions, affiliates of our clinic, insurance companies, organizations in Turkey and abroad, partners of our clinic or the private institutions, hospitals, laboratories, medical centers we receive services from for medical diagnosis, operation and treatment processes, healthcare institutions and other third parties providing health services to which the patient visited or referred, tourism and transfer companies and hotels that will provide the relevant transfer and accommodation services within the scope of the transfer and accommodation services to be provided to you, suppliers, support service and service providers and third parties and organizations to be determined by them, third parties we receive consulting services, including insured employees, lawyers-tax consultants and financial advisors, our business partners, service providers of software systems used in the clinic, your authorized representatives, and other real and legal persons. 

 

Deletion, Destruction or Anonymization of Personal Data

As per Article 7 of LPPD No. 6698, although they are processed in accordance with the provisions of LPPD and other relevant laws, in case the reasons requiring them to be processed no longer exist, personal data are deleted, destroyed or anonymized by the data controller upon the request by the data subject. Our clinic stores personal data only for the period specified in the legislation or necessary and mandatory for the purpose for which they are processed. In the event that the legal period expires or the reasons requiring the processing are no longer relevant, the personal data will be destroyed with an appropriate destruction method (deletion and/or destruction and/or anonymization) determined in accordance with the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data in periodic destruction times or with the data subject’s request. 

Your Rights Regarding the Protection of Personal Data Under the LPPD

Pursuant to Article 11 of LPPD No. 6698 titled "Rights of the Data Subject", every person has the right to applying to the data controller and request the following information about themselves:

a) learn whether or not their personal data are being processed,

b) request information in this respect if personal data have been processed,

c) obtain information with regards to the purpose of processing the personal data and find out whether personal data is being used in line with such purpose,

ç) obtain information about the third parties with whom personal data were shared domestically or abroad,

d) request the correction of personal data that may be incompletely or inaccurately processed,

e) request the deletion or destruction of personal data within the scope of provisions set forth in Article 7,

f) request that the third parties to whom personal data are disclosed are informed about the transaction carried out pursuant to items (d) and (e),

g) object to the occurrence of a result which is to the detriment of the data subject due to the analyzing of the personal data exclusively through automated systems,

G) Request compensation for damages in the event that damage is sustained as a result of the unlawful processing of personal data.

Your Rights Regarding Protection of Personal Data Under GDPR

Your personal data processed at Op. Dr. Berat Bora Ok Muayenehanesi is also protected under the GDPR, and the legal rights of data subjects within the jurisdiction of GDPR (European Union citizens or residents of European Union countries) are as follows:

- Right to Access (GDPR 15)

The data subject has the right to verify whether their personal data is processed, and to request detailed information within the scope of Article 15 of GDPR and to obtain a copy if the personal data is being processed.

- Right to Rectification (GDPR 16)

The data subject has the right to request the rectification of inaccurate personal data about them and the completion of incomplete personal information.

- Right to Erasure (Right to Be Forgotten) (GDPR 17)

The data subject has the right to request the deletion of their personal data under the conditions stipulated in Article 17 of the GDPR.

- Right to Restrict Processing (GDPR 18)

- If the data subject objects to the accuracy and timeliness of their personal data, they shall have the right to request the use of the data to be restricted until the accuracy of the data is confirmed.

- If the data subject requests the deletion of his personal data due to the illegality of the personal data processing activity, they shall have the right to request the restriction of the use of their data until this request is fulfilled.

- Data subject has the right to request the restriction of the use of its data in cases where Op. Dr. Berat Bora Ok no longer needs personal data for processing purposes.

- If the data subject objects to the processing of data as per the GDPR 21/1, they shall have the right to request the restriction of the use of their data until it is verified that the legitimate reasons of Op. Dr. Berat Bora Ok outweigh the legitimate reasons of the data subject.

- Right to Data Portability (GDPR 20)

The data subject has the right to receive the personal data they have provided in a structured, common and machine-readable format and to transfer it to another controller, under the circumstances and conditions specified in Article 20 of the GDPR. The data subject also has the right to exercise the right to data portability by requesting the transfer of their personal data directly to another controller, if technically feasible.

- Right to Object (GDPR 21)

- The data subject has the right to object to the processing of their personal data, including profiling, within the scope of sub-paragraphs (e) and (f) of Article 6/1 of the GDPR, based on grounds relating to their particular situation. In the case that this right is exercised, Op. Dr. Berat Bora Ok may no longer process the personal data of the data subject if it cannot show a strong legitimate reason such as the rights and freedoms and interests of the data subject or the establishment, exercise or protection of a legal right.

- If the personal data is processed for direct marketing purposes, the data subject shall always have the right to object to the processing of their personal data for direct marketing purposes, including profiling, to the extent that it is related to direct marketing. If the data subject objects to the processing for direct marketing purposes, personal data may no longer be processed for these purposes.

 

Exercise of Rights by Data Subject

Pursuant to Article 13 of the LDDP you may make request to exercise your above-mentioned rights by filling out the "Application Form under the Law on the Protection of Personal Data" on our website, www.drboraok.com ;

- by visiting our clinic at “Fenerbahçe Mah. Lalezar Sk. No:7/9 Kadıköy / Istanbul” in person with documents to verify your identity or through a notary public in writing, or

- sending it to the email addresses This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it. with a secure electronic signature or mobile signature, via your registered electronic mail (REM) address or your email address registered with our system.

The applications you send to us will be finalized free of charge within 30 days at the latest from the date of receipt of your request, depending on their nature, and we will answer your request in writing or electronically as per Article 13 of the LDDP. However, in the case that the process requires any additional cost, we may charge the fee in the tariff determined by the Board of Protection of Personal Data.

We will contact you to clarify your request if the request, information and documents you have submitted to us within the scope of your application are incomplete or found incomprehensible.

You may find all the details of our policy regarding the processing, protection and destruction of your personal data in the “Op. Dr. Berat Bora Ok Muayenehanesi - Personal Data Processing, Protection and Destruction Policy” on our website.

We hereby present for your information the "Disclosure Text on the Processing of Personal Data", which we have prepared as per the provisions of the Law on the Protection of Personal Data No. 6698 and other relevant legislation, to fulfill our obligation to inform you about the processing of your personal data.

Yours Respectfully.

Data Controller

Berat Bora Ok (M.D./Surgeon)

Fenerbahçe Mah. Lalezar Sk. No:7/9, 34726 Kadıköy / Istanbul

Phone: 0216 358 21 22

Website: www.drboraok.com

Email:  This email address is being protected from spambots. You need JavaScript enabled to view it.