BUHARA HEALTH SERVICES JOINT STOCK COMPANY
EMPLOYEE LIGHTING TEXT

Your personal data that you share with BUHARA SAĞLIK HİZMETLERİ ANONİM ŞİRKETİ (hereinafter referred to as the "Company") is sensitively protected by our Data Controller Company. In parallel with this, your rights arising from KVKK and our Company's practices are presented to your attention in order to fulfill the obligation of disclosure within the scope of Article 10 of the Law on the Protection of Personal Data No. 6698 (hereinafter referred to as "KVKK"). This Clarification Text will be valid as of the date it is published by our Company. Our company can make changes in the Clarification Text at any time, if necessary, and the changes to be made become effective immediately after the Clarification Text is published on the website.

1. Which of your personal data are processed?

Personal data, as defined in the KVKK, means "any information relating to an identified or identifiable natural person". Special categories of personal data include data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data. With the approval of its employees, our company may obtain, record, store, store, classify personal or private personal data in whole or in part, according to the purpose of obtaining the personal data or retain it for the period stipulated by the provisions of the relevant law. In this direction, the main general and special personal data, especially the personal health data required for the execution of all medical diagnosis, examination, treatment and care services and obtained for this purpose, are listed below;

- Identity; Name-surname, TR identity number, signature, gender, gender, date of birth, photocopy of identity card, signature, mother's name, father's name, nationality, volume number for patients using old identity cards, family sequence number, place of birth, population registration sample
- Communication; Phone number, address, e-mail
- Personnel; reason for leaving the job, position, department information, job description, title, CV, SGK number, entry-exit date, premium amount, wage, number of SGK premium days, profession code, salary information, leave information, annual leave, number of rest days, overtime wage information, overtime information, payroll records, performance information, diploma information, employee satisfaction survey
- Health data; Health report, blood group, general examination report, blood group card, chest X-ray, criminal record, disability status, birth report of female employees, rest report, illness, incapacity report, test and examination results, disease history
- Family relative information; spouse, children, people to be contacted in case of emergency
- Location; working location within the hospital
- Costume information; Information received for clothing to be supplied within the hospital boundaries
- Risk management; liability insurance policy
- Finance; Iban, bank account information, salary advance, expense-subsistence information, debt information, cumulative income and tax base information, amount to be deducted, income status, family living allowance information, tax deductions, amount of deduction to be made based on the salary lien, BES deduction, from work Compensation amounts at check-out
- Visual and audio recordings; audio recording, limited to cameras located in camera recordings, photography, intercom audio recordings, patient admission units, patient hospitalization units and private insurance units
- Professional experience; Certificate, graduated university information
- Legal action; executive files, mediation files, case files, executive file information to which salary lien warrants are sent
- Transaction security; Username, ip, access details, user names and passwords in the hospital automation system and auxiliary automation systems, internal correspondence, log records
- Physical space security; closed circuit camera system images
represents such data.

In the continuation of the clarification text, it is stated for what purpose your data is processed, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data, legal reason and your rights.

Your personal data is stored in physical and digital media. All kinds of administrative and technical security measures are taken by our company for the security of your personal data.

2. For what purpose is your personal data processed?

Your personal data collected, in line with the continuation of our Company's activities, increasing the quality of service and within the conditions specified in Article 5 of the KVKK, our Company processes your personal data in a limited and measured manner in accordance with the law and honesty rules in connection with the purposes stated below:

- Fulfillment of obligations arising from employment contracts and legislation for employees
- Execution of fringe benefits and benefits processes for employees
- Work

In order to calculate the wages and fringe benefits of the employee correctly and in accordance with the legislation,
- Providing information to authorized persons, institutions and organizations
- Signing the employment contract and then creating the personnel file,
- Follow-up and execution of legal affairs
- Uploading the monthly SGK premium bonuses and days of the employees to the SGK portal, approving them and paying the resulting SGK premium amounts
- Submitting the number of company employees, gender information and disabled employee notifications to İşkur
- Notification of SSI registration for the incentive to employ disabled personnel
- Execution of relevant processes in order to receive SSI premium incentives
- Responding to information requests and documents from authorized public institutions and organizations within the legal period
- Managing payroll processes to fulfill contractual and legal obligations,
- Execution of performance evaluation processes
- Conducting human resources training processes
- Execution of assignment processes during promotion periods and in case of new employees
- Periodic health check of employees
- Execution of individual and corporate communication activities
- Planning of travel processes
- Execution of goods or services procurement processes
- Execution of supply chain management processes
- Creating a user account and defining access rights
- Execution of information security processes
- Execution of the patient's appointment request, satisfaction and after-service support processes
- Ensuring the security of wearable goods and resources during the execution of financial transactions,
- Preparation of due diligence reports in order to ensure physical space security
- Execution of finance and accounting works,
- Execution of management activities for the members of the board of directors in addition to the stated objectives
- Execution and supervision of business activities, along with the process of issuing watch schedules
- Execution of talent and career development activities
- Execution of wage policy
- Providing information to authorized persons, institutions and organizations
- Foreign Personnel Work and Residence Permit Procedures
- Receiving and Evaluating Suggestions for Improvement of Business Processes

In addition, if you give separate consent with the text of explicit consent regarding the following processes:
- Illness, pregnancy, work accident, etc. Your health information (incapacity for work) in order to be able to carry out your permit processes by processing the records showing your health status, which you will bring about your incapacity for work, to make notifications to the official authorities regarding the provision of the relevant opportunities, rights and benefits, to take / have measures related to occupational health and safety. report, pregnancy report, work accident report, hospital records)
- Your criminal record so that we can determine whether you have any criminal record,
- Your health information regarding your disabled status and proof of your disability, in order to apply to us by making use of the staff and opportunities defined in the legislation for disabled people, to be able to get a job from the disabled staff in our company, and to make monthly legal notifications regarding this,
- In the form of overseas sharing due to the fact that the supplier from whom the mail server service is received is abroad
will be processed.

It is your responsibility to inform your family members about the personal data of your family members that you will share with us and to obtain their explicit consent if necessary.

3. What is the legal reason and method of collecting your personal data in our company?

Our company, provided that it is clearly foreseen in the law, is directly related to the establishment or performance of the employment contract, the processing of your personal data is necessary, the fulfillment of legal obligations, the necessity of data processing for the establishment, use or protection of a right, harming your fundamental rights and freedoms. Your personal data, based on the legal reasons that data processing is mandatory for the legitimate interests of Bukhara and with the express consent of you; in accordance with data processing purposes; By filling in the network form, ballot box form, identity notification form, permission request form, travel form, offer form, order form, due diligence report and written forms that must be filled in later by you, even if they are not among those listed due to the nature of the work, In order to carry out its activities, it is collected through e-mails from business partners, through signed contracts and e-mails, audio recordings from phone calls you have made, written defense statements by you, legal documents and notifications belonging to you, authorized institutions and organizations, to the Company.

4. To whom and for what purpose does our company transfer your personal data?

Our company,

Your personal data collected on the basis of express consent and in accordance with the basic principles stipulated by the Law, within the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, and within the framework of security and confidentiality principles in accordance with the purposes stated below. provided that adequate precautions are taken;

- With SGK in order to fulfill the obligations arising from the legislation and to carry out the incentive processes,
- With company lawyers in order to carry out legal processes,
- With the competent authorities for use as evidence in litigation processes,
- Within the scope of informing the authorized public institutions and organizations, the number of employees and gender distribution information are notified to İş-Kur.
- With banks for salary payments within the scope of fulfillment of obligations arising from employment contracts and legislation for employees.
- To receive services from suppliers in order to benefit from SSI premium incentives,
- The information of the employee with the suppliers in order to carry out the Mandatory Automatic Enrollment (BES) transactions,
- Responding to salary liens from executive directorates,
- With our supplier from whom technical support is received for the hospital automation system for the purpose of carrying out business activities,
- Workplace physicians to examine health reports,
- With hotels, car rental companies, agencies for ticket transactions, and visa processing offices for the planning of travel processes,
- In case of termination of the employment contract, with the notice sent to the notaries,
- With authorized public institutions for the purpose of conducting audit and ethical activities,
- With the Revenue Administration and Tax Offices in order to fulfill their obligations arising from the legislation,
- With audit firms for the purpose of carrying out financial and accounting transactions,
- The necessary information for the line provided to the employee in order to inform the authorized persons, institutions and organizations, with the mobile line operators in the position of supplier,
- Identity information with the General Directorate of Security,
- With the occupational health and safety company from which service is received for the purpose of carrying out training activities within the scope of ensuring occupational health and safety,

is shared. In addition, due to the activities of Bukhara, information technologies or consultancy that require expertise are shared with suppliers who receive support in product or service supply processes.

5. Is your data transferred abroad?

In the processes of managing the log records produced by the network and security devices and the log records produced by the software in addition to these devices, and receiving mail server service, they are transferred abroad if you give your explicit consent through our supplier.

6. What is the legal basis for the processing of your personal data and how long is it retained?

Labor Law, Occupational Health and Safety Law, Social Security Law, Law on Private Security Services, Law on Protection of Personal Data, Health Services Basic Law No. 663, Decree Law No. 663 on the Organization and Duties of the Ministry of Health and its Affiliates and other relevant laws and shall be retained for the maximum period specified in the legislation or required for the purpose for which they are processed, and possibly for the legal statute of limitations.

If a period of time is not regulated in the legislation regarding how long your personal data should be stored, the Company processes the said personal data for a period of time that requires it to be processed in accordance with the practices and commercial life practices of the Company, depending on the services it provides.

7. KVKK art. What are your rights under 11?

As a personal data owner, within the scope of Article 11 of the KVKK,
- Learning whether your personal data is processed,
- If your personal data has been processed, requesting information about it,
- To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
- Knowing the third parties to whom your personal data is transferred, in the country or abroad,
- Requesting correction of your personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
- Requesting the deletion or destruction of your personal data in the event that the reasons requiring its processing have disappeared, although it has been processed in accordance with the Law No.
- Objecting to the emergence of a result against you by analyzing your processed data exclusively through automated systems,
- Requesting the compensation of the damage in case you suffer damage due to the unlawful processing of your personal data
you have the right.
As personal data owners, you can submit your requests regarding your rights by filling out the information request application form prepared by the Company. In the application form, you must specify your preferred method. Tale

Your request will be fulfilled within thirty days at the latest, depending on the nature of the bin. However, if the transaction requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

Data Controller Contact Information

Address: Yunus Emre Mah. Ataturk Boulevard Outer Door No: 5 Palandöken / ERZURUM
E-Mail: [email protected]