This Clarification Text, pursuant to Article 10 of the Personal Data Protection Law No. 6698 (“KVK Law”) titled “Information Obligation of the Data Controller” and under the scope of the KVK Law, has been prepared by the TR Ministry of Health (Ministry) to inform users who will create an insurance code over the e-Nabız System and who can access the health data in the e-Nabız System by insurance companies, about personal health data and the sharing of these data. The central address of the Ministry, which has the title of data controller in accordance with the KVK Law, is “Bilkent Yerleşkesi, Üniversitesiler Mah. Dumlupinar Bulvari 6001. Cad. No: 9 Çankaya/Ankara 06800”.
Identity of Data Controller
In terms of your personal data processed in e-Nabız, the data controller is the TR Ministry of Health.
Purposes of Processing Personal Data
In this application, your personal data listed below are processed for the following purposes:
- ID data: Your identity information is processed for the purpose of verifying your identity, executing/supervising/analyzing/monitoring health care processes.
- Contact data Your contact information is processed for the purpose of executing emergency management processes, conducting communication activities for health services, executing medical diagnosis, treatment and care services, executing/supervising/analyzing/monitoring health care processes.
- Criminal conviction and security measures data: If you have prison history information, this information is processed for the purpose of conducting medical diagnosis, treatment and care services, planning/managing health services, executing/supervising/analyzing/reporting/monitoring healthcare processes.
- Transection safety data: Your transaction security information is processed for the purpose of executing information security processes and executing access authorizations.
- Personnel data: Your personal information is processed for the purpose of carrying out emergency management processes, carrying out medical diagnosis, treatment and care services, executing/supervising/analyzing/reporting/monitoring healthcare processes.
- Finance data: Your financial information is processed for the purpose of executing activities in accordance with the legislation, increasing the efficiency of public finance, executing/supervising business activities, executing health service processes, and carrying out finance and accounting works.
- Location data: Your location information is processed for the purpose of executing emergency management processes, executing medical diagnosis, treatment and care services, executing communication activities, and executing health service processes.
- Health data: Healthcare data is processed for executing/supervising/analyzing/reporting/monitoring healthcare-related activities, to perform medical diagnosis, treatment and caring services, to carry out public financial management, to perform/plan/manage the process of healthcare services and perform healthcare notices via SMS, push notification, e-mail, etc.
Professional experience data
Your professional information is processed for the purpose of ensuring business continuity, carrying out medical diagnosis, treatment and care services, and carrying out health service processes.
- Visual and audio data: Your photo related to your health problem and your photo added in the profile are processed for the purpose of ensuring business continuity, carrying out medical diagnosis, treatment and care services, and carrying out health service processes.
Transfer of Personal Data
In case you receive services from private health institutions that provide health services, your personal data in e-Nabız may be made available to the relevant physician(s) in line with your current security preferences within the scope of the third paragraph of Article 6 of the KVK Law. If you receive intensive care or emergency health care, the data in your e-Nabız account may be made available to the relevant physician, as your condition may be life-threatening. In addition, if the cost of the health service you have received will be covered by the Social Security Institution, your personal data will be collected and can be made available to the TR Social Security Institution. The exemption clauses in the first paragraph of Article 28 of the KVK Law are reserved.
Patient Tracking Screens
In case you request that your name and surname be masked (Ex: Ay*** Ün***) on the patient follow-up and outpatient clinic call screens where the examination order is followed in health facilities, in the Profile Edit section on the e-Nabız profile, you can check the option "I prefer my name and surname to be hidden with asterisk on the patient follow-up and outpatient call screens in healthcare institutions. I don't want my name and surname to be stated clearly"
After entering your Turkish identity number and e-Nabız password during your login to the e-Nabız profile, a password can be sent via text message (SMS) to the phone number originally registered in your profile and you have the opportunity to activate this feature in the Profile Editing area of your e-Nabız profile.
Method and Legal Reason for Personal Data Collection
Your personal data is obtained automatically via the e-Nabız System or by your manual addition of information such as height and weight to your profile. Your personal data is processed by authorized persons or authorized institutions/organizations that are under the obligation of secrecy for the purpose of carrying out treatment and care services, planning and managing health services and financing; pursuant to the legal reasons of KVK Law article 5, pharagraph 2, subparagraph (a) "explicitly stipulated in the laws" and subpharagraph (ç) “It is obligatory for the data controller to fulfill its legal obligation” and the 3rd pharagraph of article 6 public health protection, preventive medicine, medical diagnosis.
Rights of Relevant Persons and Application to Data Controller
e-Nabız users can exercise their rights set forth in Article 11 of the KVK Law by applying to the Ministry within the framework of the provisions of Article 13 of the KVK Law and the Communiqué on the Procedures and Principles of Application to the Data Controller. Written applications to be made pursuant to Article 13 of the KVK Law shall be sent to the address "T.R. Ministry of Health, Üniversitesiler Mahallesi, 6001. Street, No:9, Çankaya, Ankara"; Applications to be made via Registered Electronic Mail (KEP) should be sent to "email@example.com".