BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ PERSONAL DATA PROTECTION AND PROCESSING POLICY
PROTECTION AND PROCESSING OF PERSONAL DATA INFORMATION FORM
Document Name:
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ Personal Data Protection and Processing Policy.
Target group:
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. All real persons, excluding employees whose personal data are processed by LTD .ŞTİ.
Approved by:
It has been approved by the KVK Supreme Council.
In cases where there is a conflict between the Turkish language version of the policy in which it was prepared and any translation version, the Turkish text should be taken into account.
©BIOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LLC
This document is BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. It cannot be reproduced or distributed without the written permission of LTD .ŞTİ.
1.1 Introduction
Protection of personal data, BİOSENTEZ DIAGNOSTIK SİSTEMLER MEDİKAL TİC. LTD .ŞTİ (“Company”) is among the most important priorities and this BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ shows maximum effort to act in accordance with all applicable legislation. The principles adopted in the conduct of personal data processing activities carried out by our Company within the framework of this Personal Data Protection and Processing Policy (“Policy”) and the basic principles adopted in terms of compliance of our Company’s data processing activities with the regulations in the Personal Data Protection Law No. 6698 (“Law”) are explained. and thus, our Company provides the necessary transparency by informing the personal data owners. With full awareness of our responsibility in this context, your personal data is processed and protected within the scope of this Policy.
1.2 Scope
This Policy; It relates to all personal data of persons other than our company’s employees that are fully or partially automated or processed by non-automatic means, provided that they are part of any data recording system. It is possible to access detailed information about the personal data owners in question from the ANNEX 2 (“Annex 2- Personal Data Owners”) document of this Policy.
Regarding the protection of personal data of our employees, BİOSENTEZ DIAGNOSTIK SİSTEMLER MEDİKAL TIC. LTD .ŞTİ’s activities are written in parallel with the principles in this Policy, BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LLC . Its employees are managed under the Personal Data Protection and Processing Policy.
The details of the personal data processing activities carried out by our company for employee candidates or employees are given in the Policy on Protection and Processing of Personal Data of Employee Candidates at https://www.biosen.com/en/pdf/veri-sahibi-basvuru-formu.pdf, respectively. Employees can be accessed from the Personal Data Protection and Processing Policy.
1.3 Implementation of the Policy and Related Legislation
Relevant legal regulations in force on the processing and protection of personal data will primarily find application. In case of inconsistency between the current legislation and the Policy, our Company accepts that the applicable legislation will find an area of application. The policy regulates the rules set forth by the relevant legislation by embodying them within the scope of Company practices.
1.4 Enforcement of the Policy
The effective date of this Policy was arranged by 01.10.2018 and the version that entered into force on 01.10.2019 and updated on 10.10.2020 has been renewed as of the effective date of this Policy.
This Policy is published on the website https://www.biosens.com/en/kvkk and is made available to the relevant persons upon the request of the personal data owners.
2.1. Ensuring the Security of Personal Data
In accordance with Article 12 of the Law, our company takes the necessary measures according to the nature of the data to be protected in order to prevent the unlawful disclosure, access, transfer or security deficiencies that may occur in other ways. In this context, our Company takes administrative measures to ensure the required level of security in accordance with the guidelines published by the Personal Data Protection Board (“the Board”), and carries out inspections or have them done.
2.2. Protection of Private Personal Data
With the law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
We act sensitively in the protection of personal data of special nature, which are determined by the law as “special quality” and processed in accordance with the law. In this context, technical and administrative measures taken for the protection of personal data are carefully implemented in terms of special quality personal data and necessary controls are provided within the body.
Detailed information on the processing of special categories of personal data can be found in 3.3 of this Policy. (“Processing of Special Personal Data”).
2.3. Raising Awareness and Supervision of Business Units on the Protection and Processing of Personal Data
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ provides the necessary trainings to business units in order to prevent the illegal processing of personal data, illegal access to personal data, and to raise awareness to ensure the protection of personal data.
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ the necessary systems are established to raise the awareness of its employees on the protection of personal data, and if necessary, it works with consultants. Accordingly, our Company evaluates the participation in the relevant trainings, seminars and information sessions, and updates and renews its trainings in parallel with the updating of the relevant legislation.
3.1. Processing of Personal Data in Compliance with the Principles Established in the Legislation
3.1.1. Processing in Compliance with Law and Integrity
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data. In this framework, personal data is processed to the extent and limited to the business activities of our Company.
3.1.2. Ensuring Personal Data Are Accurate and Up-to-Date When Necessary
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ takes the necessary measures to ensure that personal data is accurate and up-to-date throughout the period of processing, and establishes the necessary mechanisms to ensure the accuracy and up-to-dateness of personal data for certain periods.
3.1.3. Processing for Specific, Explicit, and Legitimate Purposes
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ clearly reveals the purposes of processing personal data and processes it within the scope of purposes related to these activities in line with its business activities.
3.1.4. Being Related to the Purpose for which they are Processed, Limited and Measured
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ collects personal data only in the quality and extent required by business activities and processes it limitedly for the determined purposes.
3.1.5. Preserving for the Time Required for the Purpose of Processing or Envisioned in the Relevant Legislation BIOSENTEZ DIAGNOSTIK SİSTEMLER MEDİKAL TİC. LTD .ŞTİ keeps personal data for the period required for the purpose for which they are processed and for the minimum period stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion and / or destruction and / or anonymization).
3.2. Personal Data Processing Conditions
Except for the express consent of the personal data owner, the basis of the personal data processing activity may be only one of the conditions stated below, or more than one condition may be the basis of the same personal data processing activity. In case the processed data is sensitive personal data, the conditions set forth in the 3.3 title of this Policy (“Processing Special Personal Data”) will be applied.
Finding the Explicit Consent of the Personal Data Owner
One of the conditions for the processing of personal data is the explicit consent of the data owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will.
In the presence of the following personal data processing conditions, personal data may be processed without the need for the explicit consent of the data owner.
Explicitly Provided in Laws
If the personal data of the data owner is expressly stipulated in the law, in other words, if there is a clear provision in the law regarding the processing of personal data, the existence of this data processing condition may be mentioned.
iii. Failure to Obtain the Explicit Consent of the Person Related to the Cause of Actual Impossibility
The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility or whose consent cannot be validated, in order to protect the life or bodily integrity of himself or another person.
Direct Concern with the Establishment or Performance of the Contract
Provided that it is directly related to the conclusion or performance of a contract to which the data owner is a party, this condition may be deemed to be fulfilled if the processing of personal data is necessary.
Fulfilling the Legal Obligation of the Company
Personal data of the data owner may be processed if the processing is necessary for our company to fulfill its legal obligations.
Making Personal Data Public by the Personal Data Owner
If the data owner has made his personal data public, the relevant personal data may be processed for the purpose of making it public.
vii. Mandatory Data Processing for the Establishment or Protection of a Right
If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
viii. Obligatory Data Processing for the Legitimate Interest of Our Company
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of our Company.
3.3. Processing of Private Personal Data
Special quality personal data is processed by our Company in accordance with the principles set forth in this Policy, by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:
(i) Special categories of personal data other than health and sexual life may be processed without the explicit consent of the data owner, provided that it is clearly stipulated in the law, in other words, there is a clear provision regarding the processing of personal data in the law governing the related activity. Otherwise, the explicit consent of the data owner will be obtained in order to process the said special categories of personal data.
(ii) Private personal data related to health and sexual life, for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of keeping confidentiality. may be processed without explicit consent. Otherwise, the explicit consent of the data owner will be obtained in order to process the said special categories of personal data.
3.4. Disclosure of Personal Data Owner
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ informs the owners of personal data in accordance with Article 10 of the Law and secondary legislation. In this context, it informs the relevant persons about who, as the data controller, the personal data is processed, for what purposes, with whom it is shared, with what methods it is collected, the legal reason and the rights of the data owners within the scope of the processing of their personal data.
3.6. Transfer of Personal Data
Our company can transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, public and private authorities, third real persons) by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. Accordingly, our company acts in accordance with the regulations stipulated in Article 8 of the Law. Detailed information on this subject can be found in the APPENDIX 4 (“Annex 4- Third Parties to which Personal Data Transferred by Our Company and Purpose of Transfer”) document of this Policy.
3.6.1 Transfer of Personal Data
Even without the explicit consent of the personal data owner, in case one or more of the conditions stated below are present, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, with due diligence by our Company.
The relevant activities regarding the transfer of personal data are clearly stipulated in the laws,
The transfer of personal data by the Company is directly related to the conclusion or performance of a contract.
be relevant and necessary,
In order for the transfer of personal data to fulfill the legal obligation of our Company,
be mandatory,
Provided that the personal data has been made public by the data subject, limited for the purpose of making it public
transferred by our Company in any way,
The transfer of personal data by the Company is not authorized by the Company or the data owner or third parties.
it is compulsory for the establishment, use or protection of its rights,
Legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner.
It is mandatory to carry out personal data transfer activities for
It is compulsory for the person or someone else, who is unable to express his consent due to actual impossibility, or whose consent is not legally valid, to protect his or her life or physical integrity.
In addition to the above, personal data may be transferred to foreign countries that are declared to have adequate protection by the Board (“Foreign Country with Sufficient Protection”) in the presence of any of the above conditions. In the absence of sufficient protection, it can be transferred to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing, in line with the data transfer conditions stipulated in the legislation, and where the Board’s permission is granted (“Foreign Country where the Data Controller Undertakes Sufficient Protection”).
3.6.2 Transfer of Private Personal Data
Special quality personal data may be transferred by our Company in accordance with the principles set forth in this Policy, by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:
(i) Private personal data other than health and sexual life may be processed without the explicit consent of the data owner, provided that it is expressly stipulated in the law, in other words, there is a clear provision in the relevant law regarding the processing of personal data. Otherwise, the explicit consent of the data owner will be obtained.
(ii) Private personal data related to health and sexual life, for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of keeping confidentiality. can be processed without seeking explicit consent. Otherwise, the explicit consent of the data owner will be obtained.
In addition to the above, personal data may be transferred to Foreign Countries with Sufficient Protection in the presence of any of the above conditions. In the absence of sufficient protection, in line with the data transfer conditions stipulated in the legislation, it may be transferred to Foreign Countries where the Data Responsible Committed to Sufficient Protection.
Before our company, in accordance with the personal data processing purposes of our Company, by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, primarily the processing of personal data. Personal data is processed in accordance with the general principles set forth in the Law, including the principles set forth in Article 4 of the Law. Within the framework of the purposes and conditions set forth in this Policy, the personal data categories processed and detailed information about the categories can be accessed in the APPENDIX 3 (“ APPENDIX 3- Personal Data Categories”) document of the Policy.
Detailed information regarding the processing purposes of the said personal data is included in the APPENDIX 1 of the Policy (“Annex 1- Personal Data Processing Purposes”).
Our company preserves personal data for the period required for the purpose for which they are processed and in accordance with the minimum periods stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion and / or destruction and / or anonymization).
6.1. Rights of Personal Data Owner
Personal data owners have the following rights:
(1) Learning whether personal data is processed or not,
(2) If personal data has been processed, requesting information about it,
(3) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
(4) To know the third parties to whom personal data is transferred in the country or abroad,
(5) Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
(6) Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and requesting that the transaction carried out within this scope be notified to the third parties to whom the personal data has been transferred,
(7) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
(8) To request the compensation of the damage in case of loss due to unlawful processing of personal data.
6.2. Exercise of Personal Data Owner’s Rights
Personal data owners may submit their requests regarding their rights listed in section 6.1 (“Rights of the Personal Data Owner”) to our Company through the methods determined by the Board. Accordingly, they will be able to benefit from the “Data Owner Application Form”, which can be accessed at https://www.biosen.com/en/pdf/veri-sahibi-basvuru-formu.pdf.
6.3. Our Company’s Response to Applications
Our company takes the necessary administrative and technical measures to finalize the applications to be made by the personal data owner in accordance with the Law and secondary legislation.
In case the personal data owner submits his request regarding the rights in section 6.1 (“Rights of the Personal Data Owner”) to our Company in accordance with the procedure, our Company will conclude the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. . However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
7.1. Building, Facility Entrances and Personal Data Processing Activities within the Building Facility and Website Visitors
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. In order to ensure security, LTD .ŞTİ carries out personal data processing activities for monitoring with security cameras in its buildings and facilities and tracking guest entries and exits.
7.2. Camera Monitoring Activities at Building, Facility Entrances and Inside
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ carries out camera monitoring activities in accordance with the Law on Private Security Services and related legislation in order to ensure security in its buildings and facilities. , building
and facilities, for the purposes stipulated in the relevant legislation in force and in accordance with the personal data processing conditions listed in the Law, it carries out security camera monitoring activities.
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ, in accordance with Article 10 of the Law, enlightens the personal data owner with more than one method regarding camera monitoring. In addition, in accordance with Article 4 of the Law, personal data are processed in a limited and measured way in connection with the purpose for which they are processed.
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. The purpose of maintaining the video camera monitoring activity by LTD .ŞTİ is limited to the purposes listed in this Policy. In this direction, the monitoring areas, the number of security cameras and when they will be monitored are implemented as sufficient to achieve the security purpose and in a limited manner for this purpose. Areas that may result in interference with the privacy of the person exceeding the security objectives (for example, toilets) are not subject to monitoring.
Only a limited number of employees have access to live camera footage and recordings recorded and preserved in digital media. A limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality agreement.
7.3. Follow-up of Guest Entrance and Exit Carried out at the Building, Facility Entrances and Inside
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ carries out personal data processing activities for the purpose of ensuring security and tracking guest entries and exits in its buildings and facilities for the purposes specified in this Policy.
While obtaining the names and surnames of the people who come to their buildings as guests, the personal data owners in question are informed in this context through the texts that are hung in their presence or that are made available to the guests in other ways. The data obtained for the purpose of tracking guest entry-exit is processed only for this purpose and the relevant personal data is recorded in the data recording system in the physical environment.
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ constitutes basic policies for Group Companies as well as sub-policies for internal use on the protection and processing of personal data, which is related to the principles set forth in this Policy.
BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. It is aimed to reflect the principles of the internal policies of LTD .ŞTİ to the policies open to the public to the extent relevant, to inform the relevant parties within this framework and to ensure transparency and accountability about the personal data processing activities carried out by .
APPENDIX 1 – Purposes of Personal Data Processing
| MAIN OBJECTIVES (PRIMARY) | SUB-OBJECTIVES (SECONDARY) |
| The Company’s Human Resources Policies and Planning and Execution of Processes |
Execution of Personnel Supply Processes |
| Commercial Activities Conducted by the Company
Our Related Business Units for Realization Conducting the Necessary Studies and Execution of Related Business Processes |
– Event Management
– Planning and Execution of Corporate Communication Activities – Information Security, Planning of Processes, Supervision and Enforcement. – Establishment and Management of Information Technologies Infrastructure – Follow-up of Finance and/or Accounting Affairs – Corporate Sustainability Activities Planning and Execution – Effectiveness/Efficiency of Business Activities and/or Planning and/or Execution of Activities for Performing Appropriateness Analysis – Planning and Execution of Corporate Governance Activities |
| Planning and Execution of the Company’s Commercial and/or Business Strategies | – Management of Relationships with Business Partners and/or Suppliers
– Execution of Strategic Planning Activities |
| Planning and Execution of Company Human Resources Policies and Processes | – Employee Request and Complaint Management
– Planning the analysis and improvement activities regarding the wage management of the Company Employees – Planning and supporting the processes of providing fringe benefits and benefits to Company Employees – Supporting the wage management planning activities of company employees – Planning and Supporting Career Processes for the Training and Development of Company Employees – Planning and Management of Processes for Increasing the Satisfaction Loyalty of Company Employees – Planning and/or Execution of Intern and/or Student Procurement, Placement and Operation Processes |
| Supporting the Company’s Strategic Human Resources Planning, Back-up Processes and Organizational Development Activities | – Managing the processes related to the performance evaluation of company employees
– Supporting the company’s development and succession planning activities – Supporting the management of the appointment and promotion processes of personnel and managers within the company |
| Protecting the Confidence of the Company’s Reputation in Business and Consumers | – Carrying out the Studies for the Protection of the Reputation of the Company and Company Values
– Follow-up of Company Customer Requests and/or Complaints – Planning and/or Execution of Corporate Social Responsibility and/or Non-Governmental Organizations Activities – Planning and Execution of Processes for the Loyalty and Satisfaction of Company and Stakeholder Employees |
| Planning and Execution of the Company’s Audit Activities | – Supporting company fraud reporting and investigation processes
– Planning and Execution of Audit Activities to Ensure that the Company’s Activities are Conducted in Compliance with Company Procedures and Related Legislation |
| The Company and those who have a business relationship with the Company
Ensuring the legal, technical and commercial-occupational safety of the persons concerned |
– Giving Information Based on Legislation to Authorized Institutions
– Realization of Corporate and Partnership Law Transactions – Supporting the Company in the Realization of Corporate and Partnership Law Transactions – Ensuring Data is Accurate and Up-to-Date – Ensuring the Security of Company Campuses and/or Facilities – Planning and Execution of Company Audit Activities |
EK 2 – Personal Data Owners
| PERSONAL DATA OWNER CATEGORY | DESCRIPTION |
| COMPANY CUSTOMER | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ within the scope of the operations carried out by the business units, regardless of whether they have a contractual relationship with BİOSENTEZ DIAGNOSTIK SİSTEMLER MEDİKAL TİC. Natural persons whose personal data are obtained through the business relations of LTD .ŞTİ. |
| Visitor | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ.’s physical campuses for various purposes. |
| Employee Candidate | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Real persons who have applied for a job to LTD .ŞTİ by any means or have opened their CV and related information to review. (for details, see https://www.biosen.com/en/pdf/veri-sahibi-basvuru-formu.pdf ) |
| Company Employee | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. The activity carried out by LTD .ŞTİ, employee satisfaction, human resources, audit, provision of information technology security and infrastructure, legal compliance etc. Employees whose personal data is processed within the framework of activities (for details, see the policy on the protection and processing of personal data of community employees at https://www.biosen.com/en/kvkk) |
| Family Members and Relatives | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Within the framework of the activities carried out by LTD .ŞTİ, the spouses, children and relatives of the data subjects whose personal data are processed within the scope of this Policy |
| Third Party | Other natural persons whose employees are not covered by this Policy and the Personal Data Protection and Processing Policy (eg guarantor, companion, former employees) |
| Company Shareholder | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ.’s shareholder, natural persons |
| Company official | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ.’s board of directors and other authorized real persons. |
| Employees, Shareholders and Officials of the Institutions We Cooperate With | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Natural persons, including shareholders and officials of these institutions, working in institutions (such as but not limited to business partners, suppliers) with which LTD .ŞTİ. has any business relationship. |
EK 3 – Personal Data Categories
| PERSONAL DATA CATEGORY | PERSONAL DATA CATEGORY DISCLOSURE |
| IDENTIFICATION | Data that contains information about the identity of the person; name-surname, T.C. ID number, nationality information, place of birth, date of birth, gender, workplace information, registration no. Tax number, title, biography etc. information and documents such as driver’s license, professional identity, identity card and passport |
| COMMUNICATION INFORMATION | Phone number, address, e-mail, fax number etc. informations |
| TRADING SECURITY INFORMATION | Your personal data processed in order to ensure our technical, administrative, legal and commercial security during the execution of our activities (for example, log records, IP information, identity verification information) |
| PROCESS INFORMATION | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LLC . Data such as survey information, declaration information, shopping information, call center records, membership information, cookie records, processed in order to protect the legal and other interests of the Company and the personal data owner within the framework of the activities carried out by the Company. |
| FAMILY MEMBERS and RELATIVE INFORMATION | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LLC . Information about family members (e.g. spouse, mother, father, child), relatives of the personal data owner, and other persons who can be contacted in case of emergency, related to the services provided within the framework of the activities carried out by the Company, or to protect the legal and other interests of the Company and the personal data owner. |
| PHYSICAL SPACE SAFETY INFORMATION | Personal data regarding the records and documents taken at the entrance to the physical space, during the stay in the physical space; camera records, vehicle information records and records taken at the security point, etc. |
| FINANCIAL INFORMATION | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship established by LTD .ŞTİ with the personal data owner, bank account number, IBAN number income information, debt/credit information data. |
| VISUAL/AUDIOUS INFORMATION | Photographs and camera recordings (excluding the recordings included in the Physical Space Security Information) and sound recordings |
| CORPORATE MEMORY INFORMATION | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LLC . Memories, interviews, etc., processed within the scope of the activities carried out by the Company in order to create its corporate memory. informations. |
| PRIVATE PERSONAL DATA | Data about race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, and biometric and genetic data |
| LEGAL PROCESS AND COMPLIANCE INFORMATION | Personal data processed within the scope of determination and follow-up of our legal receivables and rights, performance of our debts and compliance with our legal obligations and our Company’s policies. |
| AUDIT AND INSPECTION INFORMATION | Personal data processed for the execution of our company’s operational, financial, fraud and compliance audit activities |
| REQUEST/ COMPLAINT MANAGEMENT INFORMATION | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Personal data regarding the receipt and evaluation of any request or complaint directed to LTD .ŞTİ. |
EK 4 – Third Parties and Purposes of Transfer of Personal Data by Our Company
In accordance with Articles 8 and 9 of the KVK Law, the personal data of data subjects managed by this Policy can be transferred to the following categories of persons:
(i) BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ to business partners,
(ii) BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ suppliers,
(iv) Legally Authorized public institutions and organizations
(v) Legally authorized private legal persons
The scope of the above-mentioned persons to whom the transfer is made and the data transfer purposes are stated below.
| PERSONS THAT DATA MAY BE TRANSFERRED TO | CHEAP | PURPOSE OF DATA TRANSFER |
| BUSINESS PARTNER | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. It defines the parties with which LTD .ŞTİ. has established business partnerships for purposes such as carrying out various projects, receiving services, in person or together with it, while carrying out its commercial activities. | Limited to ensure the fulfillment of the purposes for which the business partnership was established. |
| SUPPLIER | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ. while carrying out its commercial activities, in accordance with the orders and instructions of BİOSENTEZ DIAGNOSTIK SİSTEMLER MEDİKAL TİC. It defines the parties providing services to LTD .ŞTİ. | BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. LTD .ŞTİ. outsourced from the supplier and BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Limited to provide the necessary services to carry out the commercial activities of LTD .ŞTİ. |
| LEGALLY AUTHORIZED PUBLIC INSTITUTIONS AND ORGANIZATIONS | According to the provisions of the relevant legislation, BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Public institutions and organizations authorized to receive information and documents from LTD .ŞTİ. | Limited to the purpose requested by the relevant public institutions and organizations within the legal authority |
| LEGALLY AUTHORIZED PRIVATE LEGAL PERSONS | According to the provisions of the relevant legislation, BİOSENTEZ DIAGNOSTIC SİSTEMLER MEDİKAL TİC. Private law persons authorized to obtain information and documents from LTD .ŞTİ. | Limited to the purpose requested by the relevant private legal persons within the scope of their legal authority. |
