CORPORATE PERSONAL DATA PROTECTION POLICY
Document Name: | Personal Data Protection Policy |
Document Relevance: | The purpose of the Personal Data Protection Policy is to plan the processes for the protection of personal data by DNA Laboratories Health and Bio Technology Services Joint Stock Company and to determine the principles to be applied on this issue. |
Revision Date: | 26.08.2022 |
Version No: | 2 |
Reference / Justification: | Personal Data Protection Law No. 6698 and other legislation |
Approval Authority: | DNA Laboratories Health and Bio Technology Services Joint Stock Company Board of Directors |
DNA LABORATORIES HEALTH AND BIO TECHNOLOGY SERVICES JOINT STOCK COMPANY
CORPORATE PERSONAL DATA PROTECTION POLICY
1. PURPOSE
The right of every individual to request the protection of personal data about him/her is a sacred right arising from the Constitution. As DNA Laboratories Health and Bio Technology Services Joint Stock Company, we consider fulfilling the requirements of this right as one of our most valuable duties. Therefore, we attach importance to the legal processing and protection of your personal data.
The Corporate Personal Data Protection Policy has been prepared to determine the principles we base and the procedures we apply when processing and protecting personal data, as a result of the importance we attach to the protection of personal data.
2. SCOPE
Policy: All personal data managed by Dna Laboratories Sağlık Ve Bio Teknoloji Hizmetleri Anonim Şirketi is obtained, recorded, stored, preserved, changed, rearranged by fully or partially automatic or non-automatic means provided that it is part of any data recording system, It covers all kinds of operations performed on data such as disclosure, transfer, acquisition, making available, classification or preventing its use.
The policy relates to all processed personal data of Dna Laboratories Sağlık Ve Bio Teknoloji Hizmetleri Anonim Şirketi’s partners, officials, customers, employees, supplier officials and employees, and third parties.
Dna Laboratories Health and Bio Technology Services Joint Stock Company may change the Policy in order to comply with the legislation and the decisions of the Personal Data Protection Authority and to better protect personal data.
3. DEFINITIONS
Abbreviation | Description |
Buyer Group
|
The category of natural or legal person to whom personal data is transferred by the data controller. |
Explicit Consent | Consent regarding a specific issue, based on informed consent and expressed with free will. |
Anonymization | Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data. |
Contact Person | The real person whose personal data is processed. |
Relevant User | Except for the person or unit responsible for the technical storage, protection and backing up of data, they are persons who process personal data within the data controller organization or in line with the authority and instructions received from the data controller. |
Destruction | Deletion, destruction or anonymization of personal data. |
Law/KVKK | Personal Data Protection Law No. 6698. |
Recording Media |
Any environment containing personal data that is processed by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. |
Personal Data | Any information regarding an identified or identifiable natural person. |
Data Inventory | Data controllers personal data processing activities they carry out depending on their business processes; The inventory they create by associating the personal data with the purposes and legal reason for processing personal data, the data category, the transferred recipient group and the data subject person group, and detailing the maximum retention period required for the purposes for which personal data are processed, the personal data envisaged to be transferred to foreign countries and the measures taken regarding data security. |
Personal Data
Processing |
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, obtaining personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any operation performed on data, such as making it accessible, classifying it or preventing its use. |
Commission | Personal Data Protection Commission established by DNA Laboratories Health and Bio Technology Services Joint Stock Company to manage the Policy and other relevant procedures and to ensure the validity of the Policy. |
Board | Personal Data Protection Board. |
Institution | Personal Data Protection Authority. |
Special Personal Data | Regarding people’s race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures data and biometric and genetic data. |
Periodic Destruction | The process of deleting, destroying or anonymizing personal data specified in the personal data storage and destruction policy and to be carried out ex officio at recurring intervals in case all the conditions for processing personal data specified in the Law are eliminated. |
Policy | Personal Data Protection Policy |
Data Processor | A natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
Data Controller | A natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. |
4. GENERAL PRINCIPLES
Dna Laboratories Health and Bio Technology Services Joint Stock Company checks the compliance of the data to be processed with the following principles during the preparation phase of the workflow requiring the processing of each new personal data. Workflows that are deemed inappropriate are not implemented.
While Dna Laboratories Health and Bio Technology Services Joint Stock Company processes personal data;
(I) Complies with the law and the rules of honesty.
(II) Ensures that personal data is accurate and, when necessary, up-to-date.
(III) It ensures that the purpose of processing is specific, clear and legitimate.
(IV) It checks that the processed data is related to the purpose of processing, that it is processed as limited as necessary and is proportionate.
(V) It retains the data only as long as required by the relevant legislation or for the purpose of processing, and destroys it when the purpose of processing is eliminated.
5. DUTIES AND RESPONSIBILITIES
Personal Data Protection Commission has been established within Dna Laboratories Sağlık Ve Bio Teknoloji Hizmetleri Anonim Şirketi to manage this Policy and other relevant procedures regarding the processing of personal data and to ensure the enforcement of the Policy. The Commission consists of the General Coordinator, Accounting Officer, Quality Management Representative, and Genetic Test Sales and Marketing Coordinator. Dna Laboratories Health and Bio Technology Services Joint Stock Company also receives KVKK consultancy support when necessary in order to comply with the Personal Data Protection Law No. 6698. If the commission deems necessary, it may invite the KVKK consultant to its meetings.
The duties and responsibilities of the Commission are stated below.
Makes assignments regarding the matters listed above.
6. Precautions Taken for Data Security
Dna Laboratories Health and Bio Technology Services Joint Stock Company provides all necessary technical and administrative services to ensure the appropriate level of security in order to (i) prevent unlawful processing of personal data, (ii) prevent unlawful access to personal data, (iii) ensure the preservation of personal data. takes precautions.
6.1. Technical Measures
6.2. Administrative Measures
.
7. Rights of the Relevant Person Regarding Personal Data
The relevant person may request the following issues by applying to DNA Laboratories Health and Bio Technology Services Joint Stock Company:
VIOLATION NOTIFICATIONS
Dna Laboratories Health and Bio Technology Services Joint Stock Company employees report to the Commission any work, action or phenomenon that they believe violates the provisions of KVKK and/or the Policy. Following this violation notification, the committee meets if deemed necessary and creates an action plan regarding the violation.
If the violation has occurred by illegally obtaining personal data by others, the Commission will notify the relevant person and the Board within 72 hours within the scope of the Board’s decision dated 24.01.2019 and numbered 2019/10.
CHANGES
Changes to the policy are prepared by the Commission and submitted to the approval of the Board of Directors of DNA Laboratories Health and Bio Technology Services Joint Stock Company. The updated Policy can be sent to employees via e-mail or published on the website.
EFFECTIVE DATE
The first version of the Policy was approved by the Board of Directors on 24.04.2020 and the second version came into force on 26.08.2022.