Back to home
Clarification Text Regarding Post-Membership Processes

IN ACCORDANCE WITH THE LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA ELRA HEALTH

CLARIFICATION TEXT REGARDING POST-MEMBERSHIP PROCESSES

1.    IDENTITY OF THE DATA CONTROLLER

Within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”, “KVKK”), we attach great importance to the security of personal data. Acting as the data controller, Global Computer Control Systems Industry and Trade Limited Company (“Company”) ensures that all personal data processed within the scope of ELRA Health activities are handled in compliance with the Law.

This Clarıfıcatıon Text Regarding Post-Membership Processes for ELRA Online Health (“Clarification Text”) has been prepared in accordance with the Law, secondary regulations, and the Communiqué on the Procedures and Principles to Be Followed in the Fulfillment of the Obligation to Inform, in order to fulfill our obligation to inform data subjects.

MERSIS No: 0396005047500010

Website: https://www.gbks.com.tr, https://elrasaglik.com

Phone: +90 (212) 635 96 81

E-mail: kvkkglobal@gbks.com

Address: Vatan Cd. İskender Saray Apt. No:31/5 Fatih / Istanbul

2.    PRINCIPLES FOLLOWED IN THE PROCESSING OF PERSONAL DATA

Personal data are processed in accordance with the principles set forth in Article 4 of the Law:

  • Lawfulness and fairness,
  • Accuracy and being kept up to date where necessary,
  • Processing for specific, explicit and legitimate purposes,
  • Being relevant, limited and proportionate to the purpose of processing,
  • Being retained for the period stipulated by relevant legislation or as required for the purpose for which they are processed.

3.    PROCESSED PERSONAL DATA AND LEGAL BASIS

Identity Information

(Name, Surname, TIN, Passport Number, Foreign ID Number, Date of Birth, Age, Citizenship, Gender)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract.”

KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.”

Visual Information

(Photo)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract.”

KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.”

Contact Information

(Phone, Email, City, District, Postal Code, Address, City/District info of remote healthcare patient connected to the USBS system)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract.”

KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.”

Health Information

(Examination Details, Prescription Information, E-Prescription Code, Health Data)

Legal Basis: KVKK Art. 6/2-e; “Processing is necessary by persons under confidentiality obligations or authorized institutions for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, as well as planning, management, and financing of health services.”

Customer Transaction Information

(Call duration, Call ID, Fee, Consulting doctor, Call status (active/passive), Appointment time, Request time, Past calls, Applied segmentation – corporate agreement)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract.”

KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.”

Financial and Accounting Information

(Invoice number, Invoice date, Fee)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract.”

KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.”

Visual and Audio Information

(Voice and image, Photo)

Legal Basis: During remote healthcare services, although real-time access to the patient’s voice and image may occur, no recording of voice or image is made. Access to the patient’s voice and image during healthcare provision is based on KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract,” and KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.” This data is not transferred.

Other Information (Institution Code for Corporate Records)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract,” KVKK Art. 5/2-e; “Processing is necessary for the establishment, use, or protection of a right.”

Other Information (Height, Weight)

Legal Basis: KVKK Art. 5/2-c; “Processing of personal data of the parties is necessary for the establishment or performance of a contract.”

KVKK Art. 5/2-ç; “It is necessary for the data controller to fulfill its legal obligation.”

4.    PURPOSES OF PROCESSING PERSONAL DATA

Your personal data specified in Section 3 are processed for the following purposes within the conditions set forth in the Law:

  • Execution of remote healthcare service processes,
  • Management of post-membership activities and access to services via the ELRA Online Health application,
  • Creation and management of consultation requests, conducting sessions, processing payments,
  • Execution of medical diagnosis, treatment, and care services,
  • Handling requests and complaints,
  • Fulfillment of legal obligations,
  • Management of communication processes,
  • Post-membership support services,
  • Ensuring compliance with applicable laws,
  • Management of finance and accounting operations,
  • Conducting and following up legal affairs,
  • Execution and supervision of business activities,
  • Management of contractual processes,
  • Execution of management, storage, and archiving activities,
  • Providing information to authorized persons, institutions, and organizations.

5.    METHOD OF COLLECTING PERSONAL DATA

Your personal data are collected by the Company through automated or non-automated means, wholly or partially, via the following channels:

  • https://elrasaglik.com, ELRA Online Health mobile application,
  • Company websites, printed forms, call center, e-mail, phone, SMS, fax, postal or courier services,
  • Online meeting platforms, public internet sources, written, verbal, or electronic communications,
  • Company headquarters and IT systems, integrated systems with public institutions and private organizations.

6.    TRANSFER OF PERSONAL DATA TO THIRD PARTIES

Your personal data, as specified in Section 3, may be transferred to third parties in line with the purposes listed in Section 4, in compliance with the Law and within the limits of necessity:

  • E-Nabız / Ministry of Health: To ensure compliance with legislation and mandatory reporting,
  • Authorized healthcare institutions: For medical diagnosis, treatment, and care within telehealth services,
  • Law firm: For legal follow-up and representation,
  • Certified public accounting firm: For financial and accounting compliance,
  • Payment service provider: For execution of payment transactions,
  • Revenue Administration (GİB), Ministry of Finance, SGK, and other public authorities: For regulatory compliance and audits,
  • Invoiced party: For financial and contractual operations,
  • Commercial communication service provider (where consent is granted): For sending commercial electronic messages via the consented channels.

 

 

7.    YOUR RIGHTS UNDER ARTICLE 11 OF THE LAW

Under Article 11 of the Law, data subjects have the right to:

  • Learn whether personal data are processed,
  • Request information regarding their processed data,
  • Learn the purpose of processing and whether it is used accordingly,
  • Learn about third parties to whom data are transferred domestically or abroad,
  • Request correction of incomplete or inaccurate data,
  • Request deletion or destruction of data,
  • Request notification of correction or deletion to third parties,
  • Object to results arising from automated processing,
  • Request compensation for damages arising from unlawful processing.

Data subjects may submit their requests in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller.”

Requests will be evaluated and finalized free of charge within 30 (thirty) days at the latest. If the process requires additional cost, the tariff set by the Personal Data Protection Board will apply.

Name – Surname:

Date:

Signature:

 


Bu web sayfasında kullanılan çerezler, web sayfasının düzgün çalışması ve kullanılması amacıyla kullanılan çerezlerdir. Çerezlere ilişkin aydınlatma metnimizi de bilgilerinize sunarız.
Çerez Politikası | Çerezlere İlişkin Aydınlatma Metni