3. PERSONAL DATA PROCESSING

3.1. Personal Data Categories and Purpose of Processing

In strict adherence to the conditions outlined in Articles 5 and 6 of the PDP Law, Hun Health International Travel processes personal data for clearly defined purposes. These purposes are registered within the Turkish Data Controllers Information System (VERBIS) and align with the foundational principles delineated in Article 4 of the PDP Law and Article 5 of the GDPR. This comprehensive approach ensures that all personal data handling is transparent and legally compliant. Hun Health International Travel provides detailed explanations of the data processing categories and objectives through disclosure texts in accordance with Article 10 of the PDP Law and Article 13 of the GDPR, along with the relevant secondary legislation.

3.2. Personal Data Collection Method

Hun Health International Travel employs both electronic and physical methods for collecting personal data, ensuring each method complies with the legal frameworks established by the PDP Law and our own Personal Data Protection Policy. This dual approach facilitates a robust data collection process that respects legal boundaries and ethical standards. Moreover, when obtaining personal data from third parties, Hun Health International Travel only does so through stringent data protection/transfer agreements, strictly limiting the scope of data collection to what is necessary for our operational needs. Additionally, the company takes rigorous measures to safeguard the integrity and security of the data collected.

3.3. Relevant Party Disclosure

Hun Health International Travel commits to full transparency during the data collection process. In accordance with Article 10 of the PDP Law and Article 13 of the GDPR, we inform data subjects about the identity of the data controller, the methods used for data collection, the legal grounds for data processing, the purposes for which the data is processed, the recipients of the data, and the rights of the data subjects. This disclosure ensures that all parties are fully aware of how their personal data is being handled.

3.4. Basic Principles Regarding Personal Data Processing

Hun Health International Travel adheres to the ‘General Principles’ mandated by Article 4 of the PDP Law and Article 5 of the GDPR, which dictate that all personal data processing activities must be conducted with the utmost legal and ethical rigor.

3.4.1. Processing in Compliance with Law and Good Faith

Our data management practices are grounded in legality, ethical conduct, and good faith. Hun Health International Travel strives for transparency in all data processing activities, takes into account the reasonable expectations of data subjects, and aims to prevent any outcomes that could not be anticipated by those subjects.

3.4.2. Ensuring Accuracy and Actuality of Personal Data

Hun Health International Travel processes personal data exactly as it is declared by the data subjects. While the company is not required to verify the accuracy of data provided by the data subjects, it does take reasonable steps to keep the data accurate and up-to-date. Should any changes to the personal data be reported to us, we promptly adjust our records to reflect these updates.

3.4.3. Processing for Clear, Explicit, and Legal Objectives

We clearly and explicitly state the lawful purposes for which personal data will be processed before any data collection begins, ensuring that the processing is directly related to and necessary for the services and products provided by Hun Health International Travel.

3.4.4. Relevance, Boundedness and Temperance with Purpose of Processing

Personal data is processed strictly in line with the purposes outlined by Hun Health International Travel and communicated to the data subjects. The processing is confined and proportionate to the objectives sought, maintaining a balance between the goals of data processing and the rights of the individuals.

3.4.5. Storage as Required and Envisaged by the Respective Legislation

Hun Health International Travel stores personal data as mandated by law and only for the duration necessary to fulfill the purposes of processing. Once these purposes are no longer applicable, or the legally prescribed period expires, the data is either deleted, destroyed, or anonymized. Our storage, disposal, and data management policies are rigorously aligned with legal requirements and the principles of data protection.

3.5. Conditions of Personal Data Processing

3.5.1. Explicit Consent of the Relevant Party

This provision pertains to situations where explicit consent from the relevant party concerning a specific matter, provided with full information and voluntarily, is obtainable. The explicit consent acquired from the relevant party is securely retained by Hun Health International Travel in a manner verifiable until the duration mandated by PDP legislation. In instances where the subsequent data processing conditions are met, personal data may be processed without necessitating explicit consent from the relevant party.

3.5.2. Explicit Consent of Relevant Party

This condition is applicable when there is a specific legal provision that mandates the processing of certain personal data. Hun Health International Travel ensures that such processing is always transparent and backed by legal authority.

3.5.3. Failure to Receive the Consent of Related Party Due to Actual Impossibility

If it becomes essential to process personal data to protect the life or physical integrity of a person who is legally or physically incapable of giving consent, Hun Health International Travel processes such data based on this legal condition, ensuring that critical health and safety interventions can be carried out without undue delay.

3.5.4. Direct Relevance with Execution or Performance of an Agreement

When processing personal data is directly related to the execution or fulfillment of a contract to which the data subject is a party, Hun Health International Travel processes this data to adequately perform contractual obligations, enhancing the efficiency and effectiveness of our contractual engagements.

3.5.5. Data Controller Requirement to Fulfil Legal Liability

Hun Health International Travel processes personal data as required to comply with legal obligations, ensuring that all data handling practices conform to applicable laws and regulations, thereby maintaining high standards of legal compliance.

3.5.6. Disclosure of Personal Data by the Relevant Party

When a data subject has voluntarily made their personal data public, Hun Health International Travel processes this data strictly within the limits of the purposes for which the data was disclosed, respecting the data subject’s intentions and privacy.

3.5.7. Compulsory Data Processing to Establish, Use or Protect a Right

If it is necessary to process personal data to establish, exercise, or defend a legal right, Hun Health International Travel undertakes this processing based on the legal necessity to protect such rights, ensuring that all actions are justified and transparent.

3.5.8. Compulsory Data Processing for Legal Interests of Data Controller

When processing is necessary for the legitimate interests of Hun Health International Travel, such as for operational purposes or to improve services, while ensuring that such processing does not override the fundamental rights and freedoms of the data subjects.

3.6. Processing Special Category of Data

3.6.1. Availability of Explicit Consent of the Relevant Party.

Explicit consent is obtained and maintained in a verifiable manner, adhering strictly to PDP legislation, providing a clear, informed basis for processing sensitive data categories.

3.6.2. Requirement by Law the Processing of Special Category of Personal Data Other Than Health and Sexual Life.

Where the law specifically requires the processing of special categories of personal data for reasons other than health and sexual life, Hun Health International Travel complies with these legal mandates, ensuring that all necessary legal and protective measures are in place.

3.6.3. Processing the Data Regarding Health and Sexual Life to Protect Public Health, Carry Out Preventive Medicine, Medical Diagnosis, Treatment, and Care Services, and Plan and Manage Health Services and Financing of Such Services by the Parties Under Confidentiality Obligation.

Hun Health International Travel processes data related to health and sexual life under stringent conditions, solely for the purposes of protecting public health, providing medical care, and managing healthcare services, all conducted under strict confidentiality to ensure the privacy and dignity of individuals.

3.7. Transfer of Personal Data

3.7.1. Domestic Transfer of Data

Hun Health International Travel transfers personal data, including special categories of data as outlined under Article 8 of the PDP Law, for the specified purposes stated during the data subject disclosure. This transfer encompasses both real and legal third parties, authorized institutions, and organizations, and is meticulously carried out under stringent administrative and technical measures. The specific recipient groups involved in these transfers are detailed in the VERBIS application. Hun Health International Travel adheres strictly to legal requirements in all data transfer activities, ensuring that data is transferred only to the extent necessary for business operations and existing contractual relationships. All third-party data recipients, acting as data processors, are comprehensively governed by data transfer contracts aligned with data security protocols.

3.7.2. Overseas Transfer of Data

Hun Health International Travel may transfer personal data internationally in accordance with the stipulations of Article 9 of the PDP Law and Articles 44 to 48 of the GDPR, always ensuring that necessary administrative and technical measures are in place. Such transfers occur only under one of the following conditions:

3.7.2.1.

To countries recognized by the Board as having adequate protection.

3.7.2.2.

In the absence of adequate protection in the receiving country, transfers can occur without the explicit consent of the data subject if there are sufficient protection guarantees in writing between data controllers in Turkey and the foreign country, and with the approval of the Board.

3.7.2.3.

If neither of the above conditions is met, personal data can be transferred internationally only with the explicit consent of the data subject.
Under these conditions, Hun Health International Travel may transfer personal data to information and archive companies, cloud service providers for enhancing data security, and for infrastructure needs of corporate electronic communication channels. Data may also be transferred to foreign platforms and applications essential for service delivery through immediate messaging or online communication channels, and to foreign suppliers for procuring goods and services necessary for business operations.

3.8. Storage and Destruction of Personal Data

As the data controller, Hun Health International Travel has established specific storage times, disposal periods, and the associated technical and administrative measures within the Personal Data Storage and Disposal Policy. These periods are meticulously cataloged for each category of personal data in the VERBIS system. Hun Health International Travel acknowledges its obligation to store personal data in accordance with these established principles.
In compliance with the PDP Law, personal data is retained only for the duration mandated by relevant legislation or as necessary for the purpose of processing. Upon the conclusion of these periods, personal data is systematically deleted, destroyed, or anonymized in line with the periodic destruction schedule outlined in the Policy pursuant to the Regulation on Erasure, Destruction or Anonymization of Personal Data. Additionally, certain data may be anonymized for analytical purposes. For further details, please refer to the contact information provided in this Employee PDP Policy.

3.8.1 Data Retention Schedule for Hun Health International Travel

Identity and Contact Information
Storage Period: 10 years from the end of the service provided.

Health Information
Storage Period: 1 year from the end of the service provided.

Employee and Service-Related Records
Types of Records:

• Employee Personal Registry File
• Enforcement File
• Court File Records
• Records Related to Social Security Legislation
• Records Related to Occupational Health and Safety Legislation
• Records Regarding
• Service Providers

Storage Period: 10 years from the end of the service relationship.

Other Records Retained under the Labor Law
Storage Period: 5 years from the end of the service relationship.

Financial Information
Storage Period: 5 years.

Internal Correspondence and Logs

Types of Records:

• Internal correspondence
• Email correspondence
• Log record data

Storage Period: 10 years.

Camera Records and Visitor Data
Storage Period: 1 month following the end of the activity.

Photo, Video, and Audio Recordings
Storage Period: 2 years.

4. PERSONAL DATA PROTECTION

Hun Health International Travel implements robust technical and administrative measures to ensure the lawful processing of personal data, taking into account the latest technological advancements and cost-effectiveness. These measures are meticulously applied, especially concerning the protection of special categories of personal data. They are regularly audited at the highest levels within the organization, and detailed records of these measures are maintained in the VERBIS system.
The organization has established comprehensive safety protocols to ensure that personal data are processed solely for the purposes outlined in the VERBIS system, and to mitigate risks such as malicious use, unauthorized access, transfer, destruction, or alteration of personal data. These security protocols extend to the transfer of personal data to countries that may not offer an adequate level of protection, ensuring that all data handling complies with stringent safety standards.
Personal data is treated with the utmost confidentiality at Hun Health International Travel. Access to personal data is strictly limited to authorized personnel within the organization. This controlled access is supported by rigorously maintained software standards and careful selection of third parties who must adhere to our Personal Data Protection Policy.
In the unlikely event that personal data are compromised or accessed by unauthorized third parties due to cyber-attacks on our platforms or systems, despite our stringent data safety measures, Hun Health International Travel takes swift action to address the breach. We aim to minimize any potential damage to the affected parties, promptly inform them and the Personal Data Protection Board about the breach, and implement necessary measures to prevent future occurrences.

5. THE RIGHTS OF RELATED PARTIES ON PERSONAL DATA AND EXERCISE OF SUCH RIGHTS

5.1. The Rights of Related Parties

In accordance with the Constitution of the Republic of Turkey and data protection laws, every individual has the right to protect their personal data. These rights are extensively outlined in Article 11 of the PDP Law and Articles 12 to 23 of the GDPR, enabling individuals to:
1. Confirm whether their personal data is being processed.
2. Obtain detailed information about the processing activities.
3. Understand the sources of their personal data if the data were not collected from them.
4. Learn the purposes for processing their personal data and verify whether the data are used appropriately for these purposes.
5. Understand the categories of personal data being processed.
6. Know which recipients or categories of recipients have access to their personal data.
7. Be informed of the intended duration of personal data storage.
8. Be aware of both domestic and international transfers of their personal data.
9. Request corrections to their personal data if they are inaccurately or incompletely processed.
10. Demand the deletion or disposal of their personal data under the conditions outlined in Article 7 of PDP Law and Article 17 of GDPR.
11. Seek restrictions on processing their personal data as per Article 18 of GDPR.
12. Request a copy of their personal data in a structured, commonly used, and machine-readable format and transmit those data to another controller without hindrance, as stipulated in Article 20 of GDPR.
13. Ensure that third parties involved in processing are notified of any corrections, deletions, or restrictions on their personal data.
14. Object to decisions based solely on automated data processing that affect them adversely, as defined in Article 22 of GDPR.
15. Seek compensation for damages resulting from the processing of their personal data in violation of the PDP Law or GDPR.
16. File a complaint with the appropriate supervisory authority.

5.2. Exercising the Rights of the Related Parties

Individuals may exercise the aforementioned rights by submitting their requests to Hun Health International Travel’s registered electronic mail (REM) address through secure electronic signature, mobile signature, or an email address previously provided to and registered by the Company. Requests can also be submitted using the ‘Data Subject Application Form’ available on Hun Health International Travel’s website. These requests must include:
1. The individual’s name, surname, and signature if the application is written.
2. T.R identity number for Turkish citizens, or nationality, passport number, or any other identity number for foreigners.
3. A contact address or workplace address.
4. An email address for notifications, along with a telephone and fax number.
5. A clear description of the request.
6. Relevant documents or data pertaining to the request.
7. It is crucial that applications are submitted in Turkish unless otherwise specified. If third parties are acting on behalf of an individual, a notarized power of attorney must be provided.

5.3. Evaluating and Replying to the Applications of the Related Parties

As stipulated in this policy, Hun Health International Travel will respond to these requests as swiftly as possible, and no later than 30 (thirty) days from the date of receipt, in accordance with the nature of the request and free of charge. Should the processing of the request incur additional costs, Hun Health International Travel reserves the right to charge a fee as specified by the tariff approved by the Board.
For written applications, the date of receipt is considered the date on which the document is officially received by the data controller or their representative. For other methods, it is the date on which the application is received by the data controller.

6. RELEVANCE OF PDP POLICY WITH OTHER POLICIES

Hun Health International Travel maintains a comprehensive suite of policies aimed at safeguarding personal data. These policies articulate the principles and practices established for data protection and are publicly disclosed to ensure transparency. Each of these policies is interlinked, forming a cohesive framework that supports and reinforces the others. Through this integrated approach, Hun Health International Travel strives to enhance transparency and accountability, ensuring that all stakeholders are well-informed about the measures taken to protect personal data.

7. ENFORCEMENT OF PDP POLICY AND AMENDMENTS TO THE POLICY

The Personal Data Protection (PDP) Policy of Hun Health International Travel is officially published on our website and becomes effective immediately upon publication. Hun Health International Travel reserves the right to modify this PDP Policy at any time. Amendments to the policy take effect from the date they are published on the website, ensuring that the most current and applicable standards and practices are in operation.

8. CONTACT US

For any inquiries related to this PDP Policy, our data processing practices, or if you wish to exercise your rights as defined under this policy, Hun Health International Travel encourages you to reach out through one of the following methods:
ÖZÇELİK GLOBAL SAĞLIK VE TURİZM HİZMETLERİ TİCARET LİMİTED ŞİRKETİ “ HUN HEALTH INTERNATIONAL TRAVEL ”

Address: Cevizli Mahallesi, Saraylar Caddesi, Dap Vazo Kule Ofis (No: 6), C Blok, Daire No : 74 Maltepe/İstanbul 34844
Telephone: +90 (850) 640 04 86 / +44 7458 164860
Email: info@hunhealthtourism.com
REM Address: ozcelikglobal@hs03.kep.tr
Tax Office: Kartal Tax Office
Tax Number: 6730614559
Commercial Registry Number: 450076-5
These contact channels are monitored regularly to ensure responsive and effective communication. Hun Health International Travels team is committed to addressing your questions and concerns about data privacy and to assist you in exercising your rights under this policy.