GDPR | General Data Protection Regulation

At Hernia Istanbul, we prioritise patient privacy as an essential right in our clinic operations and online consultation services. This notice provides information about how we collect, use, protect, and process your data, in compliance with Turkish laws.

 

Data Collection and Processing

We collect personal data from patients, legal representatives, consultants, employees, and related individuals before and during the provision of services. Data is processed for:

  • Protecting public health and preventive medicine.
  • Diagnosis, treatment, and healthcare services.
  • Financial planning and management of healthcare services.
  • Meeting legal obligations and ensuring security.

Data may be collected through physical or electronic forms, calls, websites, or visits.

 

Types of Personal Data

We may process the following:

  1. Identification Data: Name, ID/passport number, date of birth, marital status, and gender.

  2. Contact Information: Address, phone, email, and communication records.

  3. Financial Data: Bank account, billing, and insurance details.

  4. Health Data: Test results, prescriptions, diagnosis, and treatment information.

  5. Other Data: Biometric, visual, and audio data from consultations, applications, or security systems.

 

Purpose and Legal Basis

Your data is processed:

  • To comply with legal obligations (e.g., Health Services Law, Ministry of Health regulations).
  • For public health protection and preventive healthcare.
  • For medical diagnoses, treatments, and consultations.
  • To ensure security, prevent fraud, and manage internal operations.
  • To measure patient satisfaction and improve services.

Processing is lawful based on your explicit consent or under specific conditions provided by GDPR (e.g., legal requirements or public health protection).

 

Data Retention and Protection

Personal data is stored securely in both physical and digital formats for the required duration as per legal and operational needs. Data will be deleted, anonymised, or destroyed once the purpose for processing is fulfilled.

Data Sharing

Your data may be shared with:

  • Authorised public institutions (e.g., Ministry of Health, courts) for legal obligations.
  • Business partners and service providers for operational purposes.
  • Relevant third parties with your explicit consent, unless legally exempted.

 

Rights of Data Subjects

Under GDPR, you have the right to:

  1. Learn whether your data is processed and for what purpose.
  2. Request correction, deletion, or destruction of your data.
  3. Object to the processing or sharing of your data.
  4. File a complaint with the Personal Data Protection Authority if your rights are violated.

To exercise these rights or for inquiries, contact Dr. Hakan Gök, the Data Controller, through our clinic or official communication channels.