MEDİNOVATİFYAPI Logo

Legal Notice

Personal Data Protection

Disclosure text prepared in accordance with Law No. 6698 (KVKK)

MED İNOVATİF YAPI LIMITED COMPANY — DISCLOSURE TEXT UNDER THE PERSONAL DATA PROTECTION LAW

Pursuant to the Law on the Protection of Personal Data No. 6698 ("KVKK"), this disclosure text has been prepared by MED İNOVATİF YAPI LIMITED COMPANY ("COMPANY") in its capacity as data controller, to inform third parties whose data is processed, other than our employees. Our COMPANY, as data controller, may process, store, classify, update, and — where permitted by legislation — transfer to third parties the personal data/sensitive personal data of third parties within the purposes stated below, in a lawful manner.

1

Definitions

Law

Law No. 6698 on Protection of Personal Data.

Sensitive Personal Data

Data relating to individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data.

Processing of Personal Data

Any operation performed on personal data such as collection, recording, storage, preservation, alteration, reorganisation, disclosure, transfer, receipt, making available, classification or prevention of use, by wholly or partially automated means or by non-automated means forming part of a data filing system.

Data Subject / Relevant Person

The natural person whose personal data is processed.

Data Processor

A natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data Controller

A natural or legal person who determines the purposes and means of the processing of personal data, and is responsible for setting up and managing the data filing system.

2

Purposes of Processing Your Personal Data/Sensitive Personal Data

Personal data/sensitive personal data obtained by the COMPANY will be processed within the following scope:

Management of Emergency Processes, Management of Information Security Processes, Execution of Candidate / Intern / Student Selection and Placement Processes, Execution of Audit / Ethics Activities, Execution of Training Activities, Management of Access Authorisations, Conducting Activities in Compliance with Legislation, Execution of Finance and Accounting Processes, Ensuring Physical Premises Security, Monitoring and Execution of Legal Processes, Execution of Communication Activities, Planning of Human Resources Processes, Execution of Recruitment and Evaluation Processes, Execution / Supervision of Business Activities, Execution of Occupational Health / Safety Activities, Business Partnership / Purchase-Sale Contract Negotiations and Conclusion, Ensuring Business Continuity, Execution of Logistics Activities, Execution of Goods / Services Procurement Processes, Execution of Goods / Services Sales Processes, Management of Customer Relations, Organisation and Event Management, Execution of Marketing Analysis Studies, Execution of Performance Evaluation Processes, Execution of Advertising / Campaign / Promotion Processes, Management of Risk Processes, Execution of Storage and Archiving Activities, Execution of Contract Processes, Execution of Strategic Planning Activities, Follow-up of Requests / Complaints, Management of Supply Chain Processes, Ensuring Security of Data Controller Operations, Execution of Investment Processes, Execution of Talent / Career Development Activities, Providing Information to Authorised Persons, Institutions and Organisations, Execution of Management Activities.

3

Transfer of Your Personal Data/Sensitive Personal Data

Your personal data processed within the disclosed purposes may be transferred, in compliance with the fundamental principles set out in KVKK and within the data processing conditions and purposes specified in Articles 8 and 9 of KVKK; to our business partners, shareholders, subsidiaries and affiliates, suppliers, group companies, authorised public institutions and organisations, and — within the scope of legal obligations — to firms and individuals from whom support services are received and to independent audit firms.

4

Transfer of Personal Data Abroad

As a COMPANY, your data is not transferred abroad. In cases where cross-border data transfer becomes necessary, the required notification will be made by our COMPANY, and if explicit consent is required by law, the transfer will only take place after informing the relevant person and obtaining their explicit consent.

5

Method of Collecting Personal Data/Sensitive Personal Data

Your personal data is collected by the COMPANY for the purpose of conducting our activities, through applications to the COMPANY, e-mail and various other channels, based on the legal grounds set out below.

6

Legal Grounds for Processing Your Personal Data

Your personal data is collected, used, recorded, stored and processed by our COMPANY, after providing data subjects with clear and comprehensible written information, and where required obtaining their explicit consent, in compliance with the law and rules of honesty; limited to and connected with the legitimate purposes explicitly stated above — for the establishment of an employment contract, for exercising your rights arising from law and contracts, and for fulfilling the COMPANY's legitimate interests or legal obligations, within the framework of the principle of proportionality.

Personal data collected during this process is gathered securely in physical and electronic environments throughout the establishment and continuation of the contractual relationship, for the purpose of carrying out the above-mentioned processes and conducting our commercial and operational activities. Where a specific retention period is prescribed by relevant legislation, the data will be retained securely in physical and electronic environments for that period. Accordingly, sensitive personal data/personal data may be processed and transferred with explicit consent, or without explicit consent where the conditions set out in Articles 5(2) and 6(3) of KVKK are present, in the light of the principles prescribed in Article 4(2) of KVKK.

7

Ensuring Security of Personal Data

The COMPANY takes the technical and administrative measures prescribed in Article 12, paragraph 1 of KVKK to ensure the appropriate level of security required for the protection of personal data.

8

Your Rights as a Data Subject Under KVKK

Your rights under Article 11 of KVKK are as follows:

  • To learn whether personal data is being processed,

  • To request information if personal data has been processed,

  • To learn the purpose of processing personal data and whether it is used in accordance with that purpose,

  • To know the third parties to whom personal data is transferred, domestically or abroad,

  • To request correction of personal data if it is incomplete or inaccurately processed,

  • To request deletion or destruction of personal data within the conditions set out in Article 7,

  • To request that the operations carried out be notified to the third parties to whom personal data has been transferred,

  • To object to the emergence of a result against oneself by analysing the processed data exclusively through automated systems,

  • To claim compensation for damages in case of loss due to unlawful processing of personal data.

9

Questions and Requests

Your requests relating to the rights set out above, submitted to our COMPANY's address or e-mail address below, will be concluded free of charge within thirty (30) days at the latest. However, if the transaction requires an additional cost, the fee in the tariff set by the Board will be charged.

MEDİNOVATİF YAPI

Toros Mah. 822 Sk. Tepeüstü Apt. No: 11/2, Konyaaltı / Antalya

[email protected]