QBA Medi Tours
General Privacy Policy

• In order to evaluate the requests and complaints regarding the services provided by QBA Medi Tours, the name, surname, telephone and request-complaint details of the customer, customer relatives and accompanying persons are processed by using the "Customer Request and Complaint Notification Form".

• Name, surname, contact, credit card, how they are informed about QBA Medi Tours and health information obtained in order to evaluate the suitability of customers and potential customers to the health service they want to receive, are requested. It is aimed to obtain compliance for treatment by sharing the requested personal data with the Cuban Ministry of Health after the name, surname, health and country information are translated by the translation offices. In order to carry out the consultancy service, collections are made by credit card.

• Cookie information is obtained automatically, as it is requested to analyze the use of the site by our visitors who visit our site.

• Your information is translated in translation offices so that the consultancy services can be carried out smoothly and the declared information can be correctly given to authorized institutions particularly the Ministry of Health of Cuba.

• "Patient Files" are created in order to conduct inspection of public institutions in Turkey and The Ministry of Health of Cuba and to meet the official request to be occurred and access is provided only by authorized personnel. Identity, professional and foreign language information of our employees are transferred in the process of informing the Ministry of Health about the services provided to our customers.

• Within the scope of the consultancy service, identity, contact, health, flight and accommodation information are processed in order to obtain visas, flight, accommodation, guidance and conduct transfer processes for themselves and their accompanying persons.  

• Your card information is transferred to the banking system via web virtual pos in order to carry out collections regarding the assistance and consultancy services provided to our customers.

• In return for the service provided to our customers, personal data are processed in order to issue invoices and make collections within the scope of the Tax Procedure Law Numbered 213.

• In order to determine the convictions of the medical consultancy service to be provided, your personal data regarding the identity, contact and agreement price are processed when agreements are made with the customer or their relatives.

• Identity, contact and bank account information of our suppliers are processed in order to enter into agreement with suppliers and service providers and to issue invoices for the service received. In addition, telephone, mail and address information are processed in order to ensure the sustainability of our activities with suppliers and service providers and to reach them on time.

• Within the scope of the Labor Law numbered 4857, identity, contact, professional information, photograph, personal, health, bank account and iban information are processed in order to prepare the personal files of the employees, to fulfill legal obligations, to manage leaves, to issue payrolls and to fulfill the terms of the agreement. In addition, criminal record information is requested from the employee to ensure the security of QBA Medi Tours.

• Within the scope of the Social Insurance and General Health Insurance Law Numbered 5510, employee identity, personal and salary information are processed in order to insure our employees and to pay their insurance premiums. In addition, within the scope of the Income Tax Law Numbered 193, the information declared in the identity and AGİ (Minimum Living Allowance) Form are processed so that the minimum living allowance is granted to our employees.

• In their phone calls to QBA Medi Tours, voice records of data owners who are the subject of Medical Consultancy are stored by the switchboard system. In line with the requests of the Republic of Turkey Ministry of Health, audio recordings can be shared.

• Personal data are stored in order to fulfill the requests of authorized persons, institutions and organizations, to provide information and to carry out legal processes.

2. Deletion of Personal Data

​

As QBA Medi Tours, we process your personal data automatically, based on the following legal reasons, in accordance with the Article 5 of the KVKK.

• All personal data in the personal files of our employees and used for their operations are stored for 10 years after the termination of employment and then destroyed.

• Personal data of customers, potential customers, relatives and accompanying persons which are subject of medical consultancy activities, are stored for 10 years following termination of consultancy service and then destroyed.

• Personal data received from suppliers and service providers are stored and destroyed for 10 years following the end of the agreement.

• Voice records of data subjects which are subject of medical consultancy are stored for 2 years and then deleted.

3. Data Sharing

​

Your personal data are shared with third party institutions for the purposes stated below.

Your personal data transferred domestically;

​

• In case of a legal problem with customers, potential customers, relatives, attendants, employees and suppliers, personal data requested with contracted law firms and authorized public institutions and organizations can be shared.

• In order to complete the visa procedures of customers and accompanying persons, your identity, contact and health information are transferred to the consulates through contracted agencies.

• Your card information is shared with banks via web virtual pos in order to collect the service fee provided to our customers and potential customers.

• In order to declare the invoice issued to the customers and accompanying persons, the personal data included in the invoice are shared with contracted financial advisors.

• Your identity, passport and contact information are transferred to airline companies through contracted service providers in order to purchase flight tickets for our customers and accompanying persons.

• In order to evaluate the suitability of customers and potential customers without any problem for the health service they want to receive, the identity and health information declared during the pre-application are transferred to the Translation Offices.

• Salary information is shared with banks so that salaries of our employees can be paid.

• In order for our employees to carry out leave, insurance and Network notification processes, your information in the identity, salary and Agi (Minimum Living Allowance) Form are shared with the contracted financial advisors.

• In order to carry out inspection regarding medical consultancy provided to customers and potential customers and to consider requests and complaints, information requested and voice records are shared with the Republic of Turkey the Ministry of Health.

QBA Medi Tours employs knowledgeable and experienced people to ensure data security. Risks are identified within the scope of the systems installed and actions are planned. For personal data security, job descriptions of "Data Controller Contact Person" were constituted within QBA Medi Tours. The Data Controller Contact Person takes the necessary administrative measures in order to ensure the security of personal data and supervises the work of the employees in accordance with these measures. Employees are informed that they cannot disclose the personal data they have learned to anyone in violation of the provisions of the Law, cannot use them for purposes other than processing, and that this obligation will continue even after they leave their job. Necessary undertakings are taken from the employees within this scope. In case the employees act against the law, disciplinary processes are carried out. Regarding the sharing of personal data with third parties, it signs a confidentiality agreement with the persons with whom personal data is shared or provides personal data security with the provisions to be added to the agreements. Third parties with whom personal data are shared accept the provisions that they will take necessary security measures to protect personal data and ensure that these measures are followed in their own institutions.

Unit-based personal data inventory is constituted in order to analyze personal data properly. Policies and procedures regarding the management of personal data within the institution have been published.

6. Rights of the Concerned Person Whose Personal Data Is Processed 

​

You can exercise the following rights regarding the processing of your personal data with a request to QBA Medi Tours. The requests submitted within this scope shall be concluded free of charge by QBA Medi Tours within thirty days at the latest. However, if a fee is stipulated by the Personal Data Protection Board, QBA Medi Tours may charge a fee in the specified tariff. In this context, as personal data owner you have the right;

​

• To learn whether personal data has been processed or not,

• To request information regarding the personal data if they are processed,

• To learn the purpose for the processing of personal data and whether they have been used in accordance with the purpose or not,

• To learn the third parties to whom his/her personal data is transferred at home or abroad,

• To request the rectification of the data in the event they are processed incompletely or inaccurately,

• To request your personal data to be deleted or destroyed,

• To request that these transactions be notified to third parties to whom your personal data has been transferred in case your personal data is corrected, deleted or destroyed,

• In case the reasons justifying the process of the personal data are ceased, to request deletion, destruction or anonymization of them and to request that the transaction performed under this scope to be informed to the third parties to whom the personal data are transferred,

• You have the right to object to the emergence of a result against you by analyzing your processed data exclusively through automated systems, and to demand the compensation of the damage if you suffer damage due to unlawful processing of your personal data.