INFORMATION TEXT ON THE PROCESSING OF PERSONAL DATA
Data Controller: Batı Özel Göz Sağlığı ve Lazer Merkezi Medikal Gereçler Ticaret ve Sanayi Anonim Şirketi (hereinafter referred to as "Batıgöz").
Service Address: Şair Eşref Boulevard 1371 Street No: 9, Çankaya/İzmir
Website: www.batigoz.com
Phone: 444 23 24
KEP Address: batigoz@hs01.kep.tr
The protection of personal data is a sensitive and important issue for our company as the data controller. We strive and pay attention to the processing of your personal data in accordance with the Law No. 6698, as well as national and international legislation. As a data controller, we adopt the principles set forth by the Law No. 6698 on the Protection of Personal Data and fulfill our obligations regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the data subject, and ensuring data security.
As Batıgöz, we have prepared this Information Text to inform our job candidates, interns, employees, potential product or service recipients, individuals receiving products or services and their employees, visitors, employees of our suppliers, representatives of our suppliers, members of our board of directors, and shareholders about the processing, storage, and transfer of your personal data in the context of activities arising from the legislation and legal regulations related to the Law No. 6698 on the Protection of Personal Data.
Scope of the Information Text
This Information Text includes;
- Methods and legal grounds for collecting personal data,
- Categorization of data subjects and processed personal data,
- The periods and purposes for which personal data are used,
- Administrative and technical measures taken to ensure the security of personal data,
- Transfer of personal data,
- Retention periods for personal data and destruction methods,
- Rights of the data subjects.
Methods and Legal Grounds for Collecting Personal Data
In accordance with Article 1 which regulates the purpose of the law and Article 2 which regulates its scope; personal data is collected through all verbal, written, electronic means, technical and other methods; on our company’s website, within the framework of legislation, contracts, requests, and voluntary legal grounds mentioned in the policy, to fulfill the responsibilities arising from the law completely and accurately. These data are processed by our company or data processors appointed by our company.
Batıgöz collects personal data in accordance with Law No. 6698 and other relevant legislation;
- Websites,
- Notices received from administrative and judicial authorities,
- Application forms,
- Employment contracts and agreements,
- Resumes,
- Electronic tracking and physical access control systems (e.g.: biometric and card access systems, CCTV),
- Information systems and electronic devices (e.g.: telecommunication infrastructure, computers, and phones),
- İŞKUR and private employment offices,
- Parties providing headhunting services,
- Third parties (e.g.: KKB and Findeks),
- Visitor registration processes,
- Documents related to administrative and commercial activities,
- By collecting auditory, electronic or written information through other documents declared by the relevant person.
Categorization of Data Subject Groups and Processed Personal Data
- Job Candidates
- Interns
- Employees
- Potential Product or Service Recipients
- Individuals Receiving Products or Services and Their Employees
- Visitors
- Employees of Our Suppliers
- Representatives of Our Suppliers
- Members of Our Board of Directors
- Shareholders
The Periods and Purposes for Which Personal Data is Used
Administrative and Technical Measures Taken Regarding the Security of Personal Data
As Batıgöz, we place utmost importance on taking the necessary administrative and technical measures determined within the framework of the Law No. 6698, relevant legislation, and the decisions made by the Personal Data Protection Board regarding the processing of your personal data. Batıgöz prevents unauthorized access to personal data, unlawful processing, disclosure, alteration, or destruction of personal data by taking the necessary administrative and technical measures against potential risks arising from within or outside the company. Batıgöz takes the following described administrative and technical measures while processing personal data.
Administrative Measures:
- Preparation of Personal Data Inventory
- Corporate Policies (Access, Information Security, Usage, Storage, Destruction, etc.)
- Contracts (Between Data Controller-Data Controller, Data Controller-Data Processor)
- Confidentiality Declarations
- Employment Contract, Disciplinary Regulations (Adding Compliance Provisions)
- Corporate Communication (Crisis Management, Informing the Board and Relevant Person Processes, Reputation Management, etc.)
- Training and Awareness Activities (Information Security and Law)
- Notification to the Data Controllers Registry Information System (VERBIS)
Technical Measures:
- Authorization Matrix
- Authorization Control
- User Account Management
- Network Security
- Application Security
- Intrusion Detection and Prevention Systems
- Log Records
- Data Loss Prevention
- Backups
- Firewall
- Updated Anti-Virus Systems
As Batıgöz, we prioritize the privacy and security of your personal data. In this context, we ensure data security by implementing the administrative and technical measures mentioned above. Despite the implementation of the aforementioned administrative and technical measures, in the event that personal data is damaged due to potential attacks on our servers or falls into the hands of unauthorized third parties, Batıgöz will notify you and the Personal Data Protection Board immediately and take the necessary precautions.
Transfer of Personal Data
Your Personal Data may be transferred within the framework of the conditions stated in Articles 8 and 9 of the Law; for the purposes of effectively planning and implementing our human resources policies, accurately planning and conducting our commercial partnerships and strategies, ensuring the legal, commercial, and physical security of our company and its business partners, ensuring the operational functioning of our company, customizing and offering products and services provided by our company according to customer demands, needs, and requests, ensuring data security at the highest level, creating databases, improving services offered on our company’s website, communicating with those who submit requests and complaints to our company, and eliminating errors that occur on our company's website.
Your Personal Data may be transferred to our shareholders, business partners, suppliers, subsidiaries, companies and institutions with which we cooperate, companies from which we receive services to fulfill our contractual or legal obligations, and authorized institutions and organizations. The nature of these transfers and the parties with whom data is shared may vary depending on the type and nature of the relationship between the data owner and Batıgöz, the purpose of the transfer, and the related legal basis. Generally, these parties are as follows:
- Legal Authorities Such as Law Firms and Institutions Providing Support for Legal Purposes,
- Business Units within Batıgöz for Coordination, Collaboration, and Efficiency,
- Banks that Facilitate Financial Transactions,
- Healthcare Institutions or Hospitals in Case of Work Accidents,
- Relevant Institutions for Capacity Reports,
- Real Persons or Private Legal Entities
- Our Business Partners
- Our Group Companies
- Our Publicly-Owned, Subsidiary, and Affiliate Companies
- Authorized Public Institutions and Organizations
- Our Shareholders
- Our Suppliers
Retention Periods and Destruction Methods of Personal Data
The principles regarding the retention periods of your personal data are as follows:
If a period for storing data is specified in the legislation applicable to company operations, the data in question is retained for at least the specified time. If no period is specified in the applicable legislation for storing the data, it is preserved for the duration determined in accordance with the principles of the Law No. 6698 in line with the specified purposes of data processing activities.
Your personal data are destroyed using deletion and destruction methods at the end of the periods specified above.
Rights of the Relevant Persons
As data subjects whose data are processed under Article 11 of the Law No. 6698, you can use your rights listed below by applying to us at any time.
- To learn whether your personal data has been processed
- If your personal data has been processed, to request information regarding it
- To learn the purpose of processing personal data and whether they are used in accordance with that purpose
- To know third parties to whom personal data have been transferred domestically or internationally
- If personal data have been processed incompletely or inaccurately, to request their correction
- To request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the Law
- To request that the transactions made under Articles 11 (D) and (E) of the Law be notified to the third parties to whom personal data have been transferred
- To object to a result that is unfavorable to the person itself arising from the analysis of processed data exclusively through automated systems
- To request compensation for damages due to unlawful processing of personal data
You can submit your applications and requests regarding your personal data, as well as your requests related to the implementation of the Law, using the Personal Data Protection Law Data Subject Application Form, in writing to the relevant facility in person or via Notary, or through a registered electronic mail (KEP) address, secure electronic signature, mobile signature, or by using the email address you have previously notified to us and that is registered in our system at kvkk@batigoz.com. Our company will conclude your requests in the application at the shortest time and in any case no later than thirty days free of charge. However, if the relevant process requires an additional cost, a fee determined by the Board may be charged.
SINCERELY,
BATI ÖZEL GÖZ SAĞLIĞI VE LAZER MERKEZİ MEDİKAL GEREÇLER TİCARET VE SANAYİ ANONİM ŞİRKETİ