Personal Data Protection and Processing Policy

Personal Data Protection and Processing Policy

Truself

TRUSELF HEALTH TOURISM AND CONSULTANCY SERVICES LIMITED COMPANY

PERSONAL DATA PROTECTION AND PROCESSING POLICY

1. Purpose and Scope

Truself Sağlık Turizm Ve Danışmanlık Hizmetleri Limited Şirketi (TRUSELF) makes maximum effort to comply with all applicable legislation regarding the processing and protection of personal data.

Within the framework of this Policy, the principles adopted by TRUSELF in the conduct of personal data processing activities are explained.

The Policy aims to ensure the sustainability of the principle of conducting TRUSELF's professional activities in transparency. In this context, the basic principles adopted in terms of compliance of data processing activities with the regulations in the Personal Data Protection Law No. 6698 ("KVK Law") are determined and the practices fulfilled by TRUSELF are explained.

The Policy is intended for natural persons whose personal data are processed by TRUSELF by automatic means or by non-automatic means provided that they are part of any data recording system, but the issues regarding the protection of the personal data of its employees are also regulated.

2. Policy Guidelines

2.1. General Principles

The Policy is published on TRUSELF's website at www.trueself.com in a manner accessible by personal data owners. In parallel with the changes and innovations to be realized in the legislation, the amendments to be made in the Policy will be made available in a manner that data owners can easily access.

In the event of a conflict between the legislation in force regarding the protection and processing of personal data and this Policy, TRUSELF agrees that the legislation in force shall apply.

2.2. Groups of Persons Covered by the Policy

The data subject groups covered by the Policy and whose personal data are processed by TRUSELF are as follows:

  • Employee Candidates
    Persons who do not have a service contract with TRUSELF but are under consideration for one.

  • Officials, Employees of Business Partners
    Real person officials, shareholders and employees of the organizations with which TRUSELF has commercial relations.

 

  • Visitors
    Natural persons visiting TRUSELF's office or websites operated by TRUSELF.

  • Other Real Persons
    All natural persons who are not covered by TRUSELF Personal Data Protection and Processing Policy.

3. Disclosure of Personal Data Subjects

In accordance with Article 10 of the KVK Law, TRUSELF carries out the necessary processes to ensure that data subjects are informed during the acquisition of personal data. In this context, the following information is included in the disclosure texts provided by TRUSELF to data subjects:

  • (1) Title of TRUSELF,

    (2) The purposes for which TRUSELF will process the personal data of data subjects,

    (3) To whom and for what purpose the processed personal data may be transferred,

    (4) The method and legal reason for collecting personal data,

    (5) The rights of the data subject;

  • Learn whether their personal data is being processed,
  • Request information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used for their intended purpose,
  • To know the third parties to whom personal data are transferred domestically or abroad,
  • To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction to third parties to whom personal data is transferred,
  • To request the deletion or destruction of personal data within the framework of the stipulated conditions and to request notification of the transaction to third parties to whom personal data is transferred,
  • To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,

    In case of damage due to unlawful processing of personal data, to demand compensation for the damage.

4. Finalization of Personal Data Subjects' Requests

In the event that data subjects submit their requests regarding their personal data to TRUSELF in writing, TRUSELF, as the data controller, carries out the necessary processes to ensure that the request is finalized as soon as possible and within thirty (30) days at the latest, depending on the nature of the request, in accordance with Article 13 of the KVK Law.

Within the scope of ensuring data security, TRUSELF may request information to determine whether the applicant is the owner of the personal data subject to the application. TRUSELF may also ask questions to the personal data owner about the application in order to ensure that the application of the personal data owner is finalized in accordance with the request. In cases where the application of the data subject is likely to prevent the rights and freedoms of other persons, requires disproportionate effort, or the information is publicly available, TRUSELF may reject the request by explaining the reason.

4.1. Rights of Personal Data Subjects

Pursuant to Article 11 of the KVK Law, you can apply to TRUSELF via the form available at www.trueself.com and make a request on the following issues:

  • (1) To learn whether your personal data is being processed,

    (2) Requesting information if your personal data has been processed,

    (3) To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,

    (4) Learning the third parties to whom your personal data are transferred domestically or abroad,

    (5) To request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,

    (6) Requesting the deletion, destruction or anonymization of your personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and requesting that the transaction made within this scope be notified to third parties to whom your personal data has been transferred,

    (7) To object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,

    (8) In case you suffer damage due to unlawful processing of your personal data, to demand the compensation of the damage.

4.2. Cases Excluded from the Rights of Personal Data Subjects Pursuant to the Legislation

Pursuant to Article 28 of the KVK Law, it will not be possible for personal data owners to assert their rights on the following issues, since the following situations are not covered by the KVK Law:

  • (1) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public safety, public order, economic security, privacy of private life or personal rights or constitute a crime.
  • (2) Processing of personal data for purposes such as official statistics and research, planning and statistics by anonymization.
  • (3) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.
  • (4) Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution procedures.

Pursuant to Article 28/2 of the KVK Law; In the cases listed below, it will not be possible for personal data owners to assert their rights, except for requesting compensation for the damage:

  • (1) Processing of personal data is necessary for the prevention of crime or criminal investigation.
  • (2) Processing of personal data made public by the personal data owner himself/herself.
  • (3) Processing of personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by the law.
  • (4) Personal data processing is necessary for the protection of the economic and financial interests of the State in relation to budget, tax and financial matters.

5. Ensuring the Security and Confidentiality of Personal Data

TRUSELF takes all necessary measures to prevent unlawful disclosure, access, transfer or other security deficiencies that may occur in other ways, within the limits of possibilities, depending on the nature of the data to be protected.

In this context, all necessary (i) administrative and (ii) technical measures are taken by TRUSELF, (iii) an audit system is established within TRUSELF, and (iv) in case of unlawful disclosure of personal data, the measures stipulated in the KVK Law are acted in accordance with.

(1) Administrative Measures Taken by TRUSELF to Ensure Lawful Processing of Personal Data and to Prevent Unlawful Access to Personal Data

  • TRUSELF trains and raises awareness of its employees regarding the law on the protection of personal data.
  • In cases where personal data is subject to transfer, TRUSELF ensures that the contracts concluded with the persons to whom personal data is transferred by TRUSELF include records stating that the party to whom personal data is transferred will fulfill the obligations to ensure data security.
  • Personal data processing activities carried out by TRUSELF are examined in detail, and in this context, the steps to be taken to ensure compliance with the personal data processing conditions stipulated in the KVK Law are determined.
  • TRUSELF determines the practices that must be fulfilled to ensure compliance with the PDP Law and regulates these practices with internal policies.

(2) Technical Measures Taken by TRUSELF to Ensure Lawful Processing of Personal Data and to Prevent Unlawful Access to Personal Data

  • TRUSELF takes technical measures for the protection of personal data to the extent that technology allows, and the measures taken are updated and improved in parallel with the developments.
  • Specialized personnel are employed in technical matters.
  • Regular audits are conducted for the implementation of the measures taken.
  • Software and systems to ensure security are installed.
  • Authorization to access personal data processed within TRUSELF is limited to the relevant employees in line with the determined processing purpose.

(3) Conducting Audit Activities by TRUSELF on the Protection of Personal Data

TRUSELF audits the functioning of the technical and administrative measures taken by TRUSELF to ensure the protection and security of personal data and carries out practices to ensure the continuity of the functioning. The results of the audit activities carried out within this scope are reported to the relevant department within TRUSELF. In line with the audit results, activities are carried out to ensure the development and improvement of the measures taken regarding data protection.

(4) Measures to be Taken in Case of Unlawful Disclosure of Personal Data

Within the scope of the personal data processing activity carried out by TRUSELF, in the event that personal data is unlawfully obtained by unauthorized persons, the situation will be notified to the PDP Board and the relevant data owners without delay.

6. Determination of the Unit Responsible for the Protection and Processing of Personal Data

TRUSELF has designated a responsible person who will ensure the necessary coordination within TRUSELF within the scope of ensuring, preserving and maintaining compliance with the personal data protection legislation. The responsible person is responsible for the execution and improvement of the systems established to ensure that the activities carried out comply with the personal data protection legislation.

In this context, the main duties of the relevant responsible person are set out below:

  • To prepare and put into effect basic policies on the protection and processing of personal data,
  • To decide how the implementation and supervision of the policies on the protection and processing of personal data will be carried out and to make assignments and ensure coordination within this framework,
  • To determine the matters to be done to ensure compliance with the PDP Law and related legislation; to oversee and coordinate its implementation,
  • Raising awareness about the protection and processing of personal data within the workplace and among collaborating organizations,
  • To ensure that necessary measures are taken by identifying the risks that may arise in TRUSELF's personal data processing activities; to submit suggestions for improvement,
  • Designing and conducting trainings on the protection of personal data and implementation of policies,
  • To decide on the applications of personal data subjects at the highest level,
  • To coordinate the execution of information and training activities to ensure that personal data owners are informed about TRUSELF's personal data processing activities and their legal rights,
  • To prepare and put into effect amendments to the basic policies on the protection and processing of personal data,
  • To follow the developments and regulations on the protection of personal data; to advise senior management on what needs to be done in TRUSELF operations in accordance with these developments and regulations,
  • Managing relations with the PDP Board and the PDP Authority,
  • To perform other duties to be assigned by TRUSELF's workplace management regarding the protection of personal data.

7. Purposes of Processing Personal Data and Personal Data Groups Subject to Data Processing

7.1. Categories of Personal Data

TRUSELF processes the following groups of personal data partially or fully automatically or non-automatically as part of the data recording system.

PERSONAL DATA CATEGORIES EXPLANATION
Credentials/Family and Relative Data Personal data containing information about the identity of the person; documents such as driver's license, identity card and passport containing information such as name, surname, Turkish ID number, nationality, mother's name, father's name, place of birth, date of birth, gender, and information such as tax number, SSI number, signature information, Marriage Certificate, etc.
Contact Information Contact information; personal data such as telephone number, address, e-mail address, fax number.
Physical Space Security Information Personal data relating to records and documents taken at the entrance to the physical space, during the stay in the physical space; camera recordings, and records taken at the security point, etc.
Transaction Security Information Personal data processed to ensure the technical, administrative, legal and commercial security of both the data subject and TRUSELF while TRUSELF carries out its professional activities.
Risk Management Knowledge Personal data processed through methods used in accordance with generally accepted legal, commercial customs and good faith in these areas for the management of commercial, technical, professional and administrative risks.
Financial Information Personal data processed regarding information, documents and records showing all kinds of financial results created within the scope of the legal relationship between TRUSELF and the data subject, and personal data such as bank account number, IBAN number, credit card information.
Legal Procedure and Compliance Knowledge Personal data processed within the scope of determination and follow-up of TRUSELF's legal receivables and rights and performance of its debts and compliance with legal obligations and TRUSELF policies.
Audit and Inspection Information Personal data processed within the scope of TRUSELF's compliance with its legal obligations and workplace policies.
Sensitive Personal Data Data specified in Article 6 of the KVK Law (e.g. health data including blood type, religious information)
Request/Complaint Management Information Personal data relating to the receipt and evaluation of any request or complaint addressed to TRUSELF.
Reputation Management Knowledge Personal data associated with the person and collected for the purpose of protecting the professional and commercial reputation of TRUSELF (e.g. posts made about TRUSELF)

7.2. Purposes of Processing Personal Data

Personal data are processed by TRUSELF for the purposes listed below in accordance with the data processing conditions and principles. The existence of the purposes listed below may vary for each personal data owner.

The personal data obtained are processed by TRUSELF in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law.

  • Follow-up of Finance and/or Accounting Affairs
  • Planning and Execution of Business Activities
  • Follow-up of Legal Affairs
  • Recruitment / Employment
  • Planning Human Resources Processes
  • Execution of Personnel Recruitment Processes
  • Planning and Execution of Sales Processes of Products and/or Services
  • Planning and Execution of Customer Relationship Management Processes
  • Planning and Execution of Marketing Processes of Products and/or Services
  • Planning and/or Execution of Efficiency/Effectiveness and/or Relevance Analyses of Business Activities
  • Planning Information Security Processes
  • Planning and/or Execution of Business Continuity Ensuring Activities
  • Planning and/or Execution of Processes for Creating and/or Increasing Commitment to TRUSELF's Services
  • Business Administration Application
  • Planning and/or Execution of After-Service Support Services Activities
  • Planning and Execution of Production and/or Operation Processes
  • Management of Relations with Business Partners and/or Suppliers
  • Follow-up of Contract Processes and/or Legal Requests
  • Planning and Execution of Operational Activities Necessary for Ensuring that TRUSELF Activities are Conducted in Accordance with Professional Procedures and/or Relevant Legislation
  • Planning and/or Execution of Client Satisfaction Activities
  • Planning and Execution of Corporate Communication Activities
  • Ensuring that Data is Accurate and Up-to-Date
  • Planning and Execution of Market Research Activities for Sales and Marketing of Services
  • Planning and Execution of Authorizations to Access Information Systems of Business Partners and/or Suppliers
  • Creating and Tracking Visitor Records
  • Providing Legislative Information to Authorized Institutions
  • Planning and Execution of Workplace Inspection Activities
  • Planning and/or Execution of In-Workplace Training Activities.
  • Work and/or events, organizations, training activities that TRUSELF deems appropriate/assigned
  • Execution of Client, Patient (product or service recipient) or prospective patient (potential product or service recipient) relationship management processes
  • Receiving appointment requests, planning and execution of appointment processes
  •  Updating Client, Patient (product or service recipient) or patient candidate (potential product or service recipient) information
  • Carrying out the necessary work by business units to ensure that the relevant people benefit from the services provided by TRUSELF and executing the relevant business processes
  • Conducting satisfaction surveys and communications through surveys and similar methods
  • Carrying out the necessary work to meet the demands, suggestions and complaints.

7.3. Shared Party Categories

TRUSELF may transfer the personal data of the data owners within the scope of the Policy (See Section 5.2.) to the groups of persons listed below for the specified purposes in accordance with the principles set out in the KVK Law and, in particular, Articles 8 and 9 of the KVK Law:

  • TRUSELF suppliers,
  • Authorized public institutions and organizations and authorized private law persons,
  • To other third parties in accordance with the terms of data transfer

The scope of the above-mentioned persons to whom data is transferred and possible data transfer purposes are stated below.

PERSONS TO WHOM DATA CAN BE TRANSFERRED DESCRIPTION DATA TRANSFER PURPOSE
Supplier Parties that provide services to TRUSELF in accordance with TRUSELF's orders and instructions and on a contractual basis within the scope of carrying out TRUSELF's commercial and professional activities Limited to the purpose of providing TRUSELF with the services outsourced by TRUSELF from the supplier and necessary to fulfill TRUSELF's commercial/professional activities
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to receive information and documents from TRUSELF according to the provisions of the relevant legislation Limited to the purpose requested by the relevant public institutions and organizations within the legal authority
Legally Authorized Private Law Persons Private law persons authorized to receive information and documents from TRUSELF in accordance with the provisions of the relevant legislation Limited to the purpose requested by the relevant private law persons within their legal authority

8. Definitions

The definitions of the terms used in the Policy are given below:

Open Consent

:

Consent on a specific issue, based on information and freely given.
Anonymization

:

Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching it with other data.
Regulation on the Processing of Personal Health Data

:

Regulation on Processing and Ensuring the Privacy of Personal Health Data published in the Official Gazette dated October 20, 2016 and numbered 29863
Personal Health Data

:

Any health information relating to an identified or identifiable natural person.
Personal Data

:

Any information relating to an identified or identifiable natural person.
Personal Data Owner

:

The natural person whose personal data is processed. For example; patients/patient candidates and employees.
Processing of Personal Data

:

Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
KVK Law

:

Law on the Protection of Personal Data dated March 24, 2016 and numbered 6698, published in the Official Gazette dated April 7, 2016 and numbered 29677.
KVK Board

:

Personal Data Protection Board
KVK Authority

:

Personal Data Protection Authority
Hassas Kişisel Veriler

:

Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Politics

:

TRUSELF Personal Data Protection and Processing Policy

TRUSELF

:

TRUSELF workplace
TRUSELF Suppliers

:

Parties providing services to TRUSELF on a contractual basis.
Constitution of the Republic of Turkey

:

Türkiye Cumhuriyeti Anayasası 7 Kasım 1982 tarihli ve 2709 sayılı, 9 Kasım 1982 tarihli ve 17863 sayılı Resmi Gazete'de yayımlanmıştır.
Turkish Penal Code

:

Turkish Penal Code dated September 26, 2004 and numbered 5237; published in the Official Gazette dated October 12, 2004 and numbered 25611.
Data Processor

:

A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
Data Controller

:

The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically.
Contact Us
Truself
Truself
Truself
It can respond in about 1 hour.
Truself
Hello, how can I help you?
15:03
We use cookies on our website to better recognize all our site visitors and to personalize and improve the user experience on our site. You can review the cookies on our site and the purposes for which we use these cookies in the Cookie Policy.

I Accept