KVKK Disclosure Statement
Aplus Hospital Hospitality Services A.Ş. Personal Data Acquisition and Processing Disclosure Statement
As Aplus Hospital Hospitality Services Inc. (“Company”) and in the capacity of “Data Controller,” your personal data may be collected, stored, processed, and transferred in accordance with Law No. 6698 on the Protection of Personal Data (“KVKK”) and related legislation as outlined in this disclosure statement. Our Personal Data Protection and Processing Policy aims to safeguard the personal data obtained from clients, prospective customers, employees, suppliers, shareholders, business partners, or collaborators, as well as any individual who establishes a relationship with us.
As a company, we prioritize the security of your personal data and adhere to KVKK and related legislation to process and securely store data. We have prepared this Disclosure Statement on the Protection of Personal Data to explain our data processing policies.
1. Acquisition, Processing, Purpose, and Duration of Processing Personal Data
The Company may collect, process, record, and share general and sensitive personal data with the explicit consent of the data subject and/or without consent in cases specified under Articles 5 and 6 of the KVKK.
Personal data may be processed by the Company in accordance with the Personal Health Data Processing and Privacy Protection Regulation, KVKK, and, without limitation, other applicable laws, regulations, notices, and related legislation.
Personal data of individuals, such as customers, prospective customers, employees, suppliers, and business partners, or those requesting products and services, may be collected in electronic and/or physical formats. Personal data may be collected verbally, in writing, or electronically via various channels, including the Company’s website, digital channels, online services, and all service channels, either fully or partially automated, or as part of a non-automated data recording system. Collection methods may involve collaborating institutions and organizations, official authorities, and other third parties.
In light of other relevant legislation and in accordance with the principles outlined in this consent form, your personal data obtained and processed by verbal, written, visual, or electronic means — through call centers, websites, or similar channels — may be processed by the Company for purposes that are connected, limited, and proportionate to the purposes specified in this section, including but not limited to those listed below.
- Identification Information: Includes your name, surname, Turkish ID number, passport number or temporary Turkish ID number, place and date of birth, marital status, gender, health information, and other identification details through which you can be identified.
- Contact Information: Includes your address, phone number, email address, and other contact information, as well as voice recordings from customer service calls maintained per call center standards. Personal data obtained via email, postal mail, or other means of communication are also included.
- Security Footage: Video recordings captured for security and monitoring purposes in the event of a visit to our Company premises.
- Health Information: Includes all health/personal data obtained from healthcare providers, primarily hospitals and/or medical centers affiliated with Acıbadem Health Services and Trade Inc., as well as other healthcare providers.
All personal data collected by the Company (including but not limited to special category personal data) may be processed for the following purposes:
- Verifying your identity,
- Sharing information with public institutions and organizations as required by relevant legislation,
- Planning and managing the Company’s internal processes and daily operations,
- Measuring, enhancing, and researching customer satisfaction,
- Conducting risk management and quality improvement activities,
- Performing analyses to advance healthcare services and support scientific research,
- Fulfilling legal and regulatory obligations.
Personal Data collected and processed in accordance with relevant legislation may be transferred to physical archives and/or IT systems belonging to the Company or its parent companies, stored securely in both digital and physical environments.
2. Ensuring Data Security
As the Data Controller, the Company takes all necessary technical and administrative measures to prevent unlawful processing, unauthorized access, and secure the storage of your personal data, utilizing technological resources to ensure appropriate security levels.
3. Transfer of Personal Data
Personal data may be shared with our authorized representatives, collaborating organizations, lawyers, tax advisors, auditors, regulatory and supervisory bodies, official authorities, private insurance companies, domestic and international affiliates, and other third parties with whom we collaborate for the purposes listed above.
4. Method and Legal Basis for Acquiring Personal Data
Personal data is collected in line with the Company’s operational scope and for legal and contractual compliance. The legal basis for data collection includes:
- KVKK (Law No. 6698 on the Protection of Personal Data)
- Regulation on Processing and Protecting the Privacy of Personal Health Data
- Turkish Commercial Code No. 6102
- Subscription Agreements Regulation (Published: 24.01.2015)
- Regulation on the Principles of Broadcasting in the Internet Environment (Published: 30.11.2007)
- Regulation on Internet Collective Use Providers (Published: 11.04.2017)
Additionally, as per Article 6(3) of the KVKK, personal data related to health and sexual life may be processed without explicit consent solely by authorized persons or entities under confidentiality obligations for purposes such as public health protection and healthcare management. Necessary and sufficient precautions are taken by the Company for processing sensitive personal data.
5. Rights of Data Subjects Regarding Personal Data Protection
As an individual whose personal data is processed, you have the right to:
- Know whether personal data is processed,
- Request information on processed data,
- Access and request personal health data,
- Learn the purpose of data processing and whether it is used in accordance with that purpose,
- Know third parties to whom personal data is transferred domestically or internationally,
- Request rectification if personal data is processed incompletely or inaccurately,
- Request deletion or destruction of personal data,
- Request that third parties to whom data is transferred be informed about data rectification, deletion, or destruction,
- Object to unfavorable outcomes from analysis solely through automated systems.
In case of using any of these rights, requested information will be provided in writing or electronically in a clear and understandable format within the legal timeframe.
6. Complaints and Contact
Your personal data is diligently protected by the Company, and necessary security measures are taken with technological support. If you wish to exercise the rights specified above under Article 13 of KVKK, please send your requests to us by:
- Mailing a signed letter to “Corporate Secretariat” at Atatürk Mah. Feza Sok. No:3/8 K:12 Ataşehir, Istanbul, Turkey,
- Sending a notarized letter,
- Sending an email with a secure electronic or mobile signature to aplushizmetleri@hs02.kep.tr,
- Emailing a “word or pdf” document signed with a secure e-signature to kisiselveri@acibadem.com, with “Personal Data Protection Law Information Request” in the subject line,
- Or by any other methods stipulated in the legislation.
Please complete and send the Application Form to submit your requests in line with the procedures specified above.