PERSONAL DATA PROTECTION LAW (“KVKK”)
Definitions
The terms used in this clarification text refer to the following definitions;
Personal Data: Any information relating to an identified or identifiable natural person.
Personal Data Protection Law (“KVKK”): Personal Data Protection Law No. 6698, which was published in the Official Gazette on April 7, 2016.
Data Processor: The natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.
Relevant Person: The natural person whose personal data is processed.
As FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ ("Our Company"), protecting fundamental rights and freedoms, protecting privacy, ensuring and protecting information security, and respecting ethical values are among our most important principles. Therefore, as part of the fulfilment of our obligation to provide information under Article 10 of the Personal Data Protection Law ("KVKK"), you are provided with the following explanations for your information;
Data Controller:
With respect to your personal data, the "Data Controller" is FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ registered in the Commercial Register of Ankara under the registration number X , with the Central Registration System Number X and the registered office at the address "MUSTAFA KEMAL MAHALLESİ 2123 CADDESİ NO:2D İÇ KAPI NO:803 ÇANKAYA/ANKARA".
Parties whose data is collected
Within the scope of the Personal Data Protection Law, we collect the data of the parties mentioned below who have a business relationship with our company. These are;
· Our employees and employee candidates
· Our customers,
· Our consultants,
· Our business partners,
· Our company officials,
· Our company representatives,
· Person(s) who are the addressee of legal proceedings,
· Our visitors.
Data Collected and Processed by Our Company from the Parties
Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process the following data from the parties of our company. These are;
- Information on handling inquiries/complaints,
- Information on ethical values and compliance with laws,
- Information on the use of electronic media,
- Information on the goods and services offered and provided
- Visual information (photo,camera),
- Records on the use of e-mail and information system services,
- Login records,
- Health records and health information,
- Biometric data
Data Collection Purposes of Our Company
Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process data in order to realize our company purposes, which we have stated below, provided that they are limited to the relevant purposes. These are;
- Performance of the commercial activities of our company.
- Ability to carry out business processes related to commercial activities,
- Management and execution of relationships with business partners,
- Technical management of our company's websites,
- Customer management and handling of complaints,
- Follow-up on product surveys and questions you send to our company,
- Performing the necessary work through our business units so that you can benefit from our company's products and services,
- Planning and carrying out sales, marketing and after-sales processes of products and/or services,
- Providing information about the content of products and services,
- Conducting legal and commercial relations with our company and persons who have business relations with our company, and ensuring the security of these relations,
- Planning transfer activities,
- Carrying out reputational research processes,
- Compliance with ethical values and laws, and execution of legal business and procedures,
- Follow up on contract processes and/or legal requests,
- Execution of information security services,
- Performing financial and/or accounting tracking and auditing activities,
- Creation and tracking of visitor data,
- Establishing and implementing our company's commercial and business strategies,
- For other purposes communicated to the data subject at the time of collection of the data.
- Ensuring compliance with legal obligations as prescribed or required by relevant legislation.
Disclosure of data collected and processed by our company for its purposes.
Your personal data collected by our company under the conditions and purposes of data processing referred to in Articles 8 and 9 of the Personal Data Protection Law may be disclosed to our affiliates, business partners (only in anonymous form), legally authorized public bodies and private individuals, as well as other persons within the scope of the above purposes.
Data Collection Method and Legal Reason by Our Company
Personal data may be collected by our company by giving oral, written and/or electronic information to the holders of the personal data in a clear and understandable manner, and when necessary, by oral, written and/or electronic means, in accordance with the law and honesty, in connection with the legitimate purposes clearly stated above, and will be collected, used, recorded, stored and processed on a limited basis within the framework of the principle of proportionality.
We assure that your personal data will not be processed by our company for purposes other than those stated in this information document and will not be disclosed or stored to third parties in the country or abroad.
Retention period of the data collected by our company
Your personal data will be stored for the retention periods specified in the relevant legal provisions, if no period is specified in the relevant legal provisions, in accordance with the practices of our company and the customs of business life or for the period necessary for the above processing purposes. Thereafter, they will be deleted, destroyed or anonymized in accordance with Article 7 of the Personal Data Protection Law.
Security of Your Data Collected and Processed by Our Company
In order to prevent your personal data from being exposed to unauthorized access, lost or damaged in the environments where they are processed and stored, the technical and administrative measures of the Information Security Management System (ISO Standard 27001 and Good Practice Booklets 27018 and 27701), promoted by our management, the requirements of the Data Protection Management System (Bureau Veritas - Data Protection Technical Standard, BS 10012 Data Protection Personal Information Management System Standard), as well as the requirements of the Personal Data Security Guide published by the Legislative Committee for the Protection of Personal Data, are constantly operated and developed as part of continuous improvement.
Rights of Relevant Person whose Data is Collected and Processed
In accordance with Article 11 of the Personal Data Protection Law, everyone will have the following rights regarding himself/herself by applying to the data controller.
a) To know whether personal data are processed or not,
b) If personal data have been processed, to request information about it,
c) To know the purpose for which personal data are processed and whether they are used in accordance with that purpose,
e) To know the third parties to whom personal data are disclosed in the country or abroad,
f) To request the rectification of personal data in case of incomplete or inaccurate processing,
g) To request the erasure or destruction of personal data under the conditions set forth in Article 7,
h) To request the communication to third parties to whom personal data have been disclosed of the transactions carried out pursuant to letters f) and g),
i) To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
j) in case of damage due to unlawful processing of personal data, to claim compensation for the damage.
Application methods within the rights of the data subject
Pursuant to Article 13(1) of the Personal Data Protection Law , you may submit your request to exercise your above-mentioned rights in accordance with the "“Notification on Application Procedures and Principles to the Data Controller" published on March 10, 2018, in the following manner and with the following information.
1. Name and surname of the applicant.
2. If the applicant is a citizen of the Republic of Turkey, the identity number of the Turkish Republic, if not, the citizenship and passport number or, if available, the identity number.
3. The place of residence or the address of the applicant's place of work for service.
4. The e-mail address, telephone or fax number of the applicant.
5. Subject of the request of the applicant.
6. Information and documents related to the request of the applicant.
Application Methods;
1. The applicant may fill in the "application form" personally and send it to the address FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ* and deliver it to the Counselling Centre together with a written report in a sealed envelope and with the words "Request for information pursuant to the Personal Data Protection Law'' written on the envelope.
2.The applicant may send a notice to FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ* via a notary public, but the note "Request for information pursuant to the Personal Data Protection Law'' should be placed on the notification envelope.
The terms used in this clarification text refer to the following definitions;
Personal Data: Any information relating to an identified or identifiable natural person.
Personal Data Protection Law (“KVKK”): Personal Data Protection Law No. 6698, which was published in the Official Gazette on April 7, 2016.
Data Processor: The natural or legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller.
Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.
Relevant Person: The natural person whose personal data is processed.
As FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ ("Our Company"), protecting fundamental rights and freedoms, protecting privacy, ensuring and protecting information security, and respecting ethical values are among our most important principles. Therefore, as part of the fulfilment of our obligation to provide information under Article 10 of the Personal Data Protection Law ("KVKK"), you are provided with the following explanations for your information;
Data Controller:
With respect to your personal data, the "Data Controller" is FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ registered in the Commercial Register of Ankara under the registration number X , with the Central Registration System Number X and the registered office at the address "MUSTAFA KEMAL MAHALLESİ 2123 CADDESİ NO:2D İÇ KAPI NO:803 ÇANKAYA/ANKARA".
Parties whose data is collected
Within the scope of the Personal Data Protection Law, we collect the data of the parties mentioned below who have a business relationship with our company. These are;
· Our employees and employee candidates
· Our customers,
· Our consultants,
· Our business partners,
· Our company officials,
· Our company representatives,
· Person(s) who are the addressee of legal proceedings,
· Our visitors.
Data Collected and Processed by Our Company from the Parties
Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process the following data from the parties of our company. These are;
- Information on handling inquiries/complaints,
- Information on ethical values and compliance with laws,
- Information on the use of electronic media,
- Information on the goods and services offered and provided
- Visual information (photo,camera),
- Records on the use of e-mail and information system services,
- Login records,
- Health records and health information,
- Biometric data
Data Collection Purposes of Our Company
Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process data in order to realize our company purposes, which we have stated below, provided that they are limited to the relevant purposes. These are;
- Performance of the commercial activities of our company.
- Ability to carry out business processes related to commercial activities,
- Management and execution of relationships with business partners,
- Technical management of our company's websites,
- Customer management and handling of complaints,
- Follow-up on product surveys and questions you send to our company,
- Performing the necessary work through our business units so that you can benefit from our company's products and services,
- Planning and carrying out sales, marketing and after-sales processes of products and/or services,
- Providing information about the content of products and services,
- Conducting legal and commercial relations with our company and persons who have business relations with our company, and ensuring the security of these relations,
- Planning transfer activities,
- Carrying out reputational research processes,
- Compliance with ethical values and laws, and execution of legal business and procedures,
- Follow up on contract processes and/or legal requests,
- Execution of information security services,
- Performing financial and/or accounting tracking and auditing activities,
- Creation and tracking of visitor data,
- Establishing and implementing our company's commercial and business strategies,
- For other purposes communicated to the data subject at the time of collection of the data.
- Ensuring compliance with legal obligations as prescribed or required by relevant legislation.
Disclosure of data collected and processed by our company for its purposes.
Your personal data collected by our company under the conditions and purposes of data processing referred to in Articles 8 and 9 of the Personal Data Protection Law may be disclosed to our affiliates, business partners (only in anonymous form), legally authorized public bodies and private individuals, as well as other persons within the scope of the above purposes.
Data Collection Method and Legal Reason by Our Company
Personal data may be collected by our company by giving oral, written and/or electronic information to the holders of the personal data in a clear and understandable manner, and when necessary, by oral, written and/or electronic means, in accordance with the law and honesty, in connection with the legitimate purposes clearly stated above, and will be collected, used, recorded, stored and processed on a limited basis within the framework of the principle of proportionality.
We assure that your personal data will not be processed by our company for purposes other than those stated in this information document and will not be disclosed or stored to third parties in the country or abroad.
Retention period of the data collected by our company
Your personal data will be stored for the retention periods specified in the relevant legal provisions, if no period is specified in the relevant legal provisions, in accordance with the practices of our company and the customs of business life or for the period necessary for the above processing purposes. Thereafter, they will be deleted, destroyed or anonymized in accordance with Article 7 of the Personal Data Protection Law.
Security of Your Data Collected and Processed by Our Company
In order to prevent your personal data from being exposed to unauthorized access, lost or damaged in the environments where they are processed and stored, the technical and administrative measures of the Information Security Management System (ISO Standard 27001 and Good Practice Booklets 27018 and 27701), promoted by our management, the requirements of the Data Protection Management System (Bureau Veritas - Data Protection Technical Standard, BS 10012 Data Protection Personal Information Management System Standard), as well as the requirements of the Personal Data Security Guide published by the Legislative Committee for the Protection of Personal Data, are constantly operated and developed as part of continuous improvement.
Rights of Relevant Person whose Data is Collected and Processed
In accordance with Article 11 of the Personal Data Protection Law, everyone will have the following rights regarding himself/herself by applying to the data controller.
a) To know whether personal data are processed or not,
b) If personal data have been processed, to request information about it,
c) To know the purpose for which personal data are processed and whether they are used in accordance with that purpose,
e) To know the third parties to whom personal data are disclosed in the country or abroad,
f) To request the rectification of personal data in case of incomplete or inaccurate processing,
g) To request the erasure or destruction of personal data under the conditions set forth in Article 7,
h) To request the communication to third parties to whom personal data have been disclosed of the transactions carried out pursuant to letters f) and g),
i) To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
j) in case of damage due to unlawful processing of personal data, to claim compensation for the damage.
Application methods within the rights of the data subject
Pursuant to Article 13(1) of the Personal Data Protection Law , you may submit your request to exercise your above-mentioned rights in accordance with the "“Notification on Application Procedures and Principles to the Data Controller" published on March 10, 2018, in the following manner and with the following information.
1. Name and surname of the applicant.
2. If the applicant is a citizen of the Republic of Turkey, the identity number of the Turkish Republic, if not, the citizenship and passport number or, if available, the identity number.
3. The place of residence or the address of the applicant's place of work for service.
4. The e-mail address, telephone or fax number of the applicant.
5. Subject of the request of the applicant.
6. Information and documents related to the request of the applicant.
Application Methods;
1. The applicant may fill in the "application form" personally and send it to the address FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ* and deliver it to the Counselling Centre together with a written report in a sealed envelope and with the words "Request for information pursuant to the Personal Data Protection Law'' written on the envelope.
2.The applicant may send a notice to FİBEMED SAĞLIK TURİZMİ VE TİCARET LİMİTED ŞİRKETİ* via a notary public, but the note "Request for information pursuant to the Personal Data Protection Law'' should be placed on the notification envelope.