As Extenso Hotel, we have been following the developments related to the Covid-19 epidemic, which surrounds the world and also affects our country, since the first day. Since the day we were founded, we have strived to ensure that the hygiene and cleanliness standards in our hotel are at the highest level in terms of the safety and health of our guests and employees.
In the situation we are in; World Health Organization and T.C. In line with the instructions of the Ministry of Health, we have taken all necessary additional measures by evaluating the possible scenarios at the highest level;
Our hotel employees are informed about the comprehensive cleaning details that they need to apply regularly, both in terms of their health and the safety of our guests.
In our hotel, common areas such as lobbies, elevators, toilets and all our rooms are disinfected routinely by our specially trained personnel with the Antibacterial Nano Hygiene system in an increasing frequency within the framework of strictly determined rules.
In order to maintain the highest level of hygienic standards of food and beverage services provided in our hotel, all necessary measures have been taken in our kitchens and in terms of the health of our kitchen staff.
The number of anti-bacterial hand disinfectants in common areas where both employees and guests can easily reach has been increased.
As Extenso Hotel, World Health Organization and T.C. to create healthy and safe areas for our employees and guests. We would like to state that we will continue to take actions approved by the Ministry of Health and keep our measures at the highest level.
We kindly request you, our esteemed guests, to pass the hygiene mat at the entrance of the hotel, use hand disinfectants in the lobby and floor corridors, and comply with the mask condition and social distance rules.
We believe that our country will survive this troubled period as soon as possible with the least damage, thanks to the measures taken and early intervention. We will be very pleased to welcome you with your usual Extenso Hotel hospitality and meticulousness during your visits to our hotel today and tomorrow as it was yesterday.
Things to Know under the Law on Protection of Personal Data in the Fight Against Covid-19 Process
In order to prevent the spread of the COVID-19 virus epidemic, which affects the whole world and our country, and to mitigate its effects, public institutions and organizations are taking necessary steps and fighting by taking various measures. In many cases where these precautions are taken, it is inevitable to process many personal data (such as TR identity number, name, address, workplace, travel information), including personal data (health related data, etc.).
In this process, it is essential to provide health services and protect public health. Within the scope of Law No. 6698 on Protection of Personal Data (Law), it is important to ensure that such activities are carried out in accordance with the provisions of the Law, and that necessary administrative and technical measures are taken by the data responsible and data processors in accordance with the provisions of the Law.
It should be noted that even at these exceptional times, data keepers and data processors must ensure the security of their personal data. For this reason, it is important that the personal data are processed in accordance with the law and that any precautions taken in this regard comply with the general principles of the law and that irreversible damages do not arise in terms of the fundamental rights and freedoms of the individuals. In this regard, personal data processing activities carried out within the scope of the measures taken against COVID-19 virus should be necessary, connected, limited and measured. The decisions taken in this regard should be within the framework of the guidance and / or instructions of public health institutions, particularly the Ministry of Health, or other relevant institutions and organizations.
In this context, it is important that data officers pay attention to the following points when processing personal data, especially health data.
Basic Principles of Processing Personal Data
The general (basic) principles in the processing of personal use in the Law of 6698 data are for compliance with law and rules of integrity, being accurate and up-to-date, specific, clear and legitimate. should be kept for the required time. It must be personally deleted, destroyed or anonymized.
These principles should be at the core of COVID-19's personal data processing activities and the processing of all personal data should be done in accordance with these principles.
Compliance with Law
6698 data are personally processed in article 5 of the Law on Protection of Personal Data, and in article 6, health data are of a special nature.
Although article 6 of the Law states that special personal data cannot be processed without the explicit consent of the person concerned, personal data other than health and sexual life will only be protected in public health, preventive medicine, medical diagnosis, treatment and care services, if the personal data related to health and sexual life are provided. For the purpose of planning and management of health services and financing, it is regulated that it can be processed by persons under the obligation to keep secrets or authorized institutions and organizations without explicit consent of the concerned.
In addition, with the Decision of the Personal Data Protection Board dated 31/01/2018 and numbered 2018/10, “Adequate Measures to be Taken by Data Officers in the Processing of Special Qualified Personal Data” has been determined.
At this point, it should be remembered that personal data should be processed in accordance with the conditions specified in Article 5 and / or Article 6 of the Law.
In this context, it may be preferred to seek the consent of the employee, especially for the processing of health data, and if the spread of the epidemic is considered, the employee will be able to report disease with his own consent. Under the conditions other than explicit consent, health data will be processed by the physicians of the workplace. In this process, it is natural that every processed data may not be of personal quality (for example, the information of the country where people traveled recently). In these cases, the personal data processing conditions will have to be taken into account in article 5 of the Law.
On the other hand, in the subparagraph (ç) of clause (1) for article 28 of the Law, it is regulated that the provisions of the Law shall not be applied in order to provide personal defense, national security, public security, public order or economic security. In this context, the current situation threatens public security and public order, according to personalized Ministry of Health and use.
Lighting Obligation (Transparency)
It will replace the lighting requirements for personalized. These terms apply, including those responsible for processing personal data, the purpose of collecting personal data and how long it is used. Short, easy to understand, understandable, clear and plain about the processing of personal data to individuals.
In the context of preventing the spread of the COVID-19 virus, necessary administrative and technical measures should be taken to ensure the security of personal data in any data processing activity, primarily health data, by the data controller and data processors. Data of affected persons should not be disclosed to any third party without clear and compelling justification
On the other hand, it should not be forgotten that social media accounts and similar media, which will be made illegally related to personal data, especially health data, may also constitute a crime within the scope of Article 136 of the Turkish Penal Code No. 5237.
As with any data processing activity, data processing activities carried out for the purpose of preventing the spread of the COVID-19 virus should be linked to the purpose and limited, and excessive personal data processing should be avoided. In order to achieve the targeted goal, the most non-intrusive path possible should be preferred.
Frequently Asked Questions
Governments have obligations to ensure public health and public order in situations that reach the global epidemic dimension, such as the COVID-19 virus. Public institutions and organizations may additionally need to collect and share personal data to combat serious threats to public health.
In this context, there is no obstacle in terms of the Personal Data Protection Law in sending the relevant health institutions and organizations to people with messages related to public health by telephone, message or e-mail.
The protection of personal data is not an obstacle to working from home. During the outbreak, staff can work from home and use their own devices or communication equipment. The legislation on protection of personal data does not prevent this, but necessary administrative and technical measures must be taken to ensure the security of personal data.
In order to minimize the risks that may arise from working remotely, to take care of all kinds of precautions and to inform the employees carefully in terms of the security of personal data, especially to ensure that data traffic between the systems is realized through secure communication protocols and that it does not contain any weaknesses, and that anti-virus systems and firewalls are updated. is required.
However, it should not be forgotten that the measures to be taken by the employees do not eliminate the responsibility of the data controller in terms of ensuring the security of personal data under the Law.
Can an employer explain to his colleagues / other employees that an employee is carrying the virus?
The employer should inform the staff about the cases. While giving information, it will not be necessary to give the names of individuals, nor should excessive information be given. In cases where it is necessary to explain the name of the employee / employees infected with the virus in order to take protective measures, it is beneficial to inform the relevant employees in advance about this issue. The employer has responsibilities to ensure the health and safety of its employees as well as to fulfill its obligation to care.
In this context, in the first place, we would like to inform the employers, for example, that the COVID-19 test of a friend working on the 5th floor of our Head Office building was positive. Considering the dates of our friend whose test was positive, we will identify the people who are in contact with our friend and inform them about the situation… ”.
As in the example above, in announcements to be made within an institution, organization or company, it should be stated to the employees that there is a COVID-19 infected employee, working from home or on leave; however, unless it is mandatory, details that will directly identify who the employee is, such as the internal level or team, should not be shared.
An employer, recent travels and fire, etc., from all staff and visitors in the building to the affected countries. can request information about virus symptoms?
Employers have legal obligations to protect employee health and ensure a safe workplace. In this context and in the current circumstances, justified reasons will be raised for employers to ask employees and visitors to inform themselves about whether they have visited a virus-affected area and / or show signs of the disease caused by the virus.
The request for information should have a strong rationale based on necessity and proportionality and based on risk assessment. In this case, certain aspects should be taken into account, such as the travel of staff, the presence of people with chronic illnesses in the workplace or the possibility of being more severely affected by the virus, and the instructions or guidance from public health officials.
If people have been recently traveled to a virus-affected area and / or are asked to take appropriate measures based on showing symptoms of the disease, there is no objection in terms of legislation on the protection of personal data in bringing certain recommendations to the attention of staff and visitors.
Within the framework of Article 8 of the Law and provisions in other relevant laws on infectious diseases, personal data regarding those carrying communicable diseases based on notification may be shared with the relevant authorities by the employer.
Are the periods specified in the Personal Data Protection Law and related legislation within the scope of the responsibilities of respondents and their obligations to our Agency according to time schedules, when organizations are temporarily closed or the capacity of the data responsible to fulfill the requests of the persons concerned is restricted during the epidemic?
Regarding the complaints, denunciations and data violation notifications submitted to our Institution within the scope of the protection of personal data, various deadlines have been determined in the Law and related sub-regulations, and it is important to comply with these periods by the data officers.
It is not possible to extend the legal periods specified in the law and related legislation, but taking into consideration that different operational practices (remote work, rotating work, etc.) were made within the scope of the measures taken by the data responsible in this extraordinary process in which our country is located, each application or data violation notification Specifically, the extraordinary conditions that we are in will be observed by the Personal Data Protection Board in terms of evaluating the period of time that data officers are obliged to comply with.