PURPOSE AND SCOPE

 

İNTERLAB LABORATUAR ÜRÜNLERİ SAN. ve TİC. A.Ş. playing along with the legal regulations sets up the system regarding the execution of all kind of activities required under the scope of adaptation to the legislation in respect of personal data processing and protection. We, as INTERLAB, give importance to processing, protection of all personal data of all person, including those benefiting from our products and services, in compliance with the Law on Protection of Personal Data (“KVKK”) numbered 6698. With the awareness of our responsibility, we in the capacity of “Data Supervisor” process your personal data under the following scope and conditions pursuant to the KVKK Law.

 

DEFINITIONS

 

 

Express Consent		Consent based on information regarding a certain issue and explained by freewill
Anonymization		To make the personal data as not to be identified with any real person, whose identification is never evident or can never be identified by matching with other data
Relevant person		Real person whose personal data is processed
Personal Data		All kind of information regarding the real person whose identification is evident or can be identified
Personal Data Protection Department		Department, which will provide the required coordination within the structure of the company under the scope of ensuring the compatibility to the personal data protection legislation, maintenance and continuity by INTERLAB
KVKK Law		Law Number: 6698
		Acceptance Date : 24/3/2016
		Official Gazette : Date : 7/4/2016
		Number: 29677
		Legal Principle : Scheme : 5 Volume : 57
KVK Board		Personal Data Protection Board
KVK Institution		Personal Data Protection Board
Specific Personal Data		Race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership of a society, foundation or union, health, sexual life of person, and data regarding her/his conviction and security measures as well biometric and genetic data are the specific personal data.
INTERLAB		INTERLAB LABORATUAR ÜRÜNLERİ SAN. ve TİC. A.Ş
INTERLAB Employee KVK Policy		The “INTERLAB ENLIGHTENING AND CONSENT TEXT FOR PERSONAL DATA PROCESSING”, under which the principles regarding protection and processing of personal data of employees working in the companies, which are in the structure of INTERLAB.
INTERLAB Supplier		Parties rendering service under the scope of a contract
Data Owner Application Form		Application form that the data owners will benefit from during their application regarding their rights under article 11 of the KVK Law.
Data Processor		Real or legal person processing the personal data on its behalf depending on the authorization granted by the data supervisor.
Data Supervisor		Real or legal person determining the purpose and means of personal data processing and being responsible for setting up and management of the data recording system
Communique on Procedure and Principles for Application to Data Supervisor		Communique on Procedure and Principles for Application to Data Supervisor which  is published in the Official Gazette dated 10 March 2018 and numbered 30356 and is become valid
Data Supervisor Registry		Under the supervision of KVK Committee, Data Supervisor Registry which is kept before the Personal Data Protection Institution and is open to the public
Regulation on Data Supervisors Registry		Regulation on Data Supervisors Registry which is published in the Official Gazette dated 30 December 2017 and numbered 30286, and is become valid on 1 January 2018

 

 

HOW PERSONAL DATA ARE PROCESSED?

 

It is all kind of transaction carried out on the data, such as obtaining, recording, storing, maintaining, changing, reordering, clarification, transferring, taking over, making available, classification or preventing its utilization through non-automatic ways provided that the personal data shall be the part of a full or partial automatic or any data recording system.

 

FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA?

 

Your personal data are processed by İNTERLAB LABORATUAR ÜRÜNLERİ SAN. ve TİC. A.Ş . in compliance with the basic principles envisaged by KVKK and within the scope of the personal data processing conditions and purposes set forth under articles 5 and 6.

 

HOW WE MAINTAIN YOUR PERSONAL DATA?

 

Your personal data shared with our company are maintained in compliance with the relevant legal regulations and KVKKK provisions.

 

FOR HOW LONG WE KEPT YOUR PERSONAL DATA?

 

Although the personal data are processed in compliance with this Law and the provisions of other relevant law; in the event if the reasons requiring their processing are removed, the personal data are deleted, disposed or incorporated by the data supervisor directly or upon the request of the relevant person.

 

What is the Basic Principles Adopted in Personal Data Processing?

• Being in compliance with law and good faith: Pursuant to article 4 of KVK Law, the personal data should be processed in compliance with the law and good faith.
• Being correct and actual: It is paid attention to whether the processed personal data are actual or not and to making controls in this respect. In this scope, the data owners are vested the right to correct the data, which is not correct and actual.

 

• Processing for specific, clear and legitimate purposes: prior to each personal data processing activity, it is paid attention to determining the data processing purposes and whether these purposes are in contrary to law or not.

 

• Being associated, limited and careful with the processing purposes: The data processing activity is limited to the personal data required for realizing the collection purpose and for this purposes the required measures are taken by our company in order not to process the personal data which are not related to this purpose.

 

• Maintaining them for the period envisaged under the relevant legislation or for the purpose required to be processed: after the removal of the purpose of processing the personal data or upon the term envisaged under the legislation  is expired, the personal data is deleted, disposed or anonymized. 

 

What are the Conditions to Process Personal Data Adopted by our Company?

• In the event if it is explicitly envisaged by the laws: The processed personal data may be processed without the express consent of the data owner. In such situation, the Company will process the personal data in the frame of the relevant legal arrangement.

 

• In the event if it is statutory to protect the integrity of life or body of himself/herself or others, who is in situation that he/she could not utter his/her consent due to actual impossibility or no legal validity is not granted to his/her consent: The personal data of the data owner, whose consent could not be announced by the company or to whom any legal validity is not granted, shall be processed where the personal data processing is mandatory in order to protect the integrity of life or body of the date owner or any third party.

 

• Provided that it is directly related to conclusion or execution of any contract, in the event if the personal data processing of any contracting party is mandatory; if the personal data processing of the contracting party of the contract, which is concluded or already signed between the data owner and our Company, is necessary, the personal data processing activity is performed.

 

• In the event if it is statutory in order for the data supervisor to fulfill his/her legal obligation; our company processes the personal data for the purpose of fulfilling its legal obligations envisaged under the scope of the applicable legislation.

 

• In the event if the relevant person is being confessed by himself/herself; The personal data, which is announced to public by the data owner and which is presented to the information to everyone as a result of confession, can be processed by our company without the express consent of the data owners provided that it shall be limited to confessing purposes.

 

• In the event if the data processing is statutory in order for establishment, utilization or protection of rights; our company can process the personal data of the data owner without their express consent under the scope of the obligation.

 

 

• Provided not to damage the basic rights and freedom of the relevant person, in the event if the data processing is statutory for the legal benefits of the data supervisor; provided that the benefit balance of our company and the data owner shall be protected, the personal data can be processed by the Company. Within this scope, the company firstly determines its legal benefit gained by the result of the processing activity during the data processing depending on the legal benefit. It evaluates the effects of personal data processing on the rights and freedom of the data owner and if it is in the opinion that the balance is not damages, it performs the processing activity.

 

What are our steps regarding the data security?

• Preventing the personal data to be processed in contrary to law,
• Preventing the personal date to be accessed in contrary to law,
• Providing the maintenance of personal data, and taking all kind of technical and administrative measures required to provide the appropriate security level,
• Performing the required audits by our data supervisor for the purpose of ensuring the compliance with the Law provisions.

Who are the data owners for the personal data processing activities carried out by our company and what are your rights arising from the data protection law as the data owner?

The customers, supplier, visitors, employees and candidates are data owners.

The rights vested to the real persons, the personal data of whom are processed, in accordance with article 11 of KVKK are as follows;

• To learn whether their personal data is processed or not,
• To ask for information with respect to this if their personal data is processed,
• To learn the purpose of processing the personal data and whether these are used in compliance with  their purpose or not,
• To learn the third person to whom the personal data is transferred in homeland and abroad,
• In the event if the personal data is processed incompletely or incorrectly, to request them to be amended and the third party, to whom the persona data is transferred, to be informed regarding the transaction carried out in this regard,
• Although the personal data are processed in compliance with KVKK and the provisions of other relevant law; in the event if the reasons requiring their processing are removed, to request the personal data to be deleted, disposed and the third party, to whom the persona data is transferred, to be informed regarding the transaction carried out in this regard,
• To object to any negative situation against him/her arising due to the analysis of the processed data by the exclusive automatic systems,
• In the event if he/she is suffered due to the personal data is processed in contrary to the law on protection of personal data.

You can submit your application regarding your above listed rights by filling out the Data Owner Application Form at http://www.isolab.com.tr/ web site.

 

Obligation to Reply to the Data Owners’ Application

Pursuant to article 13 of the KVK Law, the requests of the data owner regarding their personal data should be concluded as soon as possible and latest by thirty (30) days based on their qualification. The data owner should submit their requests regarding their personal data in the direction of the Communique on Principles and Procedures to Apply to Data Supervisor.

SCOPE OF LAW AND RESTRICTIONS ON IMPLEMENTATION THEREOF IN THIS REGARD

These law provisions are not applied in the following cases:

• Provided that the personal data is not provided to the third persons and the obligations regarding the data security is complied, the personal data to be processed by the real persons under the scope of the activities related to himself/herself or to the family members living in the same house.
• Processing the personal data for the purposes such as searching, planning and statistic provided that the personal data is anonymized through official statistics.
• Provided that the personal data does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or not constitute a crime, processing the personal data under the scope of arts, history, literature or scientific purposes.
• Processing the personal data under the scope of the preventive, protective and informative activities carried out by the public institutions and organizations, which are authorized by the law in order to ensure the national defense, national security, public security, public order or economic security.
• Processing of personal data by the judicial authorities regarding the investigation, prosecution, judgment or execution transactions.

Provided to be in compliance and proportional to the purpose and basic principles of this Law, article 10 setting forth the clarification obligation of the data supervisor, except for requesting the compensation of losses, article 11 setting forth the rights of the relevant person and article 16 setting forth the registration obligation of Data Supervisor are not applied in the following cases :

• Personal data processing to be required for preventing committing an offense or investigation of an offense.
• Processing the personal data, which are confessed by himself/herself.
• Processing personal data to be required by the public institutions and organizations as well occupational institutions authorized based on the power vested by the law in order to carry out the audit or arrangement duties and as well discipline investigation and prosecution.
• Processing personal data to be necessary to protect the State’s economic and fiscal benefits regarding budgetary, taxation and fiscal issues.