Privacy Policy and Personal Data Text

Date of Update: 01.06.2021

This Privacy Policy and Personal Data Text (Policy), has been drafted in order to clarify and inform the visitors (User) about the terms and conditions regarding the use of data obtained and/or to be obtained from visitors in any way and the ways of processing data obtained through the website operating under the domain name https://www.inofab.health (Website) owned by İnofab Sağlık Teknolojileri Anonim Şirketi (Company) or another domain name owned by Company.

Cookies are used by Company to collect personal data in the Website. For more detailed information on the use of cookies, please see our Website Cookie Policy.

1. General Explanations

Company adopts this Policy in respect of privacy, use and other related issues of the processed information regarding Users.

Personal data refers to any information regarding an identified or identifiable natural person. Thus, the regulations regarding the personal data contained in this text shall apply if the relevant information belongs to a natural person. If the relevant information belongs to legal persons, regulations other than those regarding personal data in this text shall apply.

Company places importance on the confidentiality of data and takes care to be transparent about data retention. This Policy is the privacy policy and clarification text that includes information about what kind of data is collected, how this data is used, if necessary with whom this data is shared, what are the rights regarding personal data and how these rights can be used, and the principles adopted by the Company regarding confidentiality.

Personal data are processed in line with the below mentioned basic principles:

Being in accordance with law and good faith,
Being accurate and, where necessary, up-to-date,
Being processed for specific, explicit and legitimate purposes,
Being connected, limited for the purpose for which they are processed and data minimization; and
Being stored for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

2. Data Controller

Your personal data is processed by the Company as a data controller within the scope of the relevant legislation and the scope specified below.

3. Data Categories and Data Types

Data Categories	Data Types
Identity Information	Name, surname
Contact Information	Phone number, e-mail address, city
Customer Transaction	Interested product, message of the contacting person
Process Security Information	IP address, website visit data
Marketing	Data acquired through cookies

4. Methods of Collection of Personal Data

Company obtains personal data through the Website with electronic or written means including contact forms, in line with the personal data processing conditions specified in the relevant legislation and process them in accordance with the purposes mentioned below.

5. Data Processing Purposes and Legal Reasons

Data Categories	Data Processing Purposes	Legal Reasons
Identity Information Contact Information Customer Transaction	Execution of Communication Activities Execution/Auditing of Business Activities Receiving and Evaluating Advices Regarding the Improvement of Business Continuity Execution of Activities to Ensure Business Continuity Conducting after-sales support services for goods/services Execution of Goods/Services sales processes Execution of Production and Operation of Goods/Services Execution of Customer Relationship Management processes Conducting Activities for Customer Satisfaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract, It is mandatory for our legitimate interests, provided that this processing shall not violate your fundamental rights and freedoms.
Process Security Information	Execution of information security processes Conducting audit/ethical activities Execution of activities in compliance with legislation Conducting internal audit/investigation/intelligence activities Execution/Auditing of Business Activities Providing information to authorized persons, institutions and organizations	Conditions that are necessary in order to fulfill our legal obligation, It is mandatory for our legitimate interests, provided that this processing shall not violate your fundamental rights and freedoms.
Marketing	Conducting marketing analysis operations, Execution of advertising/campaign/promotion processes, Execution of marketing of goods/services	Your explicit consent, It is mandatory for our legitimate interests, provided that this processing shall not violate your fundamental rights and freedoms.

You may revoke your consent for any data processing that requires your explicit consent as specified above. In such a case, data processing within the scope of the relevant process shall be terminated without prejudice to the obligations arising from the legislation. You can forward your requests regarding your explicit consent to the Company in accordance with Article 9 of this Policy.

6. Transferring Your Personal Data

Company takes care to process your personal data in line with the principles of “need-to-know” and “need-to-use”, data minimization and by taking all necessary technical and administrative security measures. As conducting or auditing business activities, ensuring business continuity and management of digital infrastructure requires continuous data transfer to various partners, we are required to transfer personal data to third persons for specific reasons. Additionally, accuracy and up-to-dateness of your personal data is essential for the Company to fulfill its contractual and legal obligations fully and properly. For this reason, we have to work with various business partners and service providers.

Your personal data may be transferred to the below mentioned recipient groups in a manner limited to the specified reasons.

Data Categories	Transfer Purpose and Transferred Group
Identity Information Contact Information Customer Transaction	Sharing information with our local and overseas vendors which provide our digital infrastructure for the purposes of conducting retention and archiving operations, Sharing information with our mass sending service providers to conduct communication and marketing operations, Sharing information with our certified public accountants and auditing companies to conduct financial and accounting operations, Providing information to authorized persons, institutions and organizations to fulfill our legal obligations.
Process Security Information	Providing information to authorized persons, institutions and organizations to fulfill our legal obligations.
Marketing	Sharing information about cookies to our overseas vendors for the execution of marketing operations.

7. Personal Data Retention

In the event that the retention and processing conditions for the periods of processing of personal data obtained by the Company cease to be, the following criteria are used in determining the destruction periods:

If the relevant legislation provides for a period of time for such personal data retention, this period shall be followed. After the expiration of the specified period, the necessary operations are performed.
If no time is stipulated for the expiry of the period stipulated in the relevant legislation or for the retention of the data in question, the compliance of the retention of the information with the principles is questioned, for example; it is questioned whether the Company has a legitimate purpose in the retention of data. Although it has been processed in accordance with the legislation, the data of which reasons requiring its processing are ceased to be, is deleted, destroyed or anonymized.

8. Changes and Updates

As a data controller, Company has the right to change the policy on condition that it complies with the relevant legislation and that the personal data are better protected.

This Policy can be rearranged and updated as new features are added to the Website or new suggestions are received. However, in this case, we shall notify you by publishing the changes on the Website. We may notify such changes, in some important cases, by e-mail or by any other conspicuous method reasonably designed to notify you, with additional notices as appropriate. Upon being notified about these changes, if you continue to access the Website after the notification period, you shall be deemed to have allowed the changes in the Policy. Therefore, we recommend that you re-examine the Policy every time you gain access to the Website. This document was last updated on 01.06.2021. If the Policy provisions change, they become effective on the date of publication.

9. Your Rights as a Data Subject

In accordance with the Turkish Personal Data Protection Law No. 6698, you have the following rights:

to learn whether personal data is processed or not,
to request information on whether your personal data has been processed,
to learn the purpose of the processing of your personal data and whether this information is used within the intended purposes,
to know the third parties to whom your personal data is transferred in domestic or abroad,
to request the rectification of the incomplete or inaccurate data, if any,
to request the erasure or destruction of the personal data under the conditions stipulated in the Turkish Personal Data Protection Law,
to request notifying third parties to whom the personal data has been transferred, of the rectification, erasure or destruction of your incomplete or inaccurate data,
to object to the processing, exclusively by automatic systems, of your personal data, which leads to an unfavorable consequence for the person
to request compensation for the damage arising from the unlawful processing of your personal data.

Where General Data Protection Regulation (GDPR) is applicable, you have the following rights:

Right of access - Learning whether personal data is being processed and, if so, accessing your personal data and the information regarding the processing of your personal data,
Right to correction - To request the correction of information that you believe is inaccurate or the completion of information that you believe is incomplete by the Company,
Right to delete - To request deletion of personal data under the conditions stipulated in GDPR,
The right to restrict processing - To request the restriction of the processing of personal data under the conditions stipulated in the GDPR,
Right to object to processing - To object to the processing of personal data under the conditions stipulated in the GDPR,
Right to data portability - To request the data collected by the Company to be transferred directly to another organization or under certain conditions,
Objection to the occurrence of a result against the person himself/herself, by analyzing the processed data exclusively through automatic systems, including profiling.

As data subjects, in order to submit your requests regarding your rights and to exercise your rights on your personal data; you can carry out the necessary changes, updates and/or deletions and related requests by sending such requests in a way to meet the minimum application requirements in the relevant legislation; by filling out the Data Subject Access Request Form, which you can access on the website of our Company, and using the methods in this form, by writing to the address Üniversiteler Mahallesi, İhsan Doğramacı Bulvarı, No: 17/115, ODTÜ Teknokent, Silikon Blok, 06800 Çankaya, Ankara, Turkey physically in writing, by signing with the secure electronic signature or mobile signature assigned to you, through your Registered E-Mail address to the registered e-mail address of our Company or by sending e-mail to our privacy@inofab.health address using your e-mail address previously notified to us and registered in our systems.

In the application that you will make as the data subject in order to exercise your rights stated above; your request must be clear and understandable, your request must be related to your person, or if you are acting on behalf of someone else, you must be specially authorized and document your authorization, and the application must meet the minimum application requirements stated in the relevant legislation.

If you submit your requests to us using the methods specified, the Company will finalize the request as soon as possible and free of charge within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined according to the relevant legislation will be charged by the Company.

If you believe that we or someone with whom we have transferred your data is violating your rights, you can file a complaint to the data protection authority in your country and to other competent supervisory authorities.