Dear Patients and Business Partners,
As Düzen Health Group, we consider your personal data as an extremely valuable asset and attach great importance to its security. The "Legal Entity" information affiliated to Düzen Health Group is included in the list below.
Legal Entities:
Düzen Biological Sciences Research Development and Production Inc.
Biological Sciences Research, Development and Production Ltd. Şti.
Ankara Parkmed Family Doctor Diagnosis Health and Treatment Services Ltd. Şti.
Data belonging to persons and institutions receiving services from Düzen Health Group In accordance with the provisions of the Law on the Protection of Personal Data numbered "6698", your personal and sensitive private data, especially your health data: name, surname, T.C. Identity number and/or passport number and/or temporary Turkish ID number, place and/or date of birth, gender, health insurance, insurance card number, workplace registration and/or patient identification number and other identification data that may identify you; address, telephone number, e-mail address and other contact data, voice call records kept by customer representatives and/or patient services in accordance with call center standards, and your personal data obtained when you contact us via e-mail, letter and/or other means; your financial data such as bank account number, IBAN number, credit card information, billing and invoice information; your data related to private health insurance for the purpose of financing and planning of health services and your payer institution information such as Social Security Institution; your data related to all kinds of health information obtained during and/or as a result of the conduction of medical services, including but not limited to patient medical reports, diagnostic data, Biometric and genetic data, test results, examination data, doctor analysis and comments, appointment information, prescription information; your feedbacks including, but not limited to, surveys, thank you letters, complaint letters, satisfaction results; Your images obtained from camera recordings that are constantly recorded in common areas in accordance with the legislation in Düzen Laboratories Group, your health data, IP address and other personal data that you send and / or enter through all websites and online services belonging to Düzen Laboratories Group, In case you apply for a job, your other personal data, including the resume provided in this regard, and all kinds of personal data related to your service contract (Personal Data) are processed, and in this context, measures are taken institutionally by showing the utmost care and attention to the protection of your personal data, and the continuity of the trainings provided to our personnel for informing them about all these issues is ensured and ongoing. No cookies (browsing information) are received on the Düzen Laboratory’s website
In this context, our Düzen Health Group holds TS ISO/IEC 27001:2022 Information Security Management System accreditation and TS ISO/IEC 15504 SPICE-Software Process Improvement and Capability Level Determination accreditation within the scope of the software process.
We wish you a healthy day...
PROTECTION OF PERSONAL DATA
Your personal data may be processed by Düzen Laboratories Group, as the Data Controller within the scope of the Personal Data Protection Law No. 6698 and the relevant legislation, within the framework described below and in accordance with the Regulation on Medical Laboratories and the regulations of the Ministry of Health and other regulations.
1.Purposes of Processing Personal Data
Your Personal Data may be processed by Düzen Laboratories Group for the following purposes:
To fulfill our legal obligations under the Basic Law No. 3359 on Health Services, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations, Regulation on Medical Laboratories, Law No. 6698 on the Protection of Personal Data, Regulation on the Processing of Personal Health Data and Ensuring Privacy and other relevant legislation;
Identification and verification in order to prevent your Personal Data from being compromised by others,
Protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing,
Procurement of customized medicines and/or medical supplies and/or devices,
Keep you informed about your appointment, provide information and/or remind you of your appointment,
Fulfillment of risk management and quality improvement activities,
Fulfillment of legal and regulatory requirements,
Sharing and responding to information obtained with the Ministry of Health and other public institutions and organizations in accordance with the legislation,
Inquiring your entitlement with the institutions/organizations contracted with the laboratory or financial reconciliation with these institutions regarding the health services provided to you,
Sharing and authenticating information requested by contracted institutions/organizations, especially private insurance companies, within the scope of financing health services,
Issuing invoices for the services we provide,
Taking all necessary technical and administrative measures within the scope of data security of laboratory systems and applications,
Analyze your use of health services and store your health data in order to develop and improve the health services we provide to you, and respond to your questions or complaints about our services,
Providing the necessary information in line with the requests and audits of regulatory and supervisory institutions and official authorities,
Maintaining information about your health data that must be kept in accordance with the relevant legislation,
Compliance with internal policies and principles,
Measuring patient satisfaction after you receive health services and increasing patient satisfaction,
Carrying out promotional and informative activities specific to you and ensuring that you benefit from them, contacting you to inform you about our services,
These include, but are not limited to, conducting medical care services, increasing patient satisfaction, research and related causes.
Your Personal Data obtained and processed in accordance with the relevant legislation may be transferred to the physical archives and/or information systems of Düzen Laboratories Group and kept both in digital and physical environment.
2.Transfer of Personal Data
By ensuring that all necessary technical and administrative measures are taken to ensure the appropriate level of security in accordance with the LPDD and the relevant health legislation, your Personal Data for the purposes set out in the first section; The Basic Law No. 3359 on Health Services, the Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliated Organizations, the Regulation on Medical Laboratories, the Law No. 6698 on the Protection of Personal Data, the Regulation on the Processing of Personal Health Data and Ensuring Privacy and persons / institutions and / or organizations permitted by the provisions of other relevant legislation; private insurance companies, banks, funds, foundations; our direct/indirect domestic/foreign shareholders, subsidiaries and/or affiliates; group companies; auditors; consultants; business partners; domestic/foreign organizations and other real and/or legal third parties from which we contractually receive and/or provide services to carry out our activities.
3.Method of Collection of Personal Data and Legal Reasons
Your personal data is obtained in all kinds of verbal, written, visual or electronic media, for the above-mentioned purposes and in order to provide health services within the legal framework determined and in this context, in order for Düzen Laboratories Group to fully and properly fulfill its contractual and legal obligations.
4.Rights of the Personal Data Owner
As a personal data owner, to learn whether personal data is processed in accordance with the legislation regarding your personal data processed; to request information if personal data has been processed; to access and request personal health data; to learn the purpose of processing personal data and whether they are used in accordance with their purpose; to know the third parties to whom personal data is transferred domestically or abroad; to request correction of personal data in case of incomplete or incorrect processing; to request deletion or disposal of personal data;
-except for the obligations imposed by the legislation on health institutions- in case personal data is incomplete or incorrectly processed, to request correction and / or deletion or notification of third parties to whom personal data is transferred; to object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems, and to request us to compensate the damage in case of damage due to unlawful processing of personal data.
If you exercise your right to learn whether personal data is processed, your right to request information if personal data has been processed; your right to access and request personal health data, your right to learn the purpose of processing personal data and whether they are used in accordance with their purpose, or your right to know the third parties to whom personal data is transferred domestically or abroad, the relevant information will be notified to you in writing or electronically, in a clear and understandable manner, through the contact information provided by you.
5.Cases where Personal Data can be Processed without Explicit Consent in accordance with KVKK:
Pursuant to Article 5 of the LPPD and Article 7 of the Regulation, your Personal Data specified below may be processed without seeking your explicit consent in the following cases:
In cases expressly provided for by law,
If you are unable to disclose your consent as a data subject due to actual impossibility or if it is mandatory to process your personal data for the protection of your or someone else's life or physical integrity in cases where your consent is not legally valid,
It is necessary to process your Personal Data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
It is mandatory for the fulfillment of a legal obligation,
Your Personal Data has been made public by you,
Data processing is mandatory for the establishment, exercise or protection of a right,
For the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, it may be processed by persons or authorized institutions and organizations under the obligation of confidentiality.
Dear Patient / Working Partner,
According to the notification sent to us on 05/07/2021 by our reference laboratory Cerba Laboratory (France), from which we receive overseas laboratory services, and which we present the original text to your attention in the annex, it has been reported that the data, including some patient information, may have been violated regarding the patients we sent to them for test work as Düzen Laboratories and opened their records online between 01/01/2017-24/06/2021.
According to the same statement, as soon as this situation was recognized, it was immediately terminated and the relevant authorities in France were notified. In the attached notification, the Cerba Laboratory also states that it has no information on the exploitation of this data.
It is stated that the information subject to the violation may be the Name, Surname, Gender, Date of Birth, Requested Test and Test Result of our patients. As Düzen Laboratories, we do not share any information other than this information with the laboratory in question.
Regarding the issue, the Personal Data Protection Board has been informed about the violation and the issue is being followed up sensitively.
For further information, please contact Cerba Laboratories at rpd.cerba@lab-cerba.com e-mail address (provided that you request information in English and/or French) and our Laboratory at info@duzen.com.tr e-mail address.
We would like to inform you about the situation and wish you a healthy day.
https://www.lab-cerba.com/en/home/vous-informer/news/incident-de-securite-mycerba.html