Personal data protection notice

As Medila Health Group, we attach importance to the protection of personal data. This notice explains how your personal data is collected, for which purposes it is processed, which legal grounds apply and what rights you have under Turkish personal data protection law.

Medila processes personal data obtained through health and care services, digital touchpoints, communication channels and job application processes in accordance with Law No. 6698 on the Protection of Personal Data and relevant healthcare legislation.

Depending on the nature of the service, identity, contact, appointment, transaction security, financial transaction, healthcare service, insurance, request and complaint, camera recording, digital transaction and job application data may be processed.

Health data is special category personal data and is processed only to the extent permitted by applicable legislation for service delivery and fulfillment of legal obligations.

Personal data is processed to plan health and care services, manage appointments and requests, verify identity, protect public health, conduct financial processes, manage quality and satisfaction processes, perform legal reporting, archive records and ensure information security.

Processing activities may rely on legal grounds such as explicit provision by law, establishment or performance of a contract, fulfillment of legal obligations, protection of public health, establishment or protection of a right, legitimate interest and explicit consent.

Your personal data may be shared only where necessary and in accordance with applicable legislation with healthcare institutions, authorized public authorities, insurance companies, payment institutions, service providers, consultants, auditors and business partners.

Data minimization, confidentiality and security principles are observed in transfer processes.

Data may be collected verbally, in writing or electronically through the website, contact forms, call center, e-mail, physical applications, healthcare service processes, online systems, security records and similar channels.

Personal data is retained for the periods required by applicable legislation or, where no period is prescribed, for a reasonable period required by the processing purpose. At the end of the period, data is deleted, destroyed or anonymized.

Under Article 11 of Law No. 6698, you have the right to learn whether your personal data is processed, request information if processed, learn the purpose of processing, know the third parties to whom data is transferred, request correction if incomplete or inaccurate, request deletion or destruction where conditions are met, object to automated analysis results and request compensation for damages.

You may submit your applications in writing through Medila communication channels together with information that identifies you. Applications are concluded as soon as possible and within thirty days at the latest depending on the nature of the request.

Medila takes the necessary administrative and technical measures to protect the confidentiality, integrity and authorized accessibility of personal data. Authorization, access control, archiving, backup and staff awareness are key parts of this security approach.