Trustpilot
top of page

KVKK (LAW ON PROTECTION OF PERSONAL DATA) CLARIFICATION TEXT

 

1. IDENTITY OF THE DATA CONTROLLER

Pursuant to the Law on Protection of Personal Data No. 6698 (“KVKK”) and relevant health legislation; your personal data will be processed by DOCTOR KAMRAN EFENDÄ°OÄžLU (acting as the “Clinic” or “Physician”) in the capacity of Data Controller, within the scope explained below and in accordance with the legislation.

 

“Framework of the Data Controller’s Authority and Responsibility”

The framework of authority and responsibility of the physician as the data controller is limited to the following principles:

  • Medical records kept by the Clinic are mandatory pursuant to legislation, and requests for the subsequent deletion of these records cannot be met.

  • Clinic employees and technical staff may only process data with limited authority in line with the physician's instructions.

  • Information is not transferred to third parties who have not undergone identity verification, do not present a power of attorney, or do not have explicit consent.

  • The accuracy of identity, contact, and medical information provided by the patient is the patient's responsibility; the Clinic is not responsible for consequences arising from incomplete or incorrect declarations.

  • The Physician's data processing authority is strictly limited to medical diagnostic and treatment services; data processing is not conducted outside this scope.

  • The Physician’s obligation of confidentiality (physician-patient privilege) can only be limited by the patient's explicit consent or a legal obligation.

  • Data processing regarding minors or persons under guardianship can only be directed by the authorized parent/guardian.

  • Laboratories, imaging centers, and software providers are independent data controllers regarding their own activities; the Clinic cannot be held responsible for the data processing activities of these institutions.

  • The Clinic's Wi-Fi infrastructure is provided for keeping traffic records within the scope of Law No. 5651; the Clinic is not responsible for internet usage content.

  • The camera system is used solely for the security of common areas, and recordings are not made in procedure rooms; recordings obtained unlawfully by third parties are not the responsibility of the Clinic.

 

2. CATEGORIES OF PROCESSED PERSONAL DATA

During the time you receive health services from our Clinic, personal data you share with us verbally, in writing, or electronically, or obtained during medical processes, is collected under the following categories:

  • Identity Data: Your name, surname, T.C. Identity number (passport or temporary identity number for foreign patients), place and date of birth, marital status, gender, occupation, patient protocol number, and your signature on "Information and Consent Forms."

  • Contact Data: Your residence address, mobile phone number, email address, and the contact information of a relative you designate for emergencies when you cannot be reached.

  • Health Data (Special Categories of Personal Data): Your medical history (anamnesis), assay, laboratory and radiological imaging results, prescription information, current diseases, blood type, allergy status, diagnoses made by the physician, notes related to applied treatments, operations, and care processes, medicines/materials used, and all kinds of medical data entered into your patient file.

  • Visual and Audio Recordings:

    • Physical Security: Closed-circuit television (CCTV) recordings taken in common areas (entrance, waiting room, hallway) to ensure Clinic security.

    • Medical Procedure Recordings: Photos and video recordings taken by the physician (not shared on social media) in cases of medical necessity to observe the progress of treatment, evaluate the success of the procedure, and be added to the patient file.

  • Financial Data: Bank account information (IBAN), payment amounts, and debt information for the pricing of health services, issuance of invoices or receipts, tracking of payments, and refund processes when necessary.

  • Transfer and Accommodation Information: If you are coming from outside the city or from abroad; reservation, flight, and transportation information necessary for planning transfer and accommodation services.

  • Transaction Security Data: If you use the wireless internet network (Wi-Fi) offered in our Clinic; traffic log records kept pursuant to Law No. 5651, your IP address, connection time, and duration information.

 

“Responsibility Framework Regarding Personal Data Categories”

The processing of personal data categories is limited to the following principles:

  • Health data is processed strictly within the scope of medical diagnostic and treatment necessity; no data unrelated to the medical service is requested or processed.

  • The responsibility for the accuracy and currency of assays, imaging, and reports presented by the patient belongs to the patient; the Clinic is not responsible for the incorrect transmission of data belonging to third parties.

  • Medical photos and video recordings are processed strictly for the creation of the patient file and for medical record purposes; they are NOT shared for promotion and social media usage unless separate explicit consent is obtained.

  • Camera recordings taken in the Clinic's common areas are solely for physical security purposes; video recording is not performed in areas involving medical procedure privacy.

  • IP and traffic data arising from Wi-Fi usage are kept mandatorily within the scope of Law No. 5651; content data is not processed, and the Clinic is not responsible for internet activities other than traffic.

  • Financial information is processed strictly for the purposes of payment, invoicing, and fulfilling financial obligations; this data is not transferred to third parties for commercial purposes.

  • The processing of transfer and accommodation information is carried out strictly upon the patient's request or knowledge; the accuracy of this data belongs to the patient.

  • Voice, image, and message content sent via messaging applications (WhatsApp, FaceTime, Zoom, etc.) may be transferred abroad depending on the application's own infrastructure; this transfer occurs in line with the patient's explicit consent or preference.

  • Information transmitted by the patient via social media (DM, comments, etc.) is evaluated within the scope of data transmitted by the patient's own volition, and the Clinic is not responsible for consequences arising from messages that do not hold the quality of medical records.

  • Health data shared with other specialist physicians for consultation purposes is transferred only in cases of medical necessity; excess data is not processed or stored.

 

3. PURPOSES OF PROCESSING PERSONAL DATA

Your personal data is processed in accordance with the provisions of Law No. 1219 on the Mode of Execution of Medicine and Medical Sciences, Law No. 3359 on Basic Health Services, and Law No. 6698 (KVKK) for the following purposes:

  • Conducting examination, preventive medicine, medical diagnosis, treatment, medical intervention, operation, and care services.

  • Creating the patient file, organizing appointment processes, verifying identity, and contacting you.

  • Performing necessary checks after medical diagnosis and treatment processes, following up on the recovery process, and managing potential complications.

  • Preserving health data that must be kept pursuant to relevant legislation, and fulfilling notification obligations to the Ministry of Health and other authorized public institutions.

  • Obtaining consultation (opinion) services from other relevant specialist physicians or laboratories if deemed necessary to ensure your treatment is performed in the most accurate manner.

  • Planning and managing transfer and accommodation services for patients coming from outside the city.

  • Planning health services and their financing, performing invoicing transactions, and fulfilling financial obligations.

  • Ensuring the physical security of the Clinic, and carrying out patient satisfaction and demand management.

  • Fulfilling responsibilities arising from the legal relationship established between the physician and patient, and ensuring the burden of proof in potential future legal disputes.

 

“Restrictive Provisions Regarding Purposes of Processing Personal Data”

The processing of personal data is carried out within the framework of the following purposes and limitations:

  • All health data is processed only to the extent mandatory for conducting medical diagnosis, treatment, and care services; usage outside of medical necessity is not permitted.

  • Mevzuatta yer alan tıbbi kayıt tutma ve saklama yükümlülükleri gereÄŸince iÅŸlenen veriler, hukuki zorunluluk nedeniyle saklanır ve hasta talebi üzerine silinemez.

  • Patient contact information is used strictly for appointment, information, and medical process management purposes; this information is not processed for marketing or third-party advertising purposes.

  • Sharing with other health professionals for consultation purposes is limited to data necessary for medical evaluation; information outside this scope is not transferred.

  • Photos and videos taken within the scope of medical necessity are used strictly for the creation of the patient file and medical process analysis; they may be used for social media or promotional purposes only if separate explicit consent exists.

  • In notifications made to public institutions due to legal obligations, only requested and mandatory data is shared; out-of-scope data transfer is not conducted.

  • The processing of information necessary for financial transactions is limited to payment, refund, and invoicing processes.

  • Camera recordings processed to ensure Clinic security are evaluated solely for security purposes; they are not processed for health service purposes.

  • The processing of data transmitted via social media, messaging, and video call applications used upon the patient's request is done strictly for medical evaluation and communication purposes; the Clinic cannot be held responsible for cross-border transfers stemming from the application’s infrastructure.

  • Data processed to ensure the burden of proof in potential future legal disputes is stored solely for the use of the freedom to claim rights and is not transferred to third parties.

 

4. METHOD OF PERSONAL DATA COLLECTION

Your personal data is collected by DOCTOR KAMRAN EFENDÄ°OÄžLU depending on the health service provided, through physical, verbal, written, and electronic environments, fully or partially by automated means, using the methods specified below:

  • Physical and Medical Sources: Via declarations you personally submit by coming to the practice for examination and treatment purposes, health reports you present, assay, laboratory and radiological imaging results, prescriptions, and the "Information and Consent Forms" you fill out.

  • Digital Application Channels: Via contact and appointment forms you fill out on the doctor’s corporate website or emails you send to the corporate email address.

  • Remote Communication Tools and Social Media: In cases of medical necessity or upon your request; via written, audio, and visual messages you send via messaging and video conference applications you use for diagnosis, control, or communication purposes (WhatsApp, Zoom, FaceTime, Skype, Messenger, etc.); via direct messages (DM) and comments you send to our profile accounts on social media accounts (Instagram, Facebook, YouTube, etc.).

  • Visual Recordings: Via photograph and video recordings taken by the physician before, during, or after the medical procedure to observe the progress of treatment and keep medical records.

  • Technical and Security Systems: Via closed-circuit camera systems (CCTV) recording 24/7 to ensure Clinic security, and electronic log records generated during your use of the wireless internet network (Wi-Fi).

“Security and Responsibility Provisions Regarding Method of Personal Data Collection”

The collection of personal data is carried out within the framework of the following limitations and security principles:

  • All information transmitted to the physician verbally, in writing, or electronically is recorded only to the extent necessary for medical evaluation; no unnecessary data is requested.

  • The patient is responsible for the currency and validity of reports, assays, and documents presented by the patient; the Clinic cannot be held responsible for consequences that may arise due to incomplete or incorrect documents.

  • Data transmitted in communications made via social media, messaging, or video call applications is processed only to the extent the patient shares by their own volition; the Clinic is not responsible for third-party accesses in the application infrastructure.

  • Photos and videos taken before or during the medical procedure are captured solely by the physician; visuals provided by the patient are not processed unless they hold the quality of a record.

  • Data collected via technical infrastructure used in the Clinic (software, servers, security systems) is processed automatically strictly for system security and medical record-keeping purposes.

  • Traffic records regarding wireless internet (Wi-Fi) usage are limited strictly to the technical log records mandated by Law No. 5651; content data is not collected or monitored.

  • Information contained in emails, web forms, or online communication requests sent to the Clinic is recorded strictly for the purpose of meeting the request; unnecessary data processing is not conducted.

  • Information and documents transmitted by third parties on behalf of the patient are processed only upon confirmation by the patient; the Clinic is not responsible for consequences arising from unverified transmissions.

  • Information given in telephone conversations is noted strictly for medical process management purposes; conversations are conducted without audio recording (unless arranged otherwise).

  • Documents delivered in physical media are processed strictly for the creation of the patient file; other than this, storage or transfer is not conducted.

 

5. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

Your personal data is processed in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVKK, based on the following legal grounds:

A) Cases Processed Without Seeking Explicit Consent (Legal Exceptions): Due to the nature of the health service, legal obligations, and medical necessities, your personal data is processed WITHOUT seeking your explicit consent in the following situations:

  • Medical Diagnosis and Treatment (KVKK Art. 6/3): Your Health Data (Special Categories of Personal Data) is processed by the Physician, who is under an obligation of confidentiality, for the purposes of conducting medical diagnosis, treatment, operation, and care services.

  • Establishment and Performance of the Contract (KVKK Art. 5/2/c): Your Identity and Contact data are processed during the processes of providing examination and treatment services, opening the patient record, creating appointments, and establishing communication.

  • Fulfillment of Legal Obligations (KVKK Art. 5/2/ç): Processed for the purposes of making notifications required by Ministry of Health legislation, issuing invoices required by tax laws, keeping data for the legal retention period, and meeting requests from authorized public institutions.

  • Legitimate Interest of the Data Controller (KVKK Art. 5/2/f): Processed for the purposes of ensuring Clinic security (camera recordings) and managing patient satisfaction processes, provided that it does not harm your fundamental rights and freedoms.

B) Cases Processed Based on Your Explicit Consent (KVKK Art. 5/1): The following situations are not a mandatory part of basic health services and are carried out only if you provide separate Explicit Consent Declaration:

  • Publishing your photos or video recordings taken before/after the medical procedure on social media accounts (Instagram, Facebook, etc.) or the website for promotional and informational purposes.

  • Sending you commercial electronic messages (SMS, Email) containing special campaigns, greetings, celebrations, and information.

  • If you prefer to use communication channels whose servers are located abroad (WhatsApp, Instagram, Zoom, Gmail, etc.); the transfer of your data to the servers of these platforms abroad (Cross-Border Transfer).

 

“Restrictive and Protective Provisions Regarding Personal Data Processing Conditions”

Legal grounds regarding the processing of personal data are limited by the following principles:

  • The processing of health data can only be carried out within the scope of medical diagnostic and treatment services conducted by the physician who is under an obligation of confidentiality; going outside this scope is not permitted.

  • The processing of identity and contact information is limited to situations mandatory for the establishment and performance of the contract; it cannot be used for purposes outside the service.

  • Notifications to be made to public institutions and organizations are kept limited strict to data requested by legal obligation; out-of-scope data transfer is not conducted.

  • Data processed within the scope of legitimate interest (e.g., camera recordings) is evaluated to the extent that fundamental rights and freedoms are not harmed, and processing for other purposes is not conducted.

  • Data processing activities based on explicit consent are carried out strictly in situations that are not a mandatory element of the medical service; withholding consent does not prevent the provision of the service.

  • Visual usage for social media or promotional purposes can be processed strictly in the event that clear and specific consent is given; if this consent is not given, the physician shall not share it in any way.

  • The use of foreign-sourced messaging and communication applications occurs in line with the patient's conscious preference; the Clinic cannot be held responsible for the applications' foreign server policies.

  • Explicit consent is valid strictly limited to the specific transaction requiring consent; it cannot bear the quality of a general and unlimited consent.

  • Explicit consent withdrawn by the patient produces results strictly prospectively (forward-looking); data processed lawfully in the past period is not affected by this.

  • Data processed for use in legal processes may be stored strictly to the extent required by the freedom to claim rights and is not transferred to third parties.

 

6. TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the following persons and institutions in accordance with the conditions specified in Articles 8 and 9 of the KVKK, for the purposes of conducting medical diagnostic and treatment services, fulfilling legal obligations, and managing operational processes, provided that necessary confidentiality agreements are signed and data security measures are taken:

  • Official Institutions and Organizations: Ministry of Health, Provincial/District Health Directorates, Social Security Institution (SGK), General Directorate of Civil Registration and Citizenship Affairs, TÄ°TCK (Turkish Medicines and Medical Devices Agency), judicial authorities (courts, prosecutors' offices), enforcement offices, notaries, and other legally authorized public institutions.

  • Healthcare Stakeholders: Other specialist physicians for consultation (second opinion) purposes, laboratories where medical tests are performed, imaging centers, medical firms supplying medical devices/prostheses, and private hospitals/health institutions referred to when necessary.

  • Suppliers and Business Partners: Certified Public Accountants managing the Clinic's financial processes, law firms/lawyers following legal processes.

  • Technical Infrastructure Providers: "Clinical Management System" software providers where patient records are kept, technology firms providing database (server) services, IT (Information Technologies) support experts.

  • Communication Service Providers: SMS and email sending firms whose services are used for the purpose of sending you appointment reminders or (if you have approved) information.

  • Foreign-Sourced Platforms (Optional): If you prefer to use platforms whose servers are located abroad (WhatsApp, Zoom, Google, Instagram, etc.) for communication and data sharing; your data will have been transferred to the servers of these platforms abroad within the framework of the relevant application’s own user agreement and privacy policies.

 

“Restrictive Provisions Regarding Transfer of Personal Data”

The transfer of personal data is realized in the direction of the following limitations and security principles:

  • Data transfers to be made to public institutions are limited strictly to the legally mandatory dataset; no data exceeding the scope of the request is shared.

  • Information that may be transferred to other physicians for consultation purposes is limited strictly to data necessary for medical evaluation; excess is not shared or stored.

  • Transfer to laboratories, imaging centers, or medical firms is limited strictly to technical data mandatory for the execution of the service.

  • Transfers made to the financial advisor or accounting unit for the management of financial processes are limited to mandatory fiscal documents.

  • Data sharing made to lawyers for the tracking of legal processes covers data strictly limited to the relevant dispute; information not falling within the scope is not transferred.

  • Contact information transferred to SMS and email sending firms is used strictly for appointment and informational purposes; separate explicit consent is mandatory for sending commercial messages.

  • The transfer of data to the foreign servers of social media and communication applications preferred by the patient occurs in line with the patient's explicit consent or conscious preference; the Clinic cannot be held responsible for risks arising from the application's infrastructure.

  • The transfer of data to third parties domestically or abroad does not in any way create an automatic or unlimited authority; every transfer is evaluated strictly based on the relevant purpose.

  • Information sharing to be made to patient relatives is limited strictly to persons indicated by the patient's written or explicit consent; all other requests are rejected.

  • The data processing activities of persons and institutions to whom data is transferred are under their own legal responsibilities, and the Clinic is not responsible for data breaches by these persons and institutions.

 

7. PERSONAL DATA RETENTION PERIOD

Your personal data will be stored for the durations foreseen in relevant legislation or required by the processing purpose. When the periods determined in legislation expire or the processing purpose ceases to exist, your data will be destroyed. The retention periods in our Clinic are as follows:

  • Health Data, Identity, and Contact Information: 20 Years from the termination of service (Legal and medical retention period).

  • Medical Photograph and Video Recordings: 20 Years from the termination of service.

  • Financial Data (Invoice etc.): 5 Years from the termination of service (Pursuant to Tax Procedure Law).

  • CCTV (Camera) Recordings: Automatically deleted within a reasonable time from the recording date (usually 1-2 months).

 

“Restrictive and Assurance-Providing Provisions Regarding Retention of Personal Data”

The retention of personal data is carried out within the framework of the following principles:

  • Health data and medical records cannot be deleted before the minimum retention period mandated in legislation expires; therefore, destruction or deletion cannot be done upon patient request.

  • The retention period is limited strictly to medical record-keeping obligations, legal obligations, and obligations for purposes of proof; data outside this scope is not stored.

  • Medical photos and videos are stored strictly as part of the patient file; separate explicit consent is required to store them for promotional purposes.

  • Financial records are stored strictly for the period mandated by the Tax Procedure Law; they are automatically destroyed at the end of this period.

  • Camera recordings are kept strictly for security purposes and are automatically deleted when their legal period expires; they cannot be stored for other purposes.

  • Traffic log records are maintained strictly as much as mandatory within the scope of Law No. 5651; content data is not stored.

  • When retention periods expire, data is destroyed in a manner that cannot be re-accessed; archiving or passive storage is not conducted.

  • In digital systems where data is stored, access to data exceeding the retention period is automatically blocked; it is not possible to provide access manually.

  • Retention periods of data transmitted via applications located on foreign servers are subject to the application's own privacy policy; the Clinic cannot be held responsible for storage in these external systems.

  • Retention periods cannot be extended spontaneously unless there is a medical, legal, or financial obligation; an independent legal justification is required for retention extension.

 

8. RIGHTS OF THE DATA SUBJECT

As a personal data owner, you have the following rights pursuant to Article 11 of the KVKK:

  • To learn whether your personal data is processed,

  • If your personal data has been processed, to request information regarding this,

  • To learn the purpose of processing personal data and whether they are used appropriately for their purpose,

  • To know the third parties to whom personal data is transferred domestically or abroad,

  • To request correction of personal data if it is incomplete or incorrectly processed,

  • To request the deletion or destruction of personal data within the framework of conditions foreseen in KVKK legislation,

  • To request that correction, deletion, and destruction operations be notified to third parties to whom personal data has been transferred,

  • To object to the emergence of a result against you exclusively through the analysis of processed data via automated systems,

  • To demand compensation for damages in the event that you suffer damage due to the unlawful processing of personal data.

 

“Limits and Application Principles Regarding Use of Data Subject's Rights”

The use of the data subject's rights within the scope of KVKK is evaluated with the following principles:

  • Deletion or destruction requests cannot be fulfilled as long as medical record-keeping and storage obligations continue; medical records cannot be deleted upon patient request.

  • Information requested for correction can be changed strictly with a current and verifiable document presented by the patient; unverified declarations are not processed.

  • Objections regarding whether data processing activity is suitable for its purpose are evaluated strictly within the scope of medical processes defined in legislation; the right to object for transactions bearing medical necessity is limited.

  • Data access requests are strictly limited to the person's own data; requests from family members, partners, or third parties are not processed.

  • Medical photos, videos, assay results, and the physician's professional evaluations can be shared with the relevant person only after identity verification is done.

  • Although a right to object exists for data analyses made with automated systems, clinical decisions requiring medical necessity are outside this scope.

  • If the data processing activity is based on legal obligations (e.g., Ministry of Health notifications), the deletion, correction, or blocking of transfer of these records cannot be requested.

  • Data transfer to third parties (patient relative, spouse, parent, etc.) is limited strictly to persons the relevant person has indicated with explicit consent; requests outside of consent are rejected.

  • Requests regarding the use of rights can be made strictly via communication channels previously notified to the Clinic and verified; requests coming from different channels are not processed due to security reasons.

  • Applications regarding the use of rights are evaluated according to the nature of the request, and requests that cannot be fulfilled due to legal limitations may be rejected along with their justification.

 

9. APPLICATION TO THE DATA CONTROLLER

To use your rights stated above, you may transmit your requests to us:

In writing, using a Registered Electronic Mail (KEP) address, secure electronic signature, mobile signature, or the electronic mail address you have previously notified to our Clinic and which is registered in our system.

Your application must contain the following information: Name, Surname, T.C. ID No (Passport No for foreigners), Residence Address for Notification, Mobile Phone, Email, and Subject of Request.

Your applications will be concluded free of charge as soon as possible depending on the nature of the request and within 30 days at the latest.

“Procedure and Security Principles of Applications to Data Controller”

Applications made by the data subject to the data controller are evaluated within the framework of the following security and procedural rules:

  • Applications are processed only if transmitted by persons whose identity verification can be fully done; requests whose identity cannot be verified are rejected due to security reasons.

  • Data requests, correction, or deletion applications are accepted strictly via communication channels previously notified to the Clinic and registered in the system; requests made from different email addresses or lines belonging to third parties are not processed.

  • In case of deficiency, contradiction, or unverified information in application documents, the request is not processed until completed.

  • In applications made on behalf of the patient, the proxy's authority can only be verified with a notary-approved power of attorney; verbal or written declarations are not accepted as sufficient.

  • If the applicant's request conflicts with legal storage obligations, medical record-keeping obligations, or obligations to notify public institutions, it cannot be fulfilled.

  • Requests made by third parties (spouse, partner, friend, family member, etc.) can be met only with the relevant person's written explicit consent; otherwise, data sharing is not conducted.

  • Although the response time for applications is 30 days pursuant to KVKK, if additional examination is required due to the nature of the request, the time may be extended by informing the patient.

  • Additional documents and information transmitted during the application are processed strictly for the purpose of evaluating the application; they are not used or stored apart from this.

  • Responses to applications are transmitted strictly via communication channels private to the applicant to ensure data security; they are not shared with third parties.

  • Legal and administrative responsibility arising from applications made by making incorrect, misleading, or untruthful declarations belongs to the applicant.

ADDITIONAL CLAUSES

  • The Clinic and Physician are not responsible for consequences that may arise due to the patient's failure to comply with medical instructions, providing incorrect or incomplete information, or failing to adhere to suggested control and follow-up processes.

  • The Physician cannot be held responsible for shares, comments made by the patient on social media platforms, or information transferred to third parties by their own initiative.

  • Photo, video, or message content sent by the patient does not hold the quality of medical records; the Clinic is not responsible for evaluation differences that may arise due to the accuracy, light/quality insufficiency, or technical conditions of this content.

  • The Clinic and Physician are not responsible for technical malfunctions, access interruptions, cyber-attacks, or platform-sourced data breaches that may occur in software, servers, platforms, or communication tools.

  • All professional evaluations of the Physician are based strictly on medical findings; the Clinic is not responsible for dissatisfactions that may form depending on the patient's expectations, personal interpretations, or subjective evaluations.

  • Withdrawal of explicit consent produces results only prospectively; the Physician bears no responsibility for data processed and shares made lawfully during the period the consent was in effect.

  • Health professionals and health institutions communicated with for consultation purposes are independent data controllers; the Clinic is not responsible for data processing activities carried out by these persons or institutions.

  • The Clinic is not responsible for consequences that may arise from administrative, legal, or non-medical requests falling outside the scope of medical service.

  • The Clinic cannot be held responsible for delays, technical malfunctions, or transmission interruptions that may be experienced in electronic communication channels (SMS, WhatsApp, email, etc.); these channels cannot be used for emergency notifications.

  • The Clinic does not record audio; it is unlawful for the patient to make audio/video recordings secretly or without permission with their own device, and these recordings do not hold the quality of valid evidence.

  • Visuals for social media and promotional purposes are processed strictly within the scope of explicit consent; as long as explicit consent does not exist, no visual can be used for promotional or informational purposes.

  • Data processed on foreign servers of social media, messaging, and video call applications are subject to the infrastructure and privacy policies of the relevant platforms; the Clinic is not responsible for data processing activities realized in this scope.

  • Information transfer to third parties is limited strictly to persons the patient has explicitly indicated in writing; if the relevant section is left blank, no information is given to any person outside of legal obligations.

  • The patient is personally responsible for the accuracy and currency of documents transmitted by the patient; the Clinic is not responsible for consequences that may arise due to relying on incorrect or old documents.

  • Traffic log records are kept strictly within the scope of Law No. 5651; the Clinic cannot be held responsible for consequences in terms of content or activity of transactions made via internet access.

  • The copying, screenshotting, re-sharing, or distribution by third parties of visuals contained in promotional or informational shares cannot be prevented by the Clinic; the Physician is not responsible for these situations.

  • Changes in the resolution, presentation style, cropping, or visibility of visuals due to automatic algorithms of social media platforms are not under the Clinic's control, and the Physician cannot be held responsible for these changes.

  • Photos and videos sent by the patient via social media or messaging applications are strictly for communication purposes; medical evaluation is made strictly based on images taken by the physician during the examination.

  • Information transfer to a patient relative is limited strictly to persons the patient has indicated with an explicit written declaration; otherwise, information is given to no one.

  • All legal responsibility arising from shares made by the patient on social media platforms regarding the physician or clinic belongs to the patient.

 

(Please write "I have read, understood, and approve" in your own handwriting in the area below and sign.)

Handwritten Declaration: ........................................................................................................................................

.......................................................................................................................................................

DATE: ..... / ..... / 20..... SIGNATURE:

 

 

 

EXPLICIT CONSENT AND COMMERCIAL ELECTRONIC MESSAGE APPROVAL DECLARATION

 

PATIENT NAME SURNAME: ................................................................. T.C. IDENTITY/PASSPORT NO: .................................................................

 

I have read and understood the “KVKK Clarification Text” presented to me. I have been informed verbally and in writing regarding all matters related to the processing of my personal data.

I determine the following preferences with my own free will.

1. EXPLICIT CONSENT REGARDING SHARING VISUAL RECORDS ON SOCIAL MEDIA

1.1 – Visuals sent by the patient to the physician

I know that sending photograph and video content taken with my own device and shared with the physician or clinic bears the quality of an explicit consent declaration for the use of these visuals for promotional and informational purposes.

I permit the visuals I have sent to be used anonymized to the extent the physician sees fit, or un-anonymized upon my open request.

If I want my visuals to be used strictly within the scope of the medical process, I accept that I am obligated to notify the physician of this in writing.

Preference:

[ ] I GIVE EXPLICIT CONSENT FOR THE SHARING OF VISUALS I SEND

[ ] I WANT MY VISUALS TO BE USED ONLY FOR MEDICAL PURPOSES

1.2 – Medical procedure visuals taken by the physician

Regarding photographs and video recordings taken by the physician before, during, or after the medical procedure;

  • being used anonymized or in a manner that may show my identity due to medical necessity:

  • On Clinic social media accounts,

  • On the corporate website and in promotional/informational materials,

  • In educational presentations,

My consent is below:

Preference:

[ ] I ACCEPT

[ ] I DO NOT ACCEPT

1.3 – MANDATORY ARTICLES ADDED PURSUANT TO THE NEW REGULATION

I declare that I have read and accepted all of the following provisions:

  • I have the right to see the visual before sharing. “Visual content belonging to me will be shown to me before sharing, and I have the right to stop the sharing or withdraw it at any time I wish.”

  • Not giving consent has no effect on the medical procedure. “I know that not giving consent for visual sharing will not create any change in my diagnosis or treatment process.”

  • Filters / manipulation cannot be done on visuals. “Filters, retouching, corrections, or alterations that change the result will not be made on shared visuals.”

  • Before–after visuals are taken under the same technical conditions. “Before–after records will be created under the same light, angle, distance, and image conditions.”

  • Comments / likes / re-sharing are closed. “Comment making, like, and re-share features will be turned off in shared content.”

  • Surgery moment footage is not shared. “I know that images taken during the surgery or procedure will not be shared under any circumstances.”

  • Visuals containing intimate areas cannot be shared anyway. “Images contrary to general morality rules or containing my intimate regions are outside the scope of sharing.”

  • If quotation visuals are used, the source is indicated. “If non-medical quotation visuals are used, the visual source will be clearly indicated.”

 

2. FOREIGN-SOURCED COMMUNICATION CHANNELS (EXPLICIT CONSENT)

I accept that I use communication channels whose servers are located abroad such as WhatsApp, FaceTime, Instagram DM, Zoom, Skype, Gmail, Hotmail, etc. of my own volition; and that I know data transferred via these means (including visuals) will be transferred abroad.

Preference:

[ ] I ACCEPT

[ ] I DO NOT ACCEPT

3. COMMERCIAL ELECTRONIC MESSAGE APPROVAL (ETK)

My preference regarding receiving messages via SMS/Email/Call from the Clinic for the purposes of campaigns, announcements, special day celebrations, and information:

Preference:

[ ] I ACCEPT

[ ] I DO NOT ACCEPT

4. PATIENT RELATIVES WITH WHOM INFORMATION WILL BE SHARED (EXPLICIT CONSENT)

I permit information regarding my medical processes to be given to the persons I have specified below:

Name – Surname / Degree of Closeness: ................................................

Name – Surname / Degree of Closeness: ................................................

(If left blank, information will not be given to anyone outside of legal obligations.)

5. DECLARATION AND SIGNATURE

I accept and declare that I have read and understood the Clarification Text; I give my explicit consent with my free will, I can withdraw my consent whenever I wish; withdrawal will only produce results prospectively; and the physician cannot be held responsible for transactions made during the time consent was active.

Please write “I have read, understood, and approve” in your own handwriting in the area below and sign.

Handwritten declaration:..................................................................................................................................................................

Date: .... / .... / 20.... Signature: ............................................................

Follow us

  • Facebook - White Circle
realself button

​© 2018 by Op Dr Kamran Efendioglu

bottom of page