Personal Data Protection and Processing Policy
1.1 Introduction
DOSA Bilgi ve Bilim Teknolojileri Ticaret Limited Şirketi (“Company”) attaches utmost importance to protecting the fundamental rights and freedoms of individuals, particularly the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. In this framework, it pays attention to the protection and processing of personal data in accordance with the law in accordance with the Law on the Protection of Personal Data No. 6698 (“Law” or “KVK Law”), and acts with this understanding in all its planning and activities.
Our company does not evaluate the protection and processing of personal data, which is the basis of privacy, not only within the scope of compliance with the legislation, but also puts the value it attaches to human beings at the basis of its approach. Acting with this awareness, our Company takes all necessary administrative and technical measures for the legal protection and processing of personal data.
1.2 Purpose of the Policy
The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to protect and process personal data, which is fully or partially automated in accordance with the purpose of the Law or by non-automatic means provided that it is part of any data recording system. To protect the fundamental rights and freedoms of individuals, including the privacy of private life, regulated in Article . In line with the purpose of the Policy, it is aimed to ensure full compliance with the legislation in the protection and processing of personal data carried out by our Company and to protect the privacy and data security right of personal data owners.
1.3 Scope of the Policy
This Policy; Employee Candidate, Service Provider Employee, Service Provider Official, Service Provider, Occupational Safety Specialist, Workplace Physician, Customer, Customer Employee, Customer Official, Company Shareholder/Partner, Company Official, Supplier, Supplier Employee, Supplier Official, Third Person provided that they are real persons It has been prepared for the Person (Reference Person) and will be applied within the scope of these specified persons. The Company informs these personal data owners about the Law by publishing this Policy on its website. This Policy will not apply to legal entities in any capacity. For the employees of our company, “Personal Data for Employees
Open Consent
It is the consent of a particular subject, based on information and expressed with free will.
publicization
The concept of publicisation, which means "making it known to everyone", is listed as one of the exceptions to the "requirement of obtaining the explicit consent of the real person whose personal data is processed", which is required for the processing of personal data in Article 5 of the Law No. 6698.
Lighting Obligation
It is the obligation of the data controller to inform the persons whose personal data they are processing about, by whom, for what purposes and on what legal grounds, and to whom it can be transferred, for what purposes.
Related User
Except for the person or unit responsible for technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller.
Destruction
It refers to the deletion, destruction or anonymization of personal data.
Processing of Personal Data
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using Personal Data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. It is any operation performed on the data, such as blocking.
KVK Board
It is the Personal Data Protection Board.
Relevant Person / Personal Data Owner
Employee Candidate, Service Provider Employee, Service Provider Official, Service Provider, Occupational Safety Specialist, Workplace Physician, Customer, Customer Employee, Customer Official, Company Shareholder/Partner, Company Official, Supplier, Supplier Represents the Employee, Supplier Official and Third Parties (Reference Person).
Personal Data
Any information relating to an identified or identifiable natural person.
Institution
It is the Personal Data Protection Authority consisting of the Board and the Presidency.
Automatic Data Processing
Computer, phone, clock etc. It is a processing activity that takes place spontaneously without human intervention within the scope of algorithms prepared in advance through software or hardware features, performed by devices with processors.
Special Qualified Personal Data
Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special data.
Record
Data Controllers Registry.
Company / Our Company
DOSA Information and Science Technologies Trade Limited Company.
Data Processor
It is the natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Recording System
It refers to the recording system in which Personal Data is processed and structured according to certain criteria.
Data Category
It is the personal data class belonging to the data subject group or groups in which personal data are grouped according to their common characteristics.
Data Subject Group
It is the group of persons whose personal data the data controller processes.
Data Controller
It is the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.
Processing Policy” will be applied.
This Policy will be applied for the above-mentioned persons, if their personal data is processed by our Company in whole or in part by automated or non-automatic means provided that they are part of any data recording system. This Policy will not be applied if the data is not included in the scope of "Personal Data" within the scope specified below or if the personal data processing activity carried out by our Company is not carried out in the above-mentioned ways.
1.4 Definitions
The terms used in the implementation of this Policy have the following meanings:
1.5 Enforcement of the Policy
The Policy, which was issued by DOSA Information and Science Technologies and entered into force on 04/07/2022, is published on the Company's website (www.dosabio.com) and made available to the relevant persons.
2. PROTECTION OF PERSONAL DATA
2.1 Security of Personal Data
In accordance with the Law, our company takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data securely and to prevent unlawful processing and access of personal data. Administrative and technical measures taken regarding the security of personal data are regulated in detail in our Company's Personal Data Retention and Disposal Policy.
Our company has established the "Personal Data Protection Management System" in order to comply with the regulations in the Law and other legislation, and within this scope, it has established the Personal Data Protection Committee to ensure the implementation of the Policy and other relevant policies.
2.2 Audit
Our company carries out and has the necessary inspections made in order to establish the data security described above and to ensure the regularity and continuity of the measures taken. The Personal Data Protection Committee oversees the measures taken for the security of personal data.
2.3 Privacy
Our company takes all necessary administrative and technical measures according to technological possibilities and implementation costs so that the relevant data controllers and data processors do not disclose their personal data to others in violation of the provisions of the Law and Policy and do not use them for purposes other than processing. In this context, information and training activities about the Law and Policy are carried out for company employees, and confidentiality agreements are signed as part of the recruitment processes of the relevant employees.
2.4 Unauthorized Disclosure of Personal Data
In the event that the personal data processed by our company is obtained by others through unlawful means, our Company carries out the necessary actions to notify the relevant person and the KVK Board within the periods determined by the KVK Board. If deemed necessary by the KVK Board, this situation is announced on the website of the KVK Board or by another method deemed appropriate by the KVK Board.
2.5 Observing the Legal Rights of Related Persons
Our company observes all legal rights of the persons concerned regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.
2.6 Protection of Private Personal Data
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are of special nature. is personal data. Our company is aware of the fact that special quality personal data is of a nature that may cause the person concerned to suffer or be exposed to discrimination if it is learned by others, and therefore, it sensitively takes adequate measures determined by the Board for the protection of such personal data processed in accordance with the law. In this context; It has a separate policy (Private Personal Data Security Policy) and procedure that are systematic, clearly defined, manageable and sustainable.
3. PROCESSING AND TRANSFER OF PERSONAL DATA
3.1 General Principles in Processing and Transferring Personal Data
Personal data is processed by our company in accordance with the procedures and principles stipulated in the Law and this Policy. Our company complies with the following principles when processing personal data.
3.1.1 Compliance with the Law and the Rules of Integrity
Our company processes personal data in accordance with the relevant legislation and the requirements of the honesty rule and uses it within these limits. In accordance with the principle of being in compliance with the rule of honesty, our Company considers the interests and reasonable expectations of the data subjects while trying to achieve its goals in data processing. It acts in a way to prevent the occurrence of results that the person concerned does not expect and does not need to expect. In accordance with the principle, it also ensures that the data processing activity in question is transparent for the data subject; acts in accordance with its information and warning obligations.
3.1.2 Being Accurate and Up-to-Date When Necessary
Our company ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of the persons concerned. In this context, it carefully considers issues such as the sources from which the data is obtained, the confirmation of its accuracy, and the evaluation of whether it needs to be updated. Our company always keeps channels open to ensure that the personal data owner's information is correct and up-to-date, in accordance with its obligation of active care. Keeping personal data accurate and up-to-date is necessary for protecting the fundamental rights and freedoms of the person concerned, as well as protecting the interests of our Company.
3.1.3 Processing for Specific, Explicit and Legitimate Purposes
Our company clearly and precisely determines the purpose of data processing and ensures that this purpose is legitimate. Being legitimate means that the personal data processed by our Company is related to and necessary for the work it has done or the service it has provided. Our company does not process data for purposes other than those stated. In this respect, it shows sensitivity in compliance with the principle of certainty and clarity in legal transactions and texts in which the purposes of personal data processing are explained.
3.1.4 Relating to the Purpose for which they are Processed, Limited and Proportionate
Our company pays attention to the fact that the processed personal data is suitable for the realization of the determined purposes and avoids the processing of data that is not related to the realization of the purpose or that is not needed. Our company does not collect or process personal data for purposes that do not exist and are thought to be realized later. It fulfills the processing conditions regulated in the Law as if it is the first time to process data in order to meet the needs that may arise later. It also limits the processed data only to what is necessary for the realization of the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the intended purpose.
3.1.5 Retention for the Time Required for the Purpose of Processing or Envisioned in the Relevant Legislation
Our company complies with these periods if there is a period stipulated in the relevant legislation for data storage; otherwise, it retains personal data only for as long as is necessary for the purpose for which it was processed. If there is no valid reason for further storage of a personal data by our company, the said data is deleted, destroyed or anonymized. The procedures regarding the storage and destruction of personal data are regulated in detail in our Company's Personal Data Retention and Destruction Policy.
3.2 Conditions for Processing Personal Data
Our company does not process personal data without the explicit consent of the person concerned. Personal data can only be processed without seeking the explicit consent of the data subject in the presence of one of the following conditions:
3.2.1 Explicitly Provided in Laws
Our company may process personal data without seeking the explicit consent of the person concerned, in cases expressly stipulated by the laws.
3.2.2 Being Compulsory for the Protection of Himself or Another Person's Life or Bodily Integrity of a Person Who Is Incapable of Expressing His Consent Due to Actual Impossibility or whose Consent is Not Legally Validated
Our company may process personal data without seeking explicit consent, in order to protect the life or physical integrity of individuals, in cases where the consent cannot be disclosed or is not valid.
3.2.3 Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract
In the event that personal data belonging to the parties of the contract are required to be processed directly in connection with the conclusion or performance of a contract, our company may process the personal data of the persons concerned, limited to this purpose, as a requirement of the ordinary course of life, without seeking explicit consent.
3.2.4 Obligation for Our Company to Fulfill its Legal Obligation
In order to fulfill its legal obligations as a data controller, our company may process the personal data of the data subject without seeking explicit consent, when necessary.
3.2.5 Relevant Person Made Public by Himself
Our company; may process the personal data of the persons concerned, which has been made public by them, in other words, disclosed to the public in any way, for a limited purpose, since it is accepted that the legal benefit to be protected in the processing of such data, which has been made public by the persons concerned and thus becomes known to everyone, is eliminated.
3.2.6 Requirement of Data Processing for the Establishment, Use or Protection of a Right
Our company may process the personal data of the persons concerned without seeking explicit consent in cases where data processing is necessary for the exercise or protection of a legally legitimate right.
3.2.7 Data Processing is Mandatory by Our Company for Legitimate Interests, Provided Not to Harm the Fundamental Rights and Freedoms of the Related Persons
Our company may process the personal data of the persons concerned in cases where it is necessary to process personal data in order to ensure their legitimate interests, provided that the fundamental rights and freedoms of the persons concerned are protected under the Law and Policy. Our company shows the necessary sensitivity to comply with the basic principles regarding the protection of personal data and to observe the balance of interests of our Company and personal data owners. What is meant by legitimate interest; It is a legitimate, effective, specific and already existing interest at a level that can compete with the fundamental rights and freedoms of the person concerned. Our company takes additional protective measures to ensure that the rights of the person concerned are not harmed. A reasonable balance is maintained between the interests of our company and the fundamental rights and freedoms of the person concerned.
3.3 Conditions of Processing of Private Personal Data
Our company does not process sensitive personal data without the explicit consent of the person concerned. Special categories of personal data can only be processed without seeking the explicit consent of the data subject in the presence of one of the following conditions:
3.3.1 Explicitly Provided in Laws
Sensitive personal data other than the health and sexual life of the data subject may be processed without seeking the explicit consent of the data subject, in cases expressly stipulated by the laws.
3.3.2 For the Purpose of Protection of Public Health, Preventive Medicine, Medical Diagnosis, Execution of Treatment and Care Services, Planning and Management of Health Services and Financing
Sensitive personal data regarding the health and sexual life of the data subject may be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
3.4 Terms of Transfer of Personal Data
Our company can transfer personal data to third parties based on one or more of the following personal data processing conditions, in accordance with Article 8 of the Law, by taking the necessary security measures:
-
Having the express consent of the person concerned,
-
There is a clear regulation in the law regarding the transfer of personal data,
-
The transfer of personal data is mandatory for the protection of the life or physical integrity of the person or another person, and the person concerned is unable to express his or her consent due to actual impossibility, or its consent is not legally valid,
-
It is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
-
Personal data transfer is mandatory for our company to fulfill its legal obligation,
-
The personal data has been made public by the personal data subject,
-
It is necessary to transfer personal data for the establishment, exercise or protection of a right,
-
Personal data transfer is mandatory for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the person concerned.
-
Special categories of personal data, on the other hand, can be transferred based on one of the following conditions and on a limited basis, provided that adequate measures are taken:
-
Having the express consent of the person concerned,
-
If there are sensitive personal data other than the health and sexual life of the person concerned, there is a clear regulation in the law regarding the transfer of this data.
-
In the case of sensitive personal data regarding the health and sexual life of the person concerned, these data are used by persons or authorized institutions under the obligation to keep confidential, for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. transferable by organizations.
3.4.1 Conditions for Transferring Personal Data Abroad
Our company can transfer personal data abroad based on the explicit consent of the person concerned, in accordance with Article 9 of the Law, by taking the necessary security measures.
However, in case of existence of one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 of the Law, our Company's personal data can only be sent to foreign countries that are declared to have sufficient protection by the KVK Board, without prejudice to the provisions of the international agreement to which Turkey is a party. or in the absence of sufficient protection, the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and transfer it to foreign countries where the permission of the KVK Board is available, without seeking the explicit consent of the data subject.
4. PERSONAL DATA CATEGORIES AND GROUPS OF DATA SUBJECTS
4.1 Categories of Personal Data
Personal data are processed by our Company by categorizing them as follows:
Identity
Data containing information on the identity of personal data owners: Name-surname, TR identity number, marital status, parents' name, surname, place and date of birth and other identification information, and copies of driver's license, identity card and passport containing this information; tax number, SGK number, signature information, etc.
Communication
Contact information of personal data owners: Telephone number, address, e-mail address, registered e-mail address (KEP), fax number, etc.
Personnel
Information processed to obtain information that will be the basis for the protection of personal rights of personal data owners: CV, title information; employment entry-exit document records; social security/retirement information, payroll information, property declaration information, information in disciplinary investigation and performance evaluation reports, etc.
Legal action
Data processed within the scope of determination of legal receivables and rights of the Company, follow-up and performance of debts and legal obligations: Power of attorney information, court and administrative authority decisions, information in correspondence with judicial authorities, information in case files, etc.
finance
Personal data, bank account information, credit information, balance sheet information, financial profile, assets and insurance information, etc.
Professional experience
Diploma, transcript, education/course/certificate information, driver's license information, foreign language knowledge, reference information, etc. recorded during and after the recruitment process of personal data owners.
Audio and Audio Recordings
Photographs, cameras and audio recordings that can be taken outside the scope of physical space security of personal data owners and other documents to which this data is transferred: Photographs attached to forms, video interviews and meeting recordings, etc.
Location
It is the personal data that is used to know the location of the data owner in general terms: The place of use of permission, etc.
Transaction Security
Personal data processed both for the technical, administrative, legal and commercial security of the personal data owner and the Company while the company activities are carried out: IP address information, website entry and exit (traffic) information, internet access records, password and password information, etc.
Family Members and Close Information
It refers to the identity and contact data of the employee's family members.
PRIVATE PERSONAL DATA
Criminal Conviction and Security Measures
Documents containing information on criminal convictions and security measures against personal data owners: Criminal record records.
Health information
Health data of personal data owners: Examination information, health reports, disability status, health permits, blood group information, etc.
4.2 Data Subject Groups
Only natural persons can benefit from the protection of this Policy and the Law. Personal data owners within this scope are grouped as follows:
Employee Candidate
They are real persons who have applied for a job to our company by any means or have opened their CV and related information to our company's review.
Customer
They are real persons who provide service by establishing a service contract relationship with our company.
Customer Representative
They are the natural person authorities of legal or real persons who provide services by establishing a service contract relationship with our company.
Customer Employee
Employees of natural or legal persons who provide services by establishing a service contract relationship with our company.
Service provider
They are real persons who are not included in the Customer and Supplier groups, but who are independent of our Organization, with whom our Organization has a business relationship or cooperation and who provide services to our company.
Service Provider Employee
They are real persons or real person employees of legal entities that are not included in the Customer and Supplier groups, but are independent of our Organization, with whom our Organization has a business relationship or cooperation and provides services to our company.
Service Provider Officer
They are real persons or natural person officials of legal persons who are not included in the Customer and Supplier groups, but are independent of our Organization, with whom our Organization has a business relationship or cooperation and provides services to our company.
Company Shareholder/Partner
They are the shareholders of DOSA Bilgi ve Bilim Teknolojileri Ticaret Limited Şirketi.
Occupational Physician
Natural persons or real persons, employees or officials of legal persons who provide medical services within the scope of the service contract concluded with our company.
Job security specialist
It is the real person employees or officials of legal persons or real persons who provide occupational health and safety consultancy services within the scope of the service contract concluded with our company.
Company official
It refers to the natural persons authorized to take legal action on behalf of our company.
supplier
They are natural persons who provide inputs or products to our Company in order to provide a product or service.
Vendor Contact _cc781905-5cde-3194_bbc358-193659_cc781905-bb3b-136bad5cf58d_ _cc781905-5cde-3194_bbc358-13358d_bb358d13365 -3194-bb3b-136bad5cf58d_
They are natural persons or authorized persons of legal entities who provide inputs or products to our Company in order to provide a product or service.
Supplier Employee
Identified/identifiable employees of real or legal persons who provide inputs or products to our Company in order to provide a product or service.
Third Parties (Reference Person)
They are real persons who are specified by the Employee Candidates as references during job applications and who do not have any relationship with our company.
5. METHOD OF COLLECTING PERSONAL DATA AND LEGAL REASON
5.1 Personal Data Collection Method
Our company's personal data is fully or partially automated or non-automatic for the purposes specified in article 6.1; in all kinds of verbal, written, electronic media; collects through, but not limited to, the following channels:
-
Document,
-
Oral Communication,
-
Physical examination,
-
systemic
-
Email,
-
Telephone,
-
Mail,
-
Fax etc.
5.2 Legal Reason for Collecting Personal Data
Our company collects personal data in accordance with Articles 5 and 6 of the Law, based on one of the following legal reasons:
-
The express consent of the person concerned,
-
expressly provided for in laws;
-
The personal data has been made public by the person concerned,
-
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,
-
It is mandatory for our company to fulfill its legal obligations,
-
Data processing is mandatory for the establishment, exercise or protection of a right,
-
Data processing is mandatory for our Company's legitimate interests, provided that it does not harm the fundamental rights and freedoms of the persons concerned.
6. PURPOSE OF PROCESSING PERSONAL DATA
6.1 Matching the Data Subject Groups with the Purposes of Processing for Personal Data Categories
The matching of the data subject groups, whose definitions and scopes are given above, with the processing purposes for personal data categories is presented below: (Real persons can only be included in one group of persons.)
Employee Candidate
Data Categories: Identity, Communication, Professional Experience, Audio-Visual Records, Personnel
Purposes of Processing: It is processed for the purposes of carrying out employee candidate/intern selection and placement processes, carrying out the application processes of employee candidates, conducting/supervising business activities, planning human resources processes, and carrying out communication activities.
Third Parties (Reference Person)
Data Categories: Identity, Communication
Purposes of Processing: Execution of employee candidate/intern selection and placement processes, Execution of employee candidates' application processes, Execution/supervision of business activities, Planning of human resources processes, Execution of employee candidate/intern selection and placement processes, Execution of employee candidates' application processes, Execution of business activities/ auditing, planning of human resources processes, Execution of Reference Processes.
Company Shareholder/Partner
Data Categories: Identity, Communication, Finance, Legal Action
Purposes of Processing: It is processed for the purposes of executing the activities in accordance with the legislation, executing the finance and accounting works, following and executing the legal affairs, Fulfilling the Tax Obligations, Execution / Audit of Business Activities, Providing Information to Authorized Persons, Institutions and Organizations, Execution of Management Activities.
Company Contact
Data Categories: Identity, Communication
Purposes of Processing: Fulfillment of obligations arising from employment contract/legislation for employees, Execution of audit/ethical activities, Execution of access authorizations, Execution of activities in accordance with the legislation, Execution of Billing Activities, Execution of Finance and Accounting Affairs, Execution of Assignment processes, Follow-up and Execution of Legal Affairs, Human Planning of resources processes, Execution / Control of Business Activities, Execution of Goods / Services Purchasing Processes, Execution of Goods / Services Sales Processes, Execution of goods / services after-sales support services, Realization of Customer Reconciliations, Execution of contract processes, Ensuring the security of movable goods and resources, Supply It is processed for the purposes of Execution of Chain Management Processes, Realization of Supplier Reconciliations, Providing Information to Authorized Persons, Institutions and Organizations, and Execution of Management Activities.
Customer
Data Categories: Identity, Communication, Personnel, Finance, Legal Transaction
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of Billing Activities, Execution of Finance and Accounting Affairs, Execution of commitment to companies / products / services, Follow-up and Execution of Legal Affairs, Execution of Communication activities, Execution / Supervision of Business Activities, Ensuring business continuity, Logistics Carrying out Goods/Service Sales Activities, Executing Goods/Services After-Sales Support Activities, Executing Goods/Service Sales Processes, Carrying out customer relationship management processes, Carrying out activities related to customer satisfaction, Realizing Customer Reconciliations, Carrying out marketing analysis studies, Contracting processes It is processed for the purposes of conducting strategic planning activities, Fulfilling Tax Obligations, Providing Information to Authorized Persons, Institutions and Organizations.
Customer Representative
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of Billing Activities, Execution of Finance and Accounting Affairs, Execution of commitment to companies / products / services, Follow-up and Execution of Legal Affairs, Execution of Communication activities, Execution / Supervision of Business Activities, Ensuring business continuity, Logistics Carrying out Goods/Service Sales Activities, Executing Goods/Services After-Sales Support Activities, Executing Goods/Service Sales Processes, Carrying out customer relationship management processes, Carrying out activities related to customer satisfaction, Realizing Customer Reconciliations, Carrying out marketing analysis studies, Contracting processes It is processed for the purposes of carrying out strategic planning activities.
Customer Employee
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of finance and accounting affairs, Execution of company/product/services loyalty processes, Execution of Communication Activities, Execution of Business Activities, Execution of Business Continuity Activities, Execution of Goods/Service Sales Activities, Goods/Services Sales It is processed for the purposes of Carrying out Post-Support Support Activities, Carrying out Customer Relationship Management processes, Carrying out activities related to Customer Satisfaction.
Service provider
Data Categories: Identity, Communication, Personnel, Finance
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of Finance and Accounting Processes, Execution of Customs Processes, Follow-up and execution of legal affairs, Execution of Communication Activities, Execution of Business Activities, Execution of Business Continuity Activities, Execution of Logistics Activities, Purchasing of Goods / Services It is processed for the purposes of execution, execution of goods / services / production and operation processes, Execution of Supply Chain Management Activities, Execution of Supplier Relations Management Processes, Fulfillment of Tax Obligations.
Service Provider Employee
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Execution of Customs Processes, Execution of Communication Activities, Execution of Business Activities, Execution of Business Continuity Activities, Execution of Logistics Activities, Execution of Goods/Services Purchasing Activities, Execution of Goods/Services/production and operation processes, Execution of Supply Chain Management Activities It is processed for the purposes of Execution of Supplier Relationship Management Processes.
Service Provider Officer
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Fulfillment of obligations arising from employment contracts/legislation for employees, Execution of training activities, Execution of activities in accordance with the legislation, Execution of Customs Processes, Follow-up and execution of legal affairs, Execution of Communication Activities, Execution / Supervision of Business Activities, Execution of occupational health / safety activities, Execution of Business Continuity Activities, Execution of Logistics Activities, Execution of Goods/Services Purchasing Activities, Execution of Goods/Services/production and operation processes, Execution of Contract processes, Execution of Supply Chain Management Activities, Execution of Supplier Relations Management Processes, Authorized persons/institutions and organizations processed for information purposes.
Occupational Physician
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Fulfilling the obligations arising from employment contracts/legislation for employees, Carrying out activities in accordance with the legislation, Carrying out training activities, Follow-up and execution of legal affairs, Execution of occupational health / safety activities, Execution of contract processes, Providing information to authorized persons / institutions and organizations, Communication It is processed for the purposes of Execution of its Activities.
Job security specialist
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Fulfilling the obligations arising from employment contracts/legislation for employees, Carrying out activities in accordance with the legislation, Carrying out training activities, Follow-up and execution of legal affairs, Execution of occupational health / safety activities, Execution of contract processes, Providing information to authorized persons / institutions and organizations, Communication It is processed for the purposes of Execution of its Activities.
supplier
Data Categories: Identity, Communication, Personnel, Finance
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of Billing Activities, Execution of Finance and Accounting Processes, Follow-up and Execution of Legal Affairs, Execution of Communication Activities / Execution of Business Activities , Execution of business continuity activities, Execution of logistics activities, Execution of Customs Processes, Execution of Goods / Services Procurement Processes, Execution of Goods / Services / Production and Operation Processes, Execution of Contract Processes, Execution of Supply Chain Management Activities, Execution of Supplier Relations Management Processes, Supplier It is processed for the purposes of Realization of Reconciliations, Fulfillment of Tax Obligations.
Vendor Contact _cc781905-5cde-3194_bbc358-193659_cc781905-bb3b-136bad5cf58d_ _cc781905-5cde-3194_bbc358-13358d_bb358d13365 -3194-bb3b-136bad5cf58d_
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of Billing Activities, Execution of Finance and Accounting Affairs, Follow-up and Execution of Legal Affairs, Execution of Communication Activities, Execution of Business Activities, Execution of Business Continuity Activities, Execution of Procurement of Goods / Services, Goods/Services. It is processed for the purposes of executing service/production and operation processes, Execution of Contract Processes, Execution of Supply Chain Management Processes, Execution of Supplier Relationship Management Processes, Realization of Supplier Reconciliations.
Supplier Employee
Data Categories: Identity, Communication, Personnel
Purposes of Processing: Execution of activities in accordance with the legislation, Execution of finance and accounting works, Execution of Customs Processes, Execution of Communication Activities, Execution / Audit of Business Activities, Execution of Business Continuity Activities, Execution of Logistics Activities, Execution of Goods / Services Purchasing Activities, Goods / Services / It is processed for the purposes of carrying out production and operation processes, Carrying out Supply Chain Management Activities, Executing Supplier Relationship Management Processes.
Personal Data Processing Activities Performed in Physical Spaces
In order to ensure security in our company's buildings and facilities, entrances and exits are recorded and video surveillance is performed in common areas. There is information regarding this in areas where camera monitoring is performed.
Records regarding internet access provided in our company's buildings and facilities are recorded in accordance with the Law No. 5651 on the Regulation of Broadcasts Made on the Internet and Combating Crimes Committed Through These Broadcasts and other legislation. can be used to fulfill a legal obligation.
6.2 Personal Data Processing Activities on the Website
Traffic information of online visitors visiting our website is automatically processed for the purpose of conducting information security processes. On the other hand, hosting providers have an obligation to record and store website traffic information pursuant to Law No. 5651 and other legislation.
Detailed explanations regarding the personal data processed through the website are available on the relevant website.
6.3 Personal Data Processing Activities Performed Through Communication Channels
Call center, mail, e-mail, etc. Communications made through channels are audited and recorded by our Company for the purpose of conducting/supervising business activities and following up requests/complaints.
Relevant persons are required to use these channels only within the scope of their business activities.
PURPOSE OF TRANSFERRING PERSONAL DATA AND THE PERSONS/INSTITUTIONS TO WHICH THE PERSONAL DATA IS TRANSFERRED
7.1 Purposes of Transfer of Personal Data
Our company transfers personal data limited to the following purposes within the framework of the conditions specified in Articles 8 and 9 of the Law:
-
Carrying out the Activities in Compliance with the Legislation,
-
Execution of Billing Activities
-
Execution of Finance and Accounting Affairs,
-
Execution of company/product/service commitment processes,
-
Execution of Customs Processes
-
Follow-up and Execution of Legal Affairs,
-
Conducting communication activities,
-
Execution / Supervision of Business Activities,
-
Carrying out occupational health / safety activities,
-
Carrying out activities to ensure business continuity,
-
Execution of logistics activities,
-
Execution of Goods/Service Procurement Processes,
-
Execution of Goods/Service Sales Activities,
-
Carrying out the Activities of Providing After-Sales Support for Goods/Services,
-
Execution of goods/services/production and operation processes,
-
Execution of customer relationship management processes,
-
Realization of Customer Reconciliations
-
Execution of Storage and Archive Activities,
-
Execution of Contract Processes,
-
Execution of Supply Chain Management Processes,
-
Realization of Supplier Reconciliations,
-
Fulfillment of Tax Obligations,
-
Providing Information to Authorized Persons, Public Institutions and Organizations,
-
It is transferred for the purposes of Execution of Management Activities.
7.2 Persons/Organizations to which Personal Data is Transferred
Our company can transfer personal data to the following individuals and organizations, limited to the data subject groups and data required by the purpose of transfer:
Real Persons or Private Law Entities (Customer, Customer Representative, Customer Employee, Banks, Logistics Firms, etc.)
Authorized Public Institutions and Organizations (Ministry of Labor and Social Security, Revenue Administration, Customs Administration, Notary Public, Chamber of Commerce and Industry Ministry of Commerce, Court etc.)
Business Partners (Consultant OSGB Firms, Accounting Software Firms, E-Invoice Software, Financial Advisor, Customs Advisor, Legal Advisor etc.)
DISPOSAL AND STORAGE PERIOD OF PERSONAL DATA
8.1 Destruction of Personal Data
Without prejudice to the provisions regarding the destruction of personal data in other laws, our Company deletes the personal data that it has processed in accordance with the provisions of this Law and other laws, ex officio or upon the request of the person concerned, in accordance with the Personal Data Retention and Destruction Policy, in case the reasons requiring its processing are eliminated. destroys or anonymizes.
Deletion of personal data refers to the process of making personal data inaccessible and non-reusable for the relevant users.
destruction of data; means the process of making personal data inaccessible, irretrievable and reusable by anyone in any way.
Anonymization of data, masking of personal data, variable extraction, generalization, etc. means the process of making it impossible to be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data using techniques.
8.2 Retention Periods of Personal Data
Our company stores personal data in accordance with the periods stipulated in the laws and other legislation. If there is no storage period stipulated in the laws and other legislation, personal data is kept for the period necessary for the realization of the purpose of processing that personal data in accordance with our Company's Personal Data Retention and Destruction Policy, then it is deleted, destroyed or anonymized within the framework of periodic destruction periods.
9. DISCLOSURE OF PERSONAL DATA OWNER AND RIGHTS ACCORDING TO KVK LAW
9.1 Disclosure of Relevant Person
Our company informs the persons concerned during the acquisition of personal data in accordance with Article 10 of the KVK Law. In this context, it clarifies the identity of the Company representative, if any, for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and the legal reason and the rights of the personal data subject.
9.2 Circumstances in which the Policy and the Law will not be Enforced Whole or Partially
The provisions of this Policy and Law will not be applied in the following cases:
Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with,
Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,
Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,
Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
In accordance with the purpose and basic principles of this Policy and the Law, the 10th regulating the obligation to inform the data controller, the 11th regulating the rights of the data subject, excluding the right to demand the compensation of the damage, and the 16th regulating the obligation to register in the Data Controllers Registry are as follows: It will not be applied in the following cases:
Personal data processing is necessary for the prevention of crime or for criminal investigation,
Processing of personal data made public by the person concerned,
Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
9.3 Rights of the Related Person in accordance with the KVK Law
Our company informs the relevant persons of their rights in accordance with Article 10 of the Law, provides guidance on how to exercise these rights, and carries out the necessary internal functioning, administrative and technical regulations for all these. The rights of persons whose personal data are processed pursuant to Article 11 of the Law are listed below:
-
Learning whether personal data is processed or not,
-
If personal data has been processed, requesting information about it,
-
Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
-
Knowing the third parties to whom personal data is transferred at home or abroad,
-
Requesting correction of personal data if it is incomplete or incorrectly processed,
-
Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
-
Requesting notification of the transactions (correction and destruction) carried out pursuant to subparagraphs (d) and (e) of Article 11 of the Law, to third parties to whom personal data has been transferred,
-
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
-
To request the compensation of the damage in case of loss due to unlawful processing of personal data.
Requests and applications regarding the implementation of the Law are filled in the application form on our website (www.dosabio.com) and sent to “Ege Üniversitesi Teknopark Erzene Mah. Ankara Cad. No:172/14 35100 Bornova /İzmir” address in writing or sent via a notary public or registered electronic mail (KEP) address (dosabilgi@hs01.kep.tr).[SYA1] ) can be transmitted electronically using a secure electronic signature or mobile signature.
Requests and applications If there is an e-mail address of the relevant person who has been previously notified to our Company and registered in the Company's system, info@dosabio.com[FFA2]It can also be sent to .
In requests and applications,
-
Name, surname and signature if the application is written,
-
Turkish identity number for citizens of the Republic of Turkey, nationality, passport number or identity number, if any, for foreigners,
-
Domicile or workplace address for notification,
-
If available, the e-mail address, telephone and fax number for notification,
-
Demand
must be present.
Information and documents related to the subject must be attached to the application.
Our company concludes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the said transaction requires an additional cost, the fee in the tariff determined by the Board may be charged.
Our company may accept the request sent to it, or reject it by explaining the reason, and notify the relevant person in writing or electronically. If the request in the application is accepted, our Company fulfills its requirements as soon as possible and informs the relevant person. In case the application is due to the fault of our Company, the fee collected is returned to the relevant person.
In cases where the application is rejected, the response given is insufficient, or the application is not responded to in due time; The person concerned has the right to lodge a complaint with the Board within thirty days from the date of learning the answer and, in any case, within sixty days from the date of application.
[SYA1]Clicking on this should open the form
[FFA2]Clicking on this should open the form